Slashdot Mirror

No, it's about guns. Nobody's talking about other 3d printed objects yet.

"Yet?" If anyone says this is a slippery slope and and some day we'll regret it, I'd have to flame 'em for having their tense wrong.

Try printing a "circumvention device" or merely "manufacture, import, offer to the public, provide, or otherwise traffic" a model for one, and then tell the judge in the DMCA case, that it's allowed because it's not a gun.

I bet with a little research, you could find decades or possibly even a century or two, of precedent for all sorts of restrictions on things that are far more innocuous than guns, and 3d printers are going to run into much of that stuff. Guns are really only a special case here, because we have an amendment that specifically prohibits the government from .. uh .. well, what they're not allowed to do is apparently rather debated, but one thing we all agree on, is that amendment really does use the word "arms." And we don't have any constitution-level law at all, that mentions the words "computer programs." ;-)

You should expect interference of some kind, whenever there's any sort of advance in cheap anonymous unskilled creation. That's just how things work, always. I seriously don't know how anyone could possibly think we're only talking about the future of guns. Guns are so nothing within the overall economy.

fool. the link you sent was for the 2013 report. here's the 2014 report, in which apple gets 6 out of 6 https://www.eff.org/who-has-yo...

more importantly, EFF is only considering privacy from govt interference. Apple also gives you privacy from their own snooping. Google, all they do is peer into your activities to track and profile. that is loss of privacy. Apple does not do this.

Also to get rid of troublesome extensions like Adblock Plus. I seem to recall Google kicking Adblock Plus from the Google Play store, which while not the same thing as the Chrome Web Store, does seem a bit worrying.

Granted the reasoning used in that case (it "interfered with the operation of other apps") likely wouldn't apply to Chrome but it's the primary reason I want to be able to install extensions from non-Google "blessed" sources: I don't trust Google not to be evil.

Take a look at Amazon's patent history. First, they kill Barnes and Noble with one of the most obvious and trivial patents ever issued, the infamous 1-click patent, and now they've patented a photo on a white background. Very nice. https://www.eff.org/deeplinks/...

I use a script blocker and am testing out EFF's Privacy Badger: https://www.eff.org/privacybad...

I feel pretty well about my privacy from private enterprises, and luckily I have nothing to hide from the NSA.

The problem with not opposing the likes of the NSA while their power is still growing (because, hey... you have nothing to hide) is that in most police states the paranoia of the regime tends to grow over time and so does the set of things that are considered to justify surveillance and eventually... punishment (i.e one morning you wake up and find that the definition of 'things to hide' has changed while you were sleeping and you suddenly have things to hide after all). My grandparents survived the Third Reich. The police surveillance complex was initially justified as begin aimed at communist subversives, then social democrats, the all other political opposition, then the Jews and Catholics and by 1945 people were being dragged into the street and shot in the back of the neck for listing to the BBC or giving a pot of soup to starving Soviet POWs. Whether you are talking about government or corporate surveillance the problem is the same. The longer these tossers allowed to continue to grow their surveillance activities unopposed the harder it becomes to kick their nose out of every single corner of your existence and if you allow them to go unchallenged for too long they'll own your ass.

I use a script blocker and am testing out EFF's Privacy Badger: https://www.eff.org/privacybad...

I feel pretty well about my privacy from private enterprises, and luckily I have nothing to hide from the NSA.

Luckily precedent from the past shows that claim holds no water: https://en.wikipedia.org/wiki/....

That's a fantastic point. Fixing your link: Lewis Galoob Toys, Inc. v. Nintendo of America, Inc. In the same way that Game Genie didn't infringe on Nintendo's copyright, the court should rule that this game modification does not infringe on Blizzard's.

I like to think of it as a variation of Plato's Forms -- the copyrighted product "Starcraft II" exists only as what is on-disk -- a fixed collection of code, art, and everything else that makes up the game. However, once this "ideal" form of the product is loaded into the computer's memory, it becomes a separate and mutable thing. The game itself has become a different and derivative thing simply by executing it, and any number of things can cause that state to be changed. This one single participant of the "Starcraft II" form is ephemeral and isn't being distributed (redistribution being the one reason their suit might be reasonable).

