eff.org · Domains · Slashdot Mirror

EFF is a mixed bag by SSpade · 2013-07-07 23:34 · Score: 1 · on Inside the Electronic Frontier Foundation

The EFF want to ban your spam filters - they consider them to be "censorship", and unacceptable (unless there's never, ever a legitimate email accidentally blocked for any user - which isn't possibly, even theoretically).

http://w2.eff.org/spam/position_on_junk_email.php

(Old document, but still their current position).

Re:Money well spent by Anonymous Coward · 2013-07-07 18:32 · Score: 1 · on Inside the Electronic Frontier Foundation

Donate Here!

Thanks. Done. They have some nice shirts you can get, and the credit card payment process was about as streamlined as I've seen (not even a confirmation page, or even button. Almost too almost to help them out!). Email updates opted out by default, very prompt payment processing, and their TLS settings selection is great.

Re:Money well spent by Anonymous Coward · 2013-07-07 18:30 · Score: 0 · on Inside the Electronic Frontier Foundation

1. It's easy to malign the dead, isn't it.

2. You're factually incorrect. https://www.eff.org/patent

Re:Different focus these days by Anonymous Coward · 2013-07-07 16:31 · Score: 5, Informative · on Inside the Electronic Frontier Foundation

Are you insane? EFF has been at the *forefront* of the tracking/surveillance issue. Who did AT&T whistleblower Mark Klein choose to receive his inside information about how his employer was colluding with the NSA to spy on Americans? Why, that would be the EFF, who then proceeded to bring it to public attention and sue both AT&T (Hepting v. AT&T) and the NSA (Jewel v. NSA), beginning SEVEN YEARS AGO in 2006. Fuck, read a single webpage and learn something, instead of ignorantly trashing one of the biggest forces for good that we have.

Re:EFFail by cervesaebraciator · 2013-07-07 15:32 · Score: 3, Interesting · on Inside the Electronic Frontier Foundation

Their failure is also the failure of the pro-freedom community. As a pro-2nd amendment guy, I'm glad that I've groups like the GOA and NRA in my corner. I hope the EFF will receive similar support from those whose rights it defends.

Re:Money well spent by cervesaebraciator · 2013-07-07 15:28 · Score: 5, Informative · on Inside the Electronic Frontier Foundation

Donate Here!

Re:HIPAA and many other laws/regulations by game+kid · 2013-07-02 06:33 · Score: 1 · on Microsoft To Add Ads To Smart Search

It's ok, they'll just secretly reinterpret HIPAA.

Re:Douchebags! by Synerg1y · 2013-07-02 06:20 · Score: 0 · on Microsoft To Add Ads To Smart Search

Ehmmm.... *cough* *cough* *cough* https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks

Re:Yep by Noryungi · 2013-07-02 02:25 · Score: 5, Informative · on NSA Backdoors In Open Source and Open Standards: What Are the Odds?

Let me add a few datapoints here, as a reminder...

1) The AES competition was launched in part because DES and 3DES were cracked by EFF using FPGA-based brute-force decryption machine. Source :
https://en.wikipedia.org/wiki/EFF_DES_cracker
https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html

As a reminder, DES was THE standard crypto algorithm, vetted and approved by NSA. It could be cracked by EFF only because of Moore's Law and some serious budget and effort.

2) Public-key cryptography was invented separately at GCHQ (UK NSA) and NSA itself, several years *before* Diffie-Hellmann. Source:
https://en.wikipedia.org/wiki/Public-key_cryptography#History

So, yes, these people (NSA/GCHQ) are very good at what they do. They have had at least 10 years of head-start, since cryptography was considered for many years just a branch of mathematics in academic circles. These guys work on nothing but crypto and digital/analog communications, year in, year out. Do not underestimate them.

3) One of the first electronic computers, was delivered to the NSA in the 1950s. NSA later suggested improvements to the company that built it. The first Cray supercomputers were delivered straight to NSA. Again, that was in the 1950s, when most computer companies (IBM comes to mind) were still struggling to define what a computer was good for. Source:

http://www.nsa.gov/public_info/_files/cryptologic_quarterly/digitalcomputer_industry.pdf
http://www.physics.csbsju.edu/370/mathematica/m1_eniac.pdf

4) The NSA and GCHQ have a long history of backdoors. They love these things, as they make their life so much easier. Read on Venona, Enigma, Ivy Bells: all of these were made possible by intercepting/copying one-time pads, selling "unbreakable" German encryption machines and tapping undersea Russian cables. And I am willing to bet these are just a small fraction of what these people have done over the years. Source:

https://en.wikipedia.org/wiki/Venona_project
https://en.wikipedia.org/wiki/Enigma_machine
https://en.wikipedia.org/wiki/Operation_Ivy_Bells

Again, this is just a small fraction of what NSA and GCHQ have done over the years. So, yes, suspecting backdoors in open-source software is... shall we say... only natural.

