Slashdot Mirror
Domain: eff.org
Stories and comments across the archive that link to eff.org.
Comments · 6,386
-
Re:EFF
Here's the EFF's take on the CAS notice up at the Center for Copyright Information, the industry group that's fronting for this abomination.
I encourage you to read the EFF's page, but the CAS page is the kind of stock-photo-laden polished turd that you'd expect from a group funded by the **AA and tasked with accusing people of piracy and stealing in order to prop up an industry unable to cope with modern information technology.
I also encourage you to send a few bucks the EFF's way, in hopes that they can declaw this, or better yet, defeat it entirely. See my sig.
-
Re:EFF
I suggest you join the Effector mailing list, and have a good strong look at Demand Progress.
I should also point out Move to Amend while I'm plugging these. This one's actually been introduced to congress.
-
Re:Online Advertising Response
Translation: Boo-fucking-hoo. Online marketing scum have been abusing users for years, making this a retaliatory measure. Let them cry all they want, because nobody gives a shit.
Why bother using cookies? Most browsers are pretty unique and easy to fingerprint. The EFF has a site that can test that and for a good chunk of configurations, you can uniquely identify the browser.
Hell, the "Do Not Track" part of a browser should make everything generic so you can't really tell.
\
Advertisers will also be strong advocates of IPv6 - IPv4 addresses are far too reused for reliable tracking, but with prefixes and even using the entire address can reliably track people. -
Re:Meaningless?
I'll stick with the following interpretation, courtesy of the Supreme Court, thanks...
https://www.eff.org/issues/anonymity
Anonymous communications have an important place in our political and social discourse. The Supreme Court has ruled repeatedly that the right to anonymous free speech is protected by the First Amendment. A much-cited 1995 Supreme Court ruling in McIntyre v. Ohio Elections Commission reads:
Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.
-
Re:hello hosts file
The privacy statement (as quoted here) states "productsearch.ubuntu.com" as the ubuntu search proxy address.
-
Re:so what should i do?
If you use Firefox or Chrome, install the HTTPS Everywhere addon by the EFF.
https://www.eff.org/https-everywhere
I also recommend HTTPS Finder, which detects HTTPS-compatible sites and adds them to HTTPS Everywhere's rule-set.
-
Re:so what should i do?
If you use Firefox or Chrome, install the HTTPS Everywhere addon by the EFF.
https://www.eff.org/https-everywhere -
Re:Their Fear is the problem
Oh, my! "Get the hackers together". Good luck with that. We gots white hats, we gots black hats, we gots grays in various shades - I'll bet if I were to go looking, I could find some fruitcake rainbow hats hiding in their closets. We have so many different motivations for "hacking". We have so many categories of ethics involved. Hackers getting together? Hell, man, even WHITE HAT hackers flirt with existing law, and need to keep their identities secret.
So, who you gonna call? Hack Busters? Hmmmm - I think I have Hack Busters site here somewhere - - - https://www.eff.org/
No need to reinvent the wheel. Let's just maybe redesign it, fund it, and put it on the road. What we need are sane internet laws, and the EFF is in pursuit of that goal already. They may not represent "hackers" specifically, but they are in a position to attract various sorts of hackers.
It would be great if only ten or fifteen percent of "hackers" were to join the EFF, and send small donations. At the same time, they need to make their voices heard, and explain why they are joining. "I'm a part time hacker, and some of the laws scare the shit out of me!" It matters little if the hacker just reverse engineers games for his own use, or he's pen-testing networks without authorization. They are still hackers, and they need protection from draconian nonsense laws.
-
Re:trivial, 99% effective fix
That doesn't address this issue.
-
Re:Killer 'Do Not Track' App?
Interesting, but I am pretty sure DNT was Mozilla's Idea. And frankly, it always seemed like a waste of time. Given all the ways that one can be tracked though, a technical solution seems difficult as well.
- Cookies
- JavaScript
- tracking pixels
- HTML local DBs
- Flash objects
- fonts
- screen size/colors
- plugin config/versions
- User agent
- IP address
- and now.... "DNT" toggle...It almost seems as the only way to keep from being tracked is via the TOR browser incognito mode in a freshly wiped VM or something. I honestly wonder if the 'net need to move more towards mesh/tor/ad-hoc networking. Basically if the "darknet" should be the "mainnet".
