We know net neutrality is something that could be enforced, there is enough bandwidth available now over fiber to give everyone a standard amount of bandwidth. Fast lanes are probably inevitable; if that is the price for getting standardized internet access then fine, do it. It's a reason for companies to roll out the upgrades.
Let's face it, business will not upgrade the networks to the speed required without being told that they will get to charge for premium access. It's a fact, you can't get around it. It's better for everyone to just accept what can't be changed, live with it, deal with it, and let's get IPTV to everybody nationwide so we get more channels, more content, etc, etc.
Just imagine a future time when you don't have to watch football on the weekend, where you can watch whatever minority sport you prefer, be it surfing or chess or mountaineering or whatever. Imagine having the freedom to choose what shows you watch when. It's not going to happen if we don't get the networks upgraded and that is not going to happen without fast lanes, I don't believe.
I don't think we'll ever get net neutrality, but by the trickle-down theory, we should be able to get serviceable internet to everyone which is sufficiently neutral for it not to matter. Let's shift the cost onto content rather than the medium, and we'll need fast networks to do that, and that requires fast lanes for now, I think.
Do NOT be fooled by the "Net Neutrality" cover story. This is an effort to regulate the Internet by hardcore leftists, and if allowed to proceed will be the end of the Internet as we know it.
The unregulated Internet CHANGED THE WORLD. Allowing government regulations will only destroy what has been created.
You sir, are uninformed. Until 2002 Cable inernet service *was* classified as a common carrier under Title II. DSL Internet was also a common carrier until 2005.
Since those orders reclassifying internet access under Title I rather than Title II, the ISPs have slowed innovation, dragged their feet with infrastructure upgrades despite the USD$200 billion subsidies given to them, raised prices, created ever more abusive terms of service, and consolidated their stranglehold over both content distribution and last-mile infrastructure through consolidation, lobbying at the municipal, state and federal levels and plumbed the depths of poor customer service.
All of this since we lessened regulation on the ISPs. There was huge growth, innovation, new infrastructure, more competition and fairer terms of service, *before* that. So, as I said, you're uninformed. Either that or you're being deliberately obtuse for partisan reasons. Or, you're just a shill for the big ISPs. I'll assume you're just uninformed, rather than a liar.
Total nonsense. You've been sucked into the false equivalence trap.
Really, AC? What's the real truth? You obviously have the corner on the "way it is," so do tell.
The way I see it is (sorry not a car analogy) that with the Center Right party (the Democrats), it's like walking through an underground access tunnel with a sewer pipe at the ceiling. The pipe is cracked and raw sewage is dripping on your head.
With the Far Right party (the Republicans), it's the same tunnel, but the sewer pipe is ripped wide open and you're choking on the raw sewage instead of getting drenched.
I suppose you could say that one is worse than the other, but I'd rather not be in that tunnel at all.
It's been a conspiracy since day one, Obama appointed a lobbyist for the industry to the head of the FCC, then after it's a republican controlled congress and he has zero clout he comes out for "Net Neutrality" mean while fascist like Cruz say it will hurt Internet commerce, and that it's extreme.
This is about buying time to grease the congressional wheels with industry cash and figuring out the best argument against the common carrier.
But it probably is a problem if your opponent is a state-level actor. For example, China (and the US probably too) probably monitors connections to known tor entry/exit nodes. Given the attack mentioned, someone using tor in china is safe as long as the server being contacted is known to not be acting in concert with the adversary. However, if the server (or its connection to the tor entry/exit nodes) is also under control of the same adversary, then the connection can be de-anonymized. So this is a problem for chinese bloggers blogging on chinese blogs, but not so much on foreign blogs hosted outside china. Though it appears blog traffic would probably be too small to facilitate a successful attack.
Absolutely. But the authors of the paper assert that:
As Tor nodes are scattered around the globe, and the nodes
of circuits are selected at random, mounting a traffic analysis
attack in practice would require a powerful adversary with
the ability to monitor traffic at a multitude of autonomous
systems (AS). Murdoch and Zielinski, however, showed that
monitoring traffic at a few major Internet exchange (IX) points
could enable traffic analysis attacks to a significant part of the
Tor network [13]. Furthermore, Feamster et al. [14] and later
Edman et al. [15] showed that even a single AS may observe
a large fraction of entry and exit node traffic—a single AS
could monitor over 39% of randomly generated Tor circuits
The implication is that less powerful (i.e., non-state) actors, given the ability to compromise a relatively small number of networks can perform these attacks as well. At the same time, the specific attack addressed has some serious shortcomings, as I noted in a previous post.
Every thing can be hacked and/or de-anonymized sooner or later. What is the point in using anti-virus and firewalls, tor and the likes. Seems every thing is flawed by design.
Exactly. those windows on your house are vulnerable to rocks, so there's no point in locking your door. Safes can be cracked or blown open, so why keep your valuables in one? It's just going to get broken into, so why bother?
A peeping Tom can look in your window or drill a hole in your wall to watch you, so put up cameras everywhere in your house and broadcast the output on the Internet and a large screen TV outside your house. They're going to see it anyway, so why risk damage to the house?