If I was paid to be a professional paranoid, I would be taking a very long hard look at my computers and telecom equipment right now.

Re: Patents cause progress stoppage by Camael · 2013-07-01 15:03 · Score: 5, Informative · on FTC Chairwoman Speaks On Growing US Patent Problem

No, parent post has a point.

Let me illustrate this with actual examples where patent trolls sued small businesses for using a modern office scanner to scan documents to e-mail.

The Project Paperless via AdzPro letter-writing campaign is a kind of lowest-common-denominator patent demand. Patent-licensing companies are going after the users of everyday technology rather than their traditional targets, the tech companies that actually make technology. Smaller and smaller companies are being targeted. ...Project Paperless and its progeny don’t have any interest in going after the Canons and the Xeroxes of the world. After all, they have patent lawyers on payroll already and are in a far better position to push back. Project Paperless' spawn—AdzPro, AllLed, GosNel, and the others listed above—exemplify the new strategy. They send out vast quantities of letters, mainly to businesses that never could have imagined they’d be involved in any kind of patent dispute. They send them from anonymous and ever-changing shell companies. And at the end of the day, they either file only a few lawsuits—as Project Paperless did—or none at all, which has been the AdzPro strategy thus far.
“Going after the end users may ultimately be more lucrative for them,” said one patent litigator at a technology company that's closely monitoring the AdzPro situation. “If they extract a small amount from each possible end user, the total amount might well end up being a much larger sum than they could ever get from the manufacturers. The ultimate pot of gold could end up being much bigger."

Or other cases where frivolous suits were filed against small businesses for the use of technologies like WIFI .

In typical patent troll style, these shell companies (with names like AdzPro, FanPar, and HunLos) are asking businesses and users for a few thousand dollars—far less than what litigation would cost—as a licensing fee for using this basic technology. Unwilling or unable to lawyer up, most choose the more convenient route of settling ...
Over the past few years, we saw Lodsys threaten and sue a number of app developers for using technologies provided that companies like Apple and Google require their app developers to use. More recently, a patent troll called Innovatio has been suing restaurants, hotels, and companies for using WiFi. Yes, that’s right. WiFi.

My point is twofold: 1) Patents are being abused by patent trolls, who do not create, nor provide any incentive to creators and 2) Patent abuse is spreading to cause great distress to the general public. I'm sure that some of these businesses, when threatened, would opt to forgo the use of technologies such as scanners, WIFI etc. Scaring people off with frivolous lawsuits from using technology that could improve their performance, efficiency, efficacy or make their lives better is blocking progress.

Re:why? by yusing · 2013-07-01 08:43 · Score: 1 · on Firefox 23 Makes JavaScript Obligatory

Yes, there are. But for those with privacy concerns, fingerprinting is MUCH easier with JS turned on. Just go over to Panopticlick

https://panopticlick.eff.org/index.php?action=log&js=yes

and see for yourself. Anti-tracker plugins like Ghostery stop that brand of foolishness, but do nothing to avoid fingerprinting. You'll need a fairly sophisticated user-agent spoofer, since some very big sites (Youtube for one) will -not function- with some -very common- user-agent strings. Just try.

Re:why? by Anonymous Coward · 2013-07-01 05:55 · Score: 5, Informative · on Firefox 23 Makes JavaScript Obligatory

Yes.

Javascript is supposed to be sandboxed in all modern browsers, but that doesn't make it perfect. All the serious vulnerabilities I've seen over the past few years exploited the sandbox, and therefore required javascript to work.

Also there is private information WITHIN the browser. Being inside the sandbox, that information is thus provided to websites.

For example:

Browser fingerprinting, using your installed fonts, screen resolution, etc. http://panopticlick.eff.org/

Mouse pointer tracking with javascript: http://jsbin.com/ufupol/98

Capturing information entered into forms and then deleted before submitting: various analytics tools

Here's a random analytics provider I found on Google (There were plenty of others):

We capture every mouse move, click, scroll and keystroke, by using a tiny piece of JavaScript copied into your website. The whole process is completely transparent to the end user, and has no noticeable effect on your site performance.

http://www.clicktale.com/products/mouse-tracking-suite/visitor-recordings

Re:No Shit by kilfarsnar · 2013-07-01 02:00 · Score: 1 · on More Details Emerge On How the US Is Bugging Its European Allies

Afterall he is only reporting what any 'responsible' government already knew and did......

Incredibly false. What he did was leak a bunch of documents in a very irresponsible manner. He could have chose to quit his job and go on to tell the American people they were being spied upon. That's been done at least three times before. But instead what he did was take a bunch of classified documents and release them to the press without any redactions -- and some international presses too. Why didn't he sit down and carefully consider all the information and just pare it down to only the details that Americans were being spied upon by their government? That's why he's legally screwed right now and will likely never be able to return to the United States and be jailed for life if he does.

