Slashdot Mirror

>>>section 230 thing.

"No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." It does not apply to federal criminal law, intellectual property law, and electronic communications privacy law.

http://www.eff.org/issues/bloggers/legal/liability/230

Simple tools like FireSheep are an awesome way to force websites to up their game on the encryption front and improve their security.

I guess the addon you mention is EFF's "https-everywhere". Notice that the list of https sites the addon supports is growing pretty large. They will soon have to add the option "exclude these sites" rather than try and provide a massive list of included sites.

I don't like keeping track of what sites I can and can't use HTTPS on, so I installed HTTPS Everywhere on my browsers and get HTTPS access to a bunch of sites by default.

BTW, when do we get HTTPS access to /.?

Zuck has a bigger userbase, but I think moot serves his userbase better.

Channers get exactly what they want from 4chan. Sheep get *almost* what they want from facebook, except facebook keeps messing with their privacy settings, pulling the rug under their feet, taking away rights users used to have etc. --but still-- serves them mostly what they want.

Both are right, they create different things. moot participated in the inception of an global culture that has taken a life of its own and is ready to try and change the world for better or worse, Zuck helped people reconnect with old friends, connect tighter with relatives, inflate egos and generate enough grief and collateral damage to make Anonymous seem rather nice and positive in comparison.

They are different men with different goals. Zuck measure of success won't necessarily be the same. Zuck is a billionare and will be forever remembered as a brilliant and ruthless businessman that got million by creating one of the most evil[1] interfaces ever that most people use because everybody else is using it.

moot is simply the guy who popularized image boards in the west. Maybe that's enough for him.

1. Evil interfaces as described by the EFF, quoting: "[...] a good interface is meant to help users achieve their goals as easily as possible. But an "evil" interface is meant to trick users into doing things they don't want to."

AT&T is far more guilty of cooperating with the NSA and the Dept. of Homeland Security than Google has been. http://www.eff.org/legal/cases/att/att-complaint.pdf What is amazing to me is the level of misinformation that can subsist in a world where information can be received from a myriad of sources (none of which are in a vast "cabal" colluding with each other to keep us all in the dark). Steve Jobs was pointing out google's "do no evil" slogan as bullshit had to do with his iPhone's war with Android, and that somehow since Apple didn't get into the search business, Google shouldn't get into the phone business.

I don't know who first drew the comparison between Google and the East India Company, but I'm certain that person (or persons) has their tinfoil hat on shiny side in. If we'd like to draw a comparison (based on Google's supposed support of the NSA) between E.I.C. and a modern day corporation... I would put AT&T's in the top 5, numbers 1-4. In other words, if you're going to point out evil corporations, pick one more evil than Google.

As a lawyer, I wish articles like this would link the decision at the very beginning or the very end of the article always. Here, no thanks to the /. summary!

Decisions relying on anti-"chilling effect" policy reasons for the conclusion tend to be at the appellate level, not the district level, and especially not at the magistrate level. Magistrates are appointed for a short number of years and are not Article III judges. Doing what the Article III judges (district, circuit, SCOTUS) say is of the utmost importance to them since Magistrates are basically merely auxiliaries or para-judges. So, no, magistrate judges will almost never rely on public policy concerns such as "chilling effects" to decide an issue. This is my experience as someone who used to work directly for a federal magistrate judge doing research for him.

Now, I humbly offer my analysis of the decision (apologies for it not being perfect writing, but it's Saturday, and the goal is just to shed a little light on what actually is going on in the decision):

Facts

1. Gov't requests Twitter records that do not include the contents of posts. Namely, it requests ID, contact info, registration information, records of connection time, etc.
2. Court orders Twitter to turn over info
3. Twitter users argue to "get rid of" ("vacate") the order to disclose this info.

Issues

1. Does the Stored Communications Act give power to Twitter users to try and get order vacated (i.e., do Twitter users have "standing" under the SCA)
2. was the order properly issued
3. does the order violate 1st Amendment
4. does order violate 4th Amendment
5. One user is Icelandic and a gov't official, so does "international comity" require vacation of the order

Standing under SCA
No, they dont. SCA gives standing only if contents of communications are requested. The distinction between contents and records (non-content data such as ID, access time, etc.) is explicitly made in the law itself, so this isn't just semantics. Government wins issue 1.

