Slashdot Mirror

I agree, some things have improved -- there's even something vaguely akin to UNIX-style permissions these days. Direct3D 12 seems to be a solid technology too, if you're into that kind of thing.

And of course plenty of things have got worse. Ever-worsening system requirements, Metro/UWP, the Windows Store monopoly, adverts in your start menu, mandatory reboots that might strike at any time, and the horrendous 'telemetry' assault on privacy that can't be disabled.

Yah but Obama championed internet privacy and freedoms, no??

The one that expanded NSA Spying ?
https://www.eff.org/deeplinks/...

From how to offer source to proxy server users, part of the GPL FAQ:

For software on a proxy server, you can provide an offer of source through a normal method of delivering messages to users of that kind of proxy. For example, a Web proxy could use a landing page. When users initially start using the proxy, you can direct them to a page with the offer of source along with any other information you choose to provide.

The AGPL says you must make the offer to "all users". If you know that a certain user has already been shown the offer, for the current version of the software, you don't have to repeat it to that user again.

Widespread use of AGPL software would lead to even more pop-ups and interstitials offering to distribute source code for each covered component, which the user will see as an annoyance that he or she has to make go away to get to the work that he or she was trying to do. In addition, AGPL software has to track users to determine whether or not an offer to distribute source code was presented to each user. Though FSF recommends these pop-ups and interstitials, EFF appears to recommend against them.

As usual, there are several Firefox addons available to help enhance privacy.

1. Canvas Blocker - This extension forces the API to return random values for sites not whitelisted. The server asks your browser to draw something on the canvas and return the results and your browser lies to the server and returns garbage instead. Perfect. As a bonus, this appears to affect WebGL as well. I get new random values for WebGL and Canvas hashes on each visit to the EFF Panopticlick.

2. Stop Fingerprinting - This extension randomizes the string order of the list of returned fonts supported by the browser as well as preventing enumeration of plugins and adding bits of randomness to heights and widths of inline elements to further frustrate font detection.

Using these extensions together with others (Privacy Badger, Ref Control, NoScript, AdBlock Plus), substantially enhances privacy and frustrates fingerprinting by making your browser fingerprint unique per request . The more people that do this the more noise that is generated and the more poisoned the fingerprinting databases of the advertisers and other snoopers become. The advertisers are trying to use as many pieces of discrete information about your browser as they can to make your fingerprint unique. By randomizing some of those pieces, especially ones that rely on local hardware, we can take advantage of their greed to ruin their fingerprinting algorithms.

"It's like an entire country run by Jeffrey Katzenberg," the producer had said, "under the motto 'Be happy or I'll kill you.'"

I am viewing that setting through the process you described. It's well-known that Uber pushed out the change to remove the "while using" option at the beginning of December. https://www.eff.org/deeplinks/...

I'd say that you should consider yourself lucky to be the outlier. How you got there, I have no idea...

https://www.eff.org/issues/tra...

Congress AND the president can apparently create agencies. An example of an agency being created is the DEA in 1973.

I haven't yet seen any non Trump supporters lamenting the passing of TTP.

All that means is that you haven't been paying attention. Please leave this to those of us that are. Thanks so much.

If there are truly bad aspects to the TPP, then spell those out

Electronic Frontier Foundation has spelled out the TPP's truly bad aspects in a category of articles on its site.

The first link (.onion) is to a Tor hidden site, you can access it via the Tor browser bundle.

This is all you need to know: https://www.eff.org/issues/ano...

The EFF is trying to force the FBI to disclose the exploit they used. To date, the FBI has not publicly revealed it.

In addition to difficult questions concerning the Fourth Amendment, Rule 41, and the limits of government hacking, the Playpen cases raise an important question about the future of digital rights: whether, to what extent, and under what circumstances the government must disclose to criminal defendants how the government carried out its hacking.

In the Playpen cases, the government has provided some information to the accused about how the “network investigative technique,” or “NIT,” operated. But, critically, the government refuses to produce the exploit it used to allegedly take control of suspects' computers.