I don't know, it seems like he released all these documents in an un-redacted and irresponsible manner, and yet the earth continues to tun and the US maintains "national security". The US government doesn't like these leaks because it exposes the fact that its actions often don't match its rhetoric about freedom and democracy and the rule of law and all that.

It's interesting to me that we all seem to tacitly acknowledge that intelligence agencies are criminal organizations; that is, they break the law as matter of course. We know now, and should have known for a while now, that they lie to their governments and the public about what they are up to. For our own good, of course. I'm glad when we find out about this stuff because in a democracy, even a representative one like ours, the public needs to be informed to make good decisions.

Re:No Shit by Anonymous Coward · 2013-07-01 00:28 · Score: 0, Informative · on More Details Emerge On How the US Is Bugging Its European Allies

It also doesn't support the 'Snowden is evil' image either.

I disagree, that's exactly what it does. It's evil because it gives an entirely one sided view of the situation -- where are your European leakers? Your Asian leakers? Your Russian leakers? Or are you daft enough to think that Great Britain, Germany, China, Russia, etc are not engaging in espionage? Furthermore, I now support the charges of espionage claimed by the US. If you're involved in espionage against some country -- ally or foe -- and someone leaks that information worldwide, they too are now engaged in espionage.

Afterall he is only reporting what any 'responsible' government already knew and did......

Incredibly false. What he did was leak a bunch of documents in a very irresponsible manner. He could have chose to quit his job and go on to tell the American people they were being spied upon. That's been done at least three times before. But instead what he did was take a bunch of classified documents and release them to the press without any redactions -- and some international presses too. Why didn't he sit down and carefully consider all the information and just pare it down to only the details that Americans were being spied upon by their government? That's why he's legally screwed right now and will likely never be able to return to the United States and be jailed for life if he does.

Re:Abandoning the cloud ? by Shempster · 2013-06-28 06:48 · Score: 1 · on Richard Stallman Speaks About Back Doors After NSA Documents Leak

“Governments constantly choose between telling lies and fighting wars, with the end result always being the same. One will always lead to the other.”

- Thomas Jefferson

Spying on criminal elements of society is one thing, spying on everyone, and assembling metadata into some huge searchable database with a profit motive is another.

I assume all pivacy online is now gone for good. This does not mean it's ok. ie: Privacy in Ubuntu 12.10: Amazon Ads and Data Leaks

Re:Turn off http. by Samizdata · 2013-06-27 16:56 · Score: 1 · on Keeping Your Data Private From the NSA (And Everyone Else)

Well, been using this for a good long while and it seems to work a treat where HTTPS is supported.

I do believe some sort of movement to embrace HTTPS as a mandatory option by everyone is overdue and the time is ripe for it to strike.

I agree. You might want to install HTTPS Finder as well. It works alongside HTTPS Everywhere, detecting HTTPS support and creating rules for sites that aren't already on the list supplied with HTTPS Everywhere.

Cheers for the pointer. Following up now.

Re:Turn off http. by cffrost · 2013-06-27 16:52 · Score: 1 · on Keeping Your Data Private From the NSA (And Everyone Else)

Well, been using this for a good long while and it seems to work a treat where HTTPS is supported.

I do believe some sort of movement to embrace HTTPS as a mandatory option by everyone is overdue and the time is ripe for it to strike.

I agree. You might want to install HTTPS Finder as well. It works alongside HTTPS Everywhere, detecting HTTPS support and creating rules for sites that aren't already on the list supplied with HTTPS Everywhere.

EFF's 4th amendment opninion by Anonymous Coward · 2013-06-25 06:18 · Score: 0 · on US Senators: NSA Lies In Fact Sheets

Its not immoral. He swore an oath for his security clearance. An oath like the president or any soldier. Its first clause to to protect and defend the constitution of the united states of America. The last is to perform the duties of his position.

He was placed in the position where he could not simultaneously fulfill both parts of the oath. No matter what he did, he would be breaking part of it. So he sided with the constitution and the American people, and I think that makes him a hero.

This is in response to everyone who keeps dropping 'constitution' in here.

https://ssd.eff.org/your-computer/govt/privacy

Read the EFF's opinion on reasonable expectation of privacy. I bolded stuff for my own amusement.
The EFF must be furious that only now people are reacting to something they have been trying to tell you, because you all seem to be under the impression something was taken away rather than not ever protected in the first place.

A big question in determining whether your expectation of privacy is "reasonable" and protected by the Fourth Amendment arises when you have "knowingly exposed" something to another person or to the public at large.

You may "knowingly expose" a lot more than you really know or intend. Most information a third party collects — such as your insurance records, credit records, bank records, travel records, library records, phone records and even the records your grocery store keeps when you use your "loyalty" card to get discounts — was given freely to them by you, and is probably not protected by the Fourth Amendment under current law.