Proper issuance of order
Users argue the government did not follow proper procedure to get the order. Users argue info requested is not relevant and material to investigation. Court says it is.

First Amendment
Users argue it creates a chilling effect on free speech by creating a "map of association." Court says that the association between these users was made publicly by the users themselves already, so no chilling effect in this instance can be had. This is where the whole "publicly policy" issue would come into play in an appellate court, but not in an Article I magistrate court. While it could have a chilling effect on other associations (which I personally doubt, as, IIRC from my use on Twitter, everyone's Twitter friend list is publicly accessible anyway), it's not for the magistrate court to decide. That would be for the Circuit or Supreme Courts.

Fourth Amendment
Users argue it's a warrantless search, and the requested IP addresses are "intensely revealing" as to location, including location within a home and movements within. OK, wtf is this bullcrap? Turning over an IP address will tell the police which room in a house you were posting in? That sounds really specious.

In any case, court enters into a "reasonableness" analysis as is de rigueur with Fourth Amendment issues--does the act infringe on expectation of privacy society consideres reasonable? There is no reasonable expectation of privacy in data voluntarily turned over to third parties. This may not be true if the EULA specifies that data will be kept private, but the court doesn't address this issue because the argument was never made. Instead, the court says: Look, you gave Twitter your IP address, so you can't reasonably expect it to be kept secret from police. Other courts have apparently said si

Most user fingerprinting that people should be concerned about can be done without any cookies. Development on these techniques hit full swing when all the browsers started tightening the screws on cross-site scripting protection which also included much stricter enforcement of cookie policies. So this will do little to nothing to actually stop the big players, governments, etc from identifying a browser or even a user across multiple browsers (something cookies alone can't possibly do).

As a web developer, I just wonder how much it will cost to audit all of our software (both written in-house and purchased software) that may use cookies to store session data, shopping details, form data for allowing the user to quickly shuffle back and forth through form screens without losing previously-entered data, etc.

The only cookies I can think of that we use that can be considered tracking are cookies used to keep track of visitors that came from specific affiliates so that the affiliate can be properly credited with the purchase. I have to assume that these will now need explicit consent, which will either result in a cascade failure of online affiliate systems, yet another "OK" / "Accept" button that users are conditioned to always confirm without any thought of origin or purpose, or a complete migration of developers from cookies to more insidious ways of tracking users that avoid cookies and could usher in even more privacy concerns.

The last possibility is the most-concerning and most-likely as it has already happened on the large-to-medium scale; the solutions would simply become more widely available and pervasive. These solutions also use such a variety of information to fingerprint users that coming up with a law that effectively bans such tracking would effectively gut the HTTP protocol and many established standards.

I know this as I created a proof-of-concept next-gen analytics system three years ago that could track users across multiple sites and with enough data on a user, could identify them as they switched between different computers and browsers. No cookies were used and Javascript on the client was not required. Clients with Javascript enabled simply provided more robust fingerprinting data as icing on the cake.

You can find out more about how this is done by visiting the EFF's Panopticlick site. I never launched my analytics engine as I quickly found out that I was not the first one to figure out these techniques and as I got closer to launch, a huge number of competitors jumped into the space, so I decided to look for less crowded avenues.

Fact is that there will always be people that want to keep track of you with or without your consent. No matter what changes of technology or laws occur, they will still successfully do this.

Not entirely. There's also going to be an open window where third parties may submit documents relevant to the patent - which include demonstrations of prior art. The key piece is that you have to be paying attention to what other people are patenting because if you miss the window to file, you (and the public) will be out of luck. Oh, you also better be able to show some sort of time stamp too.

The EFF has a decent summary in their deeplinks, but I'm not sure if it's the house or senate version they are talked about.

