Slashdot Mirror

So you're saying that Mark Shuttleworth did not actually apologise that somehow that apology letter is a new legal attack aimed at silencing the critic at https://fixubuntu.com/ with a quite specific and singular complaint with regard to targeted marketing incorporated in dash https://help.ubuntu.com/13.04/ubuntu-help/unity-dash-intro.html. A further article tackling this complaint might be useful https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks. Seems pretty genuine to me. As for disclosure http://www.ubuntu.com/privacy-policy/third-parties seems pretty clear to me, DASH internet search off.

I suppose using HTTPS would have helped even a little, if Slashdot ever bothered to do so. The victims might have noticed that the certificates changed, even if they did check out, most especially if they used HTTPS Everywhere. They couldn't just foist off an SSL cert for Slashdot signed by some other CA (or even the same CA) then: the SSL Observatory would have noticed the change in the certificate the way SSH notices that public keys to servers you connect to change. Unless of course Slashdot gave its (non-existent) private keys to GCHQ, in which case all bets are now off. Why browser SSL doesn't automatically cache certs the way SSH does and warn if there's a change that doesn't involve certificate expiry or revocation is something that isn't quite clear to me.

What is the issue with creating a Google+ account?

The issue is that using "John Doe" as your name when it is not your name is in violation of their Names Policy, you are subject to having the account suspended or canceled.

This is so much bullshit on so many levels. Using a real-life and permanent name in conjunction with social networking activity is, in my opinion, extremely stupid. Making this a requirement for participation is frightening.

G+ has taken some steps in the right direction, but IMO this has been more talk and less action than is necessary and their behavior with forcing G+ membership for Google store/youtube comments is abhorant.

Preserving anonymity, pseudonyms, and online identity separate from 'real life", insofar as is possible, is essential to a healthy Internet.

AC

[N]obody cares about the NSA spying on me (I'm sure someone is).

I care about the NSA spying on you (yes, you), but I can't stop it. I tell people about it, (because the major domestic "news" corporations* don't/won't in a meaningful way), and I tell people what they can do to help protect themselves and others (to some degree) — and I do those things whenever and wherever the opportunity presents itself: https://ssd.eff.org/

* Except for PBS, although (as I'm certain you're aware) the differences between PBS and those other sources are vast. I watch nearly every episode of Frontline; it seems to be our only televised source of proper, in-depth investigative journalism — and they seem to be only domestic broadcaster with the guts to dig into harmful/corrupt/malfeasant government activities that affect ordinary "viewers like you," and ask tough questions without regard for D/R partisan bullshit, and so on. They did an episode on NSA's domestic surveillance in 2006, which I seed perpetually on BitTorrent (in addition to their episode on bullshit forensic pseudo-science).

We should all be aware by now that the Root CAs we all know and trust are compromised by NSA and that they can MITM any SSL connection they want at any time.

Bear in mind that the CAs do not have copies of the private keys. When you have a CA sign your cert, you do not send them the private key that you generate. So the CAs cannot give your private key to the NSA to facilitate an MITM attack.

It is possible for them to generate a phoney cert to which they do have the private key, and they could give that private key to the NSA. But that would be detectable by programs like The Eff's Observatory, which monitors for key changes. If they tried a MITM attack with a monitored site on any significant scale, it would be detected (and you can run your own plugin if you want).

The problem with both Silent Circle and Lavabit is not SSL itself, but that they are a central organization that held the private key to many people's comm -- people who wanted strong security on their comm. That is a huge bank of high-value cleartext; an irresistable resource node to a group like the NSA. The root problem is not Root CAs, but centralized "secure" storage (and a government that has betrayed its nation -- though even without the NSA, those irresistable resource nodes would still be a threat, attracting abuse from the likes of China and Facebook).

But I digress. My point is that SSL can actually allow true end-to-end security, as long as we use a "trust but verify" model, like the Observatory allows, not just blind trust. If we want to eliminate the high risk behavior that enabled the NSA's attack, we have to eliminate centralized "secure" stores -- no more unencrypted cloud storage, and no more password recovery from cloud services. Everyone has to manage their own private key (whether SSL, GPG, or other), and losing it means it's gone forever. To me, that's the big hurdle.