Records stored by others. As the Supreme Court has stated, "The Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." This means that you will often have no Fourth Amendment protection in the records that others keep about you, because most information that a third party will have about you was either given freely to them by you, thus knowingly exposed, or was collected from other, public sources. It doesn't necessarily matter if you thought you were handing over the information in confidence, or if you thought the information was only going to be used for a particular purpose.

Therefore it is important to pay close attention to the kinds of information about you and your organization’s activities that you reveal to third parties, and work to reduce the amount of private information you leave behind when you go about your daily business.

Captcha is 'hilarity' ROFLMAOx100

Re: He is not a whistleblower by yokem_55 · 2013-06-23 08:34 · Score: 1 · on Edward Snowden Leaves Hong Kong

And here is more specifically about reasonable expectations of privacy:
https://ssd.eff.org/your-computer/govt/privacy

Re:He is not a whistleblower by yokem_55 · 2013-06-23 08:00 · Score: 2 · on Edward Snowden Leaves Hong Kong

Thank's for quoting the 4th Amendment! If you read it carefully, it says person's house, papers and effects are only subject to "unreasonable" searches when a warrant has been requested and authorized. Going back about 45 years to the Katz decision, the courts have said a search is unreasonable when it violates a person's "reasonable expectation of privacy". Anything outside of that that "reasonable" expectation of privacy is fair game for the government without a court approved warrant. Anything within, that "reasonable expectation expectation of privacy" requires a warrant.

Subsequently, the courts have been trying to determine what stuff falls inside or outside that "reasonable expectation of privacy" and the most recent jurisprudence says that when you give your data to a third party, and you aren't paying them to store it for you, you don't have a reasonable expectation of privacy when it comes to that data and thus is subject to government subpoena without a warrant.

Now don't take my for all this - read what the eff has to say:
https://ssd.eff.org/your-computer/govt/fourth-amendment

Re:Encryption by sociocapitalist · 2013-06-22 20:35 · Score: 1 · on GCHQ Tapping UK Fiber-Optic Cables

I'll just leave this here:
https://www.eff.org/https-everywhere

Re:girlintraining advances do not track tech MOAR. by tlhIngan · 2013-06-22 18:35 · Score: 2 · on Firefox Advances Do-Not-Track Technology

I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.
Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*
But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your ISP is only too happy to whore out your realworld identity for a few scheckles, and it's trivial to link all your activity now to you, whether you login or not, use cookies, or all the browser magic in the world.
The only tech that can help you right now is one that mixes in all your traffic into everyone else's so you can't mine the data.

Yeah, too bad you can be identified without your IP address.

IP address tracking has been useless since NAT got popular because there can easily be dozens of people behind one IP address with disparate interests and tastes.

It may be why IPv6 adoption will be heavily pushed by advertisers who can now glean both a household and a PC - most PCs aren't used by more than a few people and nowadays most people have one PC per member (at least, the people of interest to advertisers). A household can be identified by the prefix of an IPv6 address (since most ISPs give out a full prefix /64 to a subscriber), while an individual PC will have an IP address within said prefix. Might be wise to invest in NATv6...

Even without that, your uniqueness can be gleaned from your browser - the EFF Panopticlick can identify how unique you are by your browser. Unless you use a different one while using Tor, your browser fingerprint will easily be used to link your identities together.

In fact, if Firefox wants to upgrade privacy? They could start by standardizing the headers they send so every firefox user appears like every other firefox user. Perhaps even restrict what javascript information is allowed to be retrieved.

I just did a test and with javascript off, my browser was 1 in 3500. With it on, its unique.

Whitelist all by Artemis3 · 2013-06-22 12:32 · Score: 1 · on Firefox Advances Do-Not-Track Technology

By default, a browser should not give a referrer, unless explicitly told to do so. Eg. RefControl for Firefox.

By default, a browser should not accept cookies, unless explicitly told to do so. Eg. CookieMonster for Firefox.

By default, a browser should not execute scripts or run plugins unless explicitly told to do so. Eg. NoScript for Firefox.

By default, a browser should not provide the info panopticlick obtains, such as the detailed user agent. That should be outright blank or generic and immutable from now on.

No, you don't need to know which browser and os i use; design your sites adhering to standards, period. To hell with stats, privacy first.

By default, a browser should not display images, unless explicitly told to do so. There was a time when this used to be the case, there was even a button to load images only when needed.

All these whitelist options should have the "accept from same server only"; or explicitly "whitelist server X" option.

There are also a plethora of little tricks advertisers (and others) use to track you, things Ghostery, and Adblock Edge both help to block.

If you tell me Firefox is going to provide these by default, or via a privacy setting, then we are talking.

Face it, the web is hostile. You just can't go out browsing without taking these measures anymore.

Also performance, don't laugh at the tracking some sites do; most won't even show you the page until every little last of the trackers get your info first, unless you block them from doing so in the first place. Often, one of the 3rd party servers is lagged or down.