Where do people get the idea that privacy is some sort of inalienable right? I'll agree that it's a civic courtesy, and certainly it's impolite to disregard another person's privacy, but to that end, I see it as more of a social contract than any sort of actual right. I would suggest that any appearance of privacy we might seem to have is actually just an illusion offered by the fact that other people are either making a deliberate choice to be polite in that regard, or else they are simply not interested enough in what we think is private for others to be bothered with it. Either way, it's not something that you can actually control... its largely determined by what other people do or want.
I don't know. I'm a private person, but not a secretive one. I don't mind sharing personal information with the folks I want to share with. I feel it's incumbent on me to keep things to myself. That may include encryption or access controls or just keeping my mouth shut.
Yes, there are those out there who want to know all about everyone, for their purposes. That doesn't mean I have to roll over and give it all up to anyone who wants it. If I take steps to protect data, ideas, information or anything else for that matter, It's in poor taste to attempt to circumvent those steps. Those who just throw it all out there without any concern, will be (in my estimation) victims of their own carelessness. That's their choice.
That said, in a truly free society, those with the monopoly on organized violence (i.e., government) should be restricted from encroaching on the personal spheres of that society's members, unless there is a compelling reason to violate that sphere (i.e., Probable Cause in the US). Unfortunately, we don't live in such a society, and neither the government (seeking control and power -- whether for noble or ignoble reasons) and a variety of corporate entities (for profit) are unable or unwilling to limit themselves. As such, if we want those folks "off our lawns" we need to take affirmative steps to make that happen.
The whole point of tor for those who are morally and ethically sane, is that it makes monitoring the populus orders of magnitude more expensive!
Forcing NSA and their ilk to actually target people individually, instead of just passivly collecting plain text data on everyone is exactly what needs to happen!
Use Tor as much as possible, it is the only thing stopping complete internet surveillance.
What can make things even more expensive is using strong end-to-end encryption for all network connections and strong encryption for everything stored on someone else's servers. This is *mostly* feasible if you have some technical knowledge, much less so for those that don't.
Things that can aren't really there but could really help the non-technical are:
1. Easy to use, verifiable but decentralized email encryption/non-repudiation
2. Ubiquitous network connection encryption with decentralized/anonymized certificates/server keys
3. Automated strong encryption built in to file transfer software
4. Ubiquitous and easy to use local storage encryption (e.g., Veracrypt, ZFS, Windows NTFS/EFS, etc.)
5. Strongly encrypted voice/text messages by default on *all* devices
6. Strong encryption on social network data, with granular access controls, preferably in a P2P social network environment (I know, a pipe dream)
7. I'm sure there are a bunch of other things too, I'm just too lazy to think of them right now
The key is getting folks to *want* to protect their privacy. Once there is widespread interest, many players (both FOSS and proprietary) will start creating such tools/processes/resources for the larger market. Even if the NSA/CIA/GCHQ, etc. can crack 256 bit encryption in hours (unlikely, depending on the encryption schemes), if the bulk of data and network traffic is encrypted, enormous resources would need to be expended getting the data most people practically beg the spies and corporate marketing assholes to scoop up and use in their self interest.
Yes, this stuff isn't trivial and some requires active participation from those who would be hurt by this (our corporate masters), but a guy can dream, can't he?
I read the paper, too. While the researchers used a server, the server was not part of the TOR network. It communicated with the TOR exit node. Further, the server only "injected" timing patterns. So, it would be possible for a router, located between the server and the exit node, to inject the timing patterns. While not as clean as having the content server impose the timing patterns, it would still work.
An interesting point. Unfortunately, there's a problem with that: at the hypothetical intermediate router, how do you determine which data flow(s) should have their timing modified? If you do it to *all* the flows, that destroys the uniqueness of the pattern and hence makes identification orders of magnitude more difficult, if not impossible. The whole point of this is to create identifiable patterns that can be correlated with data flow patterns external to Tor on the *client* side.
As for length of time, this attack could be useful for tracking movie downloads - especially if the download speed was limited,
Since Tor actively discourages P2P file transfers (for performance reasons, apparently), which is the primary method for downloading media, especially large media such as movies (I found that bit in the paper to be pretty unrealistic) that's one of the things that minimizes the value of this kind of analysis. As I said in my previous post. If your target trusts the server that *you* control enough to download large files, then you're much better off exploiting browser/plug-in vulnerabilities to compromise the target and have it identify itself for you.
So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node?
NO FREAKING DUH!?
Good luck being able to sniff traffic on *both* ends.
You're misunderstanding the methodology. The trick isn't to sniff the actual data being transferred and can be used even with encrypted traffic.
The identification uses traffic analysis (using data generated from Netflow and similar management tools), not packet sniffing.
The way it works is that you get the target client to initiate a file transfer from a server specifically set up for this, then you modulate the data rate (2 seconds at 1Mb/sec, 5 seconds at 3Mb/sec, 5 seconds at 750kb/sec, etc., etc. in a specific pattern) at which the data is being transmitted. You then you compare the data flows from the server to the Tor exit node and the data flows from the Tor entry node to the potential targets.
If you can correlate the server-->exit node flow to a specific entry node-->client flow, you've just identified the client outside of Tor.
