Slashdot Mirror
EPIC Report On International Cryptography
kalifa writes: "The EPIC (Electronic Privacy Information Center) has just published its annual report on international cryptography. It is available here.
It's pretty informative, and I hope it will help changing many false misconceptions (and, by the way, put an end to the same good old francophobic stuff, which is obviously unjustified after the study of this report). "
I can't stand those little cans of spaghetti and franks. Give me Chef Boyardee anyday.
Really, do you think anyone has the time to sniff through your network traffic for *one* credit card number? It'd be *much* easier to guess numbers at random for that much trouble. Not to mention the lure of finding an insecure web server out there, and retrieving a whole logfile full of CCs.
<heresy>I've personally sent CC info over the web IN THE CLEAR!</heresy> To date, I haven't seen any unauthorized charges on my statements. I can't say I'm really expecting to see any either. Worst case, a few phone calls to my credit card company will take care of them. Really, do you think the internet is any less secure than, say that shifty eyed clerk at the CD store? or your favourite restauraunt?
How's my programming? Call 1-800-DEV-NULL
The Kingdom of Tonga in the South Pacific hosts a server that freely distributes over the Internet BSAFEeay, a free, public domain implementation of RSA Data Security?s BSAFE Applications Programming Interface (API). The site advertises that its cryptographic offerings are "made outside the US, so there [are] no ITAR restrictions."
.to domain name. Their website claims that "yes, there are cypherpunks in Tonga" but it is probably a joke.
Ahem... Cypherpunks Tonga is actually located in the Netherlands - anyone can buy a
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
This guy should have a look at Stand.org.uk. :) my MP, who forwarded it to Jack Straw, who sent me a letter (ick, snailmail) back saying that it's "to track down criminals" and that I should go read the text of the RIP bill myself rather than rely on commentary.
I for one have done my bit - I faxed (GPG-signed
What he does not say is that for the sake of a few stupid criminals he's locking up the rest of the country - there can never be a Verisign in the UK if the government can demand keys/decryption. So much for e-commerce, then. Oh, and I note a distinct absence of open letter with point-by-point rebuttal of any of the "commentary", on Stand.
So IOW, the UK is just as bad (read "braindead") as one of these "communist countries" in the EPIC report.
Make of that what you may, but like hell will I be respecting politicians...
.|` Clouds cross the black moonlight,
~Tim
--
~Tim
--
Rushing on down to the circle of the turn
I once saw a news segment on the smoking habits of the French. They are very aggressively pro-smoking. For instance, no non-smokers area in restaurants. One of the reasons cited by an interviewee for almost everyone smoking like a chimney is that Americans are against smoking so this yet another way to show how not American they are. I think what we need to do next is obvious. Free cartons of Players for France. I think every French household should find a pallet of Players on their doorsteps.....every morning!! Maybe we can find a way to make ultra concentrated super smokes with 300% extra tar and nicotine. If we're lucky they'll all "not American" themselves into emphysema and lung cancer in couple of years or so. At worst, maybe they'll find a slightly less stupid way to be "not American".
Hellooo? Encryption need not have anything to do with authentication, particularly of credit card information. Encryption and digital signing are two separate processes. Look how OpenPGP works.
No it doesn't. Information doesn't have a mind or a will. YOU want information to be free.
Why do you insist on giving information human charactaristics? You can not take away information's freedom. You can only take away a person's freedom to view information. I have a right to keep my information from you. This includes my email, my bank account, my medical records, and whatever else is mine.
Even my personal information? That's none of your business! If this is the true intent of the Free Software Movement, then I will oppose it in every way possible.
Only in your little dreamworld. Even the lack of surprise has never stopped war.
What you describe is a world similar to David Brin's Earth. The world describe in that novel was rather frightening. Sort of an 1984 meets the New Age. A world I would take up arms to prevent.
