Cloudflare will collect only the following information from Firefox users:
Timestamp
IP Version (IPv4 vs IPv6)
Resolver IP address + Port the Query Originated From
Protocol (TCP, UDP, TLS or HTTPS)
Query Name
Query Type
Query Class
Query Rd bit set
Query Do bit set
Query Size Query EDNS
EDNS Version
EDNS Payload
EDNS Nsid
Response Type (normal, timeout, blocked)
Response Code
Response Size
Response Count
Response Time in Milliseconds
Response Cached
DNSSEC Validation State (secure, insecure, bogus, indeterminate)
Colo ID
Server ID
Cloudflare claims they will only store that info for 24 hours... but there will be other info that will be stored long term... But in the world of collecting info I'd imagine the GDPR would have some sort of effect...right?
So the US isn't repositioning its satellites? It seems to me that China these days are doing the things that America used to at the drop of a hat without a whim...
I guess the next thing to do is to start making websites with hidden iframes that loads pages of "questionable" content so that it will posion your DNS history. You may not have actually seen the "questionable content" in question, but your browser certainly loaded the content which in technical terms would fall in-line with the profile of this "anti-cheating" system.
It's as if you are assumed guilty of any sex crime simply by walking through the red-light district.
This is what I have been saying all along for the last 10 years. Fighting privacy by making yourself more private is not the solution. The current premise of all surveillance programs that are being operated today assumes that it is generated by a human being. The easiest way to counter this assumption we can go back to the Aesop's Fable "The boy who cried wolf".
What did the boy do? The boy cried wolf so many times that in the end when he told the truth, no one believed him. If that boy was alive today and wanted personal privacy, he would be crying wolf all the time. How would that work?
Automate the process and make it easy that everyone else can do it, too. If everyone cried wolf, who would you believe? We change the assumption and accept the fact that surveillance isn't going away. However, by burying the would-be listener with unlimited content and for someone/something to groom through all that data to figure out what is relevant, what is the truth and un-truth, it is a daunting task and it opens a new set of problems. How can you assess the threat if everyone was saying the same thing all the time, became friends with everyone else? Do you really know that person? Or is everyone really friends with Timothy McVeigh because he is such a cool guy until he pull that crazy stunt in OKC in 1995. What if sleeper cells weren't so sleepy but were outright public being a sleeper cell?
One way to make a point, why not just have all your friends sexting to each other, make a facebook page, make it a facebook group, twitter about it, chose a day, and everyone participate in an act of civil disobedience. What are they going to do? Prosecute every single teenager that has a cell phone? This forces the law to react because clearly the law has been applied incorrectly because someone decided that it was easier to punish the few but the will of the masses to demand common sense will prove just in the end.
So my question is, when is the National Sexting Day going to take place?
The following is we implemented in our shop to prevent cold-boot attacks. Our shop is a Panasonic Toughbook shop, so keep that in mind as some features in the Toughbook line of laptops may not be available, but most of them are.
1.) Establish a system administrator password in the BIOS. Also establish a user password in the BIOS as well.
2.) Enable the feature to require password entry in order to boot the system.
3.) Hardware lock the hard drive to the system using the system administrator's password established from step 1.
4.) Remove all boot devices with the exception of the hard-drive as the only device allowed to boot the system.
5.) Use your favorite encryption software, i.e. TrueCrypt, PointSec, PGP. Our shop uses the PGP WholeDisk encryption with FIPS 140-2 operation enabled.
6.) As an option, enable the fingerprint reader on the CF-30 as an alternative means to the system administrator boot password requirement.
So you are wondering what does all this procedures and passwords buy you?
The cold boot attack aims its attack at the hardware, specifically the trace memories that are left on the DRAM when a system is powered down (via safe or simply brute force by removing the power supply, i.e power blug or battery). Yes, there are software that can extract the data from the DRAM memory modules, and they have been demonstrated to work quite well for several months now. However, there is a catch with this attack as this attack assumes that while you have the ability to gain access to duplicating a set of cryptographic keys, you also have access to the actual locks and door that are safeguarding the data.
By establishing the BIOS passwords and enabling the feature to tie the hard drive to the actual laptop via the BIOS password, the attacker would need to make the attack directly on the laptop by having the hard drive attached to the system. To prevent the attacker from gaining access to hard drive, you enable the feature to require end-users to enter a password or biometric readers to scan in finger-prints. At the same time, you also disable all non-essential boot devices from the ability to boot the system from alternative devices by removing the boot devices with the exception of the hard-drive. Providing end-users with a user password for the bios password, authorized end users are allowed to boot the system but will not be able to gain entry to the BIOS to alter system boot orders.
