You've missed the point on several levels. One of the novel features of this setup is it just takes a straight £2 or whatever it is charge from the tap. THe performer doesn't need to enter a price.
I use contactless a lot, I can pay by phone, card or a keyfob. Neither really require very much fishing. I don't usually even remove my card to pay, just tap my wallet.
UK is adopting 13 as age of consent in Data Protection Bill.
I think this is just WhatsApp not wanting to deal with underage issues - e.g. bullying / adult content. This has absolutely nothing to do with Data Protection.
MSN Messenger was really big in the UK particularly with under 12s - messenger was the chat app of choice. My 19 year old and 11 year old have hotmail addresses for that reason. Don't forget the xbox factor as well. That was cut in 2013 so there are still a lot of 18-30 somethings using hotmail addresses. Older people with fixed lines (and stability) tend to use ISP given addresses or their work accounts. Not the defacto e-mail address they ended up using from playing games or chatting with friends.
So really it's just another age / maturity indicator.
This legal request workload is actually a really big problem for multinational cloud providers.. That's a good business reason for using end-to-end encryption and other technical measures that would prevent the company from accessing or monitoring the data. If they can't see it or collect it, they can't disclose it. It's a lot easier to do that then spend thousands of man hours of legal time responding to complex access requests worldwide. The resulting services/devices are generally more secure and consumers like it, except when their device is locked out.
Patriot act etc. style provisions require hand over of records (such as Telco call logs used for billing) and allows foreign wire level snooping (ie. outsource spying to the UK/Canada/NZ/France etc.)
So really the answer to the Amazon question really depends on their current technical architecture. If they have clear records/files then they have to hand them over when asked.
The typical use is driving round continuously at maybe 20-25mph average patrolling a town/city I guess. So that car is going to last 4-5 hrs with a few donut stops. Police also operate 24 hrs, the car isn't expected to get a break. If they need to be ready to attend an incident a few miles out at any given time, it's easy to see how these things are totally impractical for police work. Maintaining a 2x-3x larger fleet for hot spares just seems to be throwing more money at a bad idea.
By way of comparison the london black cab company is producing a hybrid that can do 70 miles electric then a further 400 off gasoline. That sort of arrangement would have been much more suited to the police typical use. A city taxi isn't that different usage pattern to a police patroller.
Android changed this year. SafetyNet does make the android eco-system more secure. However, it does not make an individual phone any more secure for the end-user.
SafetyNet is a bit like tripwire. It does a verification of running root-level processes and sends a signed device checksum off to Google. If your device is rooted / has malware / etc. then it won't pass this check. There are no indicators to the end-user that something bad has happened to their phone except that any apps that use SafetyNet will no longer work - e.g. Pokemon Go, Android Pay and the PlayStore.
The phone will still be usable, you can still side-load apps etc. so this actually encourages end-users to continue to use a phone that's probably got malware.
Oh and you can still root a phone, then unroot it and it'll be happy again. This is a security layer that benefits the the app developers only, no more cheating at online games.
However - I would hope this change would give the vendors a real motivation to release updates. If Apps are "No longer compatible with this device" because they are not keeping the phone updated with new releases, then you'd have a real legal case to return the phone. Not so much in the US, but the EU has good consumer protection.
Why? Apple has a lock through find my iphone as well as a way to force a phone to be enrolled through a specific MDM server. If any do go missing they do a remote wipe and ask for it to be returned. If the thief is stupid enough to try enrolling it, they'll know where from and who.
This time is nearly over. Forced HSTS and OCSP stapling are some of the measures being used to fight against this. Focus on the end-point, web filtering has nearly had it's day.
There are five of us also - monthly we use around 900GB to 1.3TB. This is mainly Netflix, Skype and other streaming services. We don't watch any 4K. We don't torrent.
This is on an unlimited 80/20 VDSL service in the UK.
From the VISA Website "If your card is lost or stolen you should notify your bank as soon as possible. If anyone has fraudulently used your contactless card to make a payment, providing you take reasonable precautions to protect your card and let your bank know as soon as you realise it’s gone, you will not be responsible for any losses incurred (subject to your bank’s terms and conditions)."
In other words you are not responsible for any losses. Provided you report it lost as soon as you realise.
They are very low value for any fraudster - the best they can hope is a few contactless transactions and probably each one runs the risk of being caught (and on CCTV).
VISA seem prepared to take the hit - so what's the issue?
It's the intelligence of the reader - our library scanner can read multiple cards simultaneously. - because it's only a one way transaction. So it's perfectly possible to read.
