But why not? It will have a microphone, camera, likely IR to work as a remote control, be autonomous, have internet access - what could possibly go wrong?
If the traffic is HTTPS : in that case, the exit node sees the conenction to the:443 TCP port. But from this point onward, the browser and the web server negociate a connection. Only an entity possessing the private keys of webserver could successfully impersonate the server and pull a man-in-the-middle. Other wise you need to hope that the browser is stupid enough to trust your shady certificate authority
Or hope that the ones running the exit node doesn't also have thumbscrews on as much as a single entity that issues certificates and is a root CA in the certificate stores of most browsers. How much are you willing to bet that TLAs in the US cannot get certs issued by one of the many US CAs in order to monitor traffic to a given web site?
Also in the specific case of "high illegal source": if even The Piratebay and Duck Duck Go have.onion addresses (as I've mentioned in my 3rd part), you can bet that the juicy stuff that law enforcement would be aiming (whatever is the current descendant of Silk Road ?) has also an onion address and no exit node will ever see the traffic.
An.onion address isn't much help if any part of the rest of the URL is on a special interest list. azix723czou5pTr1k.onion/illegal/content/terrorists_handbook.pdf or th3b9eex7781fgp.onion/vajiralongkorn-buggering-a-pig.png are flags as good as any. Never mind that the.onion addresses are persistent for long enough that the surveillance teams who also browse the illegal content can easily add them to their own scan lists. They don't need to know the IP address or DNS name of a site - all they need to know is that the.onion address at one point pointed to Trigger Site, and scour logs. Even old logs, scanned over again after they map another.onion.
you can bet that the juicy stuff that law enforcement would be aiming (whatever is the current descendant of Silk Road ?) has also an onion address and no exit node will ever see the traffic
I think you misunderstand how Tor works. There will always be an exit node. Earlier, you could specify an exit node with.exit, which ensures that that node is trusted by the destination site, but that has been deprecated (it also allowed goons to take over the exit node, or DoS it, or otherwise interfere).
Rogue exit nodes exist, and they are heavily used. They would not be if there was nothing to gain from it, but there certainly is.
The main problem is inherited trust. You trust someone, but then you also trust who they trust, and in turn who they trust. That is a prevalent weakness in almost all distributed systems, and a very human flaw. It's built in to our brains to do that, as it assists in survival when living with other human beings. But it is a WTF thing to do in security. Friends of friends are easily your enemy. And for TOR, you generally (unless you're a geek) even trust strangers directly. The original Freenet had some steps to avoid this. But when they revamped it, they fell into that trap too. Where it earlier was unusable due to latency, it became less secure due to inherited trust.
WE are the problem. How we design things is irrational, and based on human concepts and gut feelings that don't work for computer networks.
This is explicitly addressed by TOR : - TOR itself constantly changes routes. An entity that doesn't control all or a very large fraction of all exit nodes will only see occasional glimpses of out traffic.
A single glimpse is enough. The problem isn't listening on your continued traffic, but being able to fingerprint any users who use that exit node as little as once.
- You are definitely not alone on TOR, some people simply use it for general anonymity or just for shit and giggles, meaning that your traffic will by mixed with traffic of lots of other people, even on the same exit-node - TOR is a high latency network (multiple jump point) - All of the above simultaneously make very hard to correlate input and output traffic.
You don't need to correlate input and output traffic. All you need is to log outgoing requests, and at your leisure grep for destinations you don't like, and check the fingerprint of those requests against big entities like Google, PayPal and banks.
If any of the accesses to a highly illegal source have fairly unique fingerprint that any entity is able to match to a person, you get a court order to search that person's computer for evidence.
"any of the countries that roll over to please the US"
Which is most all of them.
Of the countries in the world, depending on how you count, the US does not have extradition treaties or mutual police cooperation with 83-88 of them. Quite a few of these offer VPN solutions.
