Slashdot Mirror

That would be the Electronic Frontier Foundation. https://www.eff.org/

Not necessarily:
https://lifehacker.com/5763452...
https://www.techwalla.com/arti...
https://www.cnet.com/how-to/ho...

https://panopticlick.eff.org/r...

The problem with that theory is that HTTPS Everywhere is run by the EFF and Tor, not Google!

Let's Encrypt is the joint project which Google is involved with. But again, the EFF is also a major backer of the project. And frankly? The EFF has a much better record of supporting my privacy and freedom than Anonymous Coward. Forgive me if I continue to find them more reliable and trustworthy than some random Internet guy.

Dave Winer seems to think this is a Google thing. In point of fact, HTTPS Everywhere is sponsored by the EFF and Tor. And Let's Encrypt is run by an umbrella organization whose members include the EFF and Mozilla as well as Google, Cisco, and Akamai.

I don't have much trust for Google, but I do have a lot more trust for the EFF than I do for some random software developer. Even if he's old. I'm sure Winer is well-intentioned (given his history), but he doesn't seem to have done his research very well, in this case.

The EFF's reasons for supporting https are a lot stronger than Winer seems to realize. Google's reasons, I can't address, since I'm not familiar with them, but the EFF's arguments are pretty strong. MITM attacks at the government actor level are not just hypothetical.

From the EFF's page:

Content injection is when someone adds data or code to your communications with an HTTP web page. For example, it's how GCHQ and NSA took over a Belgian ISP's computers. Content injection is also how China took down GitHub with a massive DDoS attack, dubbed "The Great Cannon". Content injection is also becoming popular with ISPs. Verizon injected tracking headers into every request made by their customers. And Comcast injects pop-ups into sites where they don't belong. All of these attacks can be stopped by HTTPS, provided it is implemented and made default on enough sites.

Now, I admit there are still some questions which aren't as frequently discussed as they should be, such as private LANs where https isn't an option. (I have http services running on such a LAN myself.) But that can be dealt with. For IP4, it's fairly easy--whitelist private ranges. For IP6, you'd have to have a way of designating your trusted network. But it can be dealt with. And the public Internet should be encrypted. Anyone who argues otherwise is simply clueless. (Or culpable.)

Dave Winer seems to think this is a Google thing. In point of fact, HTTPS Everywhere is sponsored by the EFF and Tor. And Let's Encrypt is run by an umbrella organization whose members include the EFF and Mozilla as well as Google, Cisco, and Akamai.

I don't have much trust for Google, but I do have a lot more trust for the EFF than I do for some random software developer. Even if he's old. I'm sure Winer is well-intentioned (given his history), but he doesn't seem to have done his research very well, in this case.

The EFF's reasons for supporting https are a lot stronger than Winer seems to realize. Google's reasons, I can't address, since I'm not familiar with them, but the EFF's arguments are pretty strong. MITM attacks at the government actor level are not just hypothetical.

From the EFF's page:

Content injection is when someone adds data or code to your communications with an HTTP web page. For example, it's how GCHQ and NSA took over a Belgian ISP's computers. Content injection is also how China took down GitHub with a massive DDoS attack, dubbed "The Great Cannon". Content injection is also becoming popular with ISPs. Verizon injected tracking headers into every request made by their customers. And Comcast injects pop-ups into sites where they don't belong. All of these attacks can be stopped by HTTPS, provided it is implemented and made default on enough sites.

Now, I admit there are still some questions which aren't as frequently discussed as they should be, such as private LANs where https isn't an option. (I have http services running on such a LAN myself.) But that can be dealt with. For IP4, it's fairly easy--whitelist private ranges. For IP6, you'd have to have a way of designating your trusted network. But it can be dealt with. And the public Internet should be encrypted. Anyone who argues otherwise is simply clueless. (Or culpable.)

Dave Winer seems to think this is a Google thing. In point of fact, HTTPS Everywhere is sponsored by the EFF and Tor. And Let's Encrypt is run by an umbrella organization whose members include the EFF and Mozilla as well as Google, Cisco, and Akamai.

