Slashdot Mirror

Considering the fact that Obama was trying to ram TPP through, trying to blame this on the Republicans and Trump is ridiculous.

First of all, realize that the TPP is NOT about free trade. It's about intellectual property control and a variety of other topics. "Free trade" is a generic cover for the whole thing. The real motivators are things that would be balked at if they were negotiated separately.

For details as to what TPP really IS about, well, here's a very short summary:

The TPP and Intellectual Property

And the EFF's position on it:

EFF on TPP
EFF and the Copyright Trap

I'm not going to go into a lot of research for that particular question since this has already been hashed out a million times before.

However, as for the Democrat portion... well, first off, Obama spearheaded TPP and intended to try to get it rammed through towards the end of his term.

Obama and the TPP

Hillary in fact praised it as the "gold standard" while it was in development (in secret, I might add, to the point where Congressmen had to go to a secure room to look at the drafts and could not keep their notes on it with them):

Hillary on the Gold Standard

TPP Secrecy (note the caption on the picture)

Now she did try to back off on this and flip-flopped, although this might well have been a pose for the campaign:

Hillary and TPP

But the fact is that the Democrats did not officially oppose it.

Rejecting formal TPP opposition

Some would say that the fact that Hillary is particularly likely to lie about this to get elected, even among politicians. But people specifically close to her indicated that, if she was elected, she'd flip-flop on it pretty rapidly.

Terry McAuliffe's view on TPP flipping

Additionally, while people seem to very much enjoy shitting on the Republicans for draconian copyright laws, fact is that the Democrats are just as bad, and in some cases, worse:

Congressional support for SOPA and PIPA

This raises doubts as to what parts of TPP would be "renegotiated," if that had happened, which was one option that seemed to be spoken of for a Hillary presidency. Suffice it to say that it is likely that the IP law portions would not receive renegotiation that would be considered consumer-friendly.

Stereotypical "Republicans are evil 'cuz Republicans" and "Trump is evil 'cuz Trump" is not going to fly here, unless you're also willing to jump on board the "Democrats are evil 'cuz Democrats" train. Fact of the matter is, both sides are bought and paid for by the technology and content generation industries. This was the sentiment when SOPA was defeated by massive Internet backlash:

Backlash after massive SOPA protests

And Democrats were certainly benefiting from Hollywood donations which "encouraged" them to support SOPA:

So in short, both sides are filthy here. You can blame one side or the other for the majority of the problem a

That was true in the past, but it just isn't true of the recent progress in machine learning. Take a look at the data we've collected on problems like visual question answering, reading comprehension or learning to play Atari just by watching the screen, and you'll see that progress is happening in domains that either lack rigid rules, or where the rigid rules are non-trivial to discover.

That was true in the past, but it just isn't true of the recent progress in machine learning. Take a look at the data we've collected on problems like visual question answering, reading comprehension or learning to play Atari just by watching the screen, and you'll see that progress is happening in domains that either lack rigid rules, or where the rigid rules are non-trivial to discover.

That was true in the past, but it just isn't true of the recent progress in machine learning. Take a look at the data we've collected on problems like visual question answering, reading comprehension or learning to play Atari just by watching the screen, and you'll see that progress is happening in domains that either lack rigid rules, or where the rigid rules are non-trivial to discover.

Doesn't have to be a large company, just one with "just enough" resources who have made a business over customer protection.
Sonic Internet, for instance. It was one of two Internet providers (on a small list) to get a perfect score on the EFF's Who Has Your Back? list from 2015, and in particular they were hailed for how they "oppose the compelled inclusion of deliberate security weaknesses" by government agencies.

You do realise that ripping DVDs and BluRays is just as illegal as downloading torrents, right? The powers-that-be would just as readily prosecute you as any downloader if they could.

As long as you delete your ripped copy when you sell the disks, your fair use defense would likely succeed.

Although the legal basis is not completely settled, many lawyers believe that the following (and many other uses) are also fair uses: Space-shifting or format-shifting - that is, taking content you own in one format and putting it into another format, for personal, non-commercial use. For instance, "ripping" an audio CD (that is, making an MP3-format version of an audio CD that you already own) is considered fair use by many lawyers, based on the 1984 Betamax decision and the 1999 Rio MP3 player decision (RIAA v. Diamond Multimedia, 180 F. 3d 1072, 1079, 9th Circ. 1999.)