I look at the chart you linked and see significant, precipitous declines where the RIAA either ignored negative feedback or outright attacked customers:

Late '70s - disco was pushed on radio, tv, everywhere, and audiophiles (LP buyers) rejected it (the sale of hissing cassettes stayed flat unti CDs came along)
http://en.wikipedia.org/wiki/Disco

1990s - CD sales flatten as the loudness war gets really noticeable
http://en.wikipedia.org/wiki/Loudness_war

2001 - CD sales take a nose-dive after the Napster decision (Feb. 2001)
http://gseis.ucla.edu/iclp/napster.htm

2005 - CD sales make a tiny comeback, along with digital, then both plummet as the RIAA lawsuit campaign focuses on university students and the MGM v. Grokster decision comes down
http://www.eff.org/wp/riaa-v-people-years-later

Has the RIAA finally won the war against its customers?

Here are a few: https://www.eff.org/deeplinks/2011/01/cablegate-disclosures-have-furthered-investigative US Contractors in Afganastan pimp out young boys and the State Department coverd it up: "The Guardian reported on a cable describing an incident in which employees of DynCorp, a U.S. military contractor, hired a âoedancing boyâ for a party. The term âoedancing boy,â also known as bacha bazi, is a euphemism for a custom in Afghanistan in which underaged boys are dressed as women, dance for gatherings of men and are then prostituted. Read more. The incident allegedly involved soliciting local Afghan police for a bacha bazi as well as usage of illegal drugs. The cable detailed that Hanif Armar, minister of the Interior of Afghanistan, urged the United States to help contain the scandal by warning journalists that reporting on the incident would endanger lives. "

Also
Ghostery => http://www.ghostery.com/
Https-Everywhere => https://www.eff.org/https-everywhere
Beef Taco => http://jmhobbs.github.com/beef-taco

then you will have a chance of good browsing without telling everybody where you have been and who you ate for lunch

Also in Illinois! I got named as one of 300 John Does for a porn torrent I got from http://www.puretna.com/ a while ago. It's not the companies who are trying to go out of their way to chase alleged P2Pers, but rather the lawyers are making a business out of this and the lawyers are the ones who approach companies to do this.

Luckily earlier this month the case was dismissed for all 300 Does involved, so my ISP will thankfully not be releasing my information to the plaintiff's lawyer, John Steele... he is one of the "bad" kind of lawyers.

If you are named on one of these John Doe subpoenas, contact one of the lawyers on this list from the EFF. I contacted five different lawyers, one offered pro bono and another looked up my case in advance and sent me documents from the court showing it had been dismissed. Another lawyer referred me to the pro bono one, and another lawyer told me $180 an hour. I don't think the fifth lawyer replied. Overall, results were good.

https://www.eff.org/issues/net-neutrality

Net Neutrality, especially proposed legislation, is not automatically a good thing, although I don't know how nuanced his position was on it.

Tolkein was/is a public figure

I am not so sure about that.

A public figure is someone who has actively sought, in a given matter of public interest, to influence the resolution of the matter. In addition to the obvious public figure---a government employee, a senator, a presidential candidate---someone may be a limited-purpose public figure. A limited-purpose public figure is one who (a) voluntarily participates in a discussion about a public controversy, and (b) has access to the media to get his or her own view across. One can also be an involuntary limited-purpose public figure --- for example, an air traffic controller on duty at time of fatal crash was held to be an involuntary, limited-purpose public figure, due to his role in a major public occurrence.

Who Is A Public Figure

I don't know how quite how you frame an academic and author like Tolkien as the center of any great "public" controversy or event.

I think you do have a problem if you mimic the distinctive cover designs and typefaces of Tolkien's books. The cynic in me dislikes the notion of using fictionalized biography to shore up your literary criticism.

A Real Man who wants to visit websites will load each site in a separate browser instance with a unique agent string and a different browser vendor and build each time with all cookies and scripts (1st, 2nd, 3rd, 87th party, etc.) hard-blocked, and only from within a series of totally unique VM environments of no less than Windows XP (Home and Pro), Vista (all 4,556 varieties), Win 7 (all varieties) and no less than 1,396 versions and flavors of Linux or Unix derived operating systems, [...]

