Slashdot Mirror

"Anonymous communications have an important place in our political and social discourse. The Supreme Court has ruled repeatedly that the right to anonymous free speech is protected by the First Amendment. A much-cited 1995 Supreme Court ruling in McIntyre v. Ohio Elections Commission reads: Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society." https://www.eff.org/issues/anonymity

The EFF does a lot of good work but this "bandwidth wants to be free" nonsense is not something they should be involved in. I'd be fine with sharing my connection with the casual passer by, but I don't want some idiot to come by and saturate my connection when I'm trying to watch TV. (I never watch TV on TV anymore; easier to just wait for the online stream to come up.) They need to stick with defending people's rights and not waste efforts on silly schemes.

- the details and specificity of your browser of choice as indicated by your browser agent,

- your browser settings,

- your screen real estate in pixels,

- your system fonts,

- your browser plug-ins,

- and the content of your HTTP_ACCEPT headers,

- your time-zone,

- and your javascript-abilities. My browser as set gives out 18.43 bits of identifying information as calculated by the EFF at

.

https://panopticlick.eff.org/

.

Click on their Test Me link to see how much information your browser gives away, and how well you could be tracked even if you opt-out of cookies, and tracking, and Flash cookies, and use Ghostery etc. A lot of your identifying information leaks out anyway.

I love the subdermal idea. I feel they should start tagging the entire human population. I'll be first in line. Imagine being able to log in to your computer by just walking up to it. Or have your car unlock and start up when you walk up to it. House unlock. Or house alarm goes off when an unrecognized RFID enters. You get the picture.

So for about $250 I can log into your computer or unlock your car or house by just walking up to it? I guess that would make 13.56 MHz the "skeleton frequency."

There are many organisations already working on behalf of ordinary people in cases such as this...the summary already has highlighted one such in the most excellent EFF but there are a number of others who are charitable donation funded and the like so negating your belief that huge wealth is needed to have voices on our side in this, and other, conflicts with the corporations who seek to enrich themselves by removal of our freedoms and liberties. I'll offer a small selection of such organisations below: https://www.eff.org/ http://ffii.org/ http://www.publicknowledge.org/ http://keionline.org/ http://infojustice.org/category/trade-agreements/ http://www.article19.org/ http://www.openrightsgroup.org/ http://www.edri.org/ http://www.michaelgeist.ca/ The last link is to Professor Michael Geist a prominent a noteworthy intellectual and activist in the field. All the above worked diligently to stop ACTA.

The solution(s) where I explicitly take control over what goes from my browser to 100% of sites?

really ?

Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

Have fun fulling your DB with useless crap trying to "track" me, Marketers.

Be careful that, in your efforts to resist tracking, you do not accidentally make your browser far more atypical than it would otherwise have been...

I've personally found the EFF's little http://panopticlick.eff.org/ test to be quite eye-opening(and probably not representative of the state of the art in tracking, since the guys you really have to worry about get paid for coming up with clever new techniques). Doing unusual things can substantially increase the unusualness of your browser's signature and behavior and make it more likely that you'll stand out of the crowd, albeit not quite as easily as if you just have a doubleclick cookie with a GUID embedded.

I imagine a practical system will be somewhat similar to the techique they use to safeguard currency. In case people aren't aware of this, I put a couple links below. The basic idea is that embedded in the design of modern currency is a robust signature (created by Digimarc) which is steganographically hidden in the data.

In the case of currency, when you scan in something, programs (like Adobe Photoshop) run some code that looks for steganographic the currency signature in the image and if it finds it, then refuses to let process it. It is estimated, but not known, how this works, but empirically, a crop as small as 10% of the image a banknote can currency contains enough information to trigger the detection of the currency signature.

I imagine something could be done similarly with 3d printers. The carrot that will make the manufacturers of printers put this in will probably be legislation that shields them from legal reprecussions (sort of a safe harbor against enabling copyright infringement). As an example, color photocopiers have been convinced to include yellow ID dot codes...

http://en.wikipedia.org/wiki/Central_Bank_Counterfeit_Deterrence_Group
http://www.cl.cam.ac.uk/~sjm217/projects/currency/

Obama swore (pre-election) that he would veto any bill that gave retroactive immunity to telcoms. The fact that he lied was a big disappointment.