Ironically, the author of this story has misused "ironically".

There's nothing ironic about THE INTERCEPT trying to protect sources by providing a means for them to pass important documents to them in the public interest without ending up in jail. Perhaps the word "appropriately" would have been more... appropriate.

Anyway, she could have simply RETYPED them, and e-mailed them, avoiding the whole printer dot problem in the first place. If you want to see whether or not your printer is doing this, refill your yellow (and red and blue just to be sure,) toner cartridges with BLACK toner, and print a mostly blank page, with maybe a letter or two, (not sure if it'll print the dots on a blank page) or perhaps a fun message like "FUCK THE SURVEILLANCE STATE!" or "QUIT FUCKING SPYING ON ME!"

If the dots are small, print several a day or two apart with the same message, then compare the sheets. Some of the dots will have moved, and these are the ones that betray you.

Perhaps it's a matter of making sure everyone knows this, and pressure manufacturers into NOT having these dots by NOT buying printers that have them, and not buying their overpriced goddamned toner cartridges.

Here's an almost certainly non-exhaustive list of printers KNOWN to help the government spy on you:

EFF List of printers you shouldn't buy.

Sure about that? - https://panopticlick.eff.org/
Then in addition to that. Do you login to any website from that computer?

Do you have a cellphone?
Then yes, you are being snooped upon.

Do you drive your own vehicle to and from work?
https://en.wikipedia.org/wiki/...
https://www.schneier.com/blog/...

Do you take the subway/bus/bike to and from work?
https://www.schneier.com/blog/...
http://gizmodo.com/british-cop...

So if you combine this intelligence they could analyze the different data sources and over time probably match your face/licence-plate to your actual web-traffic. And it could all be automated.
Monitor over a time-period. Identify the traffic (login to a service or browser-fingerprinting or behaviour-fingerprinting). Identify when the traffic stops and who leaves the building after and with a year of monitoring you can exclude all the co-workers that left before or did not arrive before your web-traffic stopped.

Here is the EFF's guide on yellow dots.

And it's not in any way limited to Xerox.

You can test it yourself by photographing a piece of paper from a suspect printer, loading it into the GIMP and showing just the blue channel. The "yellow" dots will show up as a darker shade of blue than the surrounding page.

Here is the EFF's guide on yellow dots.

And it's not in any way limited to Xerox.

You can test it yourself by photographing a piece of paper from a suspect printer, loading it into the GIMP and showing just the blue channel. The "yellow" dots will show up as a darker shade of blue than the surrounding page.

The EFF decoded the dots years ago.

Apparently this person changed their own name.

And yes, it's weird. Very weird.

Still can't figure out how they didn't know about the dots. They're an anti-counterfeiting mark that the EFF had a well-known program to decode them not that long ago.

Color printers use a pattern of tiny yellow dots to embed an almost invisible code with the printer serial number and the date and time in every printed document. The Intercept handed over a scan of the document to the NSA for redaction with the code still intact. It is also in the published document. The EFF has the technical details.

Unfortunately, that's the cost of actively policing your content. Once you start doing it, as Facebook and Twitter have, you lose "common carrier" status and can be held liable for what you've missed.

You're not a lawyer, so stop trying to practice law. The reason that we're so protective of that is that even well-meaning people get so many things so wrong.

For example, the EFF, which is significantly staffed by lawyers, reports:

Courts have held that Section 230 prevents you from being held liable even if you exercise the usual prerogative of publishers to edit the material you publish. You may also delete entire posts. However, you may still be held responsible for information you provide in commentary or through editing. For example, if you edit the statement, "Fred is not a criminal" to remove the word "not," a court might find that you have sufficiently contributed to the content to take it as your own.

Do you know why? Because the law literally says:

(c) Protection for 'Good Samaritan' blocking and screening of offensive material[:]
(1) Treatment of publisher or speaker[:] No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
(2) Civil liability[:] No provider or user of an interactive computer service shall be held liable on account of--
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

So no, policing the content on your site does not make you liable, protections are not based on "common carrier" status, and you certainly cannot be liable for content that you've "missed" or even decided not to block.

BTW: I'm a lawyer, but I'm not your lawyer, in part because you're an idiot.