With these combinations of provisions in place, if the DRAM modules were compromised, the data is inaccessible because the attacker has no means to launch the attack against the data. Simply removing the hard-drive and connecting it to another system will not be useful because the hard drive is at this point tied to the motherboard and without it, it is useless and will not be accessible at all without knowing the system administrator's password.
You have a copy of the keys. But if you have no means to use the keys and you can't find the lock or door, the keys are useless to you.
The last time I recalled, counting was still a pretty easy thing to do. You hold up your hands and you count your fingers. If our election system is flawed in the sense that we don't know how to add 1 to a number, what level of confidence should we expect from our so-called "elected" officials. Clearly, if we can't trust those who count, why should we trust the counted?
Use the group policy editor. You can run it from gpedit.msc from the commandline. I would suggest that you make an image of the system first and examine carefully as to what you are doing per entry in the editor. There are some rather explicit and system limiting features that can make your XP into a big brick. Use maximum discretion.
This is the same reason why I never caught on to Netflix because they were already online and the problem is that as much as I downloaded them, I saw maybe 10% of the crap that I downloaded. Now a days, despite the massive sources for media, I don't even bother downloading anymore.
It is a bit off tangent, but I believe Ice Cube said it best: Laugh now, cry later. It is the way both the House and Senate view the problem of ID theft. They aren't doing much to protect the consumers, and allow individuals to consume personal data through public records. They may laugh now while the votes are coming, but eventually we all are going to cry later when our personal information will be the gold nuggets of the Digital Western Frontier.
The true issue behind net neutrality still comes down to money. But let's think in even easier terms and it boils down to two sides - the have and the have not. In the current scenario, the big telecommunications company believe that it isn't enough to charge only the customers that consume the media, they would also like to charge the providers of that media a means to distribute said media in question. Does this make any sense at all? Or perhaps something in existence will shed some light on the subject.
Let's take the example of a commerical shipping company, i.e. Federal Express. On any given day, countless numbers of business require Federal Express to deliver various goods through out the world. A customer makes an order request and pays for the goods and services as well as the shipping/handling. The bulk of the money is paid toward the company from which the said goods were purchased from while a portion of the payment is allocated for the cost of transporting the said goods to the customer. Should the customer choose an expedited means of shipment, the customer is given the option to provide additional funds to cover the cost of expedited transport of the said goods in question. After time spent in transportation, the goods arrive at the customer's location, an individiual signs for the delivery and receipt of package and the transaction is complete.
Similiar to the Federal Express transaction above, a computer network behaves very similiar but at a much higher repetition. But the basic model still holds true - a customer (client) makes a order request to a provider (server), a customer pays for the cost of transportation (2Mbps down/512kbps up), the provider (server) hands over the package (packet), Federal Express (various telecommunications company) delievers it to the customer at the rate they have paid for (2Mbps down/512kbps up) and the transaction is complete.
This is how things were when Network Neutrality was assumed.
Let's analyze what happens when Network Neutrality is removed from the original Federal Express model. But to make things simpler, let's take a simple shipping transaction.
John Smith needs a kick ass muffler from Unique Auto Sports and he needed it yesterday. He makes a call to Unique Auto Sports and orders the part and tells them to ship the part in question using Next Day Air. John will cover the cost of the added expense of shipping - not a problem. Now, a few years ago Unique Auto Sports wasn't big. They were doing ok business but lately with the hot new trend of compact sports cars modifications, their businesses is SOARING. Everyone wants it Unique and if it's not Unique, it's just another car. Business at Unique Auto Sports is definitely very, very well.
Lucky for Federal Express, they have an exclusive deal with Unique Auto Sports. Federal Express is the official delivery of Unique Auto Sports. Ground Shipping, 2-day air, next day air, all no problems. What needed to be done, Unique Auto Sports passed that information on to their customer, and it was part of the cost of shipping and handling. Network Neutrality in the past for Unique Auto Sports assumed that regardless of 1 package needed to be delivered or 1000 packages to be delivered, the cost of shipping a package was still on a package per package basis. Prices were already set and in place and it was very well defined. The cost of per package shipping using 2-day air was the same for one package or 1000 packages. With Network Neutrality removed, because Unique Auto Sports is doing so well and because their volume of is now higher than before, Federal Express would like Unique Auto Sports to pay a monthly fee of $10/package delivered. If Unique Auto Sports does not pay the monthly fee of $10/package that is to be delivered, Federal Express won't have to try to deliver the packages in the frame of time that Unique Auto Sports have rightfully paid for.