He never had the chance to..... signed into law by bush.

https://www.eff.org/press/archives/2008/07/09

Two things should be pointed out: Obama voted for this bill, and all of the "nay" votes were democrats.

http://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=110&session=2&vote=00168

I'd love if they would actually certify a printer, meaning it does not print near-invisible identification marks on every page.

I have a bad feeling that something worse is waiting for us down the line...

With good reason.

And it's closer than you think.
https://www.eff.org/issues/tpp

Tell the President how you feel about it.
http://www.publicknowledge.org/Tell-White-House-Ensure-OpennessTPP-IP-Chapter

The EFF has plugins for Chrome and Firefox to force HTTPS on as many sites as it can. Will be nice to have it formally in HTTP 2.0, but that feature is available for many sites with the plugin it seems.

for the government...

Open wifi isn't a problem if you always use https to connect to websites. https://www.eff.org/https-everywhere is an easy way to use https if it's available for a website.

In my area DSL isn't available and FIOS or broadband is upward of $70. This affects me and many others who have difficulty with such prices. The act of intimidating people with open APs is ludicrous and shit-brained. A secured router with a unique user-ID, strong password, along with various options such as filters, availability-configurations, etc., is more secure than WEP with default settings. This sheriff should have a router fastened to his head until the microwaves loosen the rocks. I think the EFF elaborated on this topic quite well, also mentioning Schneier and his views on the subject.

Sharing, especially of educational/informational resources is a good thing. Intimidating people into doing otherwise against their will is encouraging greed, inefficiency and paranoia.

First, http://www.techdirt.com/articles/20120920/23570020453/when-even-hilarious-web-comic-artists-are-mocking-insanity-patent-system.shtml

Admitting my primitive understanding of this subject, I have some questions; Is sandboxing undervalued? is sending all cache to unique directories that can only be read by the source they were created for practical? Would generating random or shared generic user-agent data for each domain for each encounter have any effect? I have taken simple privacy measures like chmod 400 ~/.macromedia and ~/.adobe; installing noscript, flashblock; bloating /etc/hosts with loopback redirects, thrashed around in about:config, piously used bleachbit, etc.-- but I guess there are still kissmetrics and other mysterious things to deal with.

I remember trying the EFF's panopticlick, which tests your browser for its unique fingerprint. I was a little surprised at the results. What does something like the time-stamp mean for anonymity? How many people in the world have identical installation times and zip-codes, etc.? Why does this and other data need to be there as it is?

I get confused when contemplating why such promiscuous features are included in browsers in the first place. Are we simply using stupid browsers? Would creating a secure browser break its functionality? I know noscript can be a pain in the ass. What really confuses me is why a browser would store persistent cookies and other data -- after being deleted -- unless it was built to do so. If so, then why? If not, then why? When I start a browser from a fresh install or USB, it works just fine. If I reboot and do it again, it continues to work fine. Why the persistent data?

Finally, it should be alarming in itself that so much knowledge is required now to have even a measure of privacy. Those who understand, often take their knowledge for granted. But even for someone practically living and working in the web, it is not an overly simple subject. Is privacy an esoteric delusion, or is it an esoteric reality?

https://eff.org/ - Doesn't need an explanation really.
https://archive.org/ - The librarians of the internet

HP (and others) used to, or maybe still do, use watermarking in printers to hide data revealing time, printer type, etc.
http://news.cnet.com/8301-10784_3-5811739-7.html
https://www.eff.org/issues/printers
~ Meta data is watching

First, it's Trapwire. But that's a good question. I don't suppose they will offer a formal answer any time soon, so I will assume it's all connected -- and then some. You might also note that the DHS is quite involved with this NGI thing too. It''s an epic party for the voyeuristic elite and the citizenry aint invited -- a Closed Circuit (Sneak Preview) Authoritarian Freak Feature Presentation.

PS: Although you likely did not intend to refer to Tripwire -- a company involved in IT security -- in regard to the Strafor leaks, it is indeed Trapwire .

A dream that all web sites use https for everything. Why do so many web sites still not use https? Do they *like* third-parties being able to snoop on their visitors?

https://www.eff.org/https-everywhere/faq
https://httpsnow.org/
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/
http://arstechnica.com/business/2011/03/https-is-great-here-is-why-everyone-needs-to-use-it-so-ars-can-too/
http://serverfault.com/questions/161854/how-to-set-up-https-without-paying-anything-anywhere-but-with-no-warnings-from

HTTPS Everywhere

If I were a Russian meerkat, I'd be sucking my teeth right now.