It's clear that there are significant limitations to the tested identification methods. Firstly, it requires that the server endpoint be under the control of the entity attempting identification. Secondly, the TOR *entry* node being used must be identified (if you have the resources, I guess you could monitor traffic flows from *all* entry nodes) in order for the Netflow data to be compared between the Server-->Exit Node and the Entry Node-->potential target client. Thirdly, in order to generate enough traffic to have enough collected data for correlation, large (the authors' term, they do not identify the size of the file/data required, only that downloads must last ~seven minutes to collect enough data) amounts of data must be downloaded from the server.
It's an interesting piece of work, but pulling off an identification like this requires the anonymized client to both connect to a server specifically configured to generate traffic flows that can be identified, and once connected, the client must be induced to download a "large" file/dataset. What is more, those attempting the identification must also be able to gather Netflow records from the interface(s) associated with the specific (and likely unknown) TOR entry node as well, or monitor flows from *all* TOR entry nodes.
It seems to me, that while the above scenario is certainly feasible, if you can get a potential target to visit a server that's under your control and download a large file, you can probably infect the client with malware from that server, and have said malware phone home without TOR, producing a specific identification without false positives or negatives. Which would be much less resource intensive and more useful, IMHO.
In any case, this is a huge improvement from previous Bennett posts, here he actually makes an attempt to collect data instead of rambling. So good on him for that.
That's like saying, "It's made from horse shit rather than dog shit, so it must be tastier."
He's right about that.. if there was a huge gap between opinions on black vs white breastfeeding, then even with that sample size there would be a clear difference.
Actually, no. You clearly have no understanding of statistical methods. Any results which fall within the margin of error could be (and generally are) considered to be not significant. The most you could say is that the differences are inconclusive.
Is there a specific statement in the article that you think is incorrect, and that you think a majority of survey researchers would agree with you about?
It's not a specific statement, mostly it's because it comes from you. You have consistently shown yourself to be ignorant, naive, resistive of the mildest constructive criticism, a poor writer and, frankly, just not very bright.
That said, numerous other posters have taken issue with your "methodology" and pointed out that any "results" you gleaned from your half-assed attempt at science are well within any reasonable error bars. As such, your effort, such as it was, is completely worthless to any fact-based, data-driven discussion.
Please go away now. I know you won't, but I did say 'please'. Not sure if you're aware of this, but you've become the butt of jokes here on just abour every/. article these days. You might want to consider that before posting your poorly written, inane and often assinine thoughts.
Hardly. His effort, this one time, was a lot more thorough[1] than the numerous womens studies "research" that we routinely get here on slashdot. What exactly can you fault him for above, other than using MT? What would you do different?
Nice try Bennett. Nobody in their right mind would call anything you say "educated" or "meaningful". Instead we use words like, "malignantly narcissistic," and "full retard."
What the hell is the matter with you? Everyone knows that Bennett isn't full retard! He's full-on retard! Geez Louise! get it straight. WTF is wrong with people!
Hi there, I think you need my assistance in setting up a PTR. I work for Comcast's corporate customer service team. Could you please email me at Cassie_Hart@comcast.com so that we can assist?
Thanks,
Comcast Cassie
OP, if you decide to go this route, please let us know what happens.
At one time I had Comcast cable modem and a static IP with Speakeasy DSL at the same time. I had to keep my copper wire phone service in order to do this. Comcast gave me high download speeds, Speakeasy gave me a circuit that I could basically do anything with. The DSL speed was what you'd expect for DSL, but that doesn't really matter for email.
Later I dropped Comcast because I got so tired of trying to deal with them, and I'd gouge out my eyeballs rather than go back to them, but that's another story. I went back to DSL only for awhile, and then picked up FIOS when it became available. Running both side by side, I didn't see any limitations to the FIOS circuit so with a tinge of sadness, let the Speakeasy account go. (And before a bunch of anonymous cowards jump on this, yes, I'm aware that some people have had bad experiences with FIOS. I haven't, really. The circuit has been dead nuts reliable. I went through four routers until I got one that worked correctly, but that's not necessarily the ISPs fault, and they were always quick to overnight a replacement when necessary.)
I've been a Speakeasy (now MegaPath) customer for a long time. They were really great. Since MegaPath took over, they've really gone downhill, killing off services, ESL *and* clueless customer support and billing issues, so don't feel too bad about moving to FIOS. I wish I could, but it's not available here. Aside from the mediocre speeds (ADSL), Speakeasy was one of the best out there. I've been looking for alternatives, but the abusive TOS' used by the big boys is just too restrictive. And Verizon isn't really rolling out FIOS anymore and will likely *never* do so where I live. Sigh.
That's where we're just going to disagree. I don't see Title II as a starting point. I think we all want net neutrality in essence, but I don't believe Title II is the way to achieve it.
But my core claim here is that the AT&T is behaving rationally due to regime uncertainty. I don't disagree that the ISPs are up to no good, but at the same time they do what they are allowed to get away with by us and the government. But most of all, businesses respond to incentive structures. So I say let's force that.
The kind of legal action I would be in favor of would be breaking up these telco/isp/content-provider cartels. The cable companies in the United States were, initially, the only game in town with the infrastructure pre-existing that could handle moderate broadband access. This met the needs of the general public until about 2006-ish, the speeds were OK, and cable TV wasn't competing with cable internet in essence, because streaming wasn't that big yet.