-- Will program for bandwidth
""The United States Government has long been the leader in efforts to limit the development and dissemination of encryption. For the past twenty years, the US has attempted to suppress development of encryption through
manipulating standards, recommending legislation, and imposing export controls. In the past several years, as electronic commerce has become an important aspect of the American economy, the US government has begun backing
away from these efforts, which have not been successful and had generated considerable controversy and opposition. ""
"Well, that's the story for the US. By the looks of things.. all things considered, they should be a "green light" in about 2 years. For crypto. The rest of our privacy laws are woefully lacking. In this respect, I consider the progress the
EU and it's member nation's to be making substantial progress - moreso than the US. For a country that prides itself on technical and economic superiority, it comes as a mild shock that we haven't been more quick to adopt EU-like
specifications to encourage e-commerce on a wider scale. "
Starting out a business is a rather risky and IMNSHO a very bad idea considering that about 80% of small businesses fail in their first 2 years of operation. Give me a full belly and a constant pay check to ulcers, panic attacks, and poverty thank you very much.
Maybe we don't have a large quantity of eCommerce is because people don't trust the system, don't want credit cards, don't want to risk everything creating some massive web site where you are just another face in the crowd. All the people I have ever known who even bothered with that much risk usually are not doing that spectularly well and are in fact suffering various side ailments because of it. Incidentally all of the so called businesses that I have seen that were operated by individuals instead of large companies failed rather quickly.
"I guess though there are some parts of our government which are more interested in "national security" than economic prosperity. All and all, an excellent paper, and one I'll definately be referring to when I set my web server(s) up in
the near future. "
That's nice. I don't suppose I will ever have need of such a thing. Massive risk is not in my blood and not something I take pride in at all. Over all I think that playing it safe is the best thing.
Could someone please tell me what data I have (that say any other "evil" company or goverment has that I haven't already given them?). Still even in most other countries the majority of the population have no need of such thing. Isn't there a way that for example one can specifically make a route for data to pass along that cannot be tapped? I think that there can be it's just that nobody has bothered in the least.
The United States is just protecting the rich and the powerful. Most of your average citizens don't know about or care that much about cryptography or eCommerce administration. I would also hazard that less than say 1% of slashdotters actually have anything that would need that level of security.
I have no network (cheap bastards at the phone company), no massive pile of "intellectual property" and don't do any financial transfers unless they are through groups like banks. Guess who's fault it is if the banks get robbed or theft occurs? Not mine. The bank is responsible.
Slashdot social engineering at it's finest
"Mr Taco, in case you have not noticed, your site has become overrun by trolls. The signal to noise ratio has been declining for months and now stands at about 1-1. "
:)
And irrevelent posts too
"Slashdot.org used to be a quality news site with meaningful, relavent information. Now it is nothing but a trash hole filled with yesterday's news. I belive the "golden age of slashdot" ended because of two events: "
Ohh the golden age of slashdot huh? If you look at history there are good times and there are bad times. Never look at one bad time and make judgement on the good.
"The merger with Andover.net/VA Linux and
The implementation of moderation. "
Any objective critical analysis of this? Proof.
"
When you sold your site to andover.net, many people feared the worst: Taco had sold out. Initially, things were handled well and there was no obvious change in the management of the site. As time went on, however, many changes
occured, mostly bad. "
Maybe taco was going broke trying to pay for all the FPers and others who were wasting massive ammounts of bandwidth on his ISDN plus he was working quite hard. But I guess that dosn't mean a damn thing to you does it.
"For example, the topics now posted to slashdot are old and meaningless. Further, important events are often never writen about seemingly because your parent company is looking over your shoulder. In the past few months, the stock
prices of the big Linux companies(especially VA Linux) have tanked. This is news worthy of a topic. "
Strictly speaking there have been few editorials or news articles published by unbiased news outlets that have done analysis of stock issues. I don't own one share of stock of any sort so why should it bother me?
"More disturbingly, you seem to cover up events which do not reflect well on VA and your site. A few days ago when slashdot was down for half a day, there was no reason given. When people asked, you marked them down as
flamebait or off topic. In the old days, if slashdot were down for even 30 minutes, you would post an explanation. Did you forget this time? "
Quite literally why do technical difficulties rank so highly on your scale of thinking? Everyone has a few problems or they have difficulty in getting them solved.
Also do you really think that with how slow slashdot becomes at times that his original setup would have worked well at all? Just think about that for a moment. There is probably several million dollars worth of equipment outlays a year on slashdot I don't think many private individuals can say the same.
"Now to moderation which is turning out to be the nail in your coffin. You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are
moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would
be moderated up. "
Scores are meaningless if you just set your preferences to a value of -1. Everything is fine again and the world is sunny. I can see all the shit and all of the art all at once and never have to care about it at all.