In fact, Obama's presidency is the most secret ever.

https://www.eff.org/deeplinks/2011/12/2011-review-year-secrecy-jumped-shark

Wow, 5 informative, and totally false. EULAs have been found to be enforceable in many jurisdictions and the modern trend is to enforce them. However, certain provisions are considered "unconscionable" and will not be enforced. It varies by jurisdiction.

EFF has a detailed rundown.

Being an ad-blocker is just one more behavior someone is collecting about you. It makes you more uniquely identifiable Check for yourself here

BTW guys, the page that I linked on the EFF site has a take action link down the page... (looks like it's a page for US citizens - asks for a simple ZIP code).

Now, in case you don't live in US (or don't like Greens but you may like some others)...
OpenMedia.ca and a good bunch of many others run an international site which sends the message to some of the ministers in govts of all the countries involved in the TPP negotiations (I've done it and received some auto-confirmation emails from the .gov type of domains)

Com'on guys, doesn't ask for that much of an effort, don't wait for a "Wikipedia blackout day" to take a minimal action.

Do you have the same reaction to EFF?

Speaking for myself... if the internet freedom comes only in green colours (i.e. no other parties would support them), I'm fully green then (possibly with the black-sail of the local pirate party)

Assange would be considered a spy so they'd probably hang him, like they did the Rosenbergs.

According to an article in the New York Times (which I can't find right now, otherwise I'd link to it), nobody outside of the U.S. government/military has ever been prosecuted for publishing information leaked from the U.S. government/military. The prosecution have always backed down because they know they would have to argue that the First Amendment right to publish information that you have obtained about the government does not apply to whoever they're prosecuting, and that a jury may well decide that the First Amendment actually does matter after all. Numerous newpapers have published leaked information, and the New York Times and others actually conspired with Assange to publish the diplomatic cables etc. However, in Assange's case, it's possible that they just plan to put him in front of a military court with a predetermined judge and outcome.

Oh, here's a reference: "No journalist has been prosecuted for publishing leaked information under the Espionage Act." Though it seems a new game is afoot: "Why the WikiLeaks Grand Jury is So Dangerous: Members of Congress Now Want to Prosecute New York Times Journalists Too"

• Sneak and Peek: https://ssd.eff.org/your-computer/govt/sneak-and-peek
• Stop and Frisk http://www.nyclu.org/stopandfrisk
• Warrantless Wiretapping http://www.engadget.com/2012/08/07/federal-appeals-court-says-warrantless-wiretapping-is-legal/
• License Plate Readers http://www.policeone.com/police-products/traffic-enforcement/license-plate-readers/
• Civil Seizure http://www.detroitnews.com/article/20091112/METRO/911120388
• Forfeit without Trial http://www.wired.com/threatlevel/2012/07/megaupload-judge-recusal/
• Extraordinary Rendition http://www.pbs.org/frontlineworld/stories/rendition701/
• Assassination without trial http://www.nytimes.com/2011/10/09/world/middleeast/secret-us-memo-made-legal-case-to-kill-a-citizen.html?pagewanted=all

Many people are laughing all the way to the morgue.

Some folks who do good work in the less-famous parts of the Internet:

https://www.theengineroom.org/

http://opennet.net/

http://globalintegrity.org/

https://www.eff.org/

Disclosure: I've worked for two of these, though not recently.

So opening a second browser window to the same site fails to be logged in (because it lacks the session)

not if i keep the same session id between page transitions (using a hidden post field), which is no less secure than using a cookie

Cookies, possibly with the ADDITION of the other two systems, are the industry standard for security

no they're not... they're the industry standard for efficiency (quick, cheap and easy)

Cookies effectively allow re-authentication for every page view by sending a hash of identifying information to the server which can then be checked against the stored hash

why do you presume that cookies are required for that?