And over the last couple of decades, relations have soured with several former partners too, especially where there are conflicting laws about human rights. Perhaps especially in cases of Internet and citizen's data protection rights. In The recent action against child pornography, for example, met resistance from several European partners when it became clear that US agents had hacked computers on foreign soil, tainting the evidence and in effect making many of the suspects immune to prosecution as a result.
- it's a bit better than VPN at hiding your activity from 3rd parties, because there's no single entity that has a complete overview over all your traffic. Everyone only sees small bits of your traffic mixed with small bits of every one else on TOR. To keep the "cable" metaphore, it would take the police to post one officer in each of your neighborhood's house (including to the redneck that will proudly shoot anyone step un-invited on his home ground) to monitor as many exit points as possible, and another officer at the McDonalds trying to notice when traffic goes out to try to correlate with the observations spread over all the potential exit points.
The flip side is that if any one of the exit points are monitored by an entity, and your browser traffic can be fingerprinted, they now have you on the radar, and can obtain data matching your fingerprint to a person from sites that collect the data (like online payment sites and banks, and ad aggregators that are partners with shopping sites).
Say you want to hide that you visit sedition.ve. If you use a VPN in, say, Russia, the government can only see that you accessed the VPN. If you use Tor, and as little as one of the exit nodes in the network is run by a government entity, you sooner or later will stumble upon that exit node, and the government will see that someone accessed sedition.ve, and the request details in the request. If http, they have a full fingerprint. If https, if they also have a proxy in front of the endpoint, and enough clout to get as much as one of the certificate authorities in your OS' or browser's certificate store to issue a fake cert, they can also fingerprint you. Now they can go to, say, Google, and request all information that matches the fingerprint. That can easily match to your person. So instead of snooping your ISP to gather evidence, they can send a van to your physical address.
Is this a problem? Well, some have estimated that in some jurisdictions, as much as 10% of all Tor endpoints is run by or monitored by state sponsored agents.
Tl;dr: While you reduce the risk of your traffic being monitored with Tor, you increase the risk of being caught in dragnets by multiplying your exposure.
and the ISP selling you the VPN has to hand out the information about who rented that box.
Only if the ISP is doing business in the same jurisdiction, or is in a country that is a de facto suzerainty to the country that seeks the information. If in the US, avoid any ISP that has any office or serves in the US or any of the countries that roll over to please the US.
Any one along the way can inject MiTM JavaScript attacks to benign html. They can replace images. They can replace content itself. They can do anything, and in many places they actually are doing it.
Sure, and I find that much less of a privacy problem than Google (and anyone who can serve Google a letter) building a complete dossier on what we surf. The difference between obtaining one datum and obtaining all data.
You don't get it? Privacy. I really don't give a flying f if I'm looking a recipe for peanut butter cookies, it's no one elses business and HTTPS means you have no idea what I'm looking at, just which server.
Privacy is indeed the worry. With HTTPS, those who run the recipe site and their "partners" like Google knows who looked at the recipe for peanut butter cookies. The biggest privacy problem isn't people sitting in the middle snooping on the traffic, but the remote endpoints collecting data on you. HTTPS makes that easier, which is why Google is all for it. It's not out of the goodness of their hearts and concern for anything but the advertising dollars.
Because in my desktop browser (and whenever possible on my Android) I click links in my Bookmarks or just type the URL into Firefox (not Chrome) and go direct to the site. How could Google intercept that?
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
No prize for guessing where the google-analytics.com request goes to. When using https, the request will go directly to Google, who will know your IP and browser fingerprint. When using http, Google can't know whether it's you or someone on behalf of you, and may not even get a hit, because it's cached in a proxy.
Authentication means proving the identity of the party you're communicating with. It has nothing to do with encryption, other than the fact that certain tools can be useful for both purposes.
You are a good example of why a little knowledge is dangerous. The problem isn't authentication, but that an unintercepted endpoint-to-endpoint connection tells you who requests an URL.