And using the "Do not Track Lists" is begging for the opposite effect, it's like flagging "here i am", it's precisely why you never ever reply to spam emails, especially instructions to "unsubscribe" from their mailing lists, it will just confirm you and sell your email as valid to others.

As for revenue models and showing ads, i have said so before: serve (host) your own ads or be blocked, period. Syndicated (third party) ads are the first to be blocked by ad-blockers.

Re:Backlash by Jane+Q.+Public · 2013-06-22 11:49 · Score: 1 · on Firefox Advances Do-Not-Track Technology

"Some clarification is necessary, for folks who dont really get how websites work."

Agree with hedwards. It seems that maybe you are the one who needs education.

This whole thing isn't about the site you visit. It's about 3rd parties tracking you when you visit those sites.

Here's how it works: you are person or company hosting website A. I am advertising company B. You create a website. On that website you include a link to an ad that is hosted on my server. Often they are buried in a mess of javascript, but in the simplest case that's what it amounts to.

When user X goes to your website (A), the browser requests the page from your server. In the content of that page, it includes links to images on my server at B. In order to display those images, your browser makes a request to server B. User X has not given prior or informed consent for this. But it happens nevertheless.

Since your browser made a request to MY server at B (even though the user only intended to visit a page on A), guess what information I can retrieve? Rather than trying to explain, just go here to the Panopticlick Project (make sure javascript is turned on, because it is for most people) and see.

And that doesn't even count the referrer, which any server can get and which tells me (at B) exactly what web page you visited, and when. So the upshot is: without your prior knowledge or consent, when you go to ANY SITE that has my ad on it, without your knowledge or prior (or informed) concent, at B I can tell where you were, and when.

That is true of EVERY site that has a Fecebook "like" button, or Reddit link, or AddThis or Google+ button, or ad from DoubleClick, and on and on and on, ad nauseum. Every one of them.

And that's WITHOUT even going into the subject of cookies! Cookies are not necessary to do that. But cookies can do more. And then there are Flash "cookies", and "local storage"...

The problem is FAR bigger than you have recognized.

Oh... and here's another thing, just to top it all off: IT IS ILLEGAL in the U.S. to track anyone who is younger than 13 years of age. But they do it all the time, for the simple reason that they CAN'T know in advance who they're tracking. They can only tell afterward, and they usually don't bother to even find out.

Re:Didn't need to be the NSA by Em+Adespoton · 2013-06-21 12:00 · Score: 4, Insightful · on US Charges Edward Snowden With Espionage

Yea well, if the NSA doesn't have a positive ID on you (and they don't try very hard) you get the foreigner rules applied to you.

Enjoy.

Plus, I take it from GP's stance that you don't mind at all if foreigners (most of the world) are spying on you, even if that involves foreign intelligence agencies sharing such wide-net intel with the FBI, Customs, and Secret Service (or Homeland Security) on request.

So even if you aren't considered a foreigner due to them not being able to guarantee you're actually a US citizen, this is still a bad precedent to set.

Re:Why is it a sealed criminal complaint? by X0563511 · 2013-06-21 11:53 · Score: 2 · on US Charges Edward Snowden With Espionage

Point this to them, see if that helps change their tune.

Re:Didn't need to be the NSA by X0563511 · 2013-06-21 11:50 · Score: 4, Insightful · on US Charges Edward Snowden With Espionage

Yea well, if the NSA doesn't have a positive ID on you (and they don't try very hard) you get the foreigner rules applied to you.

Enjoy.

Re:TOR exit node locations by plover · 2013-06-21 06:29 · Score: 4, Interesting · on Use Tor, Get Targeted By the NSA

It doesn't take much of a slip-up to reveal your identity.

Look at Panopticlick from the EFF. They can uniquely identify most computers just from the fingerprints in the browser - your collection of fonts, browser plug-ins, and other customizations are usually unique to one machine. So if you ever used Google and did anything that identifies yourself, such as purchased something online and had it shipped to your house, and you later use that same browser through Tor and surf to any site they are observing, or through any exit node under their scrutiny, or to any site loading javascripts from an NSA collaborator such as Google, they would be able to associate your anonymous activities with your identified session. (Ironically, an iPad or iPhone is usually very generic because Apple doesn't allow Safari to be modified. However, they still accept cookies and have no deliberate provisions for anonymity.)

We also have evidence that the intelligence agencies already understand this, and are actively using such information. The Gauss malware installs a font named Palida Narrow, which enables any site you visit to surreptitiously check to see if you're infected with Gauss. It's the same idea and the same mechanism.

To safely use Tor, you really need to be careful. You need a stock generic browser, launched from a clean OS image, and you should hope many other people are doing the same. A browser that returns randomly varying attributes to every request would be useful. Block flash, block cookies, and block javascript and all scripts entirely - you dont want Google Analytics or any of the thousand other profiling services to accidentally tag you. You need to connect from varying locations, none of which are your home. A wifi card that allows you to set a random MAC may help. And you likely need to do more - I certainly don't know everything they can observe.

