Sounds like it corrects one of my main problems with Android...I'm going to set up an Android tablet as the nav system in my 4x4 soon, I think I'll give it a try.
I know I'd immediately set it to share None of My Interests with None of The Sites. And then I'd probably go into about:config and look at disabling the feature at a lower level just in case someone finds an exploit in it.
This. The doors in my office require power to stay closed, AND are tied into the fire alarm. If the fire alarm goes off or the backup battery runs out, all the doors swing free. Unless a system meets these conditions it's illegal as all hell in any half-decently-developed country.
I've been thinking about a problem like this recently, how could you set up a system that could allow information from inside of companies to be reported anonymously in a way that you can be sure that the information is real? It's a bloody hard problem.
I remember some Linux-based hosting company had a cryptographic "canary" system that would stop being updated correctly if they ever received such a request...but it's really just a more complex and obfuscated way of having a page up that says "we haven't been spied on" that can change to "we have been spied on." I don't think the layers of cryptography will help them in court.
Change your site to use a JS-based multiple-hash-challenge algorithm so that the password itself is never sent over the network at all.
See what Google does next, it seems that over the last few years they've been trying to make things harder for the NSA. In 2011 they added forward-secret SSL support.
Depends on if you count the electronics in the distributor (I didn't, it's debatable whether that's electronic or electrical equipment). Mine's a JDM '95 Samurai. If you want to go any less-electronic than that, you'll have to go to points ignition which means a '70s car.
One of my cars has no electronics. The other has two systems, one logs data and the other controls how much fuel the engine gets (and soon when the spark plugs fire as well).
To access either you must plug a cable into it. Good luck.
Hey there could be terrorists in there communicating using a code composed entirely of slurs and death threats. It would actually make more sense that way...
People in the "defense" industry typically respond with "I sleep just fine on a giant pile of money" or a slight variation of it, I'd expect the same from NSA stooges.
If you think browsers should instead always notify you when using a trusted CA-signed cert ("Congratulations! This site appears to actually be legit!"), with the default for self-signed and unencrypted communications being silence, yeah, I can kinda see your point. You should default to paranoia, right?
That's what I was thinking, and modern browsers are already halfway there with the address bar lighting up in a bright color on signed HTTPS connections.
Who says a government would contact the CA directly? They could call someone in the other spy agency and say "Hey wanna trade certs? We can watch terrorists using your certs and you can watch dissenters using ours. Deal? OK great, get certs from the authorities in your own country, I'll do the same and we'll trade tomorrow."
Who says they don't all have a big sharing agreement? Even countries that are unfriendly to each other, it would be worth it to both sides. You can be sure the governments themselves aren't using this stuff.
In some situations yes, but in those same situations I don't think this news really changes anything (where you set up the cert yourself on one of your own servers for use by yourself, for instance). Otherwise this just means that these certs are slightly less secure because governments have a copy. If you're connecting to a strange server, it may be better to have a signed cert because they're still not quite as easy to come by as a self-signed one.
In any case this doesn't change the old fact that a self-signed cert is at least as good as an unsecured connection and browsers should stop throwing a shit-fit when they run into one.
Part of it is server-side IP logging, nothing you do in the browser will get around that.
Another part is likely an insufficiently modified browser. Are flash cookies and HTML5 storage disabled in incognito mode? Does it use any countermeasures against browser fingerprinting in this mode?
Sounds like it corrects one of my main problems with Android...I'm going to set up an Android tablet as the nav system in my 4x4 soon, I think I'll give it a try.
I know I'd immediately set it to share None of My Interests with None of The Sites. And then I'd probably go into about:config and look at disabling the feature at a lower level just in case someone finds an exploit in it.
Unless he's a *nix sysadmin who also has a traditional beard. Then that's his ultimate weapon.
This. The doors in my office require power to stay closed, AND are tied into the fire alarm. If the fire alarm goes off or the backup battery runs out, all the doors swing free. Unless a system meets these conditions it's illegal as all hell in any half-decently-developed country.
I've been thinking about a problem like this recently, how could you set up a system that could allow information from inside of companies to be reported anonymously in a way that you can be sure that the information is real? It's a bloody hard problem.
I remember some Linux-based hosting company had a cryptographic "canary" system that would stop being updated correctly if they ever received such a request...but it's really just a more complex and obfuscated way of having a page up that says "we haven't been spied on" that can change to "we have been spied on." I don't think the layers of cryptography will help them in court.
Change your site to use a JS-based multiple-hash-challenge algorithm so that the password itself is never sent over the network at all.
See what Google does next, it seems that over the last few years they've been trying to make things harder for the NSA. In 2011 they added forward-secret SSL support.
Huh, interesting. I guess that's why the police EMP mine I saw on a Beyond 2000-ish show in the late 90s never took off.
Good thing I don't live in the US :-)
A spark plug is no more electronic than an arc light.
I did mean something closer to "no computers" - there's a difference between electronics and electrical.
My JDM '95 Samurai doesn't have a points distributor so maybe it's not entirely free of electronics.
Depends on if you count the electronics in the distributor (I didn't, it's debatable whether that's electronic or electrical equipment). Mine's a JDM '95 Samurai. If you want to go any less-electronic than that, you'll have to go to points ignition which means a '70s car.
One of my cars has no electronics. The other has two systems, one logs data and the other controls how much fuel the engine gets (and soon when the spark plugs fire as well).
To access either you must plug a cable into it. Good luck.
Hey there could be terrorists in there communicating using a code composed entirely of slurs and death threats. It would actually make more sense that way...
People in the "defense" industry typically respond with "I sleep just fine on a giant pile of money" or a slight variation of it, I'd expect the same from NSA stooges.
This is at least the second reason:
http://science.slashdot.org/story/11/02/05/2146223/bill-gates-says-anti-vaccine-effort-kills-children
If you think browsers should instead always notify you when using a trusted CA-signed cert ("Congratulations! This site appears to actually be legit!"), with the default for self-signed and unencrypted communications being silence, yeah, I can kinda see your point. You should default to paranoia, right?
That's what I was thinking, and modern browsers are already halfway there with the address bar lighting up in a bright color on signed HTTPS connections.
Who says a government would contact the CA directly? They could call someone in the other spy agency and say "Hey wanna trade certs? We can watch terrorists using your certs and you can watch dissenters using ours. Deal? OK great, get certs from the authorities in your own country, I'll do the same and we'll trade tomorrow."
I would have taken that seriously if not for the missile.
Who says they don't all have a big sharing agreement? Even countries that are unfriendly to each other, it would be worth it to both sides. You can be sure the governments themselves aren't using this stuff.
In some situations yes, but in those same situations I don't think this news really changes anything (where you set up the cert yourself on one of your own servers for use by yourself, for instance). Otherwise this just means that these certs are slightly less secure because governments have a copy. If you're connecting to a strange server, it may be better to have a signed cert because they're still not quite as easy to come by as a self-signed one.
In any case this doesn't change the old fact that a self-signed cert is at least as good as an unsecured connection and browsers should stop throwing a shit-fit when they run into one.
I'm gonna guess femdom going by her policies.
Part of it is server-side IP logging, nothing you do in the browser will get around that.
Another part is likely an insufficiently modified browser. Are flash cookies and HTML5 storage disabled in incognito mode? Does it use any countermeasures against browser fingerprinting in this mode?
Did you think this through? Everyone will be asking for "CP."
Cameron gets to go to his shrill and reactionary base and go "see, now the kiddies can't see the titties!"
Wait until he learns about breast feeding 8-(
Lie, lie, lie, until you get caught, 'cause there's nothing to lose and everything to gain.