When a user goes through a caching proxy server (which can very well be transparent and at the ISP) with a http request, all the remote web server sees is the IP address of the proxy server, and when others access the same resource while it is still fresh, the remote web server sees nothing at all because it's served from cache. This is a thorn in the side for Google, whose money making model relies on knowing who accesses which pages and sees which ads. Enforcing https helps them achieve that. While users can use https through proxies, it requires hoops like importing and maintaining CA certificates which no regular user is going to go through, and lowers security in that what should be secure like banking information can also get cached along with the kitty pics. So leave the kitty pics and weather reports on http, and banking and political discussions on https. The best of both worlds. Choice. Yours, not Google's.
Why not? Do you speak in code to other people? Do you watch billboards where you have to decrypt the message?
Information needs to be free. Not subject to logging who saw it, requiring extra resources on the sending and receiving end, and disappearing when certificates expire and the one to renew them is dead.
Despite Google's other not so nice activities, I gotta give them a thumbs-up here. Getting the web to transition away from HTTP to HTTPS is fantastic. There's no reason for skimping on your web server anymore, encryption is easy and even crappy virutal machines can serve up HTTPS without issue. Good job Google.
You're too quick go give them credit. Follow the money trail. HTTPS and SPDY makes it far easier to ensure that ads are transmitted, and to whom. That HTTPS largely defeats anonymous proxy caching and other techniques that makes counting ad impressions harder is why Google pursues it; security is how they sell it, despite it being slower, to a high degree defeats bandwidth saving techniques, and requires extra resources on both server and client endpoints.
There's little reason why publicly available non-controversial information should be encrypted, and that makes up the majority of the web. Snooping traffic generally doesn't happen mid-transfer, but at the end point, by companies like Google and their partners. HTTPS does nothing to prevent that.
Getting companies to agree on a security standard? Good luck with that,
Blackhats love security standards. That's documentation that makes life much simpler. It's like a HOA that mandates that all front doors must have locks of one particular brand, and that audible alarms must be tested every 30 days.
Also, as/.ers usually are quick to point out: Correlation is not causation.
There are likely many other reasons too for why traffic deaths are up. One of them is the elephant in the room that it's taboo to talk about: Suicide by car; a method that when well executed leaves little evidence, and allow for people hitting hard times to exit with a substantial payout to their loved ones. As more people hit hard times due to rising health care costs and job/pension uncertainties, the amount of suicides go up. Another is that there are more and faster cars per mile of road every year. It's not a linear equation, where the amount of accidents follow the number of cars. The accident rate increases more than that because there are more other cars to hit or to hit you, and they have the ability to go faster. A third factor is road maintenance. Rome 2.0 is dying, and cuts have to be made to pay for panem et circenses. Budgets are being cut in most states.
Does increased cell phone usage play a role? Probably. But how much of a role is hard to determine.
If they can still centrally read all GMail, then so can anyone else (with a large enough budget).
Or anyone with a secret court order or national security letter.
That doesn't just include the government, but any individual working for the government in a position to gain such access, as well as anyone who controls such a person. And anyone who works in a position of trust in Google, and anyone who controls such a person. And anyone who has breached either Google's or the government's security.
Whoops. He had an enemy. Now he's just less one bullet.
You don't just eliminate enemies by killing them. You create enemies that way - the relatives, friends and sympathizers of the ones you kill. There's a limit to how many you can kill before you become eliminated.
Think of what I said. Writing down, by hand, the price of EVERY item in a grocery store. Multiple times, as many as you have checkouts at the store. You'd have to shut down the store just to wait for those lists to be ready.
How do you think stores worked before there were 24/7 self-serve supermarkets? These are not problems that people haven't already dealt with (or still do, in rural areas).
The by far largest part of the value of gold is 'it looks nice, I want some!'
Brass looks nice too. For most people, it's hard to tell from gold. But gold is malleable and doesn't corrode and tarnish. Gold jewelry looks lovely even