I don't have much trust for Google, but I do have a lot more trust for the EFF than I do for some random software developer. Even if he's old. I'm sure Winer is well-intentioned (given his history), but he doesn't seem to have done his research very well, in this case.

The EFF's reasons for supporting https are a lot stronger than Winer seems to realize. Google's reasons, I can't address, since I'm not familiar with them, but the EFF's arguments are pretty strong. MITM attacks at the government actor level are not just hypothetical.

From the EFF's page:

Content injection is when someone adds data or code to your communications with an HTTP web page. For example, it's how GCHQ and NSA took over a Belgian ISP's computers. Content injection is also how China took down GitHub with a massive DDoS attack, dubbed "The Great Cannon". Content injection is also becoming popular with ISPs. Verizon injected tracking headers into every request made by their customers. And Comcast injects pop-ups into sites where they don't belong. All of these attacks can be stopped by HTTPS, provided it is implemented and made default on enough sites.

Now, I admit there are still some questions which aren't as frequently discussed as they should be, such as private LANs where https isn't an option. (I have http services running on such a LAN myself.) But that can be dealt with. For IP4, it's fairly easy--whitelist private ranges. For IP6, you'd have to have a way of designating your trusted network. But it can be dealt with. And the public Internet should be encrypted. Anyone who argues otherwise is simply clueless. (Or culpable.)

you don't need mint to avoid a 'bullshit ui' from ubuntu. you just like slamming canonical, i guess.

because all that's needed is 4 or 5 brain cells to power yourself to configuring something else on it.. including your precious mint's default of cinnamon.

Let's break it down:

you just like slamming canonical, i guess.

It's easier to install 3rd party software on Ubuntu than it is on Debian.

Indeed.

because all that's needed is 4 or 5 brain cells to power yourself

Perhaps you should have engaged your 4 or 5 remaining brain cells before replying? I've used Ubuntu from around 5.10 up to and including when they introduced Unity. Tried to like it, gave up, moved on. But Unity was so awesome that they didn't cancel it, amirite?

to configuring something else on it.. including your precious mint's default of cinnamon.

Do more work to achieve the same thing, why?

And what would I gain from doing it that way anyway?

Canonical deserves to be called out for fucking up the UI, just like one would call out MS for fucking up the UI

Say what? You're hitting an if-I-stick-my-head-in-the-sand-nobody-can-see-me level of stupid yourself, friend.

Think you can't be tracked if you don't allow ads (or cookies, for that matter)? Guess again.

Is the EFF trying to sell certificates now?

Not quite, but Electronic Frontier Foundation is sponsoring the Let's Encrypt CA. In addition, many of the same companies sponsor both EFF (source) and LE (source). Fastly and DigitalOcean, for example, sponsor both organizations.

once negotiated it prevent interception of the message being TRANSPORTED over the network. In order to do this self-signed certificates are perfectly adequate.

"Negotiation" of a TLS connection includes the client accepting the certificate that the server presents. This is fine over a LAN, as (say) a printer can write the fingerprint of its self-signed certificate to paper in text and QR code form, or a home server appliance can use a composite, VGA, or HDMI output or a built-in status LCD to display the fingerprint. But it's less fine at Internet scale unless there's some convenient means of out-of-band communication between the operators of the client and the server. How would it be practical for every MTA operator to verify every other MTA's self-signed certificate through out-of-band communication?

Or like W3C publishing DRM standards that only works for specific browsers approved by specific companies. You know like that thing that has already happened:
https://www.eff.org/deeplinks/...

YouTube don't have a monopoly: other sites are available.

The monopoly is on public discourse, not the ability to post videos in the Internet. ADL, SPLC, and activist insiders would not be pushing so desperately to censor stuff if they didn't think the sites had enough of a monopoly to shift political discourse. The act indicts itself. It is no different than a mob throwing a printing press into the river. It should disgust any American.