That refusal—in addition to all the other problems with the Playpen cases—violates the rights of the accused. And, as at least one court has correctly found, the refusal to disclose the exploit to the defense requires suppression of evidence obtained as a result.

At its core, the government's argument is: “You don’t need to know how we got into your computer (the exploit) because it does not change the information that we took from your computer (the private information copied and transmitted by the payload). Just trust us on this.”

This shit is spyware.

Here is who you register your complaint with: https://www.eff.org/

Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.

These are necessary, but not sufficient.

Not using cookies and javascript, flash, etc. These all can de-anonymize you. Hell even stupid things in javascript like the query for battery state can by themselves uniquely track you even if nothing else is given away by running scripts (which will not be the case; fonts available etc. all help to uniquely identify you).

Even if you are careful, and force dns to go through TOR or your vpn, you still have information leaking bugs like, https://blog.torproject.org/bl... And, things like bittorrent will de-anonymize you (it hands your IP out to peers), if they go over the same circuit as you are web browsing. Tons of other information leaking apps.

Tor now supports unix domain sockets instead of TCP, you can make a container/vm for your browser with this socket mounted (bind mount / plan9fs if vm), and use something like socat to mediate to allow your browser to work with a unix socket. If there is no network besides localhost in another namespace/isolated vm/jail, then even bugs like above will not leak info. Destroy everything to do with the browser profile every time you restart this container/vm. Even the localhost network will be unnecessary, eventually (tor browser has a wishlist item to use unix socket and not need a tcp stack at all).

Your browser may still give you away as a unique identity. See, https://panopticlick.eff.org/

If you log into *anything*, or visit local sites like cityname.craigslist.org, you have given up information on yourself.

If you use tor, *assume* that the exit node is spying on all your clear text communication.

In short, you really need to work hard to be _sort of_ anonymous, but you will not ever be fully anonymous.

EFF HTTPS Everywhere

https://www.eff.org/https-ever...

Are you sure they're not using browser/device fingerprinting?
https://panopticlick.eff.org/

https://www.eff.org/privacybad... Better than nothing...

Samsung is legally-required to protect its trademarks, else they lose them.

This is largely a myth.

Trademark Law Does Not Require Companies To Tirelessly Censor the Internet

The circumstances under which a company could actually lose a trademark—such as abandonment and genericide—are quite limited. Genericide occurs when a trademark becomes the standard term for a type of good (‘zipper’ and ‘escalator’ being two famous examples). [...] Courts also set a very high bar to show abandonment (usually years of total non-use).

JPB has written lyrics for the Grateful Dead. https://w2.eff.org/Misc/Public... ...and despite (in his words) dead for about eight minutes, he didn't find himself in a shaft of light. http://ultimateclassicrock.com...

Microsoft fucked up Solitare. Let's watch them do it to Paint. let's see:

1. Now shows Ads. http://www.pcworld.com/article...
2. Now only basic features unless you pay Microsoft for premium version http://www.newsweek.com/solita....
3. DLC!
4. "Telemetry" (sounds so much nicer than "spyware") sends whatever fils you open and whatever you paint to Microsoft "so we can improve our product."
5. Includes Windows 10 TOS: "We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary." https://www.schneier.com/blog/... https://www.eff.org/deeplinks/...

No. It might be unconstitutional if it were a demand or order, but a request, with no pressure on Yahoo to submit to it? Entirely up to Yahoo.

EFF disagrees, stating "Note that, as we've explained before, it is irrelevant that Yahoo itself conducted the searches since it was acting as an agent of the government."

In the USA, you get all the justice you can pay for - but that doesn't make you immune. The RIAA/etc would _love_ to go after Google too. Remember the Viacom lawsuit against Youtube? Don't think for a moment they're not itching to try another legal angle against Google (even as they happily benefit from using it to advertise - cognitive dissonance isn't something the music/movie industry has trouble with here).

https://www.eff.org/cases/viac...

Look what's happening in the EU, for instance, where you're no longer allowed to run an open WiFi access point.

Not a problem. If you want to provide access to anybody, you can set the password to "linksys" or some other trivially guessable string. Or to rub it in: SSID="password=12345" and the password indeed "12345"

OK, so let's take a look at these ominous-sounding acronyms, one by one.