Re:TOR exit node locations by Anonymous Coward · 2013-06-21 05:34 · Score: 0 · on Use Tor, Get Targeted By the NSA

Now, could they theoretically track your traffic back to its origin if they have a complete picture of the network? It's possible, but they can only do a positive ID when there's not much TOR traffic, especially near your physical location, to begin with. That's where security by obscurity comes into play.

Tor's anonymity can be broken with traffic analysis (i.e., of packet timing and sizes) by an adversary that can see both endpoints (i.e., the traffic between the user and first node, and the traffic between the exit node and destination) [1] [2]. There's a lot more work on this topic.

Whether or not there's "much Tor traffic" around you has little to do with it. The only requirement is that YOU send enough packets via Tor for it to be possible to correlate the traffic at both endpoints. The amount of traffic needed for that may be a function of the Tor traffic around you, but it's still very possible to de-anonymize a Tor user who sends a realistic amount of data over Tor.

It's also not necessary for the adversary to have a complete picture of the network. It's only necessary for the adversary to see that traffic at both endpoints. I suspect this is disturbingly easy for the NSA given their ability to monitor traffic at US tier-1 provider(s).

This is currently the single most important problem Tor has. There's been much research into avoiding it, but no one has come up with a good solution. The difficulty is that there's a trade-off between latency and the power of traffic analysis. If only a small amount of latency is artificially introduced, traffic analysis is still feasible. Mix networks are not susceptible to traffic analysis because they introduce a large amount of latency and are thus useless for interactive applications.

Re:Another day, another codec. by LourensV · 2013-06-21 03:10 · Score: 5, Interesting · on Next-Next Generation Video: Introducing Daala

Those existing codecs are all very similar technically, and riddled with patents. If Monty can make something new (and he can, see CELT) and work around those patents (and he can, see Vorbis, Theora), then it's definitely a welcome addition. And a codec doesn't have to dominate to be useful; Vorbis is widely used (Wikipedia, all sorts of software that plays sound and music including a lot of if not most video games) and supported on a lot of platforms (including hardware players and set-top boxes) even if it never did completely replace MP3 and AAC. If nothing else, having a free and unencumbered option will keep the licensors of the proprietary codecs at least somewhat honest.

Incidentally, isn't it about time for Monty to get an EFF Pioneer award? He's been very successfully working on freely usable audio and video codecs for well over a decade now, starting at a time when many people didn't believe that a non-encumbered audio or video codec was even possible. Someone with his skills could probably make a very good living in proprietary codec development, but he chose to start Xiph.org and fight the good fight (and now works for Red Hat). He belongs in that list IMHO.

Re:It's about the right to choose by auric_dude · 2013-06-20 00:36 · Score: 3, Informative · on Stanford, Mozilla, Opera Launch Web Privacy Initiative

EFF illustrate the scope of third party data sharing. How Dozens of Companies Know You're Reading About Those NSA Leaks https://www.eff.org/deeplinks/2013/06/third-party-resources-nsa-leaks. Noscript helps but is a bit like shutting the stable after the horse has bolted, this 3rd party stuff should not be in your browser in the first place.

Re:How about no by Jane+Q.+Public · 2013-06-17 11:12 · Score: 3, Insightful · on Comcast To Expand Public WiFi Using Home Internet Connections

"Does no work for you?"

Yes, "no" works for me, but for completely different reasons.

I already do this, using my own cable adapter and my own router. And it is free for my neighbors and passersby to use. No charges from Comcast or anybody else. I do it as a free public service.

And you have NO LEGAL LIABILITY for strangers using your Wi-Fi to perform illegal acts without your permission. Any more than an "internet cafe" does. People use it as they please, and they are responsible for their own actions. There have been many, many court cases over this by now.

Think about it. If somebody came into your yard without explicit permission, grabbed your lawn de-thatching tool, and hit somebody over the head with it, would you be "liable" for murder? Hell, no. Nor are you liable, generally speaking, if you (legally) loan someone your gun and they shoot somebody with it. Unless of course you knew their intent ahead of time and loaned it to them specifically for doing that. But we're talking here about somebody doing something without your foreknowledge.

So why should a router be any different? (Hint: it isn't.)

By the way: the EFF recommends doing this as a courtesy to your neighbors and the public, and assures you that there is no liability.

Again generally speaking, about the only time you are liable for someone's unauthorized use of your tools is when it is an automobile, and even that law is on pretty shaky legal ground.