This is no longer the case, and people are opting more and more to cut the cord and just get internet access for the content needs. So now the cable companies are going to try to get up to mischief because one of their services directly competes with another, or you can access competitor-cartel content with their access and they want you to stay with their sphere of influence.
I believe the solution is to make it so that ISPs can only be ISPs. We're reaching a level of cartel like behavior that provoked the anti-trust backlash of the gilded age; and I think it's time to sharpen up the Sherman Act for a new millennium. While Title II would enforce utility like behavior on the ISPs, it would still allow them to be connected to their parent institutions, and they would still have incentives to get up to mischief. I say remove the incentive to do mischief rather than make it illegal to get up to it. Then we can get truly competitive behavior from people who are fundamentally in the businesses of providing you the best internet.
So when I say that Title II isn't the right way to achieve net neutrality it is because I think incentive structures are a more powerful way of influencing behavior than regulation. Title II provides an incentive to be a utility company; and I don't remember the last time my utility company did anything except raise my rates for the exact same service.
It's interesting. We do agree on what the problems are and from where the locus of issues stem. In fact, I think we agree far more than we disagree.
While we do disagree about Title II (I suggest reading the act itself), it doesn't create utilities of the ISPs. In fact, there are portions of AT&T and Verizon's (as well as others) networks that are covered under TItle II to this day. I wouldn't call either of those guys utilities, would you?).
The broadband providers were classfied as Title II until 2002, and that's when things started going downhill, IMHO.
That's my take, but reasonable people can disagree and that's a good thing, as long as we're focused on the real issues, rather than some fake "partisan divide" designed to divide us.
Getting that out of the way, I think we agree more than we disagree. I have no problem with incentivizing folks to move us forward. In fact, it's an excellent idea. But you need to have the other side of the coin as well. Carrot and stick. Incentives *and* regulation.
We tried the carrot (reclassification to Title I -- as I mentioned, these guys were Title II before 2002), local franchises with limited or no competition, subsidies to the tune of $200 Billion and on and on and on). What did they do with those incentives? Bought up some of the competition, squashed most of the others, did not upgrade their infrastructure unless there was a competitor breathing down their necks, and even then they were mostly FTTPR implementations.
If you ask me the big scandal here is that we're assuming the ISPs have any ability whatsoever to tell streaming video from VOIP, web traffic or email. That they can, tells us the internet is fundamentally insecure which is the problem at its core.
I'm going to assume that you aren't familiar with the communications protocols in use on the Internet. While it is possible to disguise the network traffic going to/from your home network (generally this is accomplished via a VPN connection -- but that can be identified as a VPN connection as well), during normal internet usage, there are a number of ways the data can be identified as one application or another. Some of those are necessary to the normal operation of the applications (e.g., VOIP, web surfing, various forms of file transfer, email, etc., etc., etc.), others can be inferred from the connection end-points, metadata as well as analysis of the data itself. (such as video or audio streaming).
This isn't a weakness, per se, it's just how the Internet Protocol Suite works. This information can be used for a variety of perfectly valid purposes. For example, network traffic prioritization (video and VOIP traffic are more sensitive to delays and dropped packets than an email or a web page, so that sort of traffic can be marked as more "important"), although that sort of prioritization (called Quality of Service or QoS) is generally not honored between disparate networks.
Your point about the "insecurity" of the Internet is actually quite a bit more nuanced than you're making it out to be.
There are many layers of security which can be deployed, however, many of them will not be unless you take proactive steps to use them (e.g., PGP for encrypted/authenticated email, for encrypted web browsing, SSH for a variety of tasks, IPSec for VPN connections) There are many host and network based security applications and tools which can be hardware, software, processes, procedures and even (or possibly, most importantly) user education.
In any case, the issues you bring up are far more complex than (based on your post) you realize, and I've over-simplified here quite a bit.
TL;DR: If you don't want your data read by others, there are a variety of steps (encryption, strong authentication, Anti-virus/antimalware software, software updates and a plethora of other technical and non-technical means) you can take to mitigate that, but just like in life, there is no such thing as perfect security.
Pacific Bell == AT&T. AT&T is the Ma Bell of our century, they are practically Ma Bell since they've taken over all the Baby Bell's less a few small holdings except now they don't any oversight or requirements.
Small holdings? You mean like New York Telephone and Bell Atlantic? They make up a fairly sizable portion of asmall company you probably haven't heard about: Verizon (Market Capitalization $209.2 Billion). AT&T has a market capitalization of $189.08 Billion. Hmm...
Good idea. Lets see:
New ToS- All packets will flow into a government data center to be analyzed before being forwarded onto their ultimate destination. Seems like a good idea to me.
And even better when our politicians get in a bitchy mood they can shut down the government mandated monopoly to get us to pay them more money. No thank you
Umm...I'm sorry, I must have missed the memo about a government monopoly of the Internet. Governments have been giving monopoly franchises to the big ISPs, but those governments (plural) are primarily municipal governments and smattering of state governments. Do you have some sort of proposed legislation or regulations I could check out?
Or, to put it more baldly, nationalization of US Internet infrastructure is just a paranoid fantasy. Please, for your family's sake, take your meds.
Slashdot Mirror
We know net neutrality is something that could be enforced, there is enough bandwidth available now over fiber to give everyone a standard amount of bandwidth. Fast lanes are probably inevitable; if that is the price for getting standardized internet access then fine, do it. It's a reason for companies to roll out the upgrades.