You refer to dailystormer.name?

Seems they've found a home on the web despite the dreadful victimization they suffered.

They are mentioned multiple times in Ajit Pai's 200 page announcement (p.152) about ending net neutrality. He sees the social monopolies as bigger threats to free speech than the last mile monopolies.

He is not a good guy. He's not planning to do anything useful about social monopolies or last mile monopolies, and both are problems.

But he's right about this one specific argument.

EFF agrees.

You know, I don't think it works the same if you paint the fascists as victims:

First they came for the Nazis
And i did not speak out
Because I was not a Nazi.

Correct, if you're a sloppy virtue-signaller who wants to boastfully rightthink on twitter, it does not work for you to have a free speech discussion about Nazis because people go "wow just wow," or they expose you to mockery which defeats the entire purpose of your narcissistic "engagement".

If, on the other hand, your goal is to preserve the political benefits of free speech and our country's democratic legacy, you will realize as EFF does that defending free speech necessarily involves defending obnoxious speech every time because people who don't believe in frozen peaches go for the low-hanging fruit, and intentional or not, it becomes a wedge for them. This is already happening: people didn't speak out for the "Nazis," so they are coming for Damore, Prager U, gun videos, etc.

Every single time.

My point was P(pickup), not P(found). But you knew that.

If you really want to challenge my argument, instead of a strawman you should challenge me to provide citations of this (and similar) douchey behavior happening prior to the FCC's 2015 Open Internet Order. If you did that, I would list:

* Major ISPs throttling Netflix, et al.
* Verizon stating on-record that they would like to charge services for better access to their subscribers
* Madison River (ISP) blocking vonage
* Comcast (ISP) blocking P2P applications
* Telus (ISP) blocking access to a website critical of them
* Shaw (ISP) charging a 'QoS fee' to subscribers using competing VoIP solutions
* AT&T blocking VoIP apps on the iPhone
* AT&T, Sprint, and Verizon blocking Google Wallet
* Verizon blocking tethering apps
* AT&T charging extra if iPhone users want to use facetime, instead of AT&T's competing product

No one would put up with a power company that charged more for electricity to power appliances that weren't also bought from them. And yet, when a company that is a combination of ISP and content provider decides to trollishly increase the cost of competitive content streaming, somehow that's OK? SMH.

You ended with a point about opening up more spectrum & increasing service (which I take to mean that the former would cause the latter.) I can't personally speak to the matter of opening up more spectrum, because I don't know how much spectrum sits fallow. I would be surprised if much did.

https://act.eff.org/action/sto...

https://www.eff.org/deeplinks/...
Looks like an issue with client-side stuff - both pgp and gpg are impacted.

Since I am no longer required to treat all packets equally, I have:

-Installed noscript
-Installed uBlock origin
-Installed Pi-Hole
-Installed Restrictive Firewall
-Installed Ad-Free hostfile

I get the message, bandwidth is precious, I am doing my part to help!

Those web pages seem to load much faster!

You forgot privacy badger from EFF.
https://www.eff.org/privacybad...

and running your browser in private mode almost always.

And tossing your cookies and cache every couple days.

This practice should be expressly prohibited by consumer protection laws.
The fact that it is not, has a lot to say about the "of the people, for the people, by the people" claim.

Interesting read:
https://www.eff.org/wp/dangero...

How FOSTA Could Give Hollywood the Filters It's Long Wanted

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could ga

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could ga

What I'm looking forward to is the USA giving up on explosives , writing and toilet paper on the grounds that the Chinese invented them (actually, writing likely appeared first in Europe or Africa but "intellectual property" is always full of bull so we'd probably have to give that to them).

I'm sure China will be happy to give up on using a particularly stupid out of office system

Tell Congress to Vote No on the TPP | EFF Action Center

Tell Congress to Vote No on the TPP | EFF Action Center

Pulling out of the TPP was the one thing that i actually agreed with Trump on and that i was happy he followed through on.