Trust me, I hate people who cheat against others as much as anyone, but this is a much larger issue with far-reaching consequences. Restricting what someone can do with code running on their own computer is a slippery slope, and we have already had enough ignorant court rulings (such as Blizzard v. bnetd). There's also the question of single-player cheating -- should it be illegal for someone to mod their single-player game, to give themselves infinite health, for example?

Blizzard is attempting to rectify a relatively simple technical flaw through the court system, and that's just sad. I hope you're right, AC, that the Game Genie precedent will be upheld.

You don't need a lot of "hard drives" - you just keep the records of call made, time, a voice print and all connections to known and new people.
If the person uses a webcam you keep a few select frames showing - useful for facial recognition.
Every call is sorted in realtime, the small portions of unique data kept and the 'hops' sorted.
Classically you had the above based on spoken words by known people or known people to new people or the use of spoken words or digital data.
Now you just keep every call as a small amount of code and look back over all calls as needed.
In the past it was sort, translate, drop most, store and index.
Now with todays cheap storage you translate, sort, store and index everything and then look back..
The only issue now is the US domestic legal setting and US legal teams in open court. The hard drives needed issue was understood and solved over decades.
Recall what a telco could offer for parallel construction - many years of call data. https://www.eff.org/deeplinks/...
http://www.reuters.com/article...

Yea, read the end of https://www.eff.org/deeplinks/... and weep. And as it happens Google recently fired Vic Gundotra.

Then why the fuck are you linking to itworld.com?

Here's the actual report, from EFF themselves.

So, their solution to a badly drafted, overly broad and ridiculously vague piece of legislation is... more legislation? And further, each state wants to introduce its own flavour of law into the picture?

What a nightmare. Instead of having to deal with one bad piece of federal legislation, you now have 1 federal and potentially 50 state laws to worry about. The only ones rubbing their hands in glee are patent lawyers.

The only real solution is patent reform, and the stalling members of the Senate ought to lose their jobs.

One of the main sticking points for members so far has been a proposal to make it easier for the losing party in a meritless patent lawsuit to pay the winner’s court fees.

*rolls eyes*

In the meantime, the rest of the country has to deal with the consequences.

6092 patent lawsuits were filed in 2013, a 12.4% increase over 2012.
Of the top ten filers of patent lawsuits in 2013, every single one was a patent troll.
The most litigious patent owner was notorious troll ArrivalStar, which filed 137 lawsuits.
Patent cases clustered in a handful of federal district courts, with 1495 filed in the Eastern District of Texas and 1336 in the District of Delaware (including 900 before a single Eastern District of Texas judge).

Reverse engineering the server protocol from the client for creating a compatible server is almost certainly protected.

You missed the Blizzard v. BNETD link from the grandparent post. This ruling was a big setback:

"Outcome: The reverse engineering and emulating of the Blizzard software violated the anticircumvention provisions of the DMCA. This ruling has been widely criticized as making it impossible to create new programs that interoperate with older ones and squeezing consumer choice out of the marketplace by essentially allowing companies to outlaw competitors' products that interact with their own."

What a combination of naivete and FUD... the mind boggles!

First of all, the case law on this topic was in fact Blizzard v. BNetD, where Blizzard objected to people running their own servers despite the fact that there was no content or subscription associated with it. That pretty much blows your claim that "Blizzard wouldn't mind" out of the water. Second, it is entirely unreasonable, and perhaps even slanderous, to claim that "generally speaking" people must have committed copyright infringement based solely on the fact that they wanted to host their own multiplayer games!

Black-box reimplementations of the servers shouldn't be illegal

And yet they are, unfortunately. See Blizzard v. bnetd.

True, except I think that ignores an important underlying piece of evidence.

I didn't express myself fully or carefully enough; it was a Slashdot comment and I was very busy. I certainly did not expect off-topic support for the wacky idea that women can't be criticized but it is okay to be extremely hostile toward a man.