Anyways, some info:
EFF tool to see how well you can be tracked (fingerprinted)
https://panopticlick.eff.org/index.php?action=logNAI (Network Advertising Initiative)
Tracking opt out of 99 of some of the largest ad networks, including Google and MS (but guess who isn't there?)
http://www.networkadvertising.org/choices/Apple iAd opt out
http://support.apple.com/kb/HT4228 -
Re:trivial, 99% effective fix
They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.
AC is right. Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you especially if you include your IP address (but that's not always reliable).
I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.
There's already a solution for that. Use the randomly-generated address for normal things, but use your static address for servers and the like. IPv6 privacy extensions are supported on Windows, Mac, and Linux.
-
Re:This problem is easily solved
If you really want to see how identifiable your browser fingerprint is, check this out. There's nothing fancy about my setup, but I was still unique among ~2.7 million tests.
-
Re:Step 1 - NEVER close an old email account
I don't see proxies listed anywhere. I also don't see browser ID string spoofing either.
Head over to https://panopticlick.eff.org/ and see how unidentifiable you actually are. -
Re:Use virtual machines. SOLVED.
I don't know why the parent isn't modded higher.
You can do a few easy things to take yourself out of the "low hanging fruit" category, listed in order of extremeness & difficulty
1. Diable all browser plugins. I only use Flash very occasionally on an as needed basis. There's loads of hidden Flash on sites. Very easy to do in Chrome.
2. Install an extension called DoNotTrackMe, it's free and blocks nearly all of the nasty commercial trackers. https://abine.com/dntdetail.php
3. Install another extension called HTTPS Everywhere from the good people at EFF. https://www.eff.org/https-everywhere
4. Use an app or manually manage your cookies regularly. On the Mac at home I have an app that regularly erases all the cookies and DBs web surfing leaves behind except for the ones I have marked as favorites. I have a similar app that erases other data at regular intervals such as caches, logs, etc.
5. Don't use FB and other free social sites and services e.g. Google Docs. (Use Libre, etc.)
6. Use a Robots.txt file in every directory that could ever put online. They work.
7. Use LastPass (free) which stores all your web site login data in an encrypted file which only you can access from any computer. You can use a different email address and login ID with every website you surf to then.
Even if you just don't want to have to remember multiple web site logins and passes I could not imagine web life without LastPass anymore. https://lastpass.com/
8. Use pre-paid credit cards.
9. Change your name to be the same as that of a famous actor who is the same sex and a similar in age & appearance as you. I happen to have this by luck, if you Google me you must troll through several pages of celebrity garbage to even get to results for anyone with the same name.Do all of the above in a VM with default settings from a variety of connections and you're pretty un-trackable for all but the most sophisticated out there.
-
Write to your congressperson
Everyone, repeat after me: "Business methods should not be patentable"
That means:
- No one-click ordering patents
- No more patents on online auctions
The courts cannot fix this. It is up to congress. -
Abolish the DMCA
This is another good example of abusive DMCA take down requests circumventing due process. RIAA and MPAA abuse the law to suppress our creativity
http://www.youtube.com/watch?v=tk862BbjWx4
and are destroying our cultural heritage.
http://www.wired.com/culture/lifestyle/news/2001/11/48625?currentPage=all
To top it off, their outdated business model unfairly reimburses the artists for their hard work.
http://www.salon.com/2000/06/14/love_7/
Copyright needs to be reformed. Some changes that I'd like to see are:* Abolish the Digital Millenium Copyright Act.
* Intellectual property should be taxed like real property. http://www.latimes.com/news/opinion/la-oew-weaver20feb20,0,1675278.story It is an asset with a value, right? If you no longer make enough to pay your taxes on it, it goes to the state.
* Copyrights are supposed to be an incentive to create. One that lasts unto your grandchildren are a dis-incentive, because not only are you not creating any more once you are dead, neither are your descendants. Copyright should last half a working lifetime (20 years), so that you have to get off your ass and make new stuff.
* Someone who makes copies without permission should pay a fine, but it should be at the regular royalty rate for the item x copies made. So upload a song, it's iTunes price x number of downloads, with perhaps a factor of 3 penalty to discourage doing it, not $150,000 per copy.If you feel the same way, you can make a difference by donating to the EFF
https://supporters.eff.org/donate
or at least signing this petition urging reform.
http://www.fightforthefuture.org/fixcopyright"Those who deny freedom to others deserve it not for themselves."