However my concern was about the IP chapter of the provisions, which the EFF (among others) took a firm stance against.

However since the US pulled out of the TPP the remaining countries had to negotiate a new treaty, the "Comprehensive and Progressive Agreement for Trans-Pacific Partnership", or CPTPP.

At first glance it seems like most of the offensive portions on IP law were removed from the CPTPP. (Which isn't that surprising, since most of those items were favored by the large media conglomerates located in the US, and with the US out of the deal they probably no longer had a strong champion.)

_If_ that is indeed true, and _if_ the negotiations necessary for the US to join wouldn't involve reinstating those terms, i would tentatively be in favor of this, but it wouldn't break my heart if Trump flip-flops on the issue again or the other signatories no longer have any interest in letting the US in.

Pulling out of the TPP was the one thing that i actually agreed with Trump on and that i was happy he followed through on.

However my concern was about the IP chapter of the provisions, which the EFF (among others) took a firm stance against.

However since the US pulled out of the TPP the remaining countries had to negotiate a new treaty, the "Comprehensive and Progressive Agreement for Trans-Pacific Partnership", or CPTPP.

At first glance it seems like most of the offensive portions on IP law were removed from the CPTPP. (Which isn't that surprising, since most of those items were favored by the large media conglomerates located in the US, and with the US out of the deal they probably no longer had a strong champion.)

_If_ that is indeed true, and _if_ the negotiations necessary for the US to join wouldn't involve reinstating those terms, i would tentatively be in favor of this, but it wouldn't break my heart if Trump flip-flops on the issue again or the other signatories no longer have any interest in letting the US in.

How FOSTA Could Give Hollywood the Filters It's Long Wanted

The principle excuse trotted out for stripping away privacy protections from ISPs, was that those protections didn't apply to websites or other tech firms. So protecting peoples' privacy wasn't fair or something... I didn't really follow that argument, but I don't think that was the point. They just needed some nonsense that they could repeat over and over again until some people started to believe it.

Now we have a bill doing the opposite, I'm interested to see the argument they make in opposition to this one. Granted, since they're not overturning an existing rule they don't need to work as hard in justifying it, so they'll probably just trot out one of their old standbys. Something like: "Regulations bad! Thog smash responsible government!"

However, I would love it if they just flipped that shit around and went full doublethink on us.

This was pushed by Hollywood. How FOSTA Could Give Hollywood the Filters It's Long Wanted

Some of the biggest names in the U.S. entertainment industry have expressed a recent interest in a topic that’s seemingly far away from their core business: shutting down online prostitution. Disney, for instance, recently wrote to key U.S. senators expressing their support for SESTA, a bill that was originally aimed at sex traffickers. For its part, 20th Century Fox told the same senators that anyone doing business online “has a civic responsibility to help stem illicit and illegal activity.”

think of the children

That's how they do it. https://www.eff.org/deeplinks/2018/03/how-congress-censored-internet

Well you're obviously not an American, and the situation is clearly not the same everywhere as it is here, but Slashdot is frequently American-centric and this is one such instance. The summary pretty specifically mentions an American law from March of 2017 which eliminated virtually all privacy protections pertaining to ISPs, not only on what they could collect but what they could do with the data which they had collected.

Further, this is not about what they "can" do, or what they "might" do, they are doing this. In fact, back in 2013 AT&T had a program to let you opt out, for an additional cost to you of $29/month. Or you could do some reading on Verizon's program of injecting tracking data into all HTTP headers without their customers' knowledge or consent. This is not hypothetical.

Here, this is a page on some of the possible consequences of the March 2017 law, now our reality. Maybe things aren't as bad for you, but don't count on it staying that way if you maintain your apathy.

Well you're obviously not an American, and the situation is clearly not the same everywhere as it is here, but Slashdot is frequently American-centric and this is one such instance. The summary pretty specifically mentions an American law from March of 2017 which eliminated virtually all privacy protections pertaining to ISPs, not only on what they could collect but what they could do with the data which they had collected.

