So now someone is accessing LinkedIn on a big scale to access public information on that site. Information that was explicitly made public, and that was placed there for everyone to see.
So how is this a breach or even "theft"? While maybe not entirely ethical or the way it's meant to work, it seems they're accessing nothing but public data.
How about: all autopilot functions without the continuous steering, requiring the driver to keep their car in lane at all times by hand. Only when there's an obstacle or so in the way, or otherwise a direct threat is detected, the robotic functions kick in and assist the driver in avoiding the obstacle. Other help could be e.g. in case of slippery roads (enhanced traction control). Then what would be the simplest tasks are left for the final step, where a car becomes fully automatic. This are things like following the road in normal conditions, keeping distance from other traffic, etc.
The human driver is given the feeling they have full control, while under the hood control is slowly taken away. The human driver may know it, but he won't feel it: he is controlling the car, setting the speed and direction it is travelling in. Yet all the time the car is paying attention. Every newer car is paying more attention, and will intervene to prevent accidents. It may start applying emergency braking when an obstacle is detected, or other traffic (e.g. a pedestrian). It may start to intervene when someone gets too close to the car in front, by forcing the car to slow down. It may start to steer the car back in lane when the edge of the road is too close.
This may be the route to fully automated driving. Keep the driver in control until the last bit, the simple straightforward driving without obstacles or sudden traffic or so - which is easily 99% of the time - is what's left and then take that.
Tesla has done it the opposite way. It started with the 99%, the part that's easy for the driver, and calls it "autopilot". Then it expects the driver to be fully attentive at no notice to take care of the last 1% or less, which of course doesn't work. People don't react that quick, and anyway don't know they have to react until it is too late because only then it's obvious autopilot can't handle the situation.
Getting a driving license in China is also rather simple. You get a form with two questions, and if you answer both satisfactory (the correct answer being "Yes"), you get your license and you're good to go. The questions:
How about: everything integrated into a single, easy to use platform?
Sharing between IM and E-mail and Usenet and RSS feeds is not easy, setting them up is even harder for most people. That's what Facebook does for you. That's what made walled garden products like the iPhone a great success as well, Apple didn't add anything new, they just made it all work, and work easily.
E-mail is not too suited for sharing images, let alone video. Too many size limits.
Comments go back to the original sender only, others don't see them. There is no public archive of it without a proper e-mail list and maillist manager., nor any public discussion.
And for maillist managers, I have yet to run into an e-mail list archive that has an interface nearly as useful as Facebooks (which says more about the poor usability of such mail archives than the usability of Facebook).
(e.g. on multiple occasions, making things public that I had explicitly marked as private
I don't have problem with this. Won't have. For the simple reason, EVERYTHING you put on Facebook must be considered public, no matter your "privacy" settings. Don't put anything you consider private on the network and expect the world not to find out about it. Only put things on there you want the world to know about, which is exactly what I use it for.
My main problem with them is that you do not get ads without the ads tracking what you are doing.
Without the ads they track you just the same. In case of Facebook the ads will be served by Facebook directly, so there won't no more tracking that what happens already (as if they could track in any more detail than they do already).
And not just because my comment wasn't about Facebook, it was about OP (whose comment actually was about Facebook).
I'm actually a fairly active Facebook user, and am totally fine with ads as long as they don't blink, move around, obstruct what I'm reading, etc. Like the good old Google text ads, they were pretty useful even at times. ABP remains active, let's just see what happens and how it develops.
Maybe it's time for you to stop using Facebook altogether. Your continued use of the site IS their explicit permission that they can serve you their content - ads and all.
One major difference: when MySpace when into decline, it was because everyone moved to Facebook. Where can we move to now? What are the real alternatives?
It's not always like that indeed... Sometimes it does. Sometimes not. Maybe I pressed it twice as it was slow in reacting or so. Just like the cursor jumping around, that's also seemingly random.
My Linux Mint box unlocks a lot more reliable, that's one thing for sure.
Those are not servers and don't need to serve https as you'll connect on a trusted network - your own, and your own only. Wired or encrypted WiFi.
My own networked printer required me to connect by cable first for initial setup, after which the built in software would connect the printer to my network (I had to tell which and so). Secure without CA.
By the time someone feels the need for a private server at home (and even knows what to do with it and how to use it - including things like setting up a domain and getting fixed IP or DynDNS to actually be able to access it remotely), they should be able to handle that part as well. If they can't figure out such a task, no hopes for the security of the rest of the server so whether it's https or not doesn't matter any more.