You're seriously *forcing* kids to create profiles and give their most personal information to an advertising and data mining company.

https://www.eff.org/press/releases/google-deceptively-tracks-students-internet-browsing-eff-says-complaint-federal-trade .

Social media - also known as mind hive CIA project

Speaking of which : notice how nearly all cited countries - Germany, France and Italy - are in Europe, and we European tend to be really serious about our privacy.
And Japan is similarly concerned with privacy and not intruding onto other people.

And that not only classical social networks (like Facebook).
That's also the case with chat systems. WhatsApp seems to be not as popular there are elsewhere in the world. You could find actually lots of german who prefere/have switched to other systems (basically : systems with more green checks on FSF's list)

I just read the EFF status report linked from TFA and the summary. I'm usually a big fan of the EFF and what they do, but this status report seems completely devoid of actual privacy violations.

Section 1 (which is most of the status report) is "survey results". They sent out a survey saying "do you completely understand you child's school's privacy policy", and unsurprisingly almost nobody does. Which is a problem, but not a privacy problem. If you asked most people "do you completely understand all of the subsections of your mortgage or lease", they would also not have a clue, but that doesn't mean that all landlords or mortgage companies are screwing people over (beyond the usual power-imbalance issues which we all understand).

Section 2 is "Legal Analysis" which has sections like "Potential Violations of the Pledge". It mentions a lot of potential problems, but doesn't go into details of any actual violations.

Section 3 is "Recommendations", which also doesn't seem to detail actual problems.

EFF, if Google is doing something with student information which is underhanded, just tell us. Don't spread FUD without any evidence.

https://www.eff.org/issues/cfa... "Creative prosecutors have taken advantage of this confusion to bring criminal charges that aren't really about hacking a computer, but instead target other behavior prosecutors dislike. For example, in cases like United States v. Drew and United States v. Nosal the government claimed that violating a private agreement or corporate policy amounts to a CFAA violation. "

And what about server emulators for dead online games that actually still have fans?

The copyright totalitarians have already destroyed those.

Such is the nature of proprietary software. Users are at the mercy of whatever proprietors grant.

Other problems with this:

• You can't determine if Microsoft's list is complete and correct. They report whatever they want.
• Even if the list is complete and correct for now, you can't do much to change anything. Remember that a previous version released information even when "privacy settings" were set not to do that? That could still happen. Didn't the EFF warn Windows users about privacy problems with Windows 10? And aren't the default settings (which, in my experience, most users use) set to reveal a great deal? The user's software freedom is not respected.
• Even if the list is complete and correct for now, the software can change. Microsoft can issue an update that alters how the software behaves without updating the list.
• There could be other code that releases information Microsoft left out of the so-called "privacy settings".

Regardless of the PR, regardless of the labels on the settings, regardless of whether you're using the GUI to make changes or setting registry values, regardless of whether you're using one variant of proprietary software ("Basic" edition, "Home" edition, etc.) or another (perhaps an enterprise or "professional" edition) the relationship to power does not change how proprietary software works: With proprietary software users' privacy is never really under their control. Users who don't understand how computers work or why software freedom matters may read articles like theverge.com's article and come away thinking they're better off now. They won't realize proprietary software user are still facing the same problems as before with nothing of substance altered.

A VPN offers a nice encryption layer that hides all plain text from local police, local gov, lawyers, health services, your ISP.
That is great given how much is now been collected in many nations over months and can be searched and requested by a gov, local gov, public private partnership contractors or a lawyer for a civil matter in some nations.
In the UK "As the Investigatory Powers Bill passes into law, internet providers will be required to keep a full record of every site that each of its customers have visited" (24 November 2016)
http://www.independent.co.uk/l...
In Australia "Here's Every Australian Government Agency That Wants Your Data" (Jan 18, 2016)
https://www.gizmodo.com.au/201...
In the USA? Some legal changes that have been suggested over the years https://www.eff.org/issues/man...

Yeah Verizon does set a cookie-like identifier which goes to AOL-owned sites and possibly some other Verizon-affiliated sites. There is an opt-in component and an opt-out component. Verizon customers may want to opt out. More info:

https://www.verizonwireless.co...

https://www.eff.org/deeplinks/...
(Note this link is from late 2014 and may be outdated.)

Actually, I do believe that anonymous speech is the last resort of cowards.