Let's face it, business will not upgrade the networks to the speed required without being told that they will get to charge for premium access. It's a fact, you can't get around it. It's better for everyone to just accept what can't be changed, live with it, deal with it, and let's get IPTV to everybody nationwide so we get more channels, more content, etc, etc.
Just imagine a future time when you don't have to watch football on the weekend, where you can watch whatever minority sport you prefer, be it surfing or chess or mountaineering or whatever. Imagine having the freedom to choose what shows you watch when. It's not going to happen if we don't get the networks upgraded and that is not going to happen without fast lanes, I don't believe.
I don't think we'll ever get net neutrality, but by the trickle-down theory, we should be able to get serviceable internet to everyone which is sufficiently neutral for it not to matter. Let's shift the cost onto content rather than the medium, and we'll need fast networks to do that, and that requires fast lanes for now, I think.
That's a steaming load of grade A bullshit. Do you work for the CTIA? Or just one of its members?
Do NOT be fooled by the "Net Neutrality" cover story. This is an effort to regulate the Internet by hardcore leftists, and if allowed to proceed will be the end of the Internet as we know it.
The unregulated Internet CHANGED THE WORLD. Allowing government regulations will only destroy what has been created.
You sir, are uninformed. Until 2002 Cable inernet service *was* classified as a common carrier under Title II. DSL Internet was also a common carrier until 2005.
Since those orders reclassifying internet access under Title I rather than Title II, the ISPs have slowed innovation, dragged their feet with infrastructure upgrades despite the USD$200 billion subsidies given to them, raised prices, created ever more abusive terms of service, and consolidated their stranglehold over both content distribution and last-mile infrastructure through consolidation, lobbying at the municipal, state and federal levels and plumbed the depths of poor customer service.
All of this since we lessened regulation on the ISPs. There was huge growth, innovation, new infrastructure, more competition and fairer terms of service, *before* that. So, as I said, you're uninformed. Either that or you're being deliberately obtuse for partisan reasons. Or, you're just a shill for the big ISPs. I'll assume you're just uninformed, rather than a liar.
Total nonsense. You've been sucked into the false equivalence trap.
Really, AC? What's the real truth? You obviously have the corner on the "way it is," so do tell.
The way I see it is (sorry not a car analogy) that with the Center Right party (the Democrats), it's like walking through an underground access tunnel with a sewer pipe at the ceiling. The pipe is cracked and raw sewage is dripping on your head.
With the Far Right party (the Republicans), it's the same tunnel, but the sewer pipe is ripped wide open and you're choking on the raw sewage instead of getting drenched.
I suppose you could say that one is worse than the other, but I'd rather not be in that tunnel at all.
It's been a conspiracy since day one, Obama appointed a lobbyist for the industry to the head of the FCC, then after it's a republican controlled congress and he has zero clout he comes out for "Net Neutrality" mean while fascist like Cruz say it will hurt Internet commerce, and that it's extreme.
This is about buying time to grease the congressional wheels with industry cash and figuring out the best argument against the common carrier.
Absolutely! GW Bush would never have appointed someone beholden to the industry to head the FCC
There's plenty of blame to go around -- and even more money, especially after the Citizen's United decision.
But it probably is a problem if your opponent is a state-level actor. For example, China (and the US probably too) probably monitors connections to known tor entry/exit nodes. Given the attack mentioned, someone using tor in china is safe as long as the server being contacted is known to not be acting in concert with the adversary. However, if the server (or its connection to the tor entry/exit nodes) is also under control of the same adversary, then the connection can be de-anonymized. So this is a problem for chinese bloggers blogging on chinese blogs, but not so much on foreign blogs hosted outside china. Though it appears blog traffic would probably be too small to facilitate a successful attack.
Absolutely. But the authors of the paper assert that:
The implication is that less powerful (i.e., non-state) actors, given the ability to compromise a relatively small number of networks can perform these attacks as well. At the same time, the specific attack addressed has some serious shortcomings, as I noted in a previous post.
Every thing can be hacked and/or de-anonymized sooner or later. What is the point in using anti-virus and firewalls, tor and the likes. Seems every thing is flawed by design.
Exactly. those windows on your house are vulnerable to rocks, so there's no point in locking your door. Safes can be cracked or blown open, so why keep your valuables in one? It's just going to get broken into, so why bother?
A peeping Tom can look in your window or drill a hole in your wall to watch you, so put up cameras everywhere in your house and broadcast the output on the Internet and a large screen TV outside your house. They're going to see it anyway, so why risk damage to the house?
Where do people get the idea that privacy is some sort of inalienable right? I'll agree that it's a civic courtesy, and certainly it's impolite to disregard another person's privacy, but to that end, I see it as more of a social contract than any sort of actual right. I would suggest that any appearance of privacy we might seem to have is actually just an illusion offered by the fact that other people are either making a deliberate choice to be polite in that regard, or else they are simply not interested enough in what we think is private for others to be bothered with it. Either way, it's not something that you can actually control... its largely determined by what other people do or want.
I don't know. I'm a private person, but not a secretive one. I don't mind sharing personal information with the folks I want to share with. I feel it's incumbent on me to keep things to myself. That may include encryption or access controls or just keeping my mouth shut.
