Slashdot Mirror
EPIC Report On International Cryptography
kalifa writes: "The EPIC (Electronic Privacy Information Center) has just published its annual report on international cryptography. It is available here.
It's pretty informative, and I hope it will help changing many false misconceptions (and, by the way, put an end to the same good old francophobic stuff, which is obviously unjustified after the study of this report). "
This is off-topic, but I think I think the worst thing Taco could've done was use the word francophobia. Now look how many trolls there are. Think before posting that story, or maybe remove francophobia from the blurb.
I used to believe in personal freedom but slashdot has convinced me that too many people are unable to respect those around them without being forced to. BTW, the link in the post I'm replying to does not lead to a cnet article.
Not only that, but Visa doesn't hold you liable for anything if you lose money online. You really don't have anything to lose, so go buy stuff online and raise the price of tech stocks.
Speaking of stocks, I would like to recommend
AREE, which is poised to double within the next
month.
Speaking of making money with credit card fraud, I understand that most companies won't bother to go after you unless you rip them off for more than $100-$200.
Personally, I have almost no qualms about giving my CC# out, because I'm not liable.
Mr Taco, in case you have not noticed, your site has become overrun by trolls. The signal to noise ratio has been declining for months and now stands at about 1-1.
Slashdot.org used to be a quality news site with meaningful, relavent information. Now it is nothing but a trash hole filled with yesterday's news. I belive the "golden age of slashdot" ended because of two events:
The merger with Andover.net/VA Linux and
The implementation of moderation.
When you sold your site to andover.net, many people feared the worst: Taco had sold out. Initially, things were handled well and there was no obvious change in the management of the site. As time went on, however, many changes occured, mostly bad.
For example, the topics now posted to slashdot are old and meaningless. Further, important events are often never writen about seemingly because your parent company is looking over your shoulder. In the past few months, the stock prices of the big Linux companies(especially VA Linux) have tanked. This is news worthy of a topic.
More disturbingly, you seem to cover up events which do not reflect well on VA and your site. A few days ago when slashdot was down for half a day, there was no reason given. When people asked, you marked them down as flamebait or off topic. In the old days, if slashdot were down for even 30 minutes, you would post an explanation. Did you forget this time?
Now to moderation which is turning out to be the nail in your coffin. You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would be moderated up.
Now registered members of your site can view at any threshold they want to, but the default view for non-members is > -1. By moderating these anti-Linux posts down, you are preventing them from being viewed by the masses. Thus, you have commited an act of censorship.
The trolls don't like being censored. To prevent this, they simply post many messages so that they all can not be moderated down. If you were to get rid of moderation, there would still be the occasional troll, but you would not see mass spam. The message, however unpopular or inane, would get through the first time.
Another problem is your moderators' lack of humor. Many times I have rolled on the floor laughing at a post marked down to -1. So what if someone makes fun of your mom? Personally, I find many of the "hot grits" posts to be funny. Most should not be moderated down.
I'm only going to say this once to you, Mr Taco: Slashdot is going to die unless changes are made. Here is the way to fix slashdot: Take it private. Being owned by a large corporation is influencing your reporting. You must find a way to "buy back" slashdot from VA if you want to stay in business.
Respectfully yours,
Metawronka
>There is no public knowledge of how to
>efficiently factor large prime numbers
Err, I should hope not. Isn't one of the things that makes prime numbers prime is that their only factors are themselves and one?
Enigma. WWII. Next!
No, but if you're a European company doing export business with Asia, or a NGO like Amnesty International, the NSA almost certainly do try to read your mail. There's plenty of people who have real, concrete and current needs to make their mail NSA-proof (or at least NSA-resistant).
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
I hate false misconceptions almost as much as true ones. ("That theory is worthless. It isn't even wrong!" --Pauli)
-=Maggie Leber=-
> Also most European countries are the size of
> American STATES. France is the size of Texas.
> Shouldn't they be capable of
> moving faster on things than the US?
A more meaningful comparison would be on respective populations. France has around 60 million inhabitants, the US 270. Thus, changes in French law would amount to changes in something like one fourth of the US, which vastly exceeds a single US state.
Like it's possible to eat too much cheese.
(jfb)
To spur "enterprise Linux," Big Bang, the distributed two-phase commit.
Uhm.. wouln't want to nitpick, but Germany is kind of forbidden from having an army by the (US-imposed) clauses after the end of WWII.