A recurring problem I have is with the unlock password. I commonly deactivate the screen saver (and bring up the unlock prompt) by hitting the space bar - then the space is considered the first character of my password. More frustrating though is that very often when I'm two or three characters into my password, the cursor jumps back to the left and the rest is entered there, at the beginning rather than appended to the end. So a password of 12345678 becomes 45678123 - and I have to type it again. Very irritating.
Such messaging services (WhatsApp is also end to end encrypted) rely on a single company. That company has to make money off the service somehow, or it will end, sooner or later. Those companies have an incentive to read your messages and sell your personal data (either direct or indirect in the form of targeted advertising), and they ARE the MiM, so we have to trust them to not decrypt our messages with their own keys, pretending it's end to end encrypted. A government that wants to spy has to go to one and only one company and there they can intercept everything that is being sent over the messaging service. How can we be sure that WhatsApp is really end to end encrypted? That SnapChat messages are truly deleted and not kept on some server somewhere in the middle? They all say it's like that, and I take their word for it, but being sure - well, not really.
I have seen ICQ come, be the world leader, and disappear. MSN Messenger took over, and it's also gone. Yahoo messenger, AOL messenger - all IM applications that have gone. On the other hand, good old e-mail is decentralised, can be read on any platform by a huge number of client, and no MiM possible as long as you control your own smtp server and know your messages are encrypted before they leave your computer. Add smtps on top of encrypted message content. You can reach anyone with an e-mail address, regardless of which platform they use (WhatsApp is still mobile phone linked), independent from any one company.E-mail is anything but obsolete, even though it does have its flaws.
You conveniently left out the rest of my e-mail - the comments about how to (not) keep the secret key secure!
I know the encryption itself is a solved problem. That's the easy part. Now keeping those keys secure, that's the hard part - lots of e-mailing is done using web clients and even shared computers. Securely exchanging public keys with everyone you want to talk to, that's another hard part (how can you be sure that you get the correct key, and that the key server is not performing a MiM on you?).
Until a critical mass of users choose to encrypt their messages, it will be inconvenient and ineffective for anyone to do so
That critical mass has to be really big. It's a hard thing to get done, and may not be able to work at all, ever.
First of all, there has to be a universal encryption protocol, that is supported by all e-mail clients. If there is a need for multiple protocols, they all have to be supported by all e-mail clients. This alone is a massive hurdle to pass.
Then the encryption/decryption part. For a local e-mail client this can work securely and fairly conveniently and transparently, with your keys unlocked when you log in to your computer, just like encrypted hard disks.
But how could this ever work securely for webmail clients? The keys just have to be stored either on the main server, or the user has to carry say a USB stick with their key. Neither is exactly secure or safe. Using the USB stick method en/decryption may take place in the browser but then the security breaks when users want to use a shared computer and when the USB key is lost or breaks, the key is lost (unless they remember to keep backups), and all e-mails are lost. When the key is stored on the main server (and encryption is done there), the whole security of encrypted e-mail is broken, as the webmail provider has your key and just has to wait for you to log in to unlock it and they can read all your e-mails again.
The whole openness of e-mail itself, and it being used as webmail and on shared computers is going to be the issue. Somehow, somewhere the e-mail has to be decrypted, and both the key and the result have to be kept secure. I don't see how that can be done.
More likely: they are afraid that they will be suspected of helping suspected people that may be suspected terrorists that may in the future blow the whistle about secret invasive government programmes. Because just that tiny air of suspicion is nowadays more than enough to get the whole world against you (just being called "suspected terrorist" or "suspected terrorist associate" is in certain countries enough to take away any legal rights a normal suspect has, and put people in jail for months without even a formal charge against them).
By targeting corporate clients only, they can even brush away that risk of suspicion.
That's what point 2) of OP is for. Private hosts, private network, private CA. By the time you're running your own private hosts on your own private network, it's for sure a no-brainer for your IT staff to run their own CA and register it as trusted CA in all internal computer systems.
Slashdot Mirror
So now someone is accessing LinkedIn on a big scale to access public information on that site. Information that was explicitly made public, and that was placed there for everyone to see.
So how is this a breach or even "theft"? While maybe not entirely ethical or the way it's meant to work, it seems they're accessing nothing but public data.