I know you are joking. But I just checked myself on panopticlick. Looks like if you you know either my plugins or my fonts this is enough to uniquely identify my computer and hence its sole user. Unfortunateley my browsers transmit this information even in anonymous mode. And the list is nearly the same between different browsers. So cleaning the cookies won't help, TOR won't help, NoScript won't help and using different browsers' won't help to hide me from user tracking on the internet. The funny thing is that a fingerprint based on that information will work well between different internet sites.

And the installed fonts, and the screen resolution and color depth and the dozens of other factors that combined allow you to be tracked.

Try this web site for an idea of how these factors can (in combination) uniquely identify you:

https://panopticlick.eff.org/

I see that my browser is unique among the 1.4 million tested, with 20 bits of identifying information. Knowing my user name isn't going to compromise my privacy all that much more, especially compared to how Facebook screws your privacy every day.

Cute ... but of course all you have to do to change your identity is install a new font!

There was an article on Slashdot a while back about a clever project to track your browser regardless of cookie settings / IP address. Neat stuff.

There was an article on Slashdot a while back about a clever project to track your browser regardless of cookie settings / IP address. Neat stuff.

And the installed fonts, and the screen resolution and color depth and the dozens of other factors that combined allow you to be tracked.

Try this web site for an idea of how these factors can (in combination) uniquely identify you:

https://panopticlick.eff.org/

I see that my browser is unique among the 1.4 million tested, with 20 bits of identifying information. Knowing my user name isn't going to compromise my privacy all that much more, especially compared to how Facebook screws your privacy every day.

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP. Someone is capturing those auth cookies and using them to send delete commands to Facebook (no doubt after capturing all of the info and friends).

Use HTTPS Everywhere and force all your traffic that can be to be using HTTPS.

Why assume a sophisticated technical solution when the more likely explanation is the $5 wrench?

https://www.eff.org/observatory

The punchline: Unless you are using an atypically paranoid browser config, there are a Lot of CAs and subordinate CAs(some of them known-slimy, others known-incompetent), whose certs your browser will silently trust.

What would be nice would be a mechanism for tracking the cert-chain of websites of interest over time and from various endpoints on the internet. Companies do, legitimately, get tired of getting shafted by Verisign, er, um. switch certificate providers; but sudden shifts, not corresponding with certificate expirations, or shifts visible only from a subset of IPs would raise a red flag...

The problem is that you may send your username and password over HTTPS, each page after that you send your auth cookie over plain ol' unencrypted HTTP. Someone is capturing those auth cookies and using them to send delete commands to Facebook (no doubt after capturing all of the info and friends).

Use HTTPS Everywhere and force all your traffic that can be to be using HTTPS.

http://www.eff.org/cases/hepting

You forgot "Think of the Children."

Well, that's maybe where we differ. I think we need to be adults and think of everybody, especially if Al Qaeda is successful in getting nuclear weapons, which they already have permission to use.

But, if it will make you more comfortable, for the moment lets forget about the children, and see where we stand. We can recap, and maybe you could point out what is actually wrong instead of in essence saying "I don't like it".

I pointed out that the courts have ruled against your assertion that the government's national security wiretapping is illegal, and a human rights violation: Intelligence Court Releases Ruling in Favor of Warrantless Wiretapping

Even the page you linked to noted the EFF defeat on the legal question:

EFF Plans Appeal of Jewel v. NSA Warrantless Wiretapping Case
Court Rules That Mass Surveillance of Americans is Immune From Judicial Review
San Francisco - A federal judge has dismissed Jewel v. NSA, a case from the Electronic Frontier Foundation (EFF) on behalf of AT&T customers challenging the National Security Agency's mass surveillance of millions of ordinary Americans' phone calls and emails.

I also pointed out just a handful of the many active terrorism investigations and court cases going on inside the US. This points to a genuine, current, dangerous threat of people being killed by militant Muslim extremists. I assume you don't debate that they are genuine.