But let's return on topic: IMO geographic size doesn't matter really, what matters more is the populace of a state: Italy (I am italian) has 1/6 of the USA populace, France has more (but I don't remember how much). But then Sweden, with "only" 6 million inhabitants, is one of the most technologically advanced countries in the world, and Norway and Finland should measure on the same scale (I remember a guy named Linus Torvalds to be finnish).
In this case, I believe this regulatory behavior to be the result of an historic governamental paranoia, which leads from time to time to witch hunts.
Actually, it would probably be a better idea to wait a little while before turning France into a parking lot for EuroDisney. Once the stock market cools off, and the new administration takes over later this year, the economy will be in the toilet. Since everyone knows that war is good for the economy, we should put our national labor force to work on producing bars of soap, to airdrop them in France. We can also put our printing industry to work printing instructions in French on how to use soap.
Then, once France smelled a little better, we'd move all the people we dont want over there, offering them political asylum. Alanis Morissette, Gerard Depardieu, The Backstreet Boys, Elian Gonzales -- all of em, just move em over to France. Then nuke it, pave it, and charge admission to worship Mickey.
Sounds good to me.
Bowie J. Poag
Project Founder, PROPAGANDA For Linux (http://metalab.unc.edu/propaganda)
Bowie J. Poag
are all 'e-commerce' companies. They sell products over the net, and rely on it more so for their supplier backends. E-commerce is a lot more pervasive than some overhype dotcoms.
Real businesses out there use it all day every day.
Hey, even FedEx qualifies as an e-commerce company.
I agree with many of your points. But if you cared about this forum you could at least have logged in. Or are you worried about your 'Karma'?
The other response is to set up your own forum.
The *only* reason that I am posting this response is that you have posted your points against every story today. When does 'Interesting' become 'Redundant'? And when does 'Redundant' become 'Trolling'? (I hate the misuse of the word 'troll' - check here for the canonical definition)
Try emailing cmdrtaco@slashdot.org before you post this again.
Share and enjoy.
Chaz
No clue. I'm curious as well... I always thought Sternlight was a plant! Good to see some old Usenetters out there!
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
One word: Echelon!
Note for the sarcasm impaired: This is meant as a joke! Not a flame or troll!
Say what you mean, mean what you say! But please know what #$@% you are talking about!
>> [snip] electronic commerce [snip]
> And what part of the economy would that be? Is that the all-too-crucial overblown
> speculative-bubble part? I haven't heard of any e-companies that are in the black yet.
Obviously, the report refers not to the amazons and ebays but rather to the banks and other "old" businesses that do most -- if not all -- of their transactions electronically. Would _you_ put your trust (and cash) in a bank whose inner workings are open for any script kiddie to exploit?
-- Disclaimer: Any errors in spelling, tact, or fact will be regarded as line noise.
very well then duly noted
Just experimenting
Slashdot social engineering at it's finest
RSA is easy to use but it just seems to take forever on a slow CPU. The Feds must HATE that.
This post is most definitely NOT flamebait. -Marc
"and, by the way, put an end to the same good old francophobic stuff, which is obviously unjustified after the study of this report.."
I don't see where the use of cryto-tech has anything to do with the small-minded attitude that France takes towards anything and everything. Just because they finally got their act moving forwards as concerns crypto doesn't explain everything else they do. On the other hand, it's good to see the general direction this is going (for many countries). Natch I'm NOT suprised at the stand taken by the Canadian gov..all we need now is for the American gov to wake up and realize that honest citizens have rights too, and that there isn't a true correlation between the use of crypto and the likelyhood that criminals will "get away with *it*", whatever *it* may be..
D.S. was (until mid-98) a very common (and unpopular...) poster to comp.security.pgp.discuss. He's been quiet recently mainly due to the fact that the c.s.p.d regulars upset him to often :)
Have a look at Deja for some of his final posts - they are quite amusing :)
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
You sound like David Brin, pathetically naive.
Piss away your privacy, and watch the powers that be pick their teeth with the bones of you progeny.
The sale of drugs like heroin, cocaine, speed, etc. is highly illegal.
MSN 8: Now Microsoft even has bugs in their ad campaigns.
US isn't the only country in the World who make
crypto software and/or code.
Export restrictions only difficult a "crypto
standard" for web-commerce, for example.
thanks for all the help, I'll check out the counterpane thing (and yes I'm running 128bit)
. --- If you're looking for free e-mail you won't find it here! http://www.noemailhere.com
I can't stand those little cans of spaghetti and franks. Give me Chef Boyardee anyday.