Yes, there are those out there who want to know all about everyone, for their purposes. That doesn't mean I have to roll over and give it all up to anyone who wants it. If I take steps to protect data, ideas, information or anything else for that matter, It's in poor taste to attempt to circumvent those steps. Those who just throw it all out there without any concern, will be (in my estimation) victims of their own carelessness. That's their choice.
That said, in a truly free society, those with the monopoly on organized violence (i.e., government) should be restricted from encroaching on the personal spheres of that society's members, unless there is a compelling reason to violate that sphere (i.e., Probable Cause in the US). Unfortunately, we don't live in such a society, and neither the government (seeking control and power -- whether for noble or ignoble reasons) and a variety of corporate entities (for profit) are unable or unwilling to limit themselves. As such, if we want those folks "off our lawns" we need to take affirmative steps to make that happen.
The whole point of tor for those who are morally and ethically sane, is that it makes monitoring the populus orders of magnitude more expensive!
Forcing NSA and their ilk to actually target people individually, instead of just passivly collecting plain text data on everyone is exactly what needs to happen!
Use Tor as much as possible, it is the only thing stopping complete internet surveillance.
What can make things even more expensive is using strong end-to-end encryption for all network connections and strong encryption for everything stored on someone else's servers. This is *mostly* feasible if you have some technical knowledge, much less so for those that don't.
Things that can aren't really there but could really help the non-technical are:
1. Easy to use, verifiable but decentralized email encryption/non-repudiation
2. Ubiquitous network connection encryption with decentralized/anonymized certificates/server keys
3. Automated strong encryption built in to file transfer software
4. Ubiquitous and easy to use local storage encryption (e.g., Veracrypt, ZFS, Windows NTFS/EFS, etc.)
5. Strongly encrypted voice/text messages by default on *all* devices
6. Strong encryption on social network data, with granular access controls, preferably in a P2P social network environment (I know, a pipe dream)
7. I'm sure there are a bunch of other things too, I'm just too lazy to think of them right now
The key is getting folks to *want* to protect their privacy. Once there is widespread interest, many players (both FOSS and proprietary) will start creating such tools/processes/resources for the larger market. Even if the NSA/CIA/GCHQ, etc. can crack 256 bit encryption in hours (unlikely, depending on the encryption schemes), if the bulk of data and network traffic is encrypted, enormous resources would need to be expended getting the data most people practically beg the spies and corporate marketing assholes to scoop up and use in their self interest.
Yes, this stuff isn't trivial and some requires active participation from those who would be hurt by this (our corporate masters), but a guy can dream, can't he?
But nobody who's taking sufficient care to secure things will just execute untrusted code, right?
Exactly. And because no security vulnerabilities exist in any network connected device, no systems are ever compromised. Sigh.
I read the paper, too. While the researchers used a server, the server was not part of the TOR network. It communicated with the TOR exit node. Further, the server only "injected" timing patterns. So, it would be possible for a router, located between the server and the exit node, to inject the timing patterns. While not as clean as having the content server impose the timing patterns, it would still work.
An interesting point. Unfortunately, there's a problem with that: at the hypothetical intermediate router, how do you determine which data flow(s) should have their timing modified? If you do it to *all* the flows, that destroys the uniqueness of the pattern and hence makes identification orders of magnitude more difficult, if not impossible. The whole point of this is to create identifiable patterns that can be correlated with data flow patterns external to Tor on the *client* side.
As for length of time, this attack could be useful for tracking movie downloads - especially if the download speed was limited,
Since Tor actively discourages P2P file transfers (for performance reasons, apparently), which is the primary method for downloading media, especially large media such as movies (I found that bit in the paper to be pretty unrealistic) that's one of the things that minimizes the value of this kind of analysis. As I said in my previous post. If your target trusts the server that *you* control enough to download large files, then you're much better off exploiting browser/plug-in vulnerabilities to compromise the target and have it identify itself for you.
So if you can spy on the traffic from the user to the tor entry node, and can spy on the traffic leaving the tor exit node at the same time... then you can tell that the traffic you saw going to the entry node is linked to the traffic leaving the exit node?
NO FREAKING DUH!?
Good luck being able to sniff traffic on *both* ends.
You're misunderstanding the methodology. The trick isn't to sniff the actual data being transferred and can be used even with encrypted traffic.
The identification uses traffic analysis (using data generated from Netflow and similar management tools), not packet sniffing.
The way it works is that you get the target client to initiate a file transfer from a server specifically set up for this, then you modulate the data rate (2 seconds at 1Mb/sec, 5 seconds at 3Mb/sec, 5 seconds at 750kb/sec, etc., etc. in a specific pattern) at which the data is being transmitted. You then you compare the data flows from the server to the Tor exit node and the data flows from the Tor entry node to the potential targets.
If you can correlate the server-->exit node flow to a specific entry node-->client flow, you've just identified the client outside of Tor.
It's clear that there are significant limitations to the tested identification methods. Firstly, it requires that the server endpoint be under the control of the entity attempting identification. Secondly, the TOR *entry* node being used must be identified (if you have the resources, I guess you could monitor traffic flows from *all* entry nodes) in order for the Netflow data to be compared between the Server-->Exit Node and the Entry Node-->potential target client. Thirdly, in order to generate enough traffic to have enough collected data for correlation, large (the authors' term, they do not identify the size of the file/data required, only that downloads must last ~seven minutes to collect enough data) amounts of data must be downloaded from the server.