This is back to a usenet philosophy. Many people (a great deal of them syadmins and people with fixed budgets with metered access to the net) want to try to get all the content they want at the lowest cost (time, money, sanity, take your pick).
I have routinely attempted to read all of slashdot's comments and have found it a rather formadible challenge to say the least.
"Now registered members of your site can view at any threshold they want to, but the default view for non-members is > -1. By moderating these anti-Linux posts down, you are preventing them from being viewed by the masses.
Thus, you have commited an act of censorship. "
Last time I checked you can change the threshold when viewing comments. This does allow for access to all data not some.
"The trolls don't like being censored. To prevent this, they simply post many messages so that they all can not be moderated down. If you were to get rid of moderation, there would still be the occasional troll, but you would not see
mass spam. The message, however unpopular or inane, would get through the first time. "
I don't know about that. Slashdot has seen a large increase in traffic since moderation took affect. Can you be sure now as your once were?
Also why should I care that whinny trolls are getting pissed? You know they simply could have comments deleted if enough people didn't like them in the first place. Then they wouldn't be there.
"Another problem is your moderators' lack of humor. Many times I have rolled on the floor laughing at a post marked down to -1. So what if someone makes fun of your mom? Personally, I find many of the "hot grits" posts to be
funny. Most should not be moderated down. "
The ability of the moderators to moderate has been tempered with the mass opinion of said moderations via meta-moderation that each and every registered slashdotter can participate in every 24 hour period. Works nicely if you think that the moderators (I have been one a number of times) are humorless.
What I think is that information is primary. Humor is secondary in life. That is what being a programmer is all about. Basically sitting in a chair and becomming a slave to information. If you don't like this then do something else (I am contemplating this. Maybe a stint in the Peace corps or something). Damnit this isn't Jimmy's Wacky/Laugh shack at http://www.giggle.com or something this is an informational site. I can get lists of yo-momma and red neck jokes at other sites. At slashdot I want news and nothing but news.
"I'm only going to say this once to you, Mr Taco: Slashdot is going to die unless changes are made. Here is the way to fix slashdot: Take it private. Being owned by a large corporation is influencing your reporting. You must find a
way to "buy back" slashdot from VA if you want to stay in business. "
Taco I think if you recall has total and complete editorial control over slashdot. Andover is just handing him some money and saying "Please don't call us bad names ok?". From a personal note I doubt that creating a slashdot site with the traffic this receives and actually be able to afford it. Come on I dare you. I bet malda would let you have access to the traffic load for maybe 1 day 2 tops. I think that after the firemen have finally put out the fire that was your computer cluster and your ISP has finally stopped being bombarded with massive traffic you will come to your senses.
Considering for what he sold slashdot for. Buying it back might be a little steep.
Look I know your pissed but calm down. If you can do something similar with less fuss then do it. I am waiting. Most of the slashdot clones are in fact crappy and receive far, far, far, far less trafic (you could probably run them off a 300bps modem with room to play quake III arena to spare).
Slashdot social engineering at it's finest
I'd be willing to bed that for the highest level stuff one-time pads are still used. However, you make a very good point. There is no public knowledge of how to efficiently factor large prime numbers, but the NSA, who employs more mathematicians than anyone in the world, may have a way. Remember that the Brittish GCHQ actually invented Diffie-style key distribution and a system similar to RSA for implimenting it a few years before the academics did, but no one knew about this until recently.
So, yes, I suppose it's possible that some guy at the NSA invented a way to factor the numbers, but then again, are your communications something that the NSA would really be interested in? Somehow, I doubt mine are.
Doh! It should read, "there is no public knowledge of how to prime factor large numbers."
I feel stupid :)
The little yellow padlock icon alone is no guarantee of anything. It's best to check your browser to make sure you're running a 128-bit encryption version first before relying solely on the presence of a yellow icon.
--
Neither does American Express. Some joker ran up $10K on my Amex bidding on Ubid.com. Amex not only credited my account, they issued me a new card the same day (I did have to pick it up) and is apparently beating the tar out of Ubid with some lawyers.
In short, shop all ya want with Visa or Amex. If ya get ripped off, it's not your fault!
==
"This is the nineties. You don't just go around punching people. You have to say something cool first."
You really want everyone to have access to your Credit Card numbers, because that information "wants to be free?"
You really believe that nations without armies are better for it?