Daniel Boyd pleads guilty to US terrorism charges -9 February 2011
Domestic Terrorist 'Jihad Jane' Pleads Guilty to Four Charges - Feb 2, 2011
Stockham requests new attorney - February 05, 2011
Note: This individual is apparently an American Sunni Muslim who tried to attack a Shia Muslim Mosque.
Iranian Book Celebrating Suicide Bombers Found in Arizona Desert - January 27, 2011
Baltimore man accused of plotting to blow up military recruiting station in Md. - Thursday, December 9, 2010
Oregon Bomb Suspect Mohamed Osman Mohamud Wanted "Spectacular Show," - November 29, 2010
Faisal Shahzad: 'War With Muslims Has Just Begun' - Oct. 5, 2010
2 MN women charged with aiding Somali terrorists - Aug 5, 2010
U.S. links 8 to Somali terrorist group - November 24, 2009
And here's one for the Canadians: Converts Who Kill

I then pointed out that this current turmoil started with Al Qaeda's 9/11 attacks, and that according to Bin Laden, he won't stop trying to a

The US is the only one allowed to use this tech to abuse human rights, and it really doesn't want to risk losing its lead in technology used for spying on citizens.

You are completely wrong. First off, it's legal, and not an abuse of human rights. (And no, this isn't the first time a court has made a similar finding.)

Second, it's necessary because some American citizens, immigrants, and visitors don't want to live in peace, but have taken up the cause of extremists. (Just a sample - there are many, many more.)
Daniel Boyd pleads guilty to US terrorism charges -9 February 2011
Domestic Terrorist 'Jihad Jane' Pleads Guilty to Four Charges - Feb 2, 2011
Stockham requests new attorney - February 05, 2011
          Note: This individual is apparently an American Sunni Muslim who tried to attack a Shia Muslim Mosque.
Iranian Book Celebrating Suicide Bombers Found in Arizona Desert - January 27, 2011
Baltimore man accused of plotting to blow up military recruiting station in Md. - Thursday, December 9, 2010
Oregon Bomb Suspect Mohamed Osman Mohamud Wanted "Spectacular Show," - November 29, 2010
Faisal Shahzad: 'War With Muslims Has Just Begun' - Oct. 5, 2010
2 MN women charged with aiding Somali terrorists - Aug 5, 2010
U.S. links 8 to Somali terrorist group - November 24, 2009
And here's one for the Canadians: Converts Who Kill

And how did this get started? September 11 attacks

If you bother to read bin Laden's 'letter to America', you will see that in order for him to call off his minions, Americans will have to convert to his flavor of Islam, give up the constitution, implement Sharia law (which will mean cutting off hands of thieves, stoning adulterers, no more alcohol (prohibition again), drugs, porn, executing homosexuals, etc., etc., etc.), and many other odious demands.

Ultimately this is about various factions of Islam trying to extend their power by force. It won't go away soon. I suggest you get used to it.

Dreaming of Al-Andalus

By the way - the Muslim Brotherhood is not helping.

The US is the only one allowed to use this tech to abuse human rights, and it really doesn't want to risk losing its lead in technology used for spying on citizens.

Complying with DMCA notices isn't really sufficient. The EFF has a pretty good analysis of the status quo of US copyright law: https://www.eff.org/wp/iaal-what-peer-peer-developers-need-know-about-copyright-law

Yes, the DVDA attempt to prosecute anyone who even linked to a host of the deCSS "liberated" decryption key was the first case of the Streisand effect. It evoked an outraged response from the community, including a very effective EFF Blue Ribbon campaign for Freedom of Speech Online, which is still active. I still own several t-shirts with the CSS key printed on the back. This was way back in like 1999 or something.

But it wasn't named the Streisand Effect until Barbara Streisand sued the California Coastal Records Project (an awesome site) for publishing pictures of her estate on the coast of California. When this news hit the web, the pictures were copied far and wide in support of CCRP. And Streisand lost her lawsuit.

Another example of the very problem net neutrality is trying to prevent:

http://airtravel.about.com/od/airlines/qt/Airtran-Airways-Offers-Free-Facebook-For-February-2011.htm

On the other hand, recently the EFF has had nothing but harsh words for the current net neutrality legislation:

https://www.eff.org/deeplinks/2011/02/part-i-fcc-ancillary-authority-regulate-internet

While I am a staunch supporter of the concept of net neutrality, I'd hope for a better implementation than this.