Further, this is not about what they "can" do, or what they "might" do, they are doing this. In fact, back in 2013 AT&T had a program to let you opt out, for an additional cost to you of $29/month. Or you could do some reading on Verizon's program of injecting tracking data into all HTTP headers without their customers' knowledge or consent. This is not hypothetical.

Here, this is a page on some of the possible consequences of the March 2017 law, now our reality. Maybe things aren't as bad for you, but don't count on it staying that way if you maintain your apathy.

Under HIPAA, this generally requires a warrant or specific exigent circumstances. "Open line to data" is illegal.

I am outraged at this as much as I am awestruck by these practices. If I'm reading this wrong, and this line to hospital records is illegal, someone please let me know. I am pro-privacy, in spite of the times we live in. None the less, this is how I read the law:

Under HIPAA, medical information can be disclosed without an individual's permission to "any government official at any level of government authorized to either investigate or prosecute a violation of the law." This applies to doctors, health plans, pharmacies, health care clearinghouses, medical research labs, hospitals and other health facilities. HIPAA requires no court involvement, as long as there is a written statement of relevancy. But HIPAA does not preempt state law when it comes to privacy. For example, California requires court approval, but that can be had with a search warrant, showing of probable cause, a showing of cause, or even just an administrative subpoena. [1]

No court authorization is required in my state. When coming under the care of my city's hospital, you sign a notice of privacy practices that includes law enforcement access to medical records.

[1] https://www.eff.org/issues/law-enforcement-access

Way back when the tin-foil crowd were Going on about the risks of "Trusted computing". At the time it seemed so far fetched.

Yet here we are today.

Courts can't compel Cloudflare to collect information, they can only compel them to turn over the information which they already have. Cloudflare says:

While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would.

Columbia Pictures Industries v. Bunnell:

Since information copied in RAM could be the basis of legal liability, the magistrate court in Bunnell reasoned it should also qualify as electronically stored information for the purposes of discovery. Although RAM may be more temporary than other forms of computer memory, the Bunnell Court concluded that RAM should also be included as a type of storage appropriate for production during discovery.

they will pick convenience over security
And what would be an example for that?

Anyone who's ever used a ChromeOS device. Especially the public school students, who have a choice between:

1. Do all of your school work, especially those opinion pieces, on a device that will track and upload everything you do to the world's biggest data broker just because it makes the IT staff's jobs easier, and has less of a financial TCO for the school system.

OR

2. Automatically fail every assignment you'll ever get and spend most of your afternoons in detention, let alone your parent's punishment, for at least 12+ years.

The world's privacy and security wasn't given away, so much as taken away by the laziness and penny pinching of others.

Why should convenience be automatically insecure?

Because it's the polar opposite of security. Convenience means 1. a quality or situation that makes something easy or useful for someone by reducing the amount of work or time required to do something

To contrast, Security means 5. precautions taken to guard against crime, attack, sabotage, espionage, etc.

Emphasis mine.

You can't reduce the amount of precautions taken without making something less secure.

Further, you don't even have convenience when the people making the thing say "No, you can't do that." There's nothing less convenient than no ability at all. A criticism that ChromeOS in particular takes in stride.

Additionally, you have no security as Google decides for you what will be considered "trusted" / "secure". You have no input into that equation, and you can't even review much less revoke what code runs or doesn't run on the device. It's effectively a machine owned and operated by Google, you just so happen to be using it, at their will. They could just as easily revoke your access by terminating your Google Account. An act made more likely with the passing of crap legislation like SESTA, and the kinds of ToS changes that some others have made in preperation.

The current state of affairs is crap, but never assume that convenience is "secure". For every bit of convenience you get / have forced on you, you give up / lose some security. Often in ways you might not think about at the time, and may not be able to mend later.