Because you're an uneducated paranoid nazi. Whistleblowers often work anonymously because if they don't they'll likely face undue hardship. Otherwise you'd be arguing that people like Mark Felt are cowards. Oh, and your hero Bradley Manning tried to remain anonymous as well.

Say what you mean, and stand behind it, and damn the consequences. You have freedom of speech, but neither freedom from the consequences of that speech nor the right to be anonymous. Check your constitution - you'll see that neither anonymity nor lack of consequences are rights.

Nope, in fact EFF describes this in good detail:

https://www.eff.org/issues/ano...

Or are you going to claim that the people who wrote the constitution were nazis as well?

They actually understood the value of it quite well. In fact, the revolution wouldn't have ever happened without it, because the British crown would have come down on the speakers like a ton of bricks. The pamphlet 'Common Sense' was very important to the revolution, and its author Thomas Paine was in fact anonymous at first, so you bet your ass that the authors of the constitution wanted to protect anonymous speech. Likewise, time and time again SCOTUS has upheld anonymous speech as being protected by the first amendment, so it's not going away anytime soon just to please little nazi assholes like yourself.

It's a good thing that, unlike you, I know history.

Nonetheless, the reason you hate anonymous speech is because all of your skin is pure velum, and you have no tolerance for anybody who is even remotely critical of you (a classic trait of narcissism.) You're every bit as insecure and paranoid as Hitler himself. I'll bet that everybody who knows you IRL can't fucking stand you, but they put up with you anyways lest you cry discrimination. That, combined with the fact that you crave attention like the little narcissist that you really are is why you got a sex change, only it didn't give you the attention you demand so you go around subtly asking ACs for sex on slashdot.

we finally realized we need open protocol, open source protocols to do what Flash, Unity, etc did

By "Unity" I hope you don't mean the desktop environment with an open source shopping lens that defaulted to sending every single search on your computer to Amazon's server.

Its better to have an open protocol and do it with open source code in the browser.

By this measure, the free counterparts to Flash Player are Gecko and Blink, the engines of Firefox and Chromium respectively. But what's the free counterpart to Adobe Animate CC (formerly called Flash)? Is Synfig any good?

Everyone seems to be reacting as if ISPs are suddenly going to start selling all your personal info in a major blow to Internet privacy, but these FCC rules just went into effect at the beginning of January, and were enacted because ISPs were doing it already. So we're really just back to the status quo.

Okay, this is a serious questions and all us who know the power and importance of Linux should be give more complete answers. I see a few hear but none that feels complete so I'll give it a go:

For pure ease overall I would second the anonymous posting for Linux Mint. https://linuxmint.com/ It is overall the easiest to use for a newbies. The reason being that it has the best software package wizard/interface of the any distro I've seen to date. Runs virtually the entire Ubuntu spectrum, doesn't have odd experiments that we sometimes see in Ubuntu. I tend to prefer Mate (it's a bit older and uses fewer resources) but people wanting a more "slick" look will prefer Cinnamon. This is what you want if you are a pure desktop user. Especially for gaming. Plus Ubuntu has been caught doing desktop search data "deals" with Amazon (you can turn it off but it's not easy to find) so if privacy is a big concern, Linux Mint has to the best of my knowledge never given/sold data to Amazon. (see this link: https://www.eff.org/deeplinks/...). One thing I should point out, the Linux Mint team was until recently a bit laid back on security leading to their website being hacked. They are more diligent now but just something to bear in mind. But Linux mint is in my opinion the best distro for Windows Die hard users to look at to make the switch. (you have TONS of games from Gog.com and Steam.com for you gamers..) I'm not suggesting Ubuntu simply because Mint is more usable and when Ubuntu starting quietly selling user data to Amazon (they may not be doing it now, but once bitten), I felt they betrayed the community as they did not announce it openly but started doing it quietly and made the "off switch" as tricky to find as MS does with changing the default extension save option in MS Word/Excel.

That said, if you want similar ease but want to be able to do moderately easy admin style tweaking with a wide community help base, you use Mint Debian which uses a pure Debian file directory/location layout (Ubuntu and Linux Mint are Debian BASED but have a few tweaks/customizations that don't entirely match pure Debian specs but are compatible with the vast majority of Debian Linux packages/software).

once your are comfortable you can tweak the User interface to look like whatever you want. But...if you want a more Mac look/feel out of the box I'd suggest ElementaryOS. https://elementary.io/

ElementaryOs has the slickest look out of the box and while it says "for Windows users" I feel it's even easier for MacOS users making a switch. However, it is less mature which is probably why the packages are fewer and to expand that you need some knowledge a beginner would probably not have and the community base is significantly smaller (newer so this is to be expected.)