-Abraham Lincoln -
The EFF?
-
Not "courts," But "court," singular.
As the courts have already demonstrated: https://www.eff.org/deeplinks/2012/07/judge-copyright-troll-cant-bully-internet-subscriber-bogus-legal-theory
The rulings of a lone trial court judge --- not a federal district court of appeals --- is a very slim reed on which to lean.
-
Re:Legal obligations?
The laws are already on your side: https://www.eff.org/deeplinks/2011/08/open-wifi-and-copyright-liability-setting-record
As the courts have already demonstrated: https://www.eff.org/deeplinks/2012/07/judge-copyright-troll-cant-bully-internet-subscriber-bogus-legal-theory
-
Re:Legal obligations?
The laws are already on your side: https://www.eff.org/deeplinks/2011/08/open-wifi-and-copyright-liability-setting-record
As the courts have already demonstrated: https://www.eff.org/deeplinks/2012/07/judge-copyright-troll-cant-bully-internet-subscriber-bogus-legal-theory
-
Re:Open network?
You aren't liable and you'll probably get a successful good free lawyer (well free to you) if anyone gives you grief.
Worried about your door kicked in? I'd say it's your civic duty - and if my reasons aren't good enough for you, maybe you'd consider the optional counter-suits like winning the lottery
-
Re:Open network?
You aren't liable and you'll probably get a successful good free lawyer (well free to you) if anyone gives you grief.
Worried about your door kicked in? I'd say it's your civic duty - and if my reasons aren't good enough for you, maybe you'd consider the optional counter-suits like winning the lottery
-
Re:Pity
Wait a minute, consider what constitutes "giving" Google data. There's the obvious like using GMail or using their search engine, but they also have trackers all across the web. Unless you explicitly block Google's domains, they know a fair amount about what websites you visit (much less if you block their cookies, but Panopticlick showed that blocking cookies doesn't actually protect you from tracking very well). This, of course, doesn't only apply to Google, but Google's analytics is a lot more common than Facebook's share links or other trackers.
Off-topic, I have a personal (mostly joke) theory that the captcha words are chosen by a machine learning algorithm that gets positive weight from the word appearing in the final post.
-
Re:Easier for hate groups to find local victims, n
A couple of years ago, Facebook decided to make everyone's interests public. Not just public by default either - there's no longer any way of restricting who can view your interests, or your hometown, or your work and education history, or which pages you've liked. All of that is now unconditionally public, and all of it is now searchable too.
-
Re:One trick is through sales
Why can corporations move money around so easily to make more money or cut costs but why can't we move books and music around to do the same?
https://www.eff.org/deeplinks/2012/12/first-sale-under-siege-if-you-bought-it-you-should-own-it
-
Effect on Mass Surveillance?
One of the main benefits of increasing the amount of encrypted traffic on the Internet is that it makes illegal mass surveillance more difficult. The EFF did this with HTTPS Everywhere.
Do surveillance agencies have some way of accessing all of this data in spite of it being encrypted in transport?
-
Re:What?
According to Amazon's statement to the EFF Silk does _not_ intercept HTTPS traffic:
SSL Traffic
Amazon does not intercept encrypted traffic, so your communications over HTTPS would not be accelerated or tracked. According to Jon Jenkins, director of Silk development, “secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon’s EC2 servers.” In other words, no HTTPS requests will ever use cloud acceleration mode. Given the prevalence of web pages served over HTTPS, this gives Amazon good incentive to make Silk fast and usable even when cloud acceleration is off. Turning it off completely should be a viable option for users.
(from https://www.eff.org/2011/october/amazon-fire%E2%80%99s-new-browser-puts-spotlight-privacy-trade-offs)
-
Re:Too Late
Nope, they were going down hill long before the Activision merger.
-
Same as CA Prop 35 (which passed)From the ACLU stance on 2012's California Propositions opposing Prop 35 (The EFF opposed it too):
Proposition 35 - Oppose
Proposition 35 increases criminal penalties for sex offenses and imposes new restrictions on registered sex offenders. For example, the measure requires that registrants provide online screen names and information about their Internet service providers to law enforcement - even if their convictions are very old and have nothing to do with the Internet or children. This provision essentially eliminates the ability of registrants to engage in anonymous online speech and imposes a substantial burden whenever a registrant wants to use a new online platform to speech, infringing on registrants' First Amendment right to free speech.This was buried in an otherwise good proposal (human trafficers should be registered as sex offenders) and wasn't even visible from the official voter guide summary. It has the same problems.