Alternately, we could restore the 4th amendment, which does a pretty damned good job of protecting your house, even though locksmiths may have copies of many private keys and anyone with a little training could break into most houses in a matter of seconds. Since keys and locks existed when the intent of the 4th was still well known and agreed, they have the level of government protection that encryption should have. Well, that and it would be hard for the NSA to break into every house; it's easy to break into everyone's email. Even if we all had our own private keys, it would still be easier to break into all our systems than doing houses. Now I'm really off on a tangent, though, so I'm just going to stop here.

What makes you so sure?

That they are STILL trying to hide something BIG? Years in the telecom and ISP business, NSA-watching since the Internet went global and way before. I am one of those people who might have become a spook, though I am glad I did not. From its all-to-brief brief mention in David Kahn's The Codebreakers [1967] which I carried around as a kid like some overstuffed bible, my interest was piqued by James Bamford's Puzzle Palace [1982] which introduced the world to the topic of the 'piggyback slurp' and laid out directly NSA's intentions to tap the world. The whole world -- Charter be damned -- from the start.

A few anecdotes from good friends in the telecommunications trade who alluded to special cordoned-off spaces within AT&T's Magens Point cable terminus in St. Thomas US Virgin Islands, drunken conversation in bars with reminders not to speak of such things... a rather suspicious 'underwater landslide' fiber outage between St. Thomas and Puerto Rico c.1995, which I suspected at the time might involve a submarine because a telco friend noticed that after all his voice circuits were back there was an eyebrow-raising 'unusually long period' before the data circuits came up, even though they were physically interspersed and not supposed to be broken out at the carrier level... circumstantial stuff, sure. Pure speculation is as fascinating as the real thing.

Since then, revelations about Room 614A and Hepting vs. AT&T, the little mouse who could have roared all the way to the Supreme Court, had they not declined to hear the case.

I'm not talking about individual stakeouts or FISA warrants or occasional 'oopsies' of a few domestic intercepts. I'm discussing large scale Tier 1 total interception of data with selective routing and forwarding of target traffic onto side channels via 'dark' or leased fiber on a scale that is approaching 'total'. This includes voice too: terrestrially trunked cell calls and landline (there is practically no difference these days, it's all turkeyfart compressed).

Which is why I posted here back in June my theory that PRISM slides were made as part of a limited hang-out. I came to this conclusion because I found the allegation that Internet service providers named grant direct back-doors to NSA to be preposterous (and still do, too much risk of exposure by now). The purpose of the hang-out was for Google and company to discredit the allegations honesty to relegate it to 'hoax' status... and provide a topic that diverts attention away from the total-tap-slurp operation.

Steve Gibson of Gibson Research has come up with another theory that I find interesting, it may fit Occam's Razor better than my own. He presented it recently in Security Now #408: The State of Surveillance, audio and full transcript available. GOOD STUFF. His angle is that "direct access to their servers" means all unencrypted SMTP-mail and HTTP from tap points directly upstream. It is all about fiber and taps. Taps are about splitting light... and that is what prisms do.

If you have a good traffic tap and encrypted intercepts, add a bit of coercion for the providers to divulge their private SSL keys and they can replay the past SSL sessions they have gathered.

It is time for everyone to learn about and implement Perfect Forward Secrecy.

Thar be dragins in our midst. Slay them.
NSA and the Desolation of Smaug

Nothing a little parallel construction can't fix.

Welcome to the future. Fuck.

So basically, they provide a VPN-to-Internet service, but do not record the data required for a pen register order. Based on the EFF information on pen registers, that would constitute connection data (i.e. incoming and outgoing connections - IP addressed, ports, etc, but not content of the connections).

The NSA already sees the data when it hits the internet, and the VPN "pen data" only provides some anonymity by making the NSA have to work a little to attribute the data to specific customers. Seeing how they managed to make attributions with bit-torrent, I doubt they have to work very hard.

I agree this was more of a PR stunt than out of real concerns.