CDA is the Communications Decency Act. It makes sense to start off with this one because it not only has the most Orwellian name, but it also represents one of the earliest assaults against online freedom of expression by American politicians. In the US, our legislators face no penalties when they pass overtly unconstitutional laws, but the laws themselves still have to survive court challenges. This happened more or less immediately with the CDA, and the result was genuinely ironic. The only significant part of the CDA that survived was Section 230, which is what releases server operators from responsibility for information posted by their users. So the CDA is actually one of the most important pieces of legislation protecting free expression on the Internet.

COPA Like the problematic parts of the CDA, the Child Online Protection Act was almost immediately struck down, this time in its entirety.

DMCA Another two-edged sword. Some believe that freedom of expression and copyright laws are mutually exclusive. I'm sympathetic to this point of view myself, but the fact is that our Constitution explicitly authorizes Congress to regulate "intellectual property." Unsurprisingly this is also true of essentially every civilized country on Earth. All of them, in the US's place, would have ended up with a DMCA-like law of their own. The differences is that similar legislation in those countries wouldn't have had to conform to the First Amendment. Much like the CDA, one of the parts of the DMCA that survived court challenges is the "safe harbor" provision that has proven to be vitally important to the growth and maintenance of a more-or-less free Internet. Look what's happening in the EU, for instance, where you're no longer allowed to run an open WiFi access point. The DMCA and CDA are what keep this kind of bullshit from happening in the US.

COPPA is the Children's Online Privacy Protection Act. It doesn't address free speech, unless your idea of free speech is the freedom to collect personal information from children under 13 without their parents' supervision. If that's your idea of free speech, we're done here.

CIPA, the Children's Internet Protection Act, is problematic from a free-expression standpoint. But it is also strictly limited in scope to schools and libraries that receive government funding. It has no effect on the rights of any private citizens or organizations.

DOPA ("Deleting Online Predators Act") is one I hadn't heard of. It was introduced in Congress but appears to have made no progress toward passage since 2007. It's not the law, so it's not relevant.

COICA, "Combating Online Infringement and Counterfeits Act," and its successor PIPA, "Protect IP Act" also were shelved after widespread protests.

SOPA, the Stop Online Piracy Act, was basically an attempt by the content industries to buy a legislative end run around the DMCA's safe harbor provision. Like the DMCA it comes into play only in the context of copyright law. Like PIPA, it failed to pass in the wake of widespread protests.

CISPA, the Cyber Intelligence Sharing and Protection Act, doesn't appear to have anything to do with freedom of speech. It "allows for the sharing of Internet traffic information between the US government and technology and manufacturing companies." It wouldn't be affected one way or the other by the ICANN transfer and isn't germane here.

It's not clear what you mean by "the USITC requesting site blockings." Presumably another case where the right to infringe copyrights collides with the right to free sp

HTTPS Everywhere

https://www.eff.org/https-ever...

No privacy? Use Signal.

One more time, with feelings: use Signal. Use Signal. Use Signal.

Privacy protection removed by Google in 2013

Crippled version returned. In 2016.

That's only comforting if you only care about yourself, rather than about democracy and freedom in general. But mass surveillance is worrisome for dissidents, political opponents, lawyers, activists, whistleblowers, journalists, and generally just people who want to change the system or challenge authority. These are the people who help put checks on government power and therefore help democracy thrive. You or I, specifically, may not be interesting (but there's still a chance normal people could become targets for reasons completely unknown to them), but it's not all about you. Stop being selfish.

The FBI tried to make MLK commit suicide, law enforcement practices parallel construction to cover up illegal searches, the US has wronged many people in the past (e.g. Japanese internment camps), there are countless unjust laws on the books, etc. The US government and other governments have proven that if they can abuse their power, they absolutely will do so. This is a simple historical fact that only a blind fool would deny.

There are many pro-mass surveillance trolls on Slashdot. Less so for SoylentNews.

Hello

The funny thing is that equipping a target with a satellite phone improves the ability to identify them. In the case of a journalist and photographer team operating in Syria a few years ago, it was their satellite phone that allowed their location to be triangulated and subsequently attacked.