The problem in a POS environment is they need to charge the transaction to one card only. Picking a random card in the customers wallet isn't appropriate.
This whole thing is nonsense anyway.. The reader will only show the publically available info which is the 16 card number and expiry. No CCV and No customer name. It's of no use whatsoever for online or contactless transactions.
About the only thing it could be good for is some casual analytics.
Yes - but this appears even on files without any Macro content - just because the file came by e-mail. So files from internal recipients in a DOMAIN without Macros's have the SAME warning as an internet file with a Macro virus.
You will get a warning if you visit using Chrome or any other browser that supports key pinning / Strict Transport Security (HSTS). There are enough people using Chrome/Firefox for this to be an early warning system.
It was more like, we "accidentally" found out some information about an employee, can we use it in a disciplinary. - Answer yes. It sounds like some chat logs or similar were saved on the work PC and came up in an investigation, seems fair enough.
No we don't, but financial circumstances are taken into account. However, these are capped, so the rich don't suffer. I think it's Finland that link fines to percentages of weekly incoming or something.
Yes, it is easy now. It used to be harder. The PIC16F84? was the start of it getting easier, but it always used to require some pretty weird voltages. The pin-outs and programming routines were different for each device, so it was a right old mess. The adaptors and so on used to often be the most expensive part of a programmer.. These were essential when it wasn't possible to program in-system. So yes, anyway, it was expensive and a hobby itself to create a programmer.
The Bank of England is I guess the equivilent of the federal reserve in the US. It's more of an arms-length somewhat independent institution that keeps an eye on the economy and sets interest rates etc. They are not big employers, this is just an observation.
Dunno how things are done in the US, but ballot boxes are sealed here (with actual lead / hard to change seals). The boxes are then couriered (with several different people accompanying the box) to a central location. There are various different registers that show who has attended the vote, what papers have been used. ie. Double Entry. with different people responsible for each register. Usually with a completely separate observer overseeing the ballot box.
At the count all the politicians and representatives can watch the boxes opened and counted. The teams responsible for counting boxes will not know ahead of time which box(es) they are counting. There are careful initial checks to count the papers, to ensure they tally with the registers. There are usually teams of about 8-9 people per box, with an overseer. The room is sealed / guarded. Politicians and representatives can ask for a recount. It is done then and there.
Any deviation from an X in one box on the voting paper, is carefully considered by a team of very senior well trained staff, with a very comprehensive manual to consider all the various ways that a vote can be considered valid or spoiled.
It would take an amazing level of conspiracy and corruption to rig a count in the UK. There are no volunteers, these people are usually paid (and paid well enough) for their role in the ballot and count. Consequences for interfering with the vote in any way are harsh and will include criminal charges as well as most likely loss of employment (staff typically are Local Government staff).
All these protocols would expose fraud or deception quite easily. It'd be simpler to put a gun to people on the way in to the count and tell them who to vote for and check they do this, than to actually create a convincing scenario where the count itself is corrupted.
I know techies often think traditional paper counts are more open to abuse, absolutely no way. If you've ever been at a count or worked with the people at the polling stations you would understand. The only problem is that a vote is expensive with all the oversight and double checking.
That the Gov cannot gain access to modern Apple and Microsoft devices. This legislation wouldn't be necessary otherwise. Microsoft and Apple have genuinely closed the encryption / key loopholes that would allow the authorities to force them to unlock these devices.
This is excellent news, now just to get this bill junked.
Yes sure, you can enroll an iOS device in MDM and then send it an unlock command. The end-user has to agree and approve this first of all of course.
Apple have built the system so that it is immune to a direct unlock. Apple and Microsoft have been giving clear signals that they no longer want to be stuck in the middle of international legal / court disputes requiring them to unlock under court order. So they've re-engineered their encryption and unlock protocols so that they no longer hold any master keys / unlocks etc. This also makes these devices useless when stolen.
The only slightly questionable part is wether they can access any cloud backups. Although that might not be what the court asked.
Slashdot Mirror
Skype is huge and growing as fast as Microsoft can sign up organisations to O365 which is also huge.
Consumers might well be flocking to WhatsApp or Snapchat but in a business setting Skype is huge.
You've missed the point on several levels. One of the novel features of this setup is it just takes a straight £2 or whatever it is charge from the tap. THe performer doesn't need to enter a price.
I use contactless a lot, I can pay by phone, card or a keyfob. Neither really require very much fishing. I don't usually even remove my card to pay, just tap my wallet.