From the article at ArsTechnica:

VPN services let consumers gain extra privacy and security while using the Internet. A user establishes an encrypted connection with a VPN service, routing all Internet traffic to the VPN before sending it on to the rest of the Internet.

and

"Our system does not support recording any of the information commonly requested in a pen register order, and it would be technically infeasible for us to add this in a prompt manner," CryptoSeal continued. "The consequence, being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion and likely unconstitutional. But until this matter is settled, we are unable to proceed with our service."

So basically, they provide a VPN-to-Internet service, but do not record the data required for a pen register order. Based on the EFF information on pen registers, that would constitute connection data (i.e. incoming and outgoing connections - IP addressed, ports, etc, but not content of the connections).

Without putting too fine a point on it, I'm dubious about CryptoSeal's claim that they can't do this. How would they enforce their terms of service? They may not, by default, collect this data but I would be surprised if they were not already set up to collect this data if they wanted to, for example to check if someone was abusing their service.
Then again, I could be wrong. Still, it smells to me like a case of:
1. Set up beta
2. Get attention and goodwill through having free accounts, and get corporate sign-ups
3. ?
4. Profit!!!
Where '?' = 'Shut down the free/low-cost service, blame the NSA, and ride the wave of solidarity and support'

Agree at some level but I was following this EFF report https://www.eff.org/deeplinks/2013/10/polls-continue-show-majority-americans-against-nsa-spying "For instance in an AP poll, nearly 60 percent of Americans said they oppose the NSA collecting data about their telephone and Internet usage. In another national poll by the Washington Post and ABC News, 74 percent of respondents said the NSA's spying intrudes on their privacy rights."

The 4th Amendment needs its own unyielding ideologically pure NRA type organization because if there are no limits on government power, eventually it will start brutalizing people.

Hello, this is the ACLU calling, how can we help you?
*BEEP*
Howdy, this is the EFF, how can we help you?

Also do not forget that we know some color printers and copiers are encoding traceable information in the pages they print. I thought more than just color printers did that, but I can't find a reference.

I would err on the safe side and assume the practice has expanded since first discovered.

https://www.eff.org/issues/printers

Firstly, you're ignoring primary challenges, which is where many House races get decided. Secondly, you're forgetting that one person will be the incumbent, and will have a voting record to attack.

As for the media, I don't think they've been spinning anything. And if they have, it ain't working, as polls clearly show voters are concerned about privacy. Politicians mostly care about remaining in power. If a 70% majority of the voting public wants something, they'll get it in the end.

You've decided ahead of time that nothing can ever change, despite mountains of evidence to the contrary. Maybe you just enjoy being angry?

And that is the issue. Snowden didn't reveal any wrong-doing.

Yes, he did; they're violating the constitution and collecting a massive amount of data on innocents.

but I trust the government to use the data for the benefit of society and prevent bad things from happening.

You are a naive ignoramus of the highest caliber. In the US alone, we had slavery, Jim Crow laws, general discrimination, Japanese internment camps, and it took quite a while for us to even grant women the right to vote; that isn't even all the government has done, either. There has never once been a government in the history of the world that hasn't abused its powers in horrendous ways; not one.

Why would you trust the government? Because you are willfully ignorant. There are governments right now (China, North Korea, and others) who use information to find out which citizens they want to attack, so there is no excuse for not understanding the issue. None.

People always fear the worst when they don't have control.

And for damn good reason; the government is made up of human beings, which are notorious for abusing any power they have, and especially so for people who actually try to obtain power.

Watch, the next time some terrorist attack happens when they got around surveillance, the right will blame Obama and the Democrats for not keeping us safe.

Strange. I didn't say that on 9/11, but I did protest the egregious violations of our constitution and freedoms that followed.

Even though they spent months railing about their cell phone numbers being stored in some computer database somewhere, and never being looked by anyone...

The groups you're talking about are almost completely different, with little overlap. No one who actually cares about freedom would suddenly change their position in the face of a disaster; I sure didn't.

That said, the fact that you downplay what they're doing indicates that you have no idea why it matters, and that you don't care about the constitution. Is it any wonder why organizations devoted to protecting our constitution and our rights are up in arms about this? It shouldn't be.