My underlying idea is on-topic. How could the top management of Dice Holdings fail to see the mistakes made on the Dice Holdings web site? What is the sociology behind that? I try to make theories that are supported by the information available.

(This issue is also relevant to this Slashdot story about the EFF Privacy Badger browser add-on. Notice that the EFF Privacy Badger web page nests DIV tags 5 levels deep. Maybe there is some reason for that I don't understand, but it seems to me to be poor design. I list 7 other problems below.)

This subject is extremely important because Dice Holdings may destroy Slashdot and thereby may cause severe damage to its other businesses. The new format for Slashdot called "Slashdot beta" is an amazing example of Dice Holdings management being extremely out of touch. The main business of Dice Holdings is job listings for technology companies. Imagine the business impact of thousands of Slashdot readers saying extremely negative things about the new Slashdot. Wouldn't that tend to severely limit acceptance of anything Dice Holdings does?

Slashdot readers are very verbal. They like to communicate; that's shown by the fact that they spend time commenting on Slashdot. If they are unhappy with Dice Holdings they will definitely make that known throughout their companies.

My theory is that whoever writes HTML for Dice Holdings must be extremely socially disconnected from management. A 30-year-old inexperienced male would likely be noticed by management and evaluated, possibly leading to management noticing the man's lack of ability. A 30-year-old male might want to move up in the company and want to become known to management.

So, whoever does HTML for Dice Holdings is apparently distant from socializing with management. I try to theorize what kind of person that could be. I guess, and it is just a guess based on my experience, it is a young woman who has no interest in being part of the company, but who just wants to experiment with HTML and learn more about what interests her. She definitely isn't interested in good communication; apparently she is interested only in her own vision of graphic appeal.

Why put so much time thinking about this? Because the problem of being out of touch with technology is so extreme that top managers are willing to risk losing their companies or their jobs. It isn't just the managers of Dice Holdings. I see the same issues with other companies, also.

Also, I depend on Slashdot for news about technology. I don't want anything bad to happen to Slashdot, even though the online conversations are sometimes very disfunctional.

Back to the off-topic issue: My experience is that, when I give women thoughtful, understanding criticism, that increases their interest in me. When was the last time I criticized a woman? Yesterday evening. She referred to herself as a "girl". I said, "You're a woman." That got a smile.

Last month in an email I told a woman who is an artist, a dancer, ways in which she could be more serious about her art. When I saw her, just before a performance started, she hugged me and said thank you for the suggestions.

I don't currently spend much time with young women who design web sites, but more than 10 years ago I did. One of them was extraordinarily professional. She and I often talked about other female graphic artists not being professional.

Even though this comment is lengthy, it is still only a very brief survey of important issues. Nothing is decided in this comment; it is only theories.

If copies of Privacy Badger have already blocked your domain, you can unblock yourself by promising to respect the Do Not Track header in a way that conforms with the user's privacy policy. You can do that by posting a specific compliant DNT policy to the URL https://example.com/.well-know..., where "example.com" is all of your DNT-compliant domains.

So in other words, To exclude a website from Privacy Badger, all a website needs to do is:
- Copy and paste https://www.eff.org/files/dnt-... to https://mywebsite.com/.well-kn...

Give it a few weeks, let the advert sites copy and paste that file, plugin will be useless.

What's wrong with using both of them and / or Privacy Badger from EFF?

EFF is launching a new extension for Firefox and Chrome called Privacy Badger. Privacy Badger automatically detects and blocks spying ads around the Web, and the invisible trackers that feed information to them.

https://www.eff.org/deeplinks/...

I found two non-fringe or slightly suspect news links: EFF.org. The article completes the circle back to sites like reason.com and The Guardian. The other is CNBC.com. It links to entertainment sites like Perez Hilton. Not the sort of thing you expect to find when a secret government operation like this is uncovered.