-pjf
Wise man say: be sure brain is engaged before putting mouth in gear.
"The axiom 'An honest man has nothing to fear from the police'
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
so here's my probably foolish question...
Is publicly available cryptography strong enough for me to start buying stuff with a credit card on the 'net?
Or is it what I assume... that the cryptography's fine, but the weak link is in the software the OS or somesuch. (sort of like a padlock on a screen door)...
ps - i'm new at this, moderators be merciful...
. --- If you're looking for free e-mail you won't find it here! http://www.noemailhere.com
As an old-time reader of comp.org.eff.talk back when the Clipper chip was first introduced, my favorite quote from the beginning of the article is:
"There is little international support today for key escrow encryption. It has been abandoned by most counties and is no longer enforced in the few countries where laws requiring its use still remain.
Does anyone else out there remember David Sternlight, the guy on c.o.e.t back in 1994 who ferociously defended Clipper as a Good Thing? What happened to him, anyway?
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
And what part of the economy would that be? Is that the all-too-crucial overblown speculative-bubble part? I haven't heard of any e-companies that are in the black yet. How many points did Nasdaq drop when Microsofts stock crashed? Have I made my point yet?
The US likes other countries to take risky action first. That way we can see if it works and then implement it ourselves. We avoided socialized medicine and related fiascoes that way. If we have an interesting idea ourselves we try it out on the state level. Again, there's less risk of a major fiasco.
The US is always more worried about national security because it still believes its the bastion of democracy. Also, most of Europe didn't have to worry about national security too much because they had large numbers of American troops on military bases on their soil. It shocked me to find out that many European countries (like Germany) don't have professional standing armies, but its true.
Also most European countries are the size of American STATES. France is the size of Texas. Shouldn't they be capable of moving faster on things than the US?
So far I've gotten all my Karma from telling people they are wrong... :)
I'm sure that there are plenty of Credit Card thieves out there who would be overjoyed to hear this attitude from their victims... er, clients.
I don't know about you, but I would be just as happy if certain information is not publicly available for anyone who wants to view it.
Gonzo
From the section of the report concerning the state of US law, the following notable paragraph illustrates a trend:
If they can't get the laws they want, just make sure that the dominant OS has backdoors in it. I feel so secure.
With the web, I dont think it is very difficult to get a copy of the US edition of PGP anyway - doesnt really matter where you are. Get real! How can you restrict someone in the US from emailing an US version of some encryption software to someone in another country? I think the recent relaxation of export control legitimizes this export as successfully as the Netherlands legitimized the sale of drugs.
Ok, I'm a relative newbie at Slashdot. I haven't even been actively posting here for a year yet. I can't talk about the golden age of slashdot or any of that crap. I moderate when I'm chosen. I try to do a good job and sometimes I screw up. Sorry.
As for the "sold-out" comments, thats pretty much crap. I don't see any instances of /. censoring the articles it posts. I haven't seen any articles on how great Andover and VA are. I haven't seen any on how they suck. For the most part its a non-issue. /. is owned by a big corporation to pay overhead. Deal with it. If anything Taco is probably so sensitive about the whole thing that he's avoiding all related issues for fear that he isn't objective.
As for you comments about the signal to noise ratio and moderation, they seem to contradict.
You don't seem to share the group opinion on what constitutes noise. Grits posts aren't noise but Portman posts are? Who's to say? You mister "censorship is wrong"?
I like moderation in many ways, if I don't have enough time to read a lot of posts I can read at 3 and get the "good" ones. The noise drops out almost entirely. If I read at -1, then I get a whole hell of a lot of noise. What's your solution? Stop moderation but let every post? That won't take care of the noise problem. Only let certain people post? Well thats the same as the censorship you were criticizing isn't it?
Now on to my slashdot rant:
At the core of a website that supposedly champions the rights of the individual, we have the moderation system. The moderation system has one great flaw. It systematically allows for oppression of the minority. Have you ever posted a reply which went against the /. group ethic? Were you surprised when it languished at 1 while all the party-liners got 2s or more from replying to it? Were you even more surprised when you realized that their posts weren't even well written when you took an hour to compose yours?
Moderators are only able to be checked and balanced by other moderators. For all intents and purposes there is no community conscience or objective party to reign them it. Moderators for the majority party-line will moderate up posts they like and moderate down posts they don't. It happens even though it shouldn't. Minority moderators don't have enough points to moderate party-line posts down and they lack the numbers to moderate their own good posts up against the wishes of the majority.