Bezos is synonymous with bad patents in my mind... all because of his one-click patent which makes a mockery of the entire patent system and undermines any validity his other patents might have.

One-click is actually a great counterexample of your point - despite private bounties being placed on prior art, an EFF campaign seeking prior art, and four years of reexamination that confirmed patentability, people still bring it up as if it were a "mockery of the entire patent system". Clearly ,that's not because the patent is invalid or obvious, since despite all of those efforts, no one has ever been able to show that - rather, it's because of the millions of dollars that have been spending in a propaganda campaign to convince software developers not to patent their inventions. Accordingly, discussions of the one-click patent can be a great indicator of people who have been misled by that propaganda - frequently, without ever actually having read the claims of the patent at all (after all, it's not, by any means, a patent on "clicking once").

Are you sure that cross checking is impossible?

https://panopticlick.eff.org/

And that's just one example. Truly big data will be essentially impossible to hide from completely. It doesn't need to reach a 100% positive result before people start treating it like it is, and that's only one possible problem that we should fully expect to arise from this.

Here's another that could make your idea less effective as well:

http://www.nytimes.com/2013/07/15/business/attention-shopper-stores-are-tracking-your-cell.html?pagewanted=all&_r=0

if Aereo is rebroadcasting the signal, the fact that it's OTA doesn't change anything... it's copyright infringement, plain and simple

How then, do you explain three separate federal courts finding that Aereo is likely not infringing? If it was plain and simple, it seems unlikely that they'd miss it.

Take a look at the opinion from the Second Circuit that came out in the spring.You'll see that what it hinges on is not whether there was a transmission, but to whom Aereo's transmission was aimed.

The sad thing is a very similar thing happened decades before with Craig Neidoff and an AT&T technical manual about the E911 phone system worth $23.900 (or $25 when ordered directly from AT&T technical catalog)

http://w2.eff.org/Net_culture/Hackers/us_v_craig_neidoff.article

And Google Fiber: https://www.eff.org/deeplinks/2013/08/google-fiber-continues-awful-isp-tradition-banning-servers

Wait, what!? But they're the good guys!

.

Yes, recall the printing efforts:
Secret Code in Color Printers Lets Government Track You
https://www.eff.org/press/archives/2005/10/16
Makes you wonder what a digital file could hold or have blurring reversible :)

it scares the crap out of me that I would have continued to defend the US as the savior and guardian of the open and free internet if it wasn't for a single guy leaking some stuff.

Well then you were INCREDIBLY uninformed and a DECADE behind, because the US government's mass surveillance has been made public several times in the previous years.

* In December 2005, U.S. District and FISA court judge James Robertson resigned in protest over warrant-less wiretapping on US citizens. -- http://abcnews.go.com/Politics/story?id=1429647

* "News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americansâ(TM) phone calls and Internet communications."

* "a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of American's telephone and other communications records."

* "In early 2006, EFF obtained whistleblower evidence from former AT&T technician Mark Klein showing that AT&T [...] makes copies of all emails web browsing and other Internet traffic to and from AT&T customers and provides those copies to the NSA."
-- https://www.eff.org/nsa-spying

There were well-publicized lawsuits over this issue:
-- http://news.cnet.com/ATT-sued-over-NSA-spy-program/2100-1028_3-6033501.html

And even if you missed all of that:

* "In 2008, [the US] Congress granted telecoms immunity for cooperating with the government's intelligence-gathering activities." Obviously, you only need "immunity" from prosecution if you were complicit in committing criminal acts.
--http://www.cryptogon.com/?p=26717

Hell, what did you think Barak Obama's 2008 presidential campaign promises about surveillance and government secrecy reforms were all about? -- http://news.cnet.com/8301-10784_3-9845595-7.html

If you only found out about all of this recently, you'd have to been locked in a cave, or be a drooling moron.

I really didn't get the point of Snowden's leaks, or the public outcry after the fact, since this stuff has been public knowledge for many years now. I will say he had a decidedly positive impact, as the EFF's lawsuit (above) that was halted on national security grounds, was allowed to proceed after Snowden made enough of the program public knowledge that the state secrets excuse was laughable.