It's an interesting piece of work, but pulling off an identification like this requires the anonymized client to both connect to a server specifically configured to generate traffic flows that can be identified, and once connected, the client must be induced to download a "large" file/dataset. What is more, those attempting the identification must also be able to gather Netflow records from the interface(s) associated with the specific (and likely unknown) TOR entry node as well, or monitor flows from *all* TOR entry nodes.
It seems to me, that while the above scenario is certainly feasible, if you can get a potential target to visit a server that's under your control and download a large file, you can probably infect the client with malware from that server, and have said malware phone home without TOR, producing a specific identification without false positives or negatives. Which would be much less resource intensive and more useful, IMHO.
I detect that you're not sanguine about this.
Quite. You are very perceptive. Good show!
In any case, this is a huge improvement from previous Bennett posts, here he actually makes an attempt to collect data instead of rambling. So good on him for that.
That's like saying, "It's made from horse shit rather than dog shit, so it must be tastier."
He's right about that.. if there was a huge gap between opinions on black vs white breastfeeding, then even with that sample size there would be a clear difference.
Actually, no. You clearly have no understanding of statistical methods. Any results which fall within the margin of error could be (and generally are) considered to be not significant. The most you could say is that the differences are inconclusive.
Is there a specific statement in the article that you think is incorrect, and that you think a majority of survey researchers would agree with you about?
It's not a specific statement, mostly it's because it comes from you. You have consistently shown yourself to be ignorant, naive, resistive of the mildest constructive criticism, a poor writer and, frankly, just not very bright.
That said, numerous other posters have taken issue with your "methodology" and pointed out that any "results" you gleaned from your half-assed attempt at science are well within any reasonable error bars. As such, your effort, such as it was, is completely worthless to any fact-based, data-driven discussion.
Please go away now. I know you won't, but I did say 'please'. Not sure if you're aware of this, but you've become the butt of jokes here on just abour every /. article these days. You might want to consider that before posting your poorly written, inane and often assinine thoughts.
Oh, and have a nice day!
Hardly. His effort, this one time, was a lot more thorough[1] than the numerous womens studies "research" that we routinely get here on slashdot. What exactly can you fault him for above, other than using MT? What would you do different?
[Emphasis added]
Citations, please.
Nice try Bennett. Nobody in their right mind would call anything you say "educated" or "meaningful". Instead we use words like, "malignantly narcissistic," and "full retard."
What the hell is the matter with you? Everyone knows that Bennett isn't full retard! He's full-on retard! Geez Louise! get it straight. WTF is wrong with people!
Hi there, I think you need my assistance in setting up a PTR. I work for Comcast's corporate customer service team. Could you please email me at Cassie_Hart@comcast.com so that we can assist? Thanks, Comcast Cassie
OP, if you decide to go this route, please let us know what happens.
At one time I had Comcast cable modem and a static IP with Speakeasy DSL at the same time. I had to keep my copper wire phone service in order to do this. Comcast gave me high download speeds, Speakeasy gave me a circuit that I could basically do anything with. The DSL speed was what you'd expect for DSL, but that doesn't really matter for email.
Later I dropped Comcast because I got so tired of trying to deal with them, and I'd gouge out my eyeballs rather than go back to them, but that's another story. I went back to DSL only for awhile, and then picked up FIOS when it became available. Running both side by side, I didn't see any limitations to the FIOS circuit so with a tinge of sadness, let the Speakeasy account go. (And before a bunch of anonymous cowards jump on this, yes, I'm aware that some people have had bad experiences with FIOS. I haven't, really. The circuit has been dead nuts reliable. I went through four routers until I got one that worked correctly, but that's not necessarily the ISPs fault, and they were always quick to overnight a replacement when necessary.)
I've been a Speakeasy (now MegaPath) customer for a long time. They were really great. Since MegaPath took over, they've really gone downhill, killing off services, ESL *and* clueless customer support and billing issues, so don't feel too bad about moving to FIOS. I wish I could, but it's not available here. Aside from the mediocre speeds (ADSL), Speakeasy was one of the best out there. I've been looking for alternatives, but the abusive TOS' used by the big boys is just too restrictive. And Verizon isn't really rolling out FIOS anymore and will likely *never* do so where I live. Sigh.