What I don't see, is anything linking directly to information about the DOJ's Operation Chokepoint. The list of targets is a bit broad and the tactics are a little suspect. You wouldn't think of a far left liberal like Obama as someone who is anti-porn. We'll have to watch this and see how things develop. Maybe someone will find a few hard government generated facts and write up a 2600 article?

Good day for the EFF to release the alpha of privacy badger that blocks tracking cookies http://www.pcworld.com/article... https://www.eff.org/privacybad...

So the EFF is a bunch of paranoid speculators?

https://www.eff.org/issues/pri...

What about scanning e-mails in possible violation of wiretap laws? http://www.theguardian.com/tec...

How about the EU, are they a bunch of paranoid people? http://www.bloomberg.com/news/...

How about Google's latest land grab in Chrome, forcing third party developers to put all their apps into Google's Web Store under the guises of making Chrome more secure? Envious of Apple I guess?

Google's business model is making money off of you, you're the commodity so you either go along with it or you just start saying Moo like all the other cattle. I prefer to opt out of Google's practices wherever possible. If that means ripping out Google Search, Maps and other apps that's fine because there are alternatives to them that don't come with all the hidden strings. The whole thread here was based on Cyanogenmod which has provided great ROMs ( I have 6 devices running Cyanogenmod ) without all the bloat and the pure android experience are now creating a phone with, drum roll please, Google bloat and tracking. Sorry, that's not a step in the right direction.

And another reminder...

"Nevertheless, police raided this home and intend to charge whoever was responsible for the account for false impersonation of a public official."

I have a hotspot up (as per EFF https://www.eff.org/), at this time 3 people are using it, I may have hassles over it but I've got the time.

The EFF has actually published a document comparing the different ways users can agree to TOS online. A "clickwrap" requires the user to engage in a "I have read and agree" type checkbox, and is generally accepted in courts as binding. A "browsewrap" is more along the lines of "by continuing to use this site, you agree". These have been held under tighter scrutiny by courts.

The Clicks That Bind: Ways Users "Agree" to Online Terms of Service

The SSL flaw has been fixed and rolled out very quickly,

Once it became famous.

The flaw was in the release code for 3 years. Now that some people have begun looking for it, they find that it had been exploited 5 months ago. As you look farther back, fewer server logs are kept for the timeframe you are examining. The assumption that no one noticed the vulnerability until March is juvenile and blatantly wrong. The assumption that this November incident was the first use of the attack is juvenile, but cannot at the moment be disproven.

Actually nevermind, it seems they don't leave themselves open to such things:
The Terms of Service also state that "YouTube reserves the right to remove Content and User Submissions without prior notice," so YouTube takes the view that it can remove a video for any reason it likes.
And given that it is their service I'm not sure where you are getting your information from.

This has nothing to do with Cookies or Ghostery. Marketing learned long ago not to rely on cookies.
Try this site out: https://panopticlick.eff.org/
Look at all of those data points... do you think they need your IP or cross site scripting to identify you?
I bet the fonts section alone is enough to identify 90% of people.
Mine came back as unique in the 4million people that have visited the page so far... think about that.

The protocol is not XMPP anymore, not since Talk was phased out in favor of Hangouts. It was pretty big news item a year ago, did you miss it? It even made the EFF chime in to complain.

Coincidentally, a mere week before that happened, Microsoft added Google Talk support to outlook.com webmail (which already supported FB chat and Live/Skype). Needless to say, said support became effectively dysfunctional for anyone who "upgraded" from Talk to Hangouts.

This is one of those cases where the settlement shakedown, even with the threat of publicly exposing one's porn viewing habits, has failed. Some more here: https://www.eff.org/cases/mali.... Maybe they will eventually give up the cause but I expect the X-Art lawyers to keep going in every other district and jurisdiction while there is still a buck to be extracted.