EFF.org has a great page about why https is so important to use with Tor. Also don't use Windows......ever

So if I'm concerned about security, I should switch over to an OS that I know even less about, and will probably blindly follow guides on the internet about how to configure it and get it working for what I want.

ie: Telling people to not use Windows.... ever, doesn't really tell us the reasons why we should never use windows, and anyone blindly following such advice is likely running something unsecure or setup incorrectly.

EFF.org has a great page about why https is so important to use with Tor. Also don't use Windows......ever

Make sure you are running https everywhere and not authenticating yourself with creds. This explains it all.

This isn't news. You can already do this by buying the kit from adafruit.com or by buying one already built at PAPARouter.com(It's in the .sig). In short, Raspberry Pi + Debian + Tor. If you're browsing, make sure to use https everywhere.

He must be really tired from trying to stay relevant.

The phenomenon known as Eternal September was new and little understood back in those days.

Though the ruin of Eternal September blotted out the sun in the memory of those who endured it, it is a relic of the Second Age of the internet.

The First Age of the internet also saw its battles and flames, though they are now but a distant memory and few speak of them. A record of one of the notable battles follows:

THE "GREAT RENAMING"

In 1986-87, Usenet underwent a thoroughgoing shakeup and reorganization which has come to be known as the "Great Renaming." At its inception, Usenet had only top-level hierarchies, mod and net. This was later expanded by the addition of the "fa" groups as well as some domains with only local distribution. When a complete reorganization of Usenet was proposed, a massive and now-legendary "flame war" (online discussion/argument) commenced.

The most significant flame war of Usenet history was over the "Great Renaming" when the seven main hierarchies {comp,misc,news,rec,sci,soc,talk} were created and the old groups {net,fa,mod} were all moved around. There was great gnashing of teeth as groups were sorted and tossed around and relegated to their polities. -- [Woodbury, 1992]

more

The phenomenon known as Eternal September was new and little understood back in those days.

Though the ruin of Eternal September blotted out the sun in the memory of those who endured it, it is a relic of the Second Age of the internet.

The First Age of the internet also saw its battles and flames, though they are now but a distant memory and few speak of them. A record of one of the notable battles follows:

THE "GREAT RENAMING"

In 1986-87, Usenet underwent a thoroughgoing shakeup and reorganization which has come to be known as the "Great Renaming." At its inception, Usenet had only top-level hierarchies, mod and net. This was later expanded by the addition of the "fa" groups as well as some domains with only local distribution. When a complete reorganization of Usenet was proposed, a massive and now-legendary "flame war" (online discussion/argument) commenced.

The most significant flame war of Usenet history was over the "Great Renaming" when the seven main hierarchies {comp,misc,news,rec,sci,soc,talk} were created and the old groups {net,fa,mod} were all moved around. There was great gnashing of teeth as groups were sorted and tossed around and relegated to their polities. -- [Woodbury, 1992]

more

https://www.eff.org/deeplinks/2013/09/time-speak-against-nsas-mass-spying

October 26th, 2013

so 3 seconds and google. https://ssd.eff.org/your-computer/govt/privacy

NSA already has them from when you originally downloaded them. And NSA has no problem giving evidence to other agencies for criminal prosecution:

https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering

Moderator Help

Preview

Moderator Help

Preview

Read the constitution.

Many people have, and there are constitutional lawyers that have decided that it isn't against the law. Of course, they work for the government, but until someone can prove them wrong, you've got an opinion, they've got an opinion, and they're operating under the power of the people who make the decision about who is right and wrong.

I'm not saying your opinion is worthless, and I'm not saying you're wrong. I AM saying that if you're right, and they're wrong, you're not going to make change by crying about it on slashdot.

The FISA court has said that they think some of what the NSA is doing is unconstitutional. See here.

From that article: "Second, at least some of the documents relate to a "compliance issue" that was referenced in another FISA court opinion from 2011 that found some NSA surveillance unconstitutional, which released a few weeks ago as part of another EFF FOIA lawsuit."

I know it is popular to blame the phone companies here, but don't forget what the government did to Qwest. The CEO of Qwest stood up to the government and said "NO." They put him in prison for insider trading because he sold shares months before the government canceled classified contracts in retaliation.