That's where we're just going to disagree. I don't see Title II as a starting point. I think we all want net neutrality in essence, but I don't believe Title II is the way to achieve it. But my core claim here is that the AT&T is behaving rationally due to regime uncertainty. I don't disagree that the ISPs are up to no good, but at the same time they do what they are allowed to get away with by us and the government. But most of all, businesses respond to incentive structures. So I say let's force that. The kind of legal action I would be in favor of would be breaking up these telco/isp/content-provider cartels. The cable companies in the United States were, initially, the only game in town with the infrastructure pre-existing that could handle moderate broadband access. This met the needs of the general public until about 2006-ish, the speeds were OK, and cable TV wasn't competing with cable internet in essence, because streaming wasn't that big yet. This is no longer the case, and people are opting more and more to cut the cord and just get internet access for the content needs. So now the cable companies are going to try to get up to mischief because one of their services directly competes with another, or you can access competitor-cartel content with their access and they want you to stay with their sphere of influence. I believe the solution is to make it so that ISPs can only be ISPs. We're reaching a level of cartel like behavior that provoked the anti-trust backlash of the gilded age; and I think it's time to sharpen up the Sherman Act for a new millennium. While Title II would enforce utility like behavior on the ISPs, it would still allow them to be connected to their parent institutions, and they would still have incentives to get up to mischief. I say remove the incentive to do mischief rather than make it illegal to get up to it. Then we can get truly competitive behavior from people who are fundamentally in the businesses of providing you the best internet. So when I say that Title II isn't the right way to achieve net neutrality it is because I think incentive structures are a more powerful way of influencing behavior than regulation. Title II provides an incentive to be a utility company; and I don't remember the last time my utility company did anything except raise my rates for the exact same service.
It's interesting. We do agree on what the problems are and from where the locus of issues stem. In fact, I think we agree far more than we disagree.
While we do disagree about Title II (I suggest reading the act itself), it doesn't create utilities of the ISPs. In fact, there are portions of AT&T and Verizon's (as well as others) networks that are covered under TItle II to this day. I wouldn't call either of those guys utilities, would you?).
The broadband providers were classfied as Title II until 2002, and that's when things started going downhill, IMHO.
That's my take, but reasonable people can disagree and that's a good thing, as long as we're focused on the real issues, rather than some fake "partisan divide" designed to divide us.
Getting that out of the way, I think we agree more than we disagree. I have no problem with incentivizing folks to move us forward. In fact, it's an excellent idea. But you need to have the other side of the coin as well. Carrot and stick. Incentives *and* regulation.
We tried the carrot (reclassification to Title I -- as I mentioned, these guys were Title II before 2002), local franchises with limited or no competition, subsidies to the tune of $200 Billion and on and on and on). What did they do with those incentives? Bought up some of the competition, squashed most of the others, did not upgrade their infrastructure unless there was a competitor breathing down their necks, and even then they were mostly FTTPR implementations.
As you correct
If you ask me the big scandal here is that we're assuming the ISPs have any ability whatsoever to tell streaming video from VOIP, web traffic or email. That they can, tells us the internet is fundamentally insecure which is the problem at its core.
I'm going to assume that you aren't familiar with the communications protocols in use on the Internet. While it is possible to disguise the network traffic going to/from your home network (generally this is accomplished via a VPN connection -- but that can be identified as a VPN connection as well), during normal internet usage, there are a number of ways the data can be identified as one application or another. Some of those are necessary to the normal operation of the applications (e.g., VOIP, web surfing, various forms of file transfer, email, etc., etc., etc.), others can be inferred from the connection end-points, metadata as well as analysis of the data itself. (such as video or audio streaming).
This isn't a weakness, per se, it's just how the Internet Protocol Suite works. This information can be used for a variety of perfectly valid purposes. For example, network traffic prioritization (video and VOIP traffic are more sensitive to delays and dropped packets than an email or a web page, so that sort of traffic can be marked as more "important"), although that sort of prioritization (called Quality of Service or QoS) is generally not honored between disparate networks.
Your point about the "insecurity" of the Internet is actually quite a bit more nuanced than you're making it out to be.
There are many layers of security which can be deployed, however, many of them will not be unless you take proactive steps to use them (e.g., PGP for encrypted/authenticated email, for encrypted web browsing, SSH for a variety of tasks, IPSec for VPN connections) There are many host and network based security applications and tools which can be hardware, software, processes, procedures and even (or possibly, most importantly) user education.
In any case, the issues you bring up are far more complex than (based on your post) you realize, and I've over-simplified here quite a bit.
TL;DR: If you don't want your data read by others, there are a variety of steps (encryption, strong authentication, Anti-virus/antimalware software, software updates and a plethora of other technical and non-technical means) you can take to mitigate that, but just like in life, there is no such thing as perfect security.
Pacific Bell == AT&T. AT&T is the Ma Bell of our century, they are practically Ma Bell since they've taken over all the Baby Bell's less a few small holdings except now they don't any oversight or requirements.
Small holdings? You mean like New York Telephone and Bell Atlantic? They make up a fairly sizable portion of asmall company you probably haven't heard about: Verizon (Market Capitalization $209.2 Billion). AT&T has a market capitalization of $189.08 Billion. Hmm...
Good idea. Lets see: New ToS- All packets will flow into a government data center to be analyzed before being forwarded onto their ultimate destination. Seems like a good idea to me.
And even better when our politicians get in a bitchy mood they can shut down the government mandated monopoly to get us to pay them more money. No thank you
Umm...I'm sorry, I must have missed the memo about a government monopoly of the Internet. Governments have been giving monopoly franchises to the big ISPs, but those governments (plural) are primarily municipal governments and smattering of state governments. Do you have some sort of proposed legislation or regulations I could check out?
Or, to put it more baldly, nationalization of US Internet infrastructure is just a paranoid fantasy. Please, for your family's sake, take your meds.
Thanks for putting the truth behind being The First Honest Cable/Telco Company
Wow! Great deal! Sign me up! Does that come with an extended warranty plan? Gosh I hope so!