This proposition also passed and I believe goes into effect on in just over a week.
-
Ironic, aint it?
The Senate is about to vote on an extension of the controversial FISA Amendments Act -- the unconstitutional law that allows the NSA to spy on Americans speaking to people abroad without a warrant. Yet you wouldn't know it by watching CSPAN because the Senate isn't debating it.
-
Re:Quite simple really
That the US government is spying on social networks is fact shown multiple places. And only the EFF seems to be doing anything to slow it.
-
Re:Republicans hate the UN
It's a trend right now, and for good reasons. This is an example of politicians responding to what people are interested in, mainly in a symbolic way, since there's nothing particularly concrete these people can do right now.
-
Re:Random number generator
I want a REAL cryptographic quality random number generator based on thermal noise or some other quantum mumbo jumbo.
Lets at least make the spooks have to work for a living
Via's 'Padlock' claims to do this, although it is painfully slow but if you're wanting that level of security you won't mind the wait.
-
some reading
-
Random number generator
I want a REAL cryptographic quality random number generator based on thermal noise or some other quantum mumbo jumbo.
Lets at least make the spooks have to work for a living
-
Re:You mean non-private tabs should be labeled?
people should get a large popup for each site that requires them to allow tracking
You do not seem to understand what is "do-not-track". This is just a declaration of the user to "Do not track me". Nothing technically forces the site to not track you. In fact, most of the advertising agencies that say they implement it say that they will just not use the tracking data to show you personnalized ads. You will get only generic ads not based on your profile, but will still be profiled.
Worse, if "Do-not-Tack" is enabled in Firefox, this adds an additional bit of valuable information to your tracking profile: the fact that you are privacy-aware.So don't count on Do-not-Track only if you want that your privacy be respected. Use additional tools such as AdBlock Plus and Ghostery and allow cookies only siste by site with a whitelist.
-
Re:Carrier-grade NAT
re you eventually end up trying to distinguish among 200 unique visitors behind one carrier-grade NAT. But that's where the browser fingerprinting as described at https://panopticlick.eff.org/ comes in: even if you have javascript disabled, your browser sends along information about your:
-- media types accepted
-- cookies enabled
-- HTTP-accept headers
-- and of course, your user-agent
Even behind noscript, my browsing leaks 17.96 bits of information, according to the EFF panopticlick survey for me. If we allow javascript, then this other information can also be gathered:
-- fonts available
-- addons available
-- browser plug-in details
-- pixel dimensions of display
-- color depth of display
-- time zone
Allowing javascript leaks 21.18 bits of identifying information. In fact, just the browser-plug in details alone seem to be enough to allow my visit to eff to be recognized as unique from all other browsers that have gone there before. Of course, if you use a combiation like "IE version X" running on "MSWindows $ident", then you're more lkely to be a bit more anonymous than someone running a debian system with a lot of non-common browser plug-ins on Firefox-cutting-edge-version. -
Re:Multiple Profiles are More Functional
Look at EFF's Panopticlick website to see the breadcrumbs you're leaving behind. And don't forget that if you're coming in from the same IP address, even with all of those different purported browser-agent strings, it's easy enough to collect those data together and make a profile for that IP address and for the various sites hit at the various times of day. If you've got certain niche websites which you visit, the combination of websites visited could also be seen as a fingerprint also.
;>)
https://panopticlick.eff.org/ -
Re:This is truly a difficult situation
Little if any of what Manning exposed qualifies as corrupt or criminal
Yeah, right: You dont count anything in this short list as corrupt or criminal?? If so, your either a troll, a shill or grossly uninformed... take your pick.
-
US Law Everywhere
If a company has any operations in the US, they are expected to follow US law worldwide. Even if the parent is in Germany and the offense occurred by a subsidiary in the Philippines, the US government has no qualms about going after their US arm. If this wasn't bad enough, it isn't always the Federal government. If the NY State attorney general thinks a foreign company has some dealings with Iran, he will not hesitate to pursue legal action.
If I was the UK government, how would I feel about the possibility of some low level government guy in Seattle saying, I can get to everything in the UK cloud without a warrant?