When Qwest refused the NSA’s illegal request that it hand over its customers’ data without a warrant, the NSA wasn’t happy. According to former Qwest CEO Joseph Nacchio, the government hit back for the telecom’s refusal by denying them lucrative contracts worth hundreds of millions of dollars.

https://www.eff.org/deeplinks/2007/10/qwest-ceo-nsa-punished-qwest-refusing-participate-illegal-surveillance-pre-9-11

Here's the thing: when there is competition, the government can play favorites with whoever does their bidding best. Remember the whole Yahoo-China thing? China could kick Yahoo out of China so Yahoo had to roll-over so that they could keep their marketshare. And Yahoo fought against the NSA in court as well, but they lost. What did Marissa Mayer say about that again?

"Yahoo chief Marissa Mayer said she feared winding up in prison for treason if she refused to comply with U.S. spy demands for data. Her comments came after being asked what she is doing to protect Yahoo users from "tyrannical government" during an on-stage interview Wednesday afternoon at a TechCrunch Disrupt conference in San Francisco."

Read more: http://www.foxnews.com/tech/2013/09/12/yahoo-ceo-fears-defying-nsa-could-mean-prison/

* Congrats, Cory. You've gotten on Slashdot several times in the past few weeks. Remember: it's important to keep your name in the news so that you can sell more books. Too bad your analysis is overly simplistic.

FISA Court Will Release More Opinions Because of Snowden?

Nope. Any releases will be made as part of the administration's drive to increase transparency while retaining the tools needed to protect against the terrorists. It's not coming because of public pressure or legal challenges. No siree, not like last time:

https://www.eff.org/mention/obama-administration-dishonestly-wants-public-believe-it-voluntarily-declassified-secret-nsa

This time they'll be truthy. We can be certain of course that this information would have been released even if Snowden hadn't kicked-off this shit-storm. After all, isn't this the most transparent administration, with unprecedented levels of openness? Must be true - it says it on the White House site:

http://www.whitehouse.gov/the_press_office/TransparencyandOpenGovernment

Plex.

Of course, you'll have to find a way to format-shift your content to a non-DRM-riddled version, so it's shareable...and good luck finding a legal way to do that (see section on Fair Use), even though it is technically legal for you to do so...

IMO, sharing media via Plex is no different than lending s DVD or a CD to a friend, since they don't have a local copy, it's all being streamed from your server. AFAIK, sharing purchased physical media with friends and family isn't illegal...yet.

What about supporting the ones trying to do something about it? Raising awareness on the clueless majority of US population (and correcting the one with the wrong clues, like i.e. the ones that buys the shoot the messenger mantra) could help too, you have a voice, use it.

Phones are connected to networks. Government agencies by definition have the ability to issue warrants to get the network provider to turn over all data that passes through their network. Every government on the planet does this and has since the invention of the telephone. It's called a wiretap and the logic was extended for text and other data.

The network provider owns the network. Through the use of warrants the government owns the network provider. When you own the network you own all of the data going over it. With devices that perform MITM on the fly your encryption is useless unless you exchanged the key offline ahead of time. These devices have been sold for government and corporate use for many years.

The idea that anyone has ever had privacy on their mobile is a myth that has never had any basis in reality. You want a secure phone that your favorite government bad guy can't get into? Go to the store, buy your favorite phone and leave it in the package.

These back doors that you are complaining about where something that was openly discussed as a matter of public policy when it happened. It became legislation where the United States Congress (not the NSA) required these backdoors through legislation and made it criminal for telecommunications companies to even object. Furthermore, that these companies had to go out of their way and hire programmers and electrical engineers to explicitly put these back doors into their equipment.

Ummm...Can you please point out which law required back doors in things like SSL, DES and the like? There are no such laws. Strange how you seem to think this was all done above board by the Congress yet it took Snowden's revelations before any else in the world knew about it.