I am by no means an expert in Law, but at least looking at dictionary.com, we find the definition to the
Back when I was in college at Virginia Tech, I lived in a town house development (1997-2000) called Pheasant Run Crossing where before the foundation was laid for all the units, two pairs of redundant fiber was laid out to each lot so that each town house had fiber access. At the time, each town house came with its own fiber-to-RJ45 hub, each with 4 ports that ran into each of the four bedroom. The uplink at the time was only a pair of T1s which could have easily been changed over to something fatter. The cool thing was that through IP Masquerading our monthly cost of $27 was able to support 5 users with a single static IP. Ahhhh... those were the days.
Just find an overseas VOIP carrier and make your calls that way. There are plenty of overseas voip carriers and they are more than willing to take your money via paypal:-)
They have ISOs and vmware configuration files... I have to say, it looks like they want to get the word out. I'll bite soon as I get home and download the puppy...:-)
This is only a trend that will continue - not just in business, but also in our personal lives. As technology progresses forward the human race progress in reverse. We have outsourced our labor to overseas because it is cheaper. We have outsourced our parenting responsibilities because we want to work harder for a house that is no longer a house, but a McMansion. We have outsourced our house hold duties because the McMansion that we bought is too much of a house to clean. The generation that is following in our footsteps are only doing what they see their parents do - a repeated pattern of behavior where by throwing money at the problem. If a solution can be bought, then why not? Computer sceince projects, term papers, or even a federal contracts all boil down to getting something accomplished. There is a goal and there is also a deadline. It's not plagiarism if the work is sub-contracted. Plagiarism is outright stealing, contract or sub-contract is only a means to an end, which in this is more time to do things that we really want to do, which at this point I have no idea what to do because I am reading slashdot.
Slashdot Mirror
So how will the GDPR affect this?
Below is a link to Cloudflare's FAQ regarding this...
https://developers.cloudflare....
Cloudflare will collect only the following information from Firefox users:
Timestamp
IP Version (IPv4 vs IPv6)
Resolver IP address + Port the Query Originated From
Protocol (TCP, UDP, TLS or HTTPS)
Query Name
Query Type
Query Class
Query Rd bit set
Query Do bit set
Query Size Query EDNS
EDNS Version
EDNS Payload
EDNS Nsid
Response Type (normal, timeout, blocked)
Response Code
Response Size
Response Count
Response Time in Milliseconds
Response Cached
DNSSEC Validation State (secure, insecure, bogus, indeterminate)
Colo ID
Server ID
Cloudflare claims they will only store that info for 24 hours... but there will be other info that will be stored long term... But in the world of collecting info I'd imagine the GDPR would have some sort of effect...right?
Or am I over thinking...? :-/
Can we do this to resurrect the voice of Anthony Bourdain...? Just curious...
your basic password of "abc123" could be just AlphaBetaCharlieOneTwoThree.
Easy to remember, hard to type, and pretty hard to brute force your way through.
Time for #cardboard to get resold.
So the US isn't repositioning its satellites? It seems to me that China these days are doing the things that America used to at the drop of a hat without a whim...
I guess the next thing to do is to start making websites with hidden iframes that loads pages of "questionable" content so that it will posion your DNS history. You may not have actually seen the "questionable content" in question, but your browser certainly loaded the content which in technical terms would fall in-line with the profile of this "anti-cheating" system.
It's as if you are assumed guilty of any sex crime simply by walking through the red-light district.
This is what I have been saying all along for the last 10 years. Fighting privacy by making yourself more private is not the solution. The current premise of all surveillance programs that are being operated today assumes that it is generated by a human being. The easiest way to counter this assumption we can go back to the Aesop's Fable "The boy who cried wolf".
What did the boy do? The boy cried wolf so many times that in the end when he told the truth, no one believed him. If that boy was alive today and wanted personal privacy, he would be crying wolf all the time. How would that work?
Automate the process and make it easy that everyone else can do it, too. If everyone cried wolf, who would you believe? We change the assumption and accept the fact that surveillance isn't going away. However, by burying the would-be listener with unlimited content and for someone/something to groom through all that data to figure out what is relevant, what is the truth and un-truth, it is a daunting task and it opens a new set of problems. How can you assess the threat if everyone was saying the same thing all the time, became friends with everyone else? Do you really know that person? Or is everyone really friends with Timothy McVeigh because he is such a cool guy until he pull that crazy stunt in OKC in 1995. What if sleeper cells weren't so sleepy but were outright public being a sleeper cell?