Hollywood is behind it

Google has been caught repeatedly spying on kids. and no one gives a fuck because they're cheap. Privacy was never even an issue which came up. I work in K-12. Cheap > * It's fucking sad to see kids with such limited locked in walled garden devices and not real computers, especially the federal free lunch crowd we serve (i.e. poor as fuck). They're extremely limited (even more so because Enterprise enrolled) and they don't even know it.

We're paying ~$235 per HP G4 Chromebook, having said that there are schools in my district whose principals like their Kool-Aid Apple flavored and they will spend anything to look cool.

At least in Education, technology is a fashion. Right now Google is in style.

Google has been caught repeatedly spying on kids. and no one gives a fuck because they're cheap. Privacy was never even an issue which came up. I work in K-12. Cheap > * It's fucking sad to see kids with such limited locked in walled garden devices and not real computers, especially the federal free lunch crowd we serve (i.e. poor as fuck). They're extremely limited (even more so because Enterprise enrolled) and they don't even know it.

We're paying ~$235 per HP G4 Chromebook, having said that there are schools in my district whose principals like their Kool-Aid Apple flavored and they will spend anything to look cool.

At least in Education, technology is a fashion. Right now Google is in style.

And in case that wasn't enough, now we have this little gem too. I get the distinct impression the easiest way to implement a dystopian future is through the boiled frog approach and the water is pretty nice and toasty about now.

Has back doors for government access (and probably without due process)

In the slim chance case it didn't, it does now. Any government from any country now can get it no questions asked.

Teksavvy, one of Canada's largest independent ISPs

Is Teksavvy service worth the process of finding a Canadian employer who will sponsor an immigrant's work visa?

a significant reason being to ensure user privacy because the data is in my house

What happens to your users' data should natural disaster or violence strike your home? Is there a good way to protect it other than making an encrypted backup to a server leased from a third party and somehow backing up the backup's key elsewhere?

email is TLS opportunistically encrypted by Postfix MTA.

That will work once some counterpart to HSTS preload comes to SMTP. Until then, a man in the middle can and does strip the STARTTLS out of the SMTP traffic (source; source).

This article seems quite positive about the CLOUD act.

The Electronic Frontier Foundation has quite a different take: The CLOUD Act: A Dangerous Expansion of Police Snooping on Cross-Border Data.

Is /. written for the benefit of law enforcement and big tech business or for nerds?

Unless whatever analytics they use simply tracks you by your browser's "fingerprint"...

https://panopticlick.eff.org/

https://amiunique.org/

I was going to post fast.com if no-one else had.

There's also a list of other tests on https://www.eff.org/testyouris...

Plus I host my own IMAP server and don't feel like giving all my personal info to Google/M$/Yahoo/Apple.

You're running Thunderbird (a free software program; a program that respects it's user's freedoms to run, inspect, share, and modify the software) on top of non-free Microsoft Windows (proprietary, user-subjugating software). Microsoft has all the power they need to get your IMAP credentials. If you have Google, Apple, or other proprietary software running on the same system they likely can read your stored credentials or read your keystrokes, mouse clicks, and screen grab whatever they want too. So you've likely already given those credentials away without realizing it.

Windows users have already been through many instances of Microsoft asserting its control over the user: tricking users into switching from Windows 7 to Windows 10, ignoring the so-called privacy settings thus rendering them irrelevant even if set to ostensibly maximize a user's privacy, and so much more. There's simply no sound argument for believing that running any program on Windows or changing any Windows settings in any way will result in making Windows respect a user's choices when they conflict with what Microsoft wants. As with all proprietary software, ultimately the proprietor controls how the software behaves and therefore users only get as much control as the proprietor allows.

If you want to be in more full control over your computing (as one might surmise from the unusual choice to run your own IMAP server), you really should consider switching to a fully-free software OS such as a GNU/Linux system where you install only free software on top of that.

All we need is one enterprising FCC chairman to reintroduce network neutrality with a content neutrality rider packed in with it.

OK, once again, I guess I have to post a definition of Net Neutrality. It has nothing to do with content, or speech, or "Network Neutrality".

https://www.eff.org/issues/net...

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.