If you want a more server set of functions and flexibility, I'd suggest using Debian (http://www.debian.org) and set the login mode to Gnome Classic. It will disorient MS windows users at first but the transition is still easy and I've had office use it with no real complaints (just that it looks different but staff figured it out quite fast). The advantage that Debian has is it's a true server level OS (even with GUI) and the being the base of more "user friendly" distro has a HUGE community base that can get you through almost anything. I may be digressing a little but it's important to distinguish what you are using Linux for. others will say CentOS but for Windows users I'd say the Debian package system is more like what MS windows users are accustomed to as opposed to the RedHat package system which will feel more alien to MS windows users. Lots of business big wigs will say go RedHat based (CentOS, paid RedHat or Oracle Linux) and for some business solutions with specific business needs it is in some cases the only way to go. If you ever decide to uas a RedHa

Okay, this is a serious questions and all us who know the power and importance of Linux should be give more complete answers. I see a few hear but none that feels complete so I'll give it a go:

For pure ease overall I would second the anonymous posting for Linux Mint. https://linuxmint.com/ It is overall the easiest to use for a newbies. The reason being that it has the best software package wizard/interface of the any distro I've seen to date. Runs virtually the entire Ubuntu spectrum, doesn't have odd experiments that we sometimes see in Ubuntu. I tend to prefer Mate (it's a bit older and uses fewer resources) but people wanting a more "slick" look will prefer Cinnamon. This is what you want if you are a pure desktop user. Especially for gaming. Plus Ubuntu has been caught doing desktop search data "deals" with Amazon (you can turn it off but it's not easy to find) so if privacy is a big concern, Linux Mint has to the best of my knowledge never given/sold data to Amazon. (see this link: https://www.eff.org/deeplinks/...). One thing I should point out, the Linux Mint team was until recently a bit laid back on security leading to their website being hacked. They are more diligent now but just something to bear in mind. But Linux mint is in my opinion the best distro for Windows Die hard users to look at to make the switch. (you have TONS of games from Gog.com and Steam.com for you gamers..) I'm not suggesting Ubuntu simply because Mint is more usable and when Ubuntu starting quietly selling user data to Amazon (they may not be doing it now, but once bitten), I felt they betrayed the community as they did not announce it openly but started doing it quietly and made the "off switch" as tricky to find as MS does with changing the default extension save option in MS Word/Excel.

That said, if you want similar ease but want to be able to do moderately easy admin style tweaking with a wide community help base, you use Mint Debian which uses a pure Debian file directory/location layout (Ubuntu and Linux Mint are Debian BASED but have a few tweaks/customizations that don't entirely match pure Debian specs but are compatible with the vast majority of Debian Linux packages/software).

once your are comfortable you can tweak the User interface to look like whatever you want. But...if you want a more Mac look/feel out of the box I'd suggest ElementaryOS. https://elementary.io/

ElementaryOs has the slickest look out of the box and while it says "for Windows users" I feel it's even easier for MacOS users making a switch. However, it is less mature which is probably why the packages are fewer and to expand that you need some knowledge a beginner would probably not have and the community base is significantly smaller (newer so this is to be expected.)

If you want a more server set of functions and flexibility, I'd suggest using Debian (http://www.debian.org) and set the login mode to Gnome Classic. It will disorient MS windows users at first but the transition is still easy and I've had office use it with no real complaints (just that it looks different but staff figured it out quite fast). The advantage that Debian has is it's a true server level OS (even with GUI) and the being the base of more "user friendly" distro has a HUGE community base that can get you through almost anything. I may be digressing a little but it's important to distinguish what you are using Linux for. others will say CentOS but for Windows users I'd say the Debian package system is more like what MS windows users are accustomed to as opposed to the RedHat package system which will feel more alien to MS windows users. Lots of business big wigs will say go RedHat based (CentOS, paid RedHat or Oracle Linux) and for some business solutions with specific business needs it is in some cases the only way to go. If you ever decide to uas a RedHat Pac

The best incremental refinement is short-lived certificates auto-issued by intermediate CAs. [...] The refinement being pushed instead of the obvious one is "OSCP stapling"

An OCSP response is a short-term statement issued by the CA that a TLS server's certificate is still valid. It can be thought of as exactly the sort of "short-lived certificate" that you describe. Stapling allows a TLS server to cache this response and present it alongside the main certificate. If only the TLS server contacts the CA to get OCSP responses, the CA can't see clients.