Really, do you think anyone has the time to sniff through your network traffic for *one* credit card number? It'd be *much* easier to guess numbers at random for that much trouble. Not to mention the lure of finding an insecure web server out there, and retrieving a whole logfile full of CCs.
<heresy>I've personally sent CC info over the web IN THE CLEAR!</heresy> To date, I haven't seen any unauthorized charges on my statements. I can't say I'm really expecting to see any either. Worst case, a few phone calls to my credit card company will take care of them. Really, do you think the internet is any less secure than, say that shifty eyed clerk at the CD store? or your favourite restauraunt?
How's my programming? Call 1-800-DEV-NULL
The Kingdom of Tonga in the South Pacific hosts a server that freely distributes over the Internet BSAFEeay, a free, public domain implementation of RSA Data Security?s BSAFE Applications Programming Interface (API). The site advertises that its cryptographic offerings are "made outside the US, so there [are] no ITAR restrictions."
.to domain name. Their website claims that "yes, there are cypherpunks in Tonga" but it is probably a joke.
Ahem... Cypherpunks Tonga is actually located in the Netherlands - anyone can buy a
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
This guy should have a look at Stand.org.uk. :) my MP, who forwarded it to Jack Straw, who sent me a letter (ick, snailmail) back saying that it's "to track down criminals" and that I should go read the text of the RIP bill myself rather than rely on commentary.
I for one have done my bit - I faxed (GPG-signed
What he does not say is that for the sake of a few stupid criminals he's locking up the rest of the country - there can never be a Verisign in the UK if the government can demand keys/decryption. So much for e-commerce, then. Oh, and I note a distinct absence of open letter with point-by-point rebuttal of any of the "commentary", on Stand.
So IOW, the UK is just as bad (read "braindead") as one of these "communist countries" in the EPIC report.
Make of that what you may, but like hell will I be respecting politicians...
.|` Clouds cross the black moonlight,
~Tim
--
~Tim
--
Rushing on down to the circle of the turn
I once saw a news segment on the smoking habits of the French. They are very aggressively pro-smoking. For instance, no non-smokers area in restaurants. One of the reasons cited by an interviewee for almost everyone smoking like a chimney is that Americans are against smoking so this yet another way to show how not American they are. I think what we need to do next is obvious. Free cartons of Players for France. I think every French household should find a pallet of Players on their doorsteps.....every morning!! Maybe we can find a way to make ultra concentrated super smokes with 300% extra tar and nicotine. If we're lucky they'll all "not American" themselves into emphysema and lung cancer in couple of years or so. At worst, maybe they'll find a slightly less stupid way to be "not American".
Hellooo? Encryption need not have anything to do with authentication, particularly of credit card information. Encryption and digital signing are two separate processes. Look how OpenPGP works.
No it doesn't. Information doesn't have a mind or a will. YOU want information to be free.
Why do you insist on giving information human charactaristics? You can not take away information's freedom. You can only take away a person's freedom to view information. I have a right to keep my information from you. This includes my email, my bank account, my medical records, and whatever else is mine.
Even my personal information? That's none of your business! If this is the true intent of the Free Software Movement, then I will oppose it in every way possible.
Only in your little dreamworld. Even the lack of surprise has never stopped war.
What you describe is a world similar to David Brin's Earth. The world describe in that novel was rather frightening. Sort of an 1984 meets the New Age. A world I would take up arms to prevent.
-- Will program for bandwidth
""The United States Government has long been the leader in efforts to limit the development and dissemination of encryption. For the past twenty years, the US has attempted to suppress development of encryption through
manipulating standards, recommending legislation, and imposing export controls. In the past several years, as electronic commerce has become an important aspect of the American economy, the US government has begun backing
away from these efforts, which have not been successful and had generated considerable controversy and opposition. ""
"Well, that's the story for the US. By the looks of things.. all things considered, they should be a "green light" in about 2 years. For crypto. The rest of our privacy laws are woefully lacking. In this respect, I consider the progress the
EU and it's member nation's to be making substantial progress - moreso than the US. For a country that prides itself on technical and economic superiority, it comes as a mild shock that we haven't been more quick to adopt EU-like
specifications to encourage e-commerce on a wider scale. "
Starting out a business is a rather risky and IMNSHO a very bad idea considering that about 80% of small businesses fail in their first 2 years of operation. Give me a full belly and a constant pay check to ulcers, panic attacks, and poverty thank you very much.