You are wrong. See Katz and post Katz cases. Here is a quote from Alito's concurrance in the most recent one, Jones, where the court found that the cops cant put a tracker on your car:

Second, the Court’s approach leads to incongruous results. If the police attach a GPS device to a car and use the device to follow the car for even a brief time, under the Court’s theory, the Fourth Amendment applies. But if the police follow the same car for a much longer period using unmarked cars and aerial assistance, this tracking is not subject to any Fourth Amendment constraints.

or maybe you like the EFF's analysis better:

Public places. It may sound obvious, but you have little to no privacy when you are in public. When you are in a public place — whether walking down the sidewalk, shopping in a store, sitting in a restaurant or in the park — your actions, movements, and conversations are knowingly exposed to the public. That means the police can follow you around in public and observe your activities, see what you are carrying or to whom you are talking, sit next to you or behind you and listen to your conversations — all without a warrant. You cannot necessarily expect Fourth Amendment protection when you’re in a public place, even if you think you are alone. Fourth Amendment challenges have been unsuccessfully brought against police officers using monitoring beepers to track a suspect’s location in a public place, but it is unclear how those cases might apply to more pervasive remote monitoring, like using GPS or other cell phone location information to track a suspect’s physical location.

Feel free to quote some laws, cases, lawyers, or professors that support your theory that the police following you is harassment and/or illegal.

On the other hand, if you're just running a typical blog or news site that just posts opinions or journalism, and not movies or classified documents, then the US is about the best place to have your service hosted.

Unless, of course, you're a whistle blower. Or, say, protesting against your president.

What whistle-blower in the US who didn't post classified information has been prosecuted for it?

Thanks for the link - I wasn't aware of that particular takedown. Even so, that seems a bit like an aberration, but certainly something to be watched lest it become a trend.

On the other hand, if you're just running a typical blog or news site that just posts opinions or journalism, and not movies or classified documents, then the US is about the best place to have your service hosted.

Unless, of course, you're a whistle blower. Or, say, protesting against your president.

This is what I wrote. Do not copy this word for word, write it your way.

Dear sir,

I was aghast to learn that Russia has sought to stifle political dissent by blocking news sites and closing these sites. This is very much against the spirit of glasnost that the great Mikhail Gorbachev used some 25 years ago when he brought the Soviet Union into the modern world.

To be healthy a society needs its citizens to be able to speak freely, otherwise it will stagnate: innovation will suffer if new ideas are frowned upon, we live in a changing world, if we do not change then we slowly decline.

This is as much about science & technology as it is about politics. If you stifle political thought then you chill all thought and the country will suffer.

Mr Putin is putting his short term comfort before the long term health of Russia. Please tell him this this is neither good for Russia nor the rest of the world.

Please convey this email to the ambassador.

If you are not aware of what I talk about, please read: https://www.eff.org/deeplinks/2014/03/russia-blocks-access-major-independent-news-sites

According to Eric Schmidt, now they are. This is absolutely good news. It is also exactly what the Electronic Frontier Foundation is asking web services to do. You can check the relative state of Google and other services according to the EFF at: https://www.eff.org/deeplinks/....

What do we know over the past 40-50 years of telco/computer gathering?
"DEA and NSA Team Up to Share Intelligence, Leading to Secret Use of Surveillance in Ordinary Investigations"
https://www.eff.org/deeplinks/...
Intentional bug slipped in might get noticed outside the more bespoke high end machine encoding production efforts of the 1960-70's.
Software teams are big, staff from varied countries, backgrounds, skill sets, review, in-house (unknown) next gen automated testing software - a person making repeated deep'errors might just stand to senior reviewers over time.
Option 3 sounds good. The hints about Magic Lantern keyloggin software might provide some insight too.
http://en.wikipedia.org/wiki/M...
A federal law enforcement agency hints that some aspect of the codebase is open to ongoing court approved "keyloggin" efforts thats not found in the wild, not found by AV behavioral software and would be "good" if it could remain until:
The bug is found.
The EU?US AV efforts catch new malware that seems to report back to 'nothing' anymore and is built on some past effort - all very normal.
The next way in is found and the old option can be patched as it might be found in the wild and used by 'real' malware.

Then you're anti-freedom and you hate the principles that American was founded on. Freedom is more important than security. If you don't agree, move to North Korea, you insect.