EFF Resources and Personal Defense by cffrost · 2013-06-16 08:44 · Score: 2 · on Snowden NSA Claims Partially Confirmed, Says Rep. Jerrold Nadler

EFF Action: Demand Answers Now! [Direct e-mail form to contact POTUS and your senators+House rep]:
https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=9260
https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9297 [Form for non-US citizens; directed at implicated corporations]

The links below are to resources of the personal-privacy type, as opposed to the those intended to help bring about change:

EFF Surveillance Self-Defense Project [Guide to surveillance-avoidance tools and techniques for individuals]:
https://ssd.eff.org/

EFF's HTTPS Everywhere [Chrome/FF plug-in enforces HTTPS on compatible sites using rule-list (hundreds included)]:
https://www.eff.org/https-everywhere

https-finder: Plug-in for HTTPS Everywhere users; auto-detects sites' HTTPS support and adds them to rule-list:
https://code.google.com/p/https-finder/

Privacy-oriented search engines:
https://duckduckgo.com/ [Only search engine on EFF's Organizational Member list]
https://ixquick.com/ [Provides HTTPS proxy through which search results may be accessed]

Privacy/security-oriented free web-mail providers:
https://www.safe-mail.net/
https://www.hushmail.com/

EFF Resources and Personal Defense by cffrost · 2013-06-16 08:44 · Score: 2 · on Snowden NSA Claims Partially Confirmed, Says Rep. Jerrold Nadler

EFF Action: Demand Answers Now! [Direct e-mail form to contact POTUS and your senators+House rep]:
https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=9260
https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9297 [Form for non-US citizens; directed at implicated corporations]

The links below are to resources of the personal-privacy type, as opposed to the those intended to help bring about change:

EFF Surveillance Self-Defense Project [Guide to surveillance-avoidance tools and techniques for individuals]:
https://ssd.eff.org/

EFF's HTTPS Everywhere [Chrome/FF plug-in enforces HTTPS on compatible sites using rule-list (hundreds included)]:
https://www.eff.org/https-everywhere

https-finder: Plug-in for HTTPS Everywhere users; auto-detects sites' HTTPS support and adds them to rule-list:
https://code.google.com/p/https-finder/

Privacy-oriented search engines:
https://duckduckgo.com/ [Only search engine on EFF's Organizational Member list]
https://ixquick.com/ [Provides HTTPS proxy through which search results may be accessed]

Privacy/security-oriented free web-mail providers:
https://www.safe-mail.net/
https://www.hushmail.com/

EFF Resources and Personal Defense by cffrost · 2013-06-16 08:44 · Score: 2 · on Snowden NSA Claims Partially Confirmed, Says Rep. Jerrold Nadler

EFF Action: Demand Answers Now! [Direct e-mail form to contact POTUS and your senators+House rep]:
https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=9260
https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9297 [Form for non-US citizens; directed at implicated corporations]

The links below are to resources of the personal-privacy type, as opposed to the those intended to help bring about change:

EFF Surveillance Self-Defense Project [Guide to surveillance-avoidance tools and techniques for individuals]:
https://ssd.eff.org/

EFF's HTTPS Everywhere [Chrome/FF plug-in enforces HTTPS on compatible sites using rule-list (hundreds included)]:
https://www.eff.org/https-everywhere

https-finder: Plug-in for HTTPS Everywhere users; auto-detects sites' HTTPS support and adds them to rule-list:
https://code.google.com/p/https-finder/

Privacy-oriented search engines:
https://duckduckgo.com/ [Only search engine on EFF's Organizational Member list]
https://ixquick.com/ [Provides HTTPS proxy through which search results may be accessed]

Privacy/security-oriented free web-mail providers:
https://www.safe-mail.net/
https://www.hushmail.com/

EFF Resources and Personal Defense by cffrost · 2013-06-16 08:44 · Score: 2 · on Snowden NSA Claims Partially Confirmed, Says Rep. Jerrold Nadler

EFF Action: Demand Answers Now! [Direct e-mail form to contact POTUS and your senators+House rep]:
https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=9260
https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9297 [Form for non-US citizens; directed at implicated corporations]

The links below are to resources of the personal-privacy type, as opposed to the those intended to help bring about change:

EFF Surveillance Self-Defense Project [Guide to surveillance-avoidance tools and techniques for individuals]:
https://ssd.eff.org/

EFF's HTTPS Everywhere [Chrome/FF plug-in enforces HTTPS on compatible sites using rule-list (hundreds included)]:
https://www.eff.org/https-everywhere

https-finder: Plug-in for HTTPS Everywhere users; auto-detects sites' HTTPS support and adds them to rule-list:
https://code.google.com/p/https-finder/

Privacy-oriented search engines:
https://duckduckgo.com/ [Only search engine on EFF's Organizational Member list]
https://ixquick.com/ [Provides HTTPS proxy through which search results may be accessed]

Privacy/security-oriented free web-mail providers:
https://www.safe-mail.net/
https://www.hushmail.com/

EFF Resources and Personal Defense by cffrost · 2013-06-16 08:44 · Score: 2 · on Snowden NSA Claims Partially Confirmed, Says Rep. Jerrold Nadler

EFF Action: Demand Answers Now! [Direct e-mail form to contact POTUS and your senators+House rep]:
https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=9260
https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9297 [Form for non-US citizens; directed at implicated corporations]