Maybe we don't have a large quantity of eCommerce is because people don't trust the system, don't want credit cards, don't want to risk everything creating some massive web site where you are just another face in the crowd. All the people I have ever known who even bothered with that much risk usually are not doing that spectularly well and are in fact suffering various side ailments because of it. Incidentally all of the so called businesses that I have seen that were operated by individuals instead of large companies failed rather quickly.
"I guess though there are some parts of our government which are more interested in "national security" than economic prosperity. All and all, an excellent paper, and one I'll definately be referring to when I set my web server(s) up in
the near future. "
That's nice. I don't suppose I will ever have need of such a thing. Massive risk is not in my blood and not something I take pride in at all. Over all I think that playing it safe is the best thing.
Could someone please tell me what data I have (that say any other "evil" company or goverment has that I haven't already given them?). Still even in most other countries the majority of the population have no need of such thing. Isn't there a way that for example one can specifically make a route for data to pass along that cannot be tapped? I think that there can be it's just that nobody has bothered in the least.
The United States is just protecting the rich and the powerful. Most of your average citizens don't know about or care that much about cryptography or eCommerce administration. I would also hazard that less than say 1% of slashdotters actually have anything that would need that level of security.
I have no network (cheap bastards at the phone company), no massive pile of "intellectual property" and don't do any financial transfers unless they are through groups like banks. Guess who's fault it is if the banks get robbed or theft occurs? Not mine. The bank is responsible.
Slashdot social engineering at it's finest
I'd be willing to bed that for the highest level stuff one-time pads are still used. However, you make a very good point. There is no public knowledge of how to efficiently factor large prime numbers, but the NSA, who employs more mathematicians than anyone in the world, may have a way. Remember that the Brittish GCHQ actually invented Diffie-style key distribution and a system similar to RSA for implimenting it a few years before the academics did, but no one knew about this until recently.
So, yes, I suppose it's possible that some guy at the NSA invented a way to factor the numbers, but then again, are your communications something that the NSA would really be interested in? Somehow, I doubt mine are.
Doh! It should read, "there is no public knowledge of how to prime factor large numbers."
I feel stupid :)
The little yellow padlock icon alone is no guarantee of anything. It's best to check your browser to make sure you're running a 128-bit encryption version first before relying solely on the presence of a yellow icon.
--
Neither does American Express. Some joker ran up $10K on my Amex bidding on Ubid.com. Amex not only credited my account, they issued me a new card the same day (I did have to pick it up) and is apparently beating the tar out of Ubid with some lawyers.
In short, shop all ya want with Visa or Amex. If ya get ripped off, it's not your fault!
==
"This is the nineties. You don't just go around punching people. You have to say something cool first."
You really want everyone to have access to your Credit Card numbers, because that information "wants to be free?"
You really believe that nations without armies are better for it?
-pjf
Wise man say: be sure brain is engaged before putting mouth in gear.
"The axiom 'An honest man has nothing to fear from the police'
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
so here's my probably foolish question...
Is publicly available cryptography strong enough for me to start buying stuff with a credit card on the 'net?
Or is it what I assume... that the cryptography's fine, but the weak link is in the software the OS or somesuch. (sort of like a padlock on a screen door)...
ps - i'm new at this, moderators be merciful...
. --- If you're looking for free e-mail you won't find it here! http://www.noemailhere.com
As an old-time reader of comp.org.eff.talk back when the Clipper chip was first introduced, my favorite quote from the beginning of the article is:
"There is little international support today for key escrow encryption. It has been abandoned by most counties and is no longer enforced in the few countries where laws requiring its use still remain.
Does anyone else out there remember David Sternlight, the guy on c.o.e.t back in 1994 who ferociously defended Clipper as a Good Thing? What happened to him, anyway?
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
And what part of the economy would that be? Is that the all-too-crucial overblown speculative-bubble part? I haven't heard of any e-companies that are in the black yet. How many points did Nasdaq drop when Microsofts stock crashed? Have I made my point yet?
The US likes other countries to take risky action first. That way we can see if it works and then implement it ourselves. We avoided socialized medicine and related fiascoes that way. If we have an interesting idea ourselves we try it out on the state level. Again, there's less risk of a major fiasco.