One way to make a point, why not just have all your friends sexting to each other, make a facebook page, make it a facebook group, twitter about it, chose a day, and everyone participate in an act of civil disobedience. What are they going to do? Prosecute every single teenager that has a cell phone? This forces the law to react because clearly the law has been applied incorrectly because someone decided that it was easier to punish the few but the will of the masses to demand common sense will prove just in the end.
So my question is, when is the National Sexting Day going to take place?
The following is we implemented in our shop to prevent cold-boot attacks. Our shop is a Panasonic Toughbook shop, so keep that in mind as some features in the Toughbook line of laptops may not be available, but most of them are.
1.) Establish a system administrator password in the BIOS. Also establish a user password in the BIOS as well.
2.) Enable the feature to require password entry in order to boot the system.
3.) Hardware lock the hard drive to the system using the system administrator's password established from step 1.
4.) Remove all boot devices with the exception of the hard-drive as the only device allowed to boot the system.
5.) Use your favorite encryption software, i.e. TrueCrypt, PointSec, PGP. Our shop uses the PGP WholeDisk encryption with FIPS 140-2 operation enabled.
6.) As an option, enable the fingerprint reader on the CF-30 as an alternative means to the system administrator boot password requirement.
So you are wondering what does all this procedures and passwords buy you?
The cold boot attack aims its attack at the hardware, specifically the trace memories that are left on the DRAM when a system is powered down (via safe or simply brute force by removing the power supply, i.e power blug or battery). Yes, there are software that can extract the data from the DRAM memory modules, and they have been demonstrated to work quite well for several months now. However, there is a catch with this attack as this attack assumes that while you have the ability to gain access to duplicating a set of cryptographic keys, you also have access to the actual locks and door that are safeguarding the data.
By establishing the BIOS passwords and enabling the feature to tie the hard drive to the actual laptop via the BIOS password, the attacker would need to make the attack directly on the laptop by having the hard drive attached to the system. To prevent the attacker from gaining access to hard drive, you enable the feature to require end-users to enter a password or biometric readers to scan in finger-prints. At the same time, you also disable all non-essential boot devices from the ability to boot the system from alternative devices by removing the boot devices with the exception of the hard-drive. Providing end-users with a user password for the bios password, authorized end users are allowed to boot the system but will not be able to gain entry to the BIOS to alter system boot orders.
With these combinations of provisions in place, if the DRAM modules were compromised, the data is inaccessible because the attacker has no means to launch the attack against the data. Simply removing the hard-drive and connecting it to another system will not be useful because the hard drive is at this point tied to the motherboard and without it, it is useless and will not be accessible at all without knowing the system administrator's password.
You have a copy of the keys. But if you have no means to use the keys and you can't find the lock or door, the keys are useless to you.
The last time I recalled, counting was still a pretty easy thing to do. You hold up your hands and you count your fingers. If our election system is flawed in the sense that we don't know how to add 1 to a number, what level of confidence should we expect from our so-called "elected" officials. Clearly, if we can't trust those who count, why should we trust the counted?
I remember reading those RFCs when they came out. Ahh.. the good old days when packets were sent over Avian networks... :-/
Use the group policy editor. You can run it from gpedit.msc from the commandline. I would suggest that you make an image of the system first and examine carefully as to what you are doing per entry in the editor. There are some rather explicit and system limiting features that can make your XP into a big brick. Use maximum discretion.
This is the same reason why I never caught on to Netflix because they were already online and the problem is that as much as I downloaded them, I saw maybe 10% of the crap that I downloaded. Now a days, despite the massive sources for media, I don't even bother downloading anymore.
Bowling Alone is a good book. Definitely worth a read.
It is a bit off tangent, but I believe Ice Cube said it best: Laugh now, cry later. It is the way both the House and Senate view the problem of ID theft. They aren't doing much to protect the consumers, and allow individuals to consume personal data through public records. They may laugh now while the votes are coming, but eventually we all are going to cry later when our personal information will be the gold nuggets of the Digital Western Frontier.
This is a form of racketeering. If you don't pay, we don't have to carry your packets. Simple as that.
The true issue behind net neutrality still comes down to money. But let's think in even easier terms and it boils down to two sides - the have and the have not. In the current scenario, the big telecommunications company believe that it isn't enough to charge only the customers that consume the media, they would also like to charge the providers of that media a means to distribute said media in question. Does this make any sense at all? Or perhaps something in existence will shed some light on the subject.