I think there's enough blame to go around. Just take a look at The EFF online free speech cases to see that there are lots of folks looking to suppress somebody's speech: corporations, government, schools, etc. And that's only online. Blaming only the left doesn't get close to covering the whole collection of people with an interest in keeping someone from saying something they don't especially like.

You can even set it to use https so that noone else is snooping on your searches.

HTTPS Everywhere will do that with Google (and a slew of other sites).

And yet the PATRIOT act is up for extension today. They don't actually have to BE the opposite of Bush, just convince people that they're different. That's pretty bad.

This is just adding something else to track you with. Instead, there should be defaults for all of the different pieces of information you transmit on the internet. Such a whitewash will make everyone look the same for a lot of purposes and help part of the problem.

yes it is. And if hey choose to ignore it there is nothing you can do about it.
Even worse, you are handing them an extra bit of information about yourself, being that you care about privacy but are not savvy enough to realize this does not work.
It also makes your browser signature more unique so it actually makes it easier for them to track you.
http://panopticlick.eff.org/

Why should it come as a surprise to anyone to find out that they're still doing it?

...to curb abuses we should prosecute Agents, Special Agents, SACs and directors when they're involved in illegal activity instead of wringing our hands like we do now.

Does EFF sounds to you as an organization with a focus on "wringing their hands"?
Seems to me the first thing one needs to do is to see if (you "when") illegal activity occurred, wasn't this what EFF has set itself to do in this instance?

On Iphone jailbreak: "When one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses. " not only carrier unlock but also the jailbreak in order to use applications other thaan the ones provided by apple. https://www.eff.org/deeplinks/2010/08/breaking-down-dmca-exemptions-pt-2-free-your-phone
so it is somehow related to what we're discussing here. I'm already preaching to the converted so let's leave at that :)

But if the EFF is so Tech and New Media savvy, it didn't occur to them that they might want to release this information...

Who said that EFF is (or need to be) media savvy?

Just what happen to the position "news of problems need to travel the fastest?" What if the first "slow news day" will come only in 1 year from now?

Should everything be subordinated for the "news-tainment consumers" market segment? Should an organisation focused on "protecting your digital rights" be dumbed down to the level of the society instead of attempting to raise the society to its level?

Have you tried using http://www.eff.org/https-everywhere (Firefox extension) ?

I see the value of this, but doubt that anyone but the RIAA and advertisers really go through the trouble of making IP databases. Furthermore, our currently poor geolocation means that if your local mom-pops coffeeshop has WIFI, they'll be using DSL or cable dynamic IP's. Geolocation services in big cities like New York give you nothing more than a city address faaar from your real place. I would imagine that Starbucks internet nats wifi users behind some concentrator's address, and generates a similar tracking problem.

That's another reason why FB doesn't make a "permanent HTTPS" choice the default. Besides, https won't work under strict port-80 filtering rules. A FF plugin forces HTTPS on hotmail, gmail and a few predefined others, if you're interested. The problem of FF is having to install once per username per OS partition, unless you mess with registry keys and other geek file link magic.

Oh yes, yes they did try to claim that, and filed as such when the DMCA exemptions were being discussed.

They didn't win that round, mind you, but they certainly were trying to make sure it was considered against the law.

Some friends in Cairo would like to bypass some of the online censorship measures. I've quickly suggested some things (below) to consider overnight. What have I missed?

Anonymous connection:
No:
https://www.eff.org/deeplinks/2010/01/help-eff-research-web-browser-tracking

But:
https://www.eff.org/https-everywhere/

Also:
http://www.hotspotshield.com/

And services like:
http://filesharefreak.com/2008/10/18/total-anonymity-a-list-of-vpn-service-providers/
but verify on the ground.

Only if they understand the tradeoffs:
http://www.privoxy.org/
https://techstdout.boum.org/TorDns/

Avoid random lists of anonymous proxies or DNS servers.

To secure the computer:
Use a popular boot disk that leaves nothing behind, e.g.:
http://www.ubuntu.com/desktop/get-ubuntu/download

Remove metadata:
http://owl.phy.queensu.ca/~phil/exiftool/
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=144E54ED-D43E-42CA-BC7B-5446D34E5360&displaylang=en
and similar for other files they may deal with.