The US is always more worried about national security because it still believes its the bastion of democracy. Also, most of Europe didn't have to worry about national security too much because they had large numbers of American troops on military bases on their soil. It shocked me to find out that many European countries (like Germany) don't have professional standing armies, but its true.
Also most European countries are the size of American STATES. France is the size of Texas. Shouldn't they be capable of moving faster on things than the US?
So far I've gotten all my Karma from telling people they are wrong... :)
I'm sure that there are plenty of Credit Card thieves out there who would be overjoyed to hear this attitude from their victims... er, clients.
I don't know about you, but I would be just as happy if certain information is not publicly available for anyone who wants to view it.
Gonzo
From the section of the report concerning the state of US law, the following notable paragraph illustrates a trend:
If they can't get the laws they want, just make sure that the dominant OS has backdoors in it. I feel so secure.
With the web, I dont think it is very difficult to get a copy of the US edition of PGP anyway - doesnt really matter where you are. Get real! How can you restrict someone in the US from emailing an US version of some encryption software to someone in another country? I think the recent relaxation of export control legitimizes this export as successfully as the Netherlands legitimized the sale of drugs.
Encryption, shmencryption I say. It's a known fact that information wants to be free, and encryption is only one of many ways to stifle this freedom. When you encrypt something, whether it's your email or your grocery list, you are taking away that information's "freedom", and what's more, other people's rights to that information. In an era when Free Software flourishes, it is only fit and proper that Free Information takes a similar path. Much as you must work to make sure that your software stays Free, you must work to keep your information Free.
Encryption is akin to copyright, and thus censorship, in this regard: you are creating a privileged class of people who have the "right" to obtain your information. This system is the antithesis of what we in the Free Software Movement have worked for for years: open access to everything, at all times. If Free Software is the only moral software, then it follows that Free Information is the only moral information.
Just as in a state in which there is only Free Software there is no software hoarding, in a place with only Free Information, there will be no secrets, no plots, no jealousy. There will only be a new era of Freedom and Learning. Imagine if you were able to peer into the collective knowledge of millions: what you could learn, what you could discover. Encryption is a form of censorship which is directly opposed to Freedom. You don't need it.
But what about state secrets and military information, you ask? Without them, there is no need for the military: all nations will know what each other is planning, and all will be too afraid to act without the element of surprise. With no military, the government which it exists to back will disintigrate. All nations will work together without the posion of nationalism to infect them. Only with Free Information can this be achieved.
Just keep in mind that the only choice for Freedom is Free Information.
Well, that's the story for the US. By the looks of things.. all things considered, they should be a "green light" in about 2 years. For crypto. The rest of our privacy laws are woefully lacking. In this respect, I consider the progress the EU and it's member nation's to be making substantial progress - moreso than the US. For a country that prides itself on technical and economic superiority, it comes as a mild shock that we haven't been more quick to adopt EU-like specifications to encourage e-commerce on a wider scale.
I guess though there are some parts of our government which are more interested in "national security" than economic prosperity. All and all, an excellent paper, and one I'll definately be referring to when I set my web server(s) up in the near future.
I gave up moderation on this entire news story to post this reply in this thread.
/. user. I am just some guy like you that wants to read news about technology. Every two weeks or so, I notice that I am a moderator, and I take advantage of it. It is important to note that I do agree with much of your letter to Cmdr Taco, however on the topic of moderation, I disagree.
/., there will be moderators. And if you are a moderator and you do not agree with moderation done, you simply change it accordingly.
You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would be moderated up.
Who is a moderator? A moderator is any random
Moderation cannot be censorship because it is performed by a cross-section of the registered users on Slashdot. If you are not registered (which is free) then you do not have the rights that you may desire. Take a website that did not have accounts, yet had open posting without moderation; www.segfault.org
This tech-linux-humor site was great until the Natalie Portman epidemic broke out. Sure, the trolls were listened to, but did they stop? No.
Segfault is now a humor site that is dying (just about dead). It is dying because it no longer allows posting by the users, and it is lacking the traffic as a result.
How does a site remain free (as in speech) while getting rid of all the trolls? Simply have the users LOG IN! I have my threshold at 1, and it helps out a ton!
Moderation can be abused by the moderators (moderating down anti-linux stuff) but as long as there are registered users reading
Moderation works, my advise to all that are bothered with moderation is to set up an account and log in when you read Slashdot. You will be heard. Furthermore, if you notice that you have moderator access, USE IT!
It is a very important tool to the success/demise of this site. If you want to enjoy what you read, use your moderation rights!