Sovereign Keys

From a footnote in the proposal: "In the current draft, there are additional requirements, including that an OCSP check for the CA certificate is successful".

some web browsers don't even check whether a certificate has been revoked.

This is a sloppy and invalid slur, hiding behind vagueness (it's a bogus criticism of Chrome). Revocation is useless when you fully work the threat model, and similar designs to address the uselessness are probably not workable. Remember, unless a scheme can handle revoking ~every certificate at once, it's inadequate recovery for Heartbleed. It's also a privacy problem because it lets CAs build a log of all web traffic.

The best incremental refinement is short-lived certificates auto-issued by intermediate CAs. CRLSet can revoke intermediate CAs. For normal certs, don't reissue and let them expire. That's basically what lets encrypt is, except "short-lived" is not short enough, like a day or two, yet. Also, as they point out, "weakest link": it's not a real answer unless every CA does it because an undeserving attacker could get someone to sign a long-lived cert for your domain even if you use short-lived ones. But this is the bog-obvious PKI refinement that's currently fashionable. The two-tier system keeps the CRL small, and the certs subject to "confirmation" (by not appearing in the latest short-lived CRL) can be backed by HSM that can't sign things quickly but is very unlikely to sign things wrongly.

The refinement being pushed instead of the obvious one is "OSCP stapling" and perhaps "must-staple", because this preserves the CA cartel. Without some long-lived rare magical token to give you, it's difficult to convince you that you owe them lots of money, so we still give you the token as a pacifier but then implement the above sane scheme in rube goldberg fashion, moving what should be the cert into the stapled confirmation.

However I think the correct response is not the obvious refinement. It's a major rethinking of the architecture, like Sovereign Keys. In this scheme, you must give up privacy to some central server because you must do lookups on a structure too big to store locally, but you can choose to whom you give it up because the structure is a blockchain that anyone can sync. Actually it might be small enough to store on a single computer so no big deal, but even if it weren't it's still less bad than OSCP privacy because of the option of picking a mirror you "trust".

If I don't own it, then my use is dependent on the whims of others.

Well, the "whims" are all spelled-out for you and known before you pay for it, maybe it is not so bad...

But, if anything is not to your satisfaction, you still have the option of buying an older, unencumbered, shovel.

On the other hand, if the EFF has their way, my option of using the hypothetical "smart-shovel" without owning it may not exist... Because the EFF knows better, what's good for me...

I wish, they stuck to fighting government's overreach. Fighting manufacturers of the proverbial "nice things" simply makes fewer of the nice things available.

Here are two great charities that accept BTC payments, and I'm sure they're not the only ones: https://supporters.eff.org/don... https://www.heifer.org/gift-ca...

Devrtm (the original poster) can donate his/her Bitcoin to any IRS 501(c)(3) tax exempt charity(ies) that accept(s) Bitcoin, for example the Electronic Frontier Foundation. Devrtm can then enjoy a U.S. personal income tax deduction for the full, fair market value of his/her donation, with no capital gains tax owed. It may be possible to make the donation anonymously, but Devrtm must keep records of the donation in his/her personal files, to document the tax deduction in case there is a future IRS inquiry. The tax deduction will likely be worth substantially more than what Devrtm paid (if anything) to obtain the Bitcoin. If Devrtm is subject to state or local income tax then there may also be charitable deductions allowed in those tax returns.

So we just copied what Britain had already done? Don't think so. Who first put major taps into the communications systems in order to "collect it all"?

https://www.eff.org/nsa-spying

Except all the US generals have the exact same secret, and are equally vulnerable to blackmail. As do their politicians, corporations, citizens, and allies.

So by not notifying anyone, they're leaving their own country wide open to the Russians, Chinese, Mossad, other nations, organised crime etc, who they are hoping desperately haven't and won't ever notice the same secret themselves. They can't even tell if it's already happened. It's pure security through obscurity, and we've just seen that it didn't work.