How about: all autopilot functions without the continuous steering, requiring the driver to keep their car in lane at all times by hand. Only when there's an obstacle or so in the way, or otherwise a direct threat is detected, the robotic functions kick in and assist the driver in avoiding the obstacle. Other help could be e.g. in case of slippery roads (enhanced traction control). Then what would be the simplest tasks are left for the final step, where a car becomes fully automatic. This are things like following the road in normal conditions, keeping distance from other traffic, etc.
The human driver is given the feeling they have full control, while under the hood control is slowly taken away. The human driver may know it, but he won't feel it: he is controlling the car, setting the speed and direction it is travelling in. Yet all the time the car is paying attention. Every newer car is paying more attention, and will intervene to prevent accidents. It may start applying emergency braking when an obstacle is detected, or other traffic (e.g. a pedestrian). It may start to intervene when someone gets too close to the car in front, by forcing the car to slow down. It may start to steer the car back in lane when the edge of the road is too close.
This may be the route to fully automated driving. Keep the driver in control until the last bit, the simple straightforward driving without obstacles or sudden traffic or so - which is easily 99% of the time - is what's left and then take that.
Tesla has done it the opposite way. It started with the 99%, the part that's easy for the driver, and calls it "autopilot". Then it expects the driver to be fully attentive at no notice to take care of the last 1% or less, which of course doesn't work. People don't react that quick, and anyway don't know they have to react until it is too late because only then it's obvious autopilot can't handle the situation.
Getting a driving license in China is also rather simple. You get a form with two questions, and if you answer both satisfactory (the correct answer being "Yes"), you get your license and you're good to go. The questions:
1) Do you know how to drive?
2) Are you sure?
Ah yeah, Google, the epitome of non-tracking entities, right?
And the IM function is missing even.
Now try again.
That's fine for us 1% techies. The rest of the world just wants stuff to work, and is not interested in figuring out all the technical details.
How about: everything integrated into a single, easy to use platform?
Sharing between IM and E-mail and Usenet and RSS feeds is not easy, setting them up is even harder for most people. That's what Facebook does for you. That's what made walled garden products like the iPhone a great success as well, Apple didn't add anything new, they just made it all work, and work easily.
E-mail is not too suited for sharing images, let alone video. Too many size limits.
Comments go back to the original sender only, others don't see them. There is no public archive of it without a proper e-mail list and maillist manager., nor any public discussion.
And for maillist managers, I have yet to run into an e-mail list archive that has an interface nearly as useful as Facebooks (which says more about the poor usability of such mail archives than the usability of Facebook).
(e.g. on multiple occasions, making things public that I had explicitly marked as private
I don't have problem with this. Won't have. For the simple reason, EVERYTHING you put on Facebook must be considered public, no matter your "privacy" settings. Don't put anything you consider private on the network and expect the world not to find out about it. Only put things on there you want the world to know about, which is exactly what I use it for.
It's a fine alternative for the Message part of Facebook. How about the rest - the parts that make Facebook, Facebook?
Such as? Anything with the functionality (the social networking part, that is - disregarding ads/tracking/etc) that Facebook offers?
My main problem with them is that you do not get ads without the ads tracking what you are doing.
Without the ads they track you just the same. In case of Facebook the ads will be served by Facebook directly, so there won't no more tracking that what happens already (as if they could track in any more detail than they do already).
LOL you're totally wrong.
And not just because my comment wasn't about Facebook, it was about OP (whose comment actually was about Facebook).
I'm actually a fairly active Facebook user, and am totally fine with ads as long as they don't blink, move around, obstruct what I'm reading, etc. Like the good old Google text ads, they were pretty useful even at times. ABP remains active, let's just see what happens and how it develops.
Somehow, somewhat strangely, you seem to actually care about Facebook - so much so that you even bother to comment about it.
Maybe it's time for you to stop using Facebook altogether. Your continued use of the site IS their explicit permission that they can serve you their content - ads and all.
One major difference: when MySpace when into decline, it was because everyone moved to Facebook. Where can we move to now? What are the real alternatives?
It's not always like that indeed... Sometimes it does. Sometimes not. Maybe I pressed it twice as it was slow in reacting or so. Just like the cursor jumping around, that's also seemingly random.
My Linux Mint box unlocks a lot more reliable, that's one thing for sure.
Those are not servers and don't need to serve https as you'll connect on a trusted network - your own, and your own only. Wired or encrypted WiFi.