Actually, yes I can point out some laws.... something you could Google if you cared:

https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
https://www.eff.org/deeplinks/2013/05/caleatwo

This isn't exactly new. I think you are confusing some stuff here too, as if you are using stuff like DES you are using the actual research of the NSA itself (they are the guys that invented the DES algorithm) that you are complaining about here.

If you had any kind of a clue hammering on your head, you would realize that 95%+ of the stuff that Snowden "revealed" was already public knowledge. It sort of banged a few reporters on the head as they basically didn't give a damn when this P.O.S. legislation was working its way through congress.... even though people like the Electronic Frontier Foundation was literally screaming at the top of its lungs that this stuff needed to be defeated.

How in the hell do you think those judges and agents are able to tell these telecom companies to shut up in the first place? It is this legislation that your illustrious members of congress were passing that nobody gave a damn about at the time except for a few crazy computer programmers and silly activists that had no constituency. Geez.... you really think Snowden made all of this stuff up and it was unknown prior to this year? This kind of crap has been going on for decades. It didn't start with the President, as for most of that stuff even the President can't even sneeze without permission from Congress.

I suppose finally some people actually give a damn about this stuff now, but it is going to take a long, long time to get some of that legislation repealed... if it ever will be repealed.

BTW, that huge woosh was going right back at you. I guess you didn't read a damn thing I wrote about that Enigma machine. I got your comment about the "patriots". Many people are loyal to the country, and surprisingly even the government under which they live even if they may be oppressed. Big effing deal. I was pointing out that there are some very smart people in those countries too who want to keep secrets about their country and want to make damn sure that if some other country (like America) is doing something to hurt them that they know about it ahead of time.

I simply cannot reply to the rest of what you wrote. It isn't worth my time.

Can either of them defeat Panopticlick? I don't see anything on Epic's site about hiding font lists.

It doesn't, either. I just tried installing it.

Your browser fingerprint appears to be unique among the 3,356,831 tested so far.

Currently, we estimate that your browser has a fingerprint that conveys at least 21.68 bits of identifying information.

It's mostly the font list that gives the show away.

Can either of them defeat Panopticlick? I don't see anything on Epic's site about hiding font lists. (And on that point, Epic is a bad name choice since it's vaguely synonymous with the death of objectivity in news reporting.)

Here's what won't vary if you do that-

Your ISP. Your ISP may have everywhere you've ever surfed keyed by your name, your ID (whatever you showed them) and your router. Your ISP knows everything. Think they collect and share that data ? Think they can make money by doing that? It's not even illegal to cyber stalk someone if you're they're ISP, phone company or any other company you give info to as we're finding out . Since it's not illegal to do it and they can make money doing it, (it's safe to assume) they do it.

Your browser. Your browser hands over everything about your machine , your plugins, your OS on every request. You'd be surprised how personally identifiable that info is. Here, have a depressing look:

https://panopticlick.eff.org/index.php?action=log&js=yes

https://panopticlick.eff.org/browser-uniqueness.pdf

I was unique amongst the 3-4 million people they tested so far. . Great.

There are companies that sift through your fingerprinty clickstream (all of the above plus the URLs you go to) solely the purpose of identifying you uniquely. Then they sell that information.

You can fight back to a degree. First you need an ISP that doesn't know you're you. You can use someone else's ISP account, say, your roommate's. If they don't know you live there (don't be too sure) then they don't know it's you. That would work.

BTW that is part of the reason MUNI (free, municipal) WIFI is blocked by the telcos every time a city tries to get it going. It provides low cost, shared internet that anonymizes your activities to the extent that the ISP->Your ID connection is broken. MUNI WIFI sends shivers down telco's executives spines because it digs straight into their profit sweet spot- selling you out to the highest bidder.

To fight the browser ID thing, you need to dump your browser and aim for a a configuration that is as generic as possible. Possibly you'd have to switch out your OS, depending on how uniquely identifying it turns out to be (moire than you suppose) You can also use Tor or another anonymous proxy.

Then you'd have to dump all your accounts online and never go back. No continuation of support from vendors. No using your credit card- that would match your name to your new online browser ISP identity. No getting your Amazon wishlists or pandora lists or anything. WRT to your previous online life, you're in the witness protection program.