The links below are to resources of the personal-privacy type, as opposed to the those intended to help bring about change:

EFF Surveillance Self-Defense Project [Guide to surveillance-avoidance tools and techniques for individuals]:
https://ssd.eff.org/

EFF's HTTPS Everywhere [Chrome/FF plug-in enforces HTTPS on compatible sites using rule-list (hundreds included)]:
https://www.eff.org/https-everywhere

https-finder: Plug-in for HTTPS Everywhere users; auto-detects sites' HTTPS support and adds them to rule-list:
https://code.google.com/p/https-finder/

Privacy-oriented search engines:
https://duckduckgo.com/ [Only search engine on EFF's Organizational Member list]
https://ixquick.com/ [Provides HTTPS proxy through which search results may be accessed]

Privacy/security-oriented free web-mail providers:
https://www.safe-mail.net/
https://www.hushmail.com/

Re:Telcos by MasterOfMagic · 2013-06-16 06:00 · Score: 1 · on Snowden NSA Claims Partially Confirmed, Says Rep. Jerrold Nadler

Which both Candidate Obama and President Obama supported from the get go.

The fix is in, people. Do not worry though:

We interrupt this program with a special bulletin.
America is now under martial law.
All Constitutional rights have been suspended.
Stay in your homes.
Do not attempt to contact loved ones, insurance agents, or attorneys.
Shut up!
Do not attempt to think or depression may occur.
Stay in your homes!
Curfew is at 7PM sharp after work
Anyone caught outside the gates of their subdivision sector after dark will be shot!
Remain calm, do not panic.
Your Neighborhood Watch officer will be by to collect urine samples in the morning.
Anyone caught interfering with the collection of urine samples will be shot!
Stay in your home, remain calm.
The number one enemy of progress is questions.
National Security is more important than individual will.
All sports broadcasts will proceed as normal.
No more than two people may gather anywhere without permission!
Use only the drugs prescribed by your boss or supervisor.
Shut up! Be happy!
Obey all orders without question.
The comforts you demanded are now mandatory.
Be happy!
At last everything is done for you!

Re:How Facebook innovated by hjf · 2013-06-16 02:46 · Score: 1 · on Don't Panic, But We've Passed Peak Apple (and Google, and Facebook)

Facebook cookies on my browser contradict your statement.

If you put it like this (quoting me incompletely), yes.
But there was another sentence on the next line which you neglected to quote. It's OK, I know how slashdot discussions are. Nerds just love to show how wrong the other is.

I'll get to blocking facebook from hosts file later, but most people won't.

And why would you do that? There are better options: https://www.ghostery.com/download and also https://www.eff.org/https-everywhere while you're at it. And throw in Adblock for a thorough experience.

LYNCHPIN of warrantless spying: Hepting v. AT& by TheRealHocusLocus · 2013-06-15 02:55 · Score: 1 · on Snowden Is Lying, Say House Intelligence Committee Leaders

Hepting v. AT&T is the smoking gun of wholesale warrantless surveillance.

Government flacks will (and are) attempting to divert the issue thus: Snowden is a traitor; this is specifically about FISA warrants issued for foreign nationals; any Americans caught in the dragnet amounts to small collateral damage; or, this is specifically about access of telephone metadata (aka "pen registers") not content without warrants, which is permitted by law.

Anything to keep you from thinking about split fiber optic taps at interchange points, wholesale copying and (blind) storage of intercepts which comprise ~99.99% domestic (illegal) traffic.

Our rule of law recognizes that 'wholesale possession' of certain materials, either obtained in an illegal manner or explicitly construed to be of use in the commission of a crime (such as 'presumed intent to...'), is a crime. Another element is the Racketeer Influenced and Corrupt Organizations Act (RICO) where individuals can be held accountable for the actions of syndicates.

Could one argue that the only conceivable motive of gathering domestic communications and storing them wholesale (read or unread), would be to subject parties to blackmail for 'future' crimes? Could one argue that AT&T personnel who did authorize and oversee the splitting of the fiber optic cable (on their premises), were in full knowledge that Constitutional rule of law was being violated?

Hepting v. AT&T seeks to answer these questions. And the Supreme Court has 'declined' to hear the case without explanation or elaboration.

If there is a moment of history where the Supreme body of any branch of government is in dereliction of duty and in violation of its own sworn oath, this is it.

The Supreme Court needs to be pressed on this matter. Congress needs to investigate this particular issue because the PRISM slides are very possibly FAKE, and FISA courts issue but a few transactional warrants, most of which involve foreign nationals and are thus defendable. PRISM and FISA make the perfect distraction and diversion. The mass warrantless wiretapping and data mining that is explicitly uncovered and pursued in Hepting v. AT&T is the furor we need to see.

Time to bring in the big guns. Please 'like' Hepting v. AT&T on Facebook.