UK is adopting 13 as age of consent in Data Protection Bill.
I think this is just WhatsApp not wanting to deal with underage issues - e.g. bullying / adult content. This has absolutely nothing to do with Data Protection.
MSN Messenger was really big in the UK particularly with under 12s - messenger was the chat app of choice. My 19 year old and 11 year old have hotmail addresses for that reason. Don't forget the xbox factor as well. That was cut in 2013 so there are still a lot of 18-30 somethings using hotmail addresses. Older people with fixed lines (and stability) tend to use ISP given addresses or their work accounts. Not the defacto e-mail address they ended up using from playing games or chatting with friends.
So really it's just another age / maturity indicator.
This legal request workload is actually a really big problem for multinational cloud providers.. That's a good business reason for using end-to-end encryption and other technical measures that would prevent the company from accessing or monitoring the data. If they can't see it or collect it, they can't disclose it. It's a lot easier to do that then spend thousands of man hours of legal time responding to complex access requests worldwide. The resulting services/devices are generally more secure and consumers like it, except when their device is locked out.
Patriot act etc. style provisions require hand over of records (such as Telco call logs used for billing) and allows foreign wire level snooping (ie. outsource spying to the UK/Canada/NZ/France etc.)
So really the answer to the Amazon question really depends on their current technical architecture. If they have clear records/files then they have to hand them over when asked.
The typical use is driving round continuously at maybe 20-25mph average patrolling a town/city I guess. So that car is going to last 4-5 hrs with a few donut stops. Police also operate 24 hrs, the car isn't expected to get a break. If they need to be ready to attend an incident a few miles out at any given time, it's easy to see how these things are totally impractical for police work. Maintaining a 2x-3x larger fleet for hot spares just seems to be throwing more money at a bad idea.
By way of comparison the london black cab company is producing a hybrid that can do 70 miles electric then a further 400 off gasoline. That sort of arrangement would have been much more suited to the police typical use. A city taxi isn't that different usage pattern to a police patroller.
Android changed this year. SafetyNet does make the android eco-system more secure. However, it does not make an individual phone any more secure for the end-user.
SafetyNet is a bit like tripwire. It does a verification of running root-level processes and sends a signed device checksum off to Google. If your device is rooted / has malware / etc. then it won't pass this check. There are no indicators to the end-user that something bad has happened to their phone except that any apps that use SafetyNet will no longer work - e.g. Pokemon Go, Android Pay and the PlayStore.
The phone will still be usable, you can still side-load apps etc. so this actually encourages end-users to continue to use a phone that's probably got malware.
Oh and you can still root a phone, then unroot it and it'll be happy again. This is a security layer that benefits the the app developers only, no more cheating at online games.
However - I would hope this change would give the vendors a real motivation to release updates. If Apps are "No longer compatible with this device" because they are not keeping the phone updated with new releases, then you'd have a real legal case to return the phone. Not so much in the US, but the EU has good consumer protection.
Jason.
Why? Apple has a lock through find my iphone as well as a way to force a phone to be enrolled through a specific MDM server. If any do go missing they do a remote wipe and ask for it to be returned. If the thief is stupid enough to try enrolling it, they'll know where from and who.
Jason.
I'm hooked and have been since it released.
The only problem with the game is that the levelling curve becomes really high from about level 22 onwards. At that point most people will fade out.
Jason.
This time is nearly over. Forced HSTS and OCSP stapling are some of the measures being used to fight against this. Focus on the end-point, web filtering has nearly had it's day.
Jason.
There are five of us also - monthly we use around 900GB to 1.3TB. This is mainly Netflix, Skype and other streaming services. We don't watch any 4K. We don't torrent.
This is on an unlimited 80/20 VDSL service in the UK.
Jason.
From the VISA Website "If your card is lost or stolen you should notify your bank as soon as possible. If anyone has fraudulently used your contactless card to make a payment, providing you take reasonable precautions to protect your card and let your bank know as soon as you realise it’s gone, you will not be responsible for any losses incurred (subject to your bank’s terms and conditions)."
In other words you are not responsible for any losses. Provided you report it lost as soon as you realise.
They are very low value for any fraudster - the best they can hope is a few contactless transactions and probably each one runs the risk of being caught (and on CCTV).
VISA seem prepared to take the hit - so what's the issue?
Jason
It's the intelligence of the reader - our library scanner can read multiple cards simultaneously. - because it's only a one way transaction. So it's perfectly possible to read.