At least metadata is somewhat anonymous.

It's not even somewhat anonymous. The EFF has written about this.

It *will* happen.

And if it does, I will do the same thing I did on 9/11: Encourage people to not surrender their freedoms for safety. Our principles are tested in dark times, and you've made it clear that you are completely without them.

We just need to make sure that the data remains as anonymous as possible until the last moment, at which point they acquire a warrant to dig out specific names.

Throughout history, corrupt governments have murdered hundreds of millions of people, and yet you, in your irrational fear of terrorists, want to give the government the power to collect information on essentially everyone. You are a fool. You are just giving the government the power to blackmail people it doesn't like; to put people it doesn't like in prison for violating laws it creates, even if those laws are completely immoral; and to put its targets

The abuse of this "metadata" (which is just data, by the way) is an inevitability, and if you actually cared about freedom or the constitution in the least, you would reject the "safety" you believe this will bring and accept that freedom has risks. But hey, you didn't mention the constitution once, so I guess you don't even care if the government follows the very document that spells out its powers to begin with!

But go ahead; make this country even worse with your profound ignorance and lack of principles. Go ahead and continue believing that the people in the government are perfect angels, despise the fact that history disproves your fantasy (Even in the US, we had slavery, Jim Crow laws, discrimination against women, the internment of Japanese citizens, and much more.) thousands of times over. Go ahead... but please move elsewhere and do it.

Bear in mind, Obama cannot run for a 3rd term. Also bear in mind that the NSA spying began under a Republican (GW Bush) administration which fast-tracked the Patriot act through and created numerous other unpleasant changes in the name of fighting terrorism.

https://www.eff.org/nsa-spying...

The good news is the open courts in the US can be great places to start good law reform:
http://www.freedomwatchusa.org...
https://www.eff.org/nsa-spying...
Skilled legal teams all over the USA are slowly working their way up the US court system exposing vast illegal domestic surveillance networks and the use of parallel construction.

If you live in the US it's already spelled out for you. Using a website or service on the Internet is trusting information to a third party and you have no reasonable expectation of privacy under the 4th Amendment.

And a lawyer is entitled to believe his client, however dishonest.

Because the lawyer is merely acting as an agent for the dishonest client the client is guilty of perjury and not the lawyer.

I don't think I've ever heard of anyone being prosecuted under that section of the DMCA.

How about this.

Wooossshhhh!

He (somenickname) is talking about the global CA system where all 1000 CAs are equally trusted, so the NSA only need to convince one to reissue a certificate (based on a private key the NSA provided) in the name of the target website they wish to intercept.

The content consumer has no way of knowing if the SSL cert that is being used for the HTTPS connection is the one using the site owner's private key or the one using the NSA's private key. So this is why simply having a green light because you switched to SSL is security theatre.

But you (kasperd) go on an rant about other matters.

The projects such as SSL Observatory https://www.eff.org/observator... and Convergence http://convergence.io/index.ht... and http://tech.slashdot.org/story... combined with DNSSEC (which somewhat has the same problems as the CA system, but useful to allow deployment for low security websites without paying sign-my-certificate tax).

It is pretty dangerous for an adversary to carry out MITM attacks on a large scale, as sooner or later, this is going to be detected.

Apparently they weren't detected until the Snowden files showed it is widespread...(hacking into Belgacom for example), and wasn't the FBI requesting the SSL keys of Lavabit to decrypt traffic?

The attack the FBI attempted on Lavabit had no relation at all to certificate authorities. They merely requested the private host key of the server to be able to decrypt any recorded SSL traffic for that site. Note how this kind of attack only works when you have access to the server in question (in which case you would be able to directly monitor the plaintext communication anyway by tracing the web server executable). I repeat, this is not related at all to certificate authorities. Also note how this attack does not really scale, as it requires you to actively request and collect SSL host keys (not certs!) of all webservers whose traffic you are interested in. For that reason I would expect that information about your operations *will* inevitably leak to the public. Also web servers in other countries will be relatively well protected against this kind of attack.