IPs alone are so insecure they are effectively not authentication

neither are cookies on their own. security in depth is the only security, and as i said nothing is 100% secure. whatever your point, it was pretty pointless

Indeed, they are the onyl practical answer

since you apparently aren't familiar with any other methods, then for you i guess they are... ifyou want to use cookies i won't even try to stop you :)

Sure... but what if you do not have user accounts? Are you going to store settings by IP? Yeah, we'll see how that goes. Obviously not by GET variable. So what, exactly, is your answer? Right. You have none. You're just a ranting idiot like the other one.

if you don't have user accounts then cookies are an alternative, but then security and logging in would be out of the question too. without cookies i could use a combination of IP and a miriad of parameters derived using javascript (check out https://panopticlick.eff.org/), but i could also use hidden post fields

you're just an insecure moron who loves cookies

With cameras at every turn reading faces and ears, and pre-crime detectors strewn about public places, the biggest social outlet there is will soon be fed live and directly into their hands. Courtesy of the DHS, we already have talking, listening, spying, interactive street-lights, as well as harebrained projects like FAST (Future Attribute Screening Technology), and backscatter gangsters strolling around.

An interesting presentation by cryptome on mis-managing the ultimate social media (my take), society itself (in N.Y.), can be seen here: http://www.youtube.com/watch?feature=player_embedded&v=Yn8oy9NHag4#!l -- It's worth a watch or listen.

I guess f-book and such are still pretty sweet honey pots, but I think such duties will soon be automated enough to allow the average officer to comfortably return to their sticks and pepper-spray without having to endure IT 101.

I don't think they are trying to "validate" bittorrent.

I'd bet $100 that the EFF is trying to validate BitTorrent. They have a history of trying to protect and validate Torrents (and piracy). Examples:

"EFF Releases ‘Switzerland’ to Test if Your ISP is Throttling BitTorrent" - http://www.zeropaid.com/news/9677/eff_releases_switzerland_to_test_if_your_isp_is_throttling_bittorrent/
"EFF defended StreamCast Networks, the company behind the Morpheus peer-to-peer (P2P) file-sharing software, in an important case decided by the Supreme Court of the United States on June 23, 2005" - http://w2.eff.org/IP/P2P/MGM_v_Grokster/

John Gilmore of the EFF said, "The Archive is helping people to understand that BitTorrent isn't just for ephemeral or dodgy items that disappear from view in a short time. BitTorrent is a great way to get and share large files that are permanently available from libraries like the Internet Archive."

In other words, the EFF is working towards legitimizing BitTorrent so that illegal uses can continue unabated. I'll go ahead and say what I've been saying for a long time: the EFF has been a pro-piracy organization for a long time, and this is just another example of the EFF skulking around on the fringes of the piracy issue, trying to make moves that help pirates.

Some more quotes from the EFF, just because I know Slashdot doesn't want to listen when I say that the EFF is a pro-piracy organization:

"EFF: Piracy Not the Problem" - http://www.wired.com/culture/lifestyle/news/1999/09/21645
"there is no evidence out there that "Internet piracy" is leaving us with fewer creators or fewer copyrighted works” - http://www.eff.org/deeplinks/2009/12/most-pirated-movie-makes-heaps-money
"EFF Releases ‘Switzerland’ to Test if Your ISP is Throttling BitTorrent" - http://www.zeropaid.com/news/9677/eff_releases_switzerland_to_test_if_your_isp_is_throttling_bittorrent/
"EFF defended StreamCast Networks, the company behind the Morpheus peer-to-peer (P2P) file-sharing software, in an important case decided by the Supreme Court of the United States on June 23, 2005" - http://w2.eff.org/IP/P2P/MGM_v_Grokster/

Dave Winer, an early supporter of the EFF: "I gave $5000 to the EFF when they started, I think it was in 1990, with the noble goal of protecting freedoms as our technology and culture move online. I think I have supported every cause the EFF has adopted since then, but that’s no longer true. I gave this a lot of thought, believe me, and had a long email exchange with Brad Templeton, the chairman of the EFF board of directors, and think they have become as radically polarized as the entertainment industry, and like Hollywood are now working against the interests of those they were meant to serve. The issue appears to be copyright, and it appears that the EFF believes there should be no copyright. The problem with the EFF position is that in order to remain consistent, they have had to say that copyright doesn’t exist — if a policy or law restricts what a user can do on the Internet then that is a bad policy or law. The courts can’t agree with the EFF. I don’t agree with the EFF."

John Gilmore of the EFF said, "The Archive is helping people to understand that BitTorrent isn't just for ephemeral or dodgy items that disappear from view in a short time. BitTorrent is a great way to get and share large files that are permanently available from libraries like the Internet Archive."

In other words, the EFF is working towards legitimizing BitTorrent so that illegal uses can continue unabated. I'll go ahead and say what I've been saying for a long time: the EFF has been a pro-piracy organization for a long time, and this is just another example of the EFF skulking around on the fringes of the piracy issue, trying to make moves that help pirates.