My own networked printer required me to connect by cable first for initial setup, after which the built in software would connect the printer to my network (I had to tell which and so). Secure without CA.
By the time someone feels the need for a private server at home (and even knows what to do with it and how to use it - including things like setting up a domain and getting fixed IP or DynDNS to actually be able to access it remotely), they should be able to handle that part as well. If they can't figure out such a task, no hopes for the security of the rest of the server so whether it's https or not doesn't matter any more.
A recurring problem I have is with the unlock password. I commonly deactivate the screen saver (and bring up the unlock prompt) by hitting the space bar - then the space is considered the first character of my password. More frustrating though is that very often when I'm two or three characters into my password, the cursor jumps back to the left and the rest is entered there, at the beginning rather than appended to the end. So a password of 12345678 becomes 45678123 - and I have to type it again. Very irritating.
Such messaging services (WhatsApp is also end to end encrypted) rely on a single company. That company has to make money off the service somehow, or it will end, sooner or later. Those companies have an incentive to read your messages and sell your personal data (either direct or indirect in the form of targeted advertising), and they ARE the MiM, so we have to trust them to not decrypt our messages with their own keys, pretending it's end to end encrypted. A government that wants to spy has to go to one and only one company and there they can intercept everything that is being sent over the messaging service. How can we be sure that WhatsApp is really end to end encrypted? That SnapChat messages are truly deleted and not kept on some server somewhere in the middle? They all say it's like that, and I take their word for it, but being sure - well, not really.
I have seen ICQ come, be the world leader, and disappear. MSN Messenger took over, and it's also gone. Yahoo messenger, AOL messenger - all IM applications that have gone. On the other hand, good old e-mail is decentralised, can be read on any platform by a huge number of client, and no MiM possible as long as you control your own smtp server and know your messages are encrypted before they leave your computer. Add smtps on top of encrypted message content. You can reach anyone with an e-mail address, regardless of which platform they use (WhatsApp is still mobile phone linked), independent from any one company.E-mail is anything but obsolete, even though it does have its flaws.
Saw the other reply only later :-)
You conveniently left out the rest of my e-mail - the comments about how to (not) keep the secret key secure!
I know the encryption itself is a solved problem. That's the easy part. Now keeping those keys secure, that's the hard part - lots of e-mailing is done using web clients and even shared computers. Securely exchanging public keys with everyone you want to talk to, that's another hard part (how can you be sure that you get the correct key, and that the key server is not performing a MiM on you?).
Until a critical mass of users choose to encrypt their messages, it will be inconvenient and ineffective for anyone to do so
That critical mass has to be really big. It's a hard thing to get done, and may not be able to work at all, ever.
First of all, there has to be a universal encryption protocol, that is supported by all e-mail clients. If there is a need for multiple protocols, they all have to be supported by all e-mail clients. This alone is a massive hurdle to pass.
Then the encryption/decryption part. For a local e-mail client this can work securely and fairly conveniently and transparently, with your keys unlocked when you log in to your computer, just like encrypted hard disks.
But how could this ever work securely for webmail clients? The keys just have to be stored either on the main server, or the user has to carry say a USB stick with their key. Neither is exactly secure or safe. Using the USB stick method en/decryption may take place in the browser but then the security breaks when users want to use a shared computer and when the USB key is lost or breaks, the key is lost (unless they remember to keep backups), and all e-mails are lost. When the key is stored on the main server (and encryption is done there), the whole security of encrypted e-mail is broken, as the webmail provider has your key and just has to wait for you to log in to unlock it and they can read all your e-mails again.
The whole openness of e-mail itself, and it being used as webmail and on shared computers is going to be the issue. Somehow, somewhere the e-mail has to be decrypted, and both the key and the result have to be kept secure. I don't see how that can be done.
More likely: they are afraid that they will be suspected of helping suspected people that may be suspected terrorists that may in the future blow the whistle about secret invasive government programmes. Because just that tiny air of suspicion is nowadays more than enough to get the whole world against you (just being called "suspected terrorist" or "suspected terrorist associate" is in certain countries enough to take away any legal rights a normal suspect has, and put people in jail for months without even a formal charge against them).
By targeting corporate clients only, they can even brush away that risk of suspicion.
Why bother with those external CAs?
That's what point 2) of OP is for. Private hosts, private network, private CA. By the time you're running your own private hosts on your own private network, it's for sure a no-brainer for your IT staff to run their own CA and register it as trusted CA in all internal computer systems.