I would think it would not be too difficult to come up with some interesting usage patterns of DMs (sending messages in languages commonly used by ISIS, using certain phrases common to ISIS, geoIP location, access only from Tor nodes, proxies, VPN connections and so forth as selection criteria for further intelligence collection. Frankly, using DMs sounds like a great way to be targeted by state security services.

Regards,

Aryeh Goretsky

And very few people in real user land ever checks the URL in the browser. So PKI certificates are worthless.

So you've never seen one of these eh? Weird.

If they are allowed to frame the issue as privacy versus security, then we have a hard, uphill battle to fight, unfortunately. The stronger argument to be made, from the perspective of convincing the government to not do something /utterly insane/ goes, is that this is a case of security versus security.

https://www.eff.org/deeplinks/...
https://www.schneier.com/blog/...

This is a leaked draft impact assessment(PDF alert)

Note: you have just repeated the URL from the article; just repeating a source does not make it any more genuine, and may make it actually less convincing.

you can read more about it here: European Copyright Leak Exposes Plans to Force the Internet to Subsidize Publishers

If this were an alternate source, I'd consider that it might lend more credibility to the assumption that the putative leak is genuinely what it is purported to be. But this is not an alternate source for it; rather, it is the EFF's analysis is of the very same putative leak indeed, to the URL. It therefore does not give said putative leak more credibility.

This is what Julia Reda (MEP) says about it: Commissioner Oettinger is about to turn EU copyright reform into another ACTA:

This is not a copyright fit for the digital age. It’s a copyright that tries to protect the big players of the past from the future.

Again, an analysis the same putative leak, to the URL, not an alternate source. As an opinion piece on the question of paying for news excerpts, it is certainly relevant; as a proof that the purported leak is genuine, it is not.

Note that I do not belittle the EFF or Reda's analyses, and I certainly don't think less of their opinions on copyright; my point was initially, and still is, "how do we know rather than assume that this is really a leak of a EU Commission document intended to be the Commission's proposal?" and I find no convincing answer to this question in opinions based on the very assumption I am questioning.

(oh, and before anyone asks, or skips the asking and states outright: I find the idea of trying to make news "sources" collect pay for excerpts of their "content" bad in several respects, including for the very ones it is supposed to benefit. But just because I disagree with a document does not make that document genuine, nor does it allow me to disregard checking whether it is. Fact-checking is -- well, should be -- anisotropic.)

This is a leaked draft impact assessment(PDF alert), you can read more about it here: European Copyright Leak Exposes Plans to Force the Internet to Subsidize Publishers

This is what Julia Reda (MEP) says about it: Commissioner Oettinger is about to turn EU copyright reform into another ACTA:

This is not a copyright fit for the digital age. It’s a copyright that tries to protect the big players of the past from the future.

Europe’s publishing, film and music industries have clearly found that influencing Commissioner Oettinger to write laws is easier and more lucrative than adapting to progress and competing fairly.

Google's WOPR won't be online until spring.

Google, the only winning move is not to play.

StartPage
NoScript
Privacy Badger
AdBlock Plus

That largely depends on whether you allow third-party cookies to be set. Anybody who cares about privacy in the least would have third-party cookies disabled. Let Farcebook try to snoop on my /. activity...it's not gonna work.

There are still images and scripts embedded, where your web browser sends headers to the remote site. Unless you scrub the headers and IP by going through a proxy server, you're still providing them information.

http://panopticlick.eff.org/tr...

Citations:

https://support.t-mobile.com/d...

Some T-Mobile data features have a 'threshold' on the amount of data you can use at full speed during a billing cycle. After you pass the threshold, you still have unlimited access to data, but the speed of data is reduced...If you have a plan that was available after March 24, 2013, data speed is reduced to (at most) 128 kbps when data usage exceeds the Data Speed Reduction Threshold for data features, Mobile Internet, and data-only plans.

https://www.eff.org/deeplinks/...
https://www.t-mobile.com/conte...