Delete/wipe files securely.

Many uses:
http://mailinator.com/
http://www.hushmail.com/

Consider:
http://www.disconnectere.com/
and its analogues

Some friends in Cairo would like to bypass some of the online censorship measures. I've quickly suggested some things (below) to consider overnight. What have I missed?

Anonymous connection:
No:
https://www.eff.org/deeplinks/2010/01/help-eff-research-web-browser-tracking

But:
https://www.eff.org/https-everywhere/

Also:
http://www.hotspotshield.com/

And services like:
http://filesharefreak.com/2008/10/18/total-anonymity-a-list-of-vpn-service-providers/
but verify on the ground.

Only if they understand the tradeoffs:
http://www.privoxy.org/
https://techstdout.boum.org/TorDns/

Avoid random lists of anonymous proxies or DNS servers.

To secure the computer:
Use a popular boot disk that leaves nothing behind, e.g.:
http://www.ubuntu.com/desktop/get-ubuntu/download

Remove metadata:
http://owl.phy.queensu.ca/~phil/exiftool/
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=144E54ED-D43E-42CA-BC7B-5446D34E5360&displaylang=en
and similar for other files they may deal with.

Delete/wipe files securely.

Many uses:
http://mailinator.com/
http://www.hushmail.com/

Consider:
http://www.disconnectere.com/
and its analogues

And nothing stops you from using https://facebook.com/ [facebook.com] does it?

The EFF plugin for firefox Https-Everywhere uses https on many website whenever available. A must-have.

Could a greasemonkey script be written to update all links to HTTPS?

Ask and you shall receive: HTTPS Everywhere is a Firefox plugin that forces HTTPS not only on Facebook, but Google and numerous other sites, with the ability to configure still more.

Once again, our friends at the EFF are ahead of the curve. Their HTTPS Everywhere extension, released a few months ago, probably would have beaten this attack by Tunisian security services, or at least made their jobs much harder.

Here's the extension: https://www.eff.org/https-everywhere

Work that donate button a little while you're there.

Agreed. As annoying is the fact that the whole site doesn't work over https -- e.g. chat seems to have serious problems.

I'm sure everyone knows HTTPS Everywhere already, it certainly helps me. Unfortunately a non-default solution is useless for the people who most need help, the ones who have no idea what https means...

I think the "vector of flags" idea has merit, but it introduces worse issues than those it solves. Consider privacy and user-tracking issues; this vector would make it trivial to uniquely identify users because it contains that much more information (see also the EFF's Panopticlick).

We still need "milestones" which can be marked, even if they are years, quarters, or months instead of versions. In this manner, we can still determine compatibility without introducing millions of different combinations of flags.

Another approach is the way javascript already does this. If there is a chance a function or object isn't supported, test it first, e.g. if ( document.getElementById ) { } It shouldn't be too hard to do this for HTML properties in a similar manner, perhaps like if ( document.supportsElement("video") ) { } (like document.createElement() but returning a boolean instead of an element). The important piece here is that there is no array containing this information. You would have to construct it if you really wanted it, which makes it harder to observe minor differences in ways that browsers structure it.

Obama is worse than Bush: http://www.eff.org/deeplinks/2009/04/obama-doj-worse-than-bush

so, youre on this website, and you are asking that question ? what are you ? a joke ?

http://www.eff.org/deeplinks/2010/12/not-so-gentle-persuasion-us-bullies-spain-proposed

http://www.irishexaminer.com/opinion/columnists/ryle-dwyer/the-us-is-using-terror-tactics-and-attempting-to-bully-europeans-26838.html

we have discussed a lot of things like these on this very website. the fact that you are asking that question .... well, i wont spend too much effort to explain. youre either a shill, or you actually dont read the website youre participating, or, you are a zealot. there can be no other explanation for expressing strong opinion in a subject you dont know shit about.

It's not a law, it was just an exemption to the DMCA. read more. And it only covers you and your phone, not the people that write the tools you use.

And the exception is only temporary. With a few years of 20 20 hindsight, we can now see that DMCA has not yielded real benefits to anybody but lawyers, thugs and would be monopolists. DMCA is not a law, it is pure evil.