Some more quotes from the EFF, just because I know Slashdot doesn't want to listen when I say that the EFF is a pro-piracy organization:

"EFF: Piracy Not the Problem" - http://www.wired.com/culture/lifestyle/news/1999/09/21645
"there is no evidence out there that "Internet piracy" is leaving us with fewer creators or fewer copyrighted works” - http://www.eff.org/deeplinks/2009/12/most-pirated-movie-makes-heaps-money
"EFF Releases ‘Switzerland’ to Test if Your ISP is Throttling BitTorrent" - http://www.zeropaid.com/news/9677/eff_releases_switzerland_to_test_if_your_isp_is_throttling_bittorrent/
"EFF defended StreamCast Networks, the company behind the Morpheus peer-to-peer (P2P) file-sharing software, in an important case decided by the Supreme Court of the United States on June 23, 2005" - http://w2.eff.org/IP/P2P/MGM_v_Grokster/

Dave Winer, an early supporter of the EFF: "I gave $5000 to the EFF when they started, I think it was in 1990, with the noble goal of protecting freedoms as our technology and culture move online. I think I have supported every cause the EFF has adopted since then, but that’s no longer true. I gave this a lot of thought, believe me, and had a long email exchange with Brad Templeton, the chairman of the EFF board of directors, and think they have become as radically polarized as the entertainment industry, and like Hollywood are now working against the interests of those they were meant to serve. The issue appears to be copyright, and it appears that the EFF believes there should be no copyright. The problem with the EFF position is that in order to remain consistent, they have had to say that copyright doesn’t exist — if a policy or law restricts what a user can do on the Internet then that is a bad policy or law. The courts can’t agree with the EFF. I don’t agree with the EFF."

Look at the money flowing into the EFF from Sergei Brin: https://www.eff.org/deeplinks/2011/12/join-now-and-eff-gets-4x-power http://boingboing.net/2011/12/10/give-to-eff-today-and-your-do.html https://www.eff.org/pages/eff-mission And then there are the fun private parties: https://www.eff.org/event/eff-mixer-google Didn't you get an invite? Face it. A big part of their budget come from Google billionaires and so it shouldn't be surprising that they're seeing eye to eye.

Look at the money flowing into the EFF from Sergei Brin: https://www.eff.org/deeplinks/2011/12/join-now-and-eff-gets-4x-power http://boingboing.net/2011/12/10/give-to-eff-today-and-your-do.html https://www.eff.org/pages/eff-mission And then there are the fun private parties: https://www.eff.org/event/eff-mixer-google Didn't you get an invite? Face it. A big part of their budget come from Google billionaires and so it shouldn't be surprising that they're seeing eye to eye.

Look at the money flowing into the EFF from Sergei Brin: https://www.eff.org/deeplinks/2011/12/join-now-and-eff-gets-4x-power http://boingboing.net/2011/12/10/give-to-eff-today-and-your-do.html https://www.eff.org/pages/eff-mission And then there are the fun private parties: https://www.eff.org/event/eff-mixer-google Didn't you get an invite? Face it. A big part of their budget come from Google billionaires and so it shouldn't be surprising that they're seeing eye to eye.

Wow, if Julie Samuels is a paid Google shill then she sure has some 'splainin' to do. The next time you try to smear somebody maybe do a little research into what you're talking about.

Wow, if Julie Samuels is a paid Google shill then she sure has some 'splainin' to do. The next time you try to smear somebody maybe do a little research into what you're talking about.

This is going to be an interesting list... I know that Google funds a number of so-called non-profits to campaign for their needs. I wonder if they count as "media". They all have blogs where they take positions like these: https://www.eff.org/deeplinks/2012/05/oracle-v-google-and-dangerous-implications-treating-apis-copyrightable

http://levine.sscnet.ucla.edu/general/intellectual/againstfinal.htm

Intellectual property: Patents against prosperity | The Economist

Why abolish software patents - software patents wiki (en.swpat.org)

When Patents Attack! | This American Life

Johanna Blakley: Lessons from fashion's free culture | Video on TED.com

Do music artists fare better in a world with illegal file-sharing? Times Labs Blog

The Coming War on General Purpose Computation - Boing Boing

US patent trolling costs $29b: study - Strategy - Business - News - iTnews.com.au

Patents | Electronic Frontier Foundation

http://christianengstrom.wordpress.com/

Zynga might be too close, but the vast majority of games actually copy each other so much that they create a GENDRE for god's sake. And that has been alwways a good thing for gaming in particular. The truth is that yes, there are indeed assholes, there will always be, but they seem to be on both sides and the question remains to where do they cause the less damage.