Let's take the example of a commerical shipping company, i.e. Federal Express. On any given day, countless numbers of business require Federal Express to deliver various goods through out the world. A customer makes an order request and pays for the goods and services as well as the shipping/handling. The bulk of the money is paid toward the company from which the said goods were purchased from while a portion of the payment is allocated for the cost of transporting the said goods to the customer. Should the customer choose an expedited means of shipment, the customer is given the option to provide additional funds to cover the cost of expedited transport of the said goods in question. After time spent in transportation, the goods arrive at the customer's location, an individiual signs for the delivery and receipt of package and the transaction is complete.
Similiar to the Federal Express transaction above, a computer network behaves very similiar but at a much higher repetition. But the basic model still holds true - a customer (client) makes a order request to a provider (server), a customer pays for the cost of transportation (2Mbps down/512kbps up), the provider (server) hands over the package (packet), Federal Express (various telecommunications company) delievers it to the customer at the rate they have paid for (2Mbps down/512kbps up) and the transaction is complete.
This is how things were when Network Neutrality was assumed.
Let's analyze what happens when Network Neutrality is removed from the original Federal Express model. But to make things simpler, let's take a simple shipping transaction.
John Smith needs a kick ass muffler from Unique Auto Sports and he needed it yesterday. He makes a call to Unique Auto Sports and orders the part and tells them to ship the part in question using Next Day Air. John will cover the cost of the added expense of shipping - not a problem. Now, a few years ago Unique Auto Sports wasn't big. They were doing ok business but lately with the hot new trend of compact sports cars modifications, their businesses is SOARING. Everyone wants it Unique and if it's not Unique, it's just another car. Business at Unique Auto Sports is definitely very, very well.
Lucky for Federal Express, they have an exclusive deal with Unique Auto Sports. Federal Express is the official delivery of Unique Auto Sports. Ground Shipping, 2-day air, next day air, all no problems. What needed to be done, Unique Auto Sports passed that information on to their customer, and it was part of the cost of shipping and handling. Network Neutrality in the past for Unique Auto Sports assumed that regardless of 1 package needed to be delivered or 1000 packages to be delivered, the cost of shipping a package was still on a package per package basis. Prices were already set and in place and it was very well defined. The cost of per package shipping using 2-day air was the same for one package or 1000 packages. With Network Neutrality removed, because Unique Auto Sports is doing so well and because their volume of is now higher than before, Federal Express would like Unique Auto Sports to pay a monthly fee of $10/package delivered. If Unique Auto Sports does not pay the monthly fee of $10/package that is to be delivered, Federal Express won't have to try to deliver the packages in the frame of time that Unique Auto Sports have rightfully paid for.
I am by no means an expert in Law, but at least looking at dictionary.com, we find the definition to the
Simply put, she is now feeling the pain when the shoe is on the other foot.
Back when I was in college at Virginia Tech, I lived in a town house development (1997-2000) called Pheasant Run Crossing where before the foundation was laid for all the units, two pairs of redundant fiber was laid out to each lot so that each town house had fiber access. At the time, each town house came with its own fiber-to-RJ45 hub, each with 4 ports that ran into each of the four bedroom. The uplink at the time was only a pair of T1s which could have easily been changed over to something fatter. The cool thing was that through IP Masquerading our monthly cost of $27 was able to support 5 users with a single static IP. Ahhhh... those were the days.
I think I will just go back and install NT 3.51 and compile Firefox and surf that way.
Just find an overseas VOIP carrier and make your calls that way. There are plenty of overseas voip carriers and they are more than willing to take your money via paypal :-)
I've been doing this for years.
They have ISOs and vmware configuration files... I have to say, it looks like they want to get the word out. I'll bite soon as I get home and download the puppy... :-)
Information Technologist: 0
Red Neck: 1
This is only a trend that will continue - not just in business, but also in our personal lives. As technology progresses forward the human race progress in reverse. We have outsourced our labor to overseas because it is cheaper. We have outsourced our parenting responsibilities because we want to work harder for a house that is no longer a house, but a McMansion. We have outsourced our house hold duties because the McMansion that we bought is too much of a house to clean. The generation that is following in our footsteps are only doing what they see their parents do - a repeated pattern of behavior where by throwing money at the problem. If a solution can be bought, then why not? Computer sceince projects, term papers, or even a federal contracts all boil down to getting something accomplished. There is a goal and there is also a deadline. It's not plagiarism if the work is sub-contracted. Plagiarism is outright stealing, contract or sub-contract is only a means to an end, which in this is more time to do things that we really want to do, which at this point I have no idea what to do because I am reading slashdot.