T-Mobile’s “optimization” consists entirely of throttling the video stream’s throughput down to 1.5Mbps.

The network limits the bandwidth available to detectable videos to a level currently at 1.5 Mbps and as a result, many video services will deliver videos at lower resolutions that will look good on mobile devices (DVD-quality, typically 480p or better) and that use less data.

I'm assuming all T-Mobile One video will be restricted to 480p because that's what it says on the fact sheet:

T-Mobile ONE includes unlimited video at standard definition—typically DVD quality (480p)—from any service.

And the fact sheet also says exactly what the $25 gets you:

Customers can get higher-definition video, up to 4k, for $25/month per line.

The logical conclusion is that the base T-Mobile One plan will throttle all video to 480p (in other words, 1.5Mbps), you can remove said throttle by paying an extra $25 per month, though your data will likely still be deprioritized when you hit the 26GB soft cap.

Nope. Not really. Because you have willingly interacted with enforcement agents, your rights are different. Suggest you read this: https://www.eff.org/wp/defendi...

Here's the pertinent part:

"If a border agent asks you to provide an account password or encryption passphrase or to decrypt data stored on your device, you don’t have to comply. Only a judge can force you to reveal information to the government, and only to the extent that you do not have a valid Fifth Amendment right against self-incrimination.38

However, if you refuse to provide information or assistance upon request, the border agent may seize your device for further inspection or consider you uncooperative, which the agent may take into consideration when deciding whether to allow you to enter the United States."

The case cited in the Ars Technica article is a different situation because the plaintiff/defendant unwillingly interacted with law enforcement. By approaching the US Border and "willingly" interacting with CBP and/or ICE you give up a certain amount of rights. Same is true with a TSA checkpoint.

So... "Good luck with that!"

Version 1.0 https://www.eff.org/node/82654

A new scorecard will be coming out soon https://www.eff.org/secure-mes...

Skype is one of the worst performing ones.

Version 1.0 https://www.eff.org/node/82654

A new scorecard will be coming out soon https://www.eff.org/secure-mes...

Skype is one of the worst performing ones.

Electroic Freedom Foundation created the Secure Messaging Scorecard to help answer this question. The biggest problem with this scorecard is it mixes desktop and mobile apps together without really indicating which type of app they are. But both Signal and Silent Phone are available for Android and iOS. Either of these might be worth considering as alternatives for the types of things you current use Skype for today.

If you go over to EFF you will get a good list of alternatives...

...which recommends WhatsApp. You might as well post the audio straight to FB.

If you go over to EFF you will get a good list of alternatives to Skype and how secure they are to use. Skype is ranking at the bottom.

Lets hope some of us had HTTPS Everywhere https://www.eff.org/https-ever... working at the time :)

No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.

Facebook's Privacy Policy circa 2005

Facebook's Eroding Privacy Policy: A Timeline

http://akademie.dw.de/digitals...

You may be right.

https://www.theguardian.com/te...

Or not

http://www.pcworld.com/article...

or ... you can see for yourself

https://panopticlick.eff.org/

I just went back to Panopticlick and I have to whitelist several scripts before my browser is identifiable.

I know, its asking me to redirect to firstpartysimulator.net/tracker?

Should I click OK?!?!?

First, yes, they do in fact know that much about you and yes the tools work incredibly well.

I'm curious how this is supposed to work on vaguely careful people - who use NoScript, adblock, clear cookies regularly, aliases (recognizable to friends) on social media. No like buttons, etc.

I just went back to Panopticlick and I have to whitelist several scripts before my browser is identifiable. On most sites, those sources wont ever be allowed to run because only one or two first-party sources are needed for the page to function.

Of course, some companies are going to have data, say Google (because Gmail and Play) and Amazon (because payments and product ids), but why would they share that information with competitors like this startup?

The EFF panopticon page not only measures your uniqueness, but it also identifies the most distinct parts of your signature. It offers some solutions to shrinking your fingerprint. https://panopticlick.eff.org/

Oops. https://panopticlick.eff.org/

It is a fork of https://panopticlick.eff.org/ and about the same thing with a few more tests. And I am unique on both.