Then there's your friends who will accidentally out you via FB or Gmail or other social media. You can't let them email you, chat with you or anything. You can never permit your identity to be connected by anyone at all with your new email, browser, or ISP.

It's not that it's impossible, it's that it's unlikely you'd be assiduous enough to maintain it supposing you were willing to give it a go at all.

HTH.

Here's what won't vary if you do that-

Your ISP. Your ISP may have everywhere you've ever surfed keyed by your name, your ID (whatever you showed them) and your router. Your ISP knows everything. Think they collect and share that data ? Think they can make money by doing that? It's not even illegal to cyber stalk someone if you're they're ISP, phone company or any other company you give info to as we're finding out . Since it's not illegal to do it and they can make money doing it, (it's safe to assume) they do it.

Your browser. Your browser hands over everything about your machine , your plugins, your OS on every request. You'd be surprised how personally identifiable that info is. Here, have a depressing look:

https://panopticlick.eff.org/index.php?action=log&js=yes

https://panopticlick.eff.org/browser-uniqueness.pdf

I was unique amongst the 3-4 million people they tested so far. . Great.

There are companies that sift through your fingerprinty clickstream (all of the above plus the URLs you go to) solely the purpose of identifying you uniquely. Then they sell that information.

You can fight back to a degree. First you need an ISP that doesn't know you're you. You can use someone else's ISP account, say, your roommate's. If they don't know you live there (don't be too sure) then they don't know it's you. That would work.

BTW that is part of the reason MUNI (free, municipal) WIFI is blocked by the telcos every time a city tries to get it going. It provides low cost, shared internet that anonymizes your activities to the extent that the ISP->Your ID connection is broken. MUNI WIFI sends shivers down telco's executives spines because it digs straight into their profit sweet spot- selling you out to the highest bidder.

To fight the browser ID thing, you need to dump your browser and aim for a a configuration that is as generic as possible. Possibly you'd have to switch out your OS, depending on how uniquely identifying it turns out to be (moire than you suppose) You can also use Tor or another anonymous proxy.

Then you'd have to dump all your accounts online and never go back. No continuation of support from vendors. No using your credit card- that would match your name to your new online browser ISP identity. No getting your Amazon wishlists or pandora lists or anything. WRT to your previous online life, you're in the witness protection program.

Then there's your friends who will accidentally out you via FB or Gmail or other social media. You can't let them email you, chat with you or anything. You can never permit your identity to be connected by anyone at all with your new email, browser, or ISP.

It's not that it's impossible, it's that it's unlikely you'd be assiduous enough to maintain it supposing you were willing to give it a go at all.

HTH.

The key generation process seems to me to be susceptible to corruption.

https://www.eff.org/rng-bug

Not so much when it's done locally like in SSH.

Installed fonts, too.

See

https://panopticlick.eff.org/

level of paranoia increase: start with a new machine

just using the same machine will id you

no cookies, user accounts, or ip addresses needed

http://yro.slashdot.org/story/10/01/27/1638216/tracking-browsers-without-cookies-or-ip-addresses

http://panopticlick.eff.org/

They have that, but what they want is to index that to a browser fingerprint/supercookie using the likes of https://panopticlick.eff.org/ that is a master key type solution.... Even the ones that fall through those, cracks can probably be mostly pinned down by their neighbours based on IP addresses, other computers on the network, and other identifying information that leaks through the cracks.

Then if they can convince you to improve the results of their assessment of you, even better. The real gem of this is to link the computer user to information they can't usually get directly. Also they are probably having you agree to some type of TOS/Privacy Policy/Agreement that grants them more permission then would normally be acceptable outside of such agreement.

Exactly where do you even attempt to make an argument? A couple of ad hominem attacks and a obvious basic lack of understanding of history is your response?

How about citing a source for facts supporting your view?

Here's another citation from the EFF supporting mine.

https://www.eff.org/files/filenode/att/generalwarrantsmemo.pdf

Basically it's quite obvious you have no idea what you are talking about, or how to make an argument. And you call others ignorant?

https://www.eff.org/deeplinks/2012/06/defending-privacy-israeli-border-information-travelers-carrying-digital-devices (for Israel).