The problem in a POS environment is they need to charge the transaction to one card only. Picking a random card in the customers wallet isn't appropriate.
This whole thing is nonsense anyway.. The reader will only show the publically available info which is the 16 card number and expiry. No CCV and No customer name. It's of no use whatsoever for online or contactless transactions.
About the only thing it could be good for is some casual analytics.
Jason.
Yes - but this appears even on files without any Macro content - just because the file came by e-mail. So files from internal recipients in a DOMAIN without Macros's have the SAME warning as an internet file with a Macro virus.
This is the stupidity.
Jason.
It's windows error reporting with a stupid name due to an air craft analogy.
It's for catching application crashes.
Jason
You will get a warning if you visit using Chrome or any other browser that supports key pinning / Strict Transport Security (HSTS). There are enough people using Chrome/Firefox for this to be an early warning system.
Jason
New chips are generally always backwards compatible. What MS is saying is that new features / flags / instructions will not be exposed.
Shrug.
And it wasn't that either..
It was more like, we "accidentally" found out some information about an employee, can we use it in a disciplinary. - Answer yes.
It sounds like some chat logs or similar were saved on the work PC and came up in an investigation, seems fair enough.
This isn't the mega ruling it seems.
Jason.
No we don't, but financial circumstances are taken into account. However, these are capped, so the rich don't suffer. I think it's Finland that link fines to percentages of weekly incoming or something.
Jason
Yes, it is easy now. It used to be harder. The PIC16F84? was the start of it getting easier, but it always used to require some pretty weird voltages. The pin-outs and programming routines were different for each device, so it was a right old mess. The adaptors and so on used to often be the most expensive part of a programmer.. These were essential when it wasn't possible to program in-system. So yes, anyway, it was expensive and a hobby itself to create a programmer.
Jason.
Wrong Placebo is usually more effective than no treatment.
Jason.
The Bank of England is I guess the equivilent of the federal reserve in the US. It's more of an arms-length somewhat independent institution that keeps an eye on the economy and sets interest rates etc. They are not big employers, this is just an observation.
Jason
Dunno how things are done in the US, but ballot boxes are sealed here (with actual lead / hard to change seals). The boxes are then couriered (with several different people accompanying the box) to a central location. There are various different registers that show who has attended the vote, what papers have been used. ie. Double Entry. with different people responsible for each register. Usually with a completely separate observer overseeing the ballot box.
At the count all the politicians and representatives can watch the boxes opened and counted. The teams responsible for counting boxes will not know ahead of time which box(es) they are counting. There are careful initial checks to count the papers, to ensure they tally with the registers. There are usually teams of about 8-9 people per box, with an overseer. The room is sealed / guarded. Politicians and representatives can ask for a recount. It is done then and there.
Any deviation from an X in one box on the voting paper, is carefully considered by a team of very senior well trained staff, with a very comprehensive manual to consider all the various ways that a vote can be considered valid or spoiled.
It would take an amazing level of conspiracy and corruption to rig a count in the UK. There are no volunteers, these people are usually paid (and paid well enough) for their role in the ballot and count. Consequences for interfering with the vote in any way are harsh and will include criminal charges as well as most likely loss of employment (staff typically are Local Government staff).
All these protocols would expose fraud or deception quite easily. It'd be simpler to put a gun to people on the way in to the count and tell them who to vote for and check they do this, than to actually create a convincing scenario where the count itself is corrupted.
I know techies often think traditional paper counts are more open to abuse, absolutely no way. If you've ever been at a count or worked with the people at the polling stations you would understand. The only problem is that a vote is expensive with all the oversight and double checking.
Jason
That the Gov cannot gain access to modern Apple and Microsoft devices. This legislation wouldn't be necessary otherwise. Microsoft and Apple have genuinely closed the encryption / key loopholes that would allow the authorities to force them to unlock these devices.
This is excellent news, now just to get this bill junked.
Jason.
Yes sure, you can enroll an iOS device in MDM and then send it an unlock command. The end-user has to agree and approve this first of all of course.
Apple have built the system so that it is immune to a direct unlock. Apple and Microsoft have been giving clear signals that they no longer want to be stuck in the middle of international legal / court disputes requiring them to unlock under court order. So they've re-engineered their encryption and unlock protocols so that they no longer hold any master keys / unlocks etc. This also makes these devices useless when stolen.
The only slightly questionable part is wether they can access any cloud backups. Although that might not be what the court asked.
Jason.