The SSL Everywhere extension for example can (optionally) collect information for and check with the SSL Observatory to detect differing certificates that indicate MITM attacks.

a MITM attack would also patch (or redirect) SSL Observatory

only decentralized with checks on locally stored previously seen certificates can work, otherwise it's just security theater

But here again at MITM attack would be detectable. If the SSL Everywhere guys were not completely stupid they will check the host key of the SSL Observatory against a private certificate authority that they completely own (with the certifcate authorities' key hard-coded into their browser extension). Or more simple, they could just hard-code the public key of the observatory. Or implement certificate pinning etc. etc.

The only working attack would be for the NSA to MITM every download of the SSL Everywhere executable, patching the certificates contained in its code. But again, this is easy to detect after the fact by inspecting the sources, comparing checksums etc.

For that reason I'm not afraid at all about MITM, as it does not allow for the broad, secret, non-discriminatory data collection that Snowden's leaks show to be implemented by NSA.

This is something that the SSL Observatory should be able to deal with, right?

It is pretty dangerous for an adversary to carry out MITM attacks on a large scale, as sooner or later, this is going to be detected.

Apparently they weren't detected until the Snowden files showed it is widespread...(hacking into Belgacom for example), and wasn't the FBI requesting the SSL keys of Lavabit to decrypt traffic?

The SSL Everywhere extension for example can (optionally) collect information for and check with the SSL Observatory to detect differing certificates that indicate MITM attacks.

a MITM attack would also patch (or redirect) SSL Observatory

only decentralized with checks on locally stored previously seen certificates can work, otherwise it's just security theater

> this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser > against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies.

While I certainly think it is a good idea to encrypt traffic, this statement is highly misleading or naive: Since the CA system is *flawd by design* and every one of those "authorities" in the long list of built-in CA inside your browser can, by negligence or choice, supply any of these and other agencies with a valid certificate for *any hostname in the world*, initiatives like these protect your privacy only from your local sysadmin/ISP, and also do nothing against traffic analysis.

Should a US person/company trust that "China Internet Network Information Center" isn't going to create a cert for a US bank or company to perform a MITM attach with? Should a Chinese company trust "Wells Fargo" not to? Should the Greeks trust "TÜRKTRUST Bilgi letiim ve Biliim Güvenlii Hizmetleri A.. (c) Aralk 2007", or the Turks "Hellenic Academic and Research Institutions Cert. Authority"? What on earth makes you think ALL of these companies can resists pressures to misbehave? Yet all of them are built-in to your browser and "you" trust them.

[..]

The Cert validation in the browsers leads to a *dangerous false sense of security* at most. This is crypto, a weakest-link business [..]

You suggest that MITM attacks on SSL are as bad as someone sniffing on unencrypted traffic. It is not! MITM attacks are active attacks and are much more invasive to carry out. That's not all: in principle all these MITM attacks can be detected: the host key of the Man In The Middle will differ from the host key of the original server (though your browser will accept the differing host key when it is signed by a rogue CA).

It is pretty dangerous for an adversary to carry out MITM attacks on a large scale, as sooner or later, this is going to be detected. The SSL Everywhere extension for example can (optionally) collect information for and check with the SSL Observatory to detect differing certificates that indicate MITM attacks.

There's also the Certificate Patrol Firefox Extension that persistently remembers certificates and warns when certificates changed for no apparent reason.

No one is against equality, they're against the FCC dictating that. The government doesn't have the power to force private parties to do anything. How do you expect the FCC to enforce their regulations? The FBI.

But don't take my word for it: EFF: "We are not confident that Internet users can trust the FCC, or any government agency, with open-ended regulatory authority of the Internet."

But it is nice to know they are responding to relevant FOIA requests. https://www.eff.org/deeplinks/...

the EFF stopped accepting Bitcoin

That was ages ago. They now have a big, orange "Pay With Bitcoin" button on their donate page.

Then they changed their mind, though they make it a bit more difficult than usual.

Then they changed their mind, though they make it a bit more difficult than usual.