As far as being non-creative, I'm not sure who you mean. Personally, I develop new software for a living and I was curiously enough working on my novel when I got your reply.

It does nothing to enforce real security. Instead, it enshrines another layer of surveillance and privacy-reduction in law - with an enforcement arm that will be rewarded by stopping "cyber-threats" like using a UK proxy to watch the Olympics online. Then, like under the DMCA you can be treated like a terrorist.

https://www.eff.org/deeplinks/2012/03/dangerously-vague-cybersecurity-legislation

Join me in celebrating the defeat of this additional intrusion of police-state power. Let's hope it's blocked FOREVER!

This is not about any "Security" I know of - unless you mean the kind of "Security" that the DMCA offers toward corporations.

The bill focuses on restriction of tools and activities used to manage, diagnose and secure network connectivity. Users of Wireshark or even ping can be treated like DMCA circumventors, under the provisions of this proposed act.

https://www.eff.org/deeplinks/2012/05/frequently-asked-questions-about-lieberman-collins-cyber-security-act

It is brave if you live in a country where the police will harass you over your exit node:

https://www.eff.org/deeplinks/2011/08/why-ip-addresses-alone-dont-identify-criminals

http://en.wikipedia.org/wiki/Mike_Godwin

Michael Wayne (Mike) Godwin (born October 26, 1956) is an American attorney and author. He was the first staff counsel of the Electronic Frontier Foundation (EFF), and the creator of the Internet adage Godwin's Law of Nazi Analogies. From July 2007 to October 2010, he was general counsel for the Wikimedia Foundation. In March 2011 he was elected to the Open Source Initiative board.

https://www.eff.org/

http://w2.eff.org/Net_culture/internet_sterling.history.txt

SF and S-fact author Bruce Sterling did a fine little "short history" essay back in 1993. It was not only "not just Xerox" or "not just government" or "not just private industry", it was "not just America".

Note that 'Packet' is a very British term - and one of the really, really crucial developments was thinking of communications with packet-switching, not "opening a continuous line between sender and receiver".

It's a classic Wall Street Journal piece: reasonable research and fact-finding, but then they have to put the spin on it. That predates Rupert Murdoch by quite a bit.

Dang it, I screwed up the URL.

Yes all that can happen if you don't handle your cookies properly.

You seem to have missed the last ten years worth of advances in systemic internet tracking systems.

Sure I know about such things, and I was using 'cookies' as a generic term for anything a website leaves on your computer. But how does facebook track you? It's cookies isn't it? If facebook are using covert tracking strategies, it would have come to the attention of the people who pay attention of these things, and would have been discussed profusely on Slashdot. They aren't that clever.

And sure, facebook is evil, but they are a known quantity of evil, and one that is easy enough to work around by being careful with your cookies. It's the rest of the internet you need to watch out for. I mean they don't even make any attempt to try and work around adblock... how much more benign can you get?

Yes all that can happen if you don't handle your cookies properly.

You seem to have missed the last ten years worth of advances in systemic internet tracking systems.

Correct, the Supreme Court does not have original jurisdiction in the matter of the NSLs. This is why, if you read the heavily redacted documents about the case you will see, on the first page of each document, that this is being heard in US district court in California. If this gets appealed (and that seems likely to me regardless of the outcome), then the Supreme Court will get to hear it based on its appellate jurisdiction, which it has regarding all other cases, with such exceptions, and under such regulations as the Congress shall make, as quoted from the constitution by several other poster already.

FTFY.

Congress has not, as yet, made an exception to SCOTUS's jurisdiction for this, but they could.

Congress has made regulations requiring any court to treat the FBI's justification for NSLs' gag orders as conclusive if not proven in bad faith, thus preventing any court from overturning a gag order for insufficient (but good-faith) justification of harm. Of course, SCOTUS can still overturn the whole gag-order provision as violating the first and fifth amendments, which is clearly the correct action for any law providing for prior restraint with no real judicial oversight, but it demonstrates Congress has (and is willing to use) more legal power of such things than you realize.