In short, there is a glass ceiling that all but the best minority opinion posts can't break. Sure moderators should be objective, but they aren't. It shouldn't be a conflict like this, but it is.
I unfortunately do not share the average /. readers views on many social issues. And my karma suffers for it. This combined with what seems to be an increasing percentage of YRO stories is killing me. Oh well, I'll suck it up and deal. I honestly can't come up with anything better than the moderation system, except possibly making it easier to refer abuses to Taco, etc. for summary judgement.
So far I've gotten all my Karma from telling people they are wrong... :)
Encryption, shmencryption I say. It's a known fact that information wants to be free, and encryption is only one of many ways to stifle this freedom. When you encrypt something, whether it's your email or your grocery list, you are taking away that information's "freedom", and what's more, other people's rights to that information. In an era when Free Software flourishes, it is only fit and proper that Free Information takes a similar path. Much as you must work to make sure that your software stays Free, you must work to keep your information Free.
Encryption is akin to copyright, and thus censorship, in this regard: you are creating a privileged class of people who have the "right" to obtain your information. This system is the antithesis of what we in the Free Software Movement have worked for for years: open access to everything, at all times. If Free Software is the only moral software, then it follows that Free Information is the only moral information.
Just as in a state in which there is only Free Software there is no software hoarding, in a place with only Free Information, there will be no secrets, no plots, no jealousy. There will only be a new era of Freedom and Learning. Imagine if you were able to peer into the collective knowledge of millions: what you could learn, what you could discover. Encryption is a form of censorship which is directly opposed to Freedom. You don't need it.
But what about state secrets and military information, you ask? Without them, there is no need for the military: all nations will know what each other is planning, and all will be too afraid to act without the element of surprise. With no military, the government which it exists to back will disintigrate. All nations will work together without the posion of nationalism to infect them. Only with Free Information can this be achieved.
Just keep in mind that the only choice for Freedom is Free Information.
Well, that's the story for the US. By the looks of things.. all things considered, they should be a "green light" in about 2 years. For crypto. The rest of our privacy laws are woefully lacking. In this respect, I consider the progress the EU and it's member nation's to be making substantial progress - moreso than the US. For a country that prides itself on technical and economic superiority, it comes as a mild shock that we haven't been more quick to adopt EU-like specifications to encourage e-commerce on a wider scale.
I guess though there are some parts of our government which are more interested in "national security" than economic prosperity. All and all, an excellent paper, and one I'll definately be referring to when I set my web server(s) up in the near future.
I gave up moderation on this entire news story to post this reply in this thread.
/. user. I am just some guy like you that wants to read news about technology. Every two weeks or so, I notice that I am a moderator, and I take advantage of it. It is important to note that I do agree with much of your letter to Cmdr Taco, however on the topic of moderation, I disagree.
/., there will be moderators. And if you are a moderator and you do not agree with moderation done, you simply change it accordingly.
You claim that moderation is not censorship but merely a filter that relevant information must pass through. Frankly, that is bullshit. Many on-topic posts are moderated down simply because they disagree with open source dogma or are critical of Linux and VA. In many cases, if the downward moderated post were to say the exact same thing about another company(Microsoft), they would be moderated up.
Who is a moderator? A moderator is any random
Moderation cannot be censorship because it is performed by a cross-section of the registered users on Slashdot. If you are not registered (which is free) then you do not have the rights that you may desire. Take a website that did not have accounts, yet had open posting without moderation; www.segfault.org
This tech-linux-humor site was great until the Natalie Portman epidemic broke out. Sure, the trolls were listened to, but did they stop? No.
Segfault is now a humor site that is dying (just about dead). It is dying because it no longer allows posting by the users, and it is lacking the traffic as a result.
How does a site remain free (as in speech) while getting rid of all the trolls? Simply have the users LOG IN! I have my threshold at 1, and it helps out a ton!
Moderation can be abused by the moderators (moderating down anti-linux stuff) but as long as there are registered users reading
Moderation works, my advise to all that are bothered with moderation is to set up an account and log in when you read Slashdot. You will be heard. Furthermore, if you notice that you have moderator access, USE IT!
It is a very important tool to the success/demise of this site. If you want to enjoy what you read, use your moderation rights!