Apparently they're supposed to disclose them, but clearly they're not.

The Vulnerabilities Equities Process doesn't have a mandate to disclosure, merely to determine if they should disclose or keep it for use. The EFF explains it:

EFF filed a lawsuit under the Freedom of Information Act in 2014 to get access to the government's "Vulnerability Equities Process" (VEP), the policy it uses to decide whether to disclose information about security vulnerabilities or instead withhold this information for its own purposes, including law enforcement, intelligence collection, and "offensive" exploitation.

EFF v. NSA, ODNI - Vulnerabilities FOIA"

The EFF has a heavily redacted copy of the policy the key statement in there is "When a decision is made to disseminate..."

The Vulnerabilities Equities Process doesn't have a mandate to disclosure, merely to determine if they should disclose or keep it for use. The EFF explains it:

EFF filed a lawsuit under the Freedom of Information Act in 2014 to get access to the government's "Vulnerability Equities Process" (VEP), the policy it uses to decide whether to disclose information about security vulnerabilities or instead withhold this information for its own purposes, including law enforcement, intelligence collection, and "offensive" exploitation.

EFF v. NSA, ODNI - Vulnerabilities FOIA"

The EFF has a heavily redacted copy of the policy the key statement in there is "When a decision is made to disseminate..."

I've been going over this most all day (I'm retired, so I got fuck-all else to do on a rainy day).

From what I can tell, the biggest takeaway is that a hacked phone is not secure. Encryption is still OK, and Signal and WhatsApp are still secure as far as we can tell. Everything else has already been known. Also, it's a good idea when vendors patch vulnerabilities, apparently. Who knew?

EFF has written some interesting stuff about Vault7 today, on their webpage and Twitter account.

https://www.eff.org/deeplinks/...

Privacy Badger ftw. What ad?

The full NSA data is available to any agency since Obama signed this executive order https://www.eff.org/deeplinks/...

DEA using it for drug busts http://www.drugpolicy.org/news...

"New FOIA Documents Confirm FBI Used Dirtboxes on Planes Without Any Policies or Legal Guidance"
https://www.eff.org/deeplinks/...
"New Senate Bill Would Require Warrants for Federal Aerial Surveillance"
https://theintercept.com/2015/...
Lots of data is been sorted :)
".. fake cell phone tower devices that can pull a suspect’s cell phone data and thereby determine ... location within 10 feet."

Here is the opinion, it starts talking about fair use in this particular case at the bottom of page 59. In my reading ("Oracle's position is not without force"), they thought Oracle had the stronger case.

Nowadays all connections between your client and your server is encrypted. And connections between email servers are encrypted as well using TLS. The only hole is if your email server uses Verizon as an ISP, because they strip the request secure transit bits off of the server connection. So far none of the big email providers have felt like blocking off all Verizon customers. Once that hole is plugged, there won't be a single point where an email isn't encrypted.

Here is the EFF advice for crossing borders with digital devices, from 2011:

https://www.eff.org/wp/defendi...

Well, and that's just the kind of "professional airport security that is done in Israel." Isn't that what you wanted?

Note that it's also legal and nothing particularly new under US law, as even the EFF realizes:

https://www.eff.org/wp/defendi...

Isn't it funny how all this crap was acceptable to progressives under Obama but isn't anymore under Trump?

If you want to change this, change the law; stop using it for partisan purposes?

https://www.eff.org/deeplinks/...

Does this mean that Microsoft front patent trolls like Acacia and Intellectual Ventures can still sue you for using third party cloud services.

There are much better and secure alternatives out there.

https://www.eff.org/secure-mes...

Use something more secure like Telegram or Signal.

https://www.eff.org/secure-mes...
https://www.eff.org/node/82654

Use something more secure like Telegram or Signal.

https://www.eff.org/secure-mes...
https://www.eff.org/node/82654

but pretty much excessive for mundane stuff

It's also trivial and free to implement with Certbot. If everything were encrypted, then encrypted stuff wouldn't stand out in traffic analysis as "potentially interesting; worth investigating". Given the price, ease, and value in protecting absolutely everything, my policy is that everything that can be encrypted is unless there's a specific reason why it shouldn't be.