Obama administration is "arguing that you lose your property rights by storing something on a cloud computing service"
Source: https://www.eff.org/deeplinks/2012/10/governments-attack-cloud-computingIf you use the cloud, only do it for data you are willing to openly publish.
-
Re:Silver Lining?
Question: Does anyone know if this exploit could be used to alter/remove the tracking dots every color laser printer marks its documents with?
No need. Following a link from the page you posted shows Samsung doesn't have tracking dots.
Have to take your word for it, as the firewall here blocks the EFF's website...
-
Re:Silver Lining?
Question: Does anyone know if this exploit could be used to alter/remove the tracking dots every color laser printer marks its documents with?
No need. Following a link from the page you posted shows Samsung doesn't have tracking dots.
-
Re:Thanks, Facebook.
I know you are just being amusing, but the joy of HTTPS-Everywhere is, well, default everywhere.
-
Re:Deadlock?
It seems like the EFF is estatic about this latest bill getting voted down.
The bill is well over a hundred pages long and includes many components other than sections about sharing data with the government.
...Under the bill, the provisions for “monitoring” are very broad. Companies (“any private entity”) are granted “affirmative authority” to “monitor information systems” and “information that is stored on, processed by, or transiting the information systems” for cybersecurity threats. A company could also monitor someone else’s network if it has been granted authority to do so, for example an outside consulting firm hired to help with network security.
Data collected under the Cybersecurity Act can be shared with law enforcement for non-cybersecurity purposes if it “appears to relate to a crime” either past, present, or near future.
TFA is very misleading as far as discussing the actual issues at hand.
-
Re:Deadlock?
It seems like the EFF is estatic about this latest bill getting voted down.
The bill is well over a hundred pages long and includes many components other than sections about sharing data with the government.
...Under the bill, the provisions for “monitoring” are very broad. Companies (“any private entity”) are granted “affirmative authority” to “monitor information systems” and “information that is stored on, processed by, or transiting the information systems” for cybersecurity threats. A company could also monitor someone else’s network if it has been granted authority to do so, for example an outside consulting firm hired to help with network security.
Data collected under the Cybersecurity Act can be shared with law enforcement for non-cybersecurity purposes if it “appears to relate to a crime” either past, present, or near future.
TFA is very misleading as far as discussing the actual issues at hand.
-
Re:Deadlock?
It seems like the EFF is estatic about this latest bill getting voted down.
The bill is well over a hundred pages long and includes many components other than sections about sharing data with the government.
...Under the bill, the provisions for “monitoring” are very broad. Companies (“any private entity”) are granted “affirmative authority” to “monitor information systems” and “information that is stored on, processed by, or transiting the information systems” for cybersecurity threats. A company could also monitor someone else’s network if it has been granted authority to do so, for example an outside consulting firm hired to help with network security.
Data collected under the Cybersecurity Act can be shared with law enforcement for non-cybersecurity purposes if it “appears to relate to a crime” either past, present, or near future.
TFA is very misleading as far as discussing the actual issues at hand.
-
Deadlock?
It isn't deadlock every time a bill is voted down. Sometimes it's just a bad bill and SHOULD be voted down.
-
Full-disk encryption?
EFF posted an article about full-disk encryption (FDE) in Ubuntu 12.10 and how easy it is to set up through ubiquity, the application used to install Ubuntu. The article also mentions that the next version of Mint, which is based on Ubuntu and therefore uses ubiquity for installation, should have the same easy FDE option.
FDE is good for privacy and security; as EFF's article notes, having it be as simple as possible to set up can only be a good thing. If this new version of Linux Mint features this FDE option, I will strongly consider switching to it, and will certainly try it out at the very least. -
Re:EULA?
I don't know if I'd pick Ubuntu as an exemplar here.
-
Chroot is your friend.
Or you could stick Firefox in a chroot and use HTTPS Everywhere. And y'know, NoScript and Adblock Plus and Ghostery -- but I presume you're using those already. SSL certs aren't necessarily handled by the browser anyway, but I think what you want there is the also-extant OCSP. Or if you wanted to extend the chroot concept to your entire OS, you can have that too.
Why do you need desktop links again? I'm having a failure of imagination as to how that might actually improve anything.
bee-tee-dub, you should keep in mind that Security and Usability are usually at odds with each other. We already have the technological solutions at hand, if you're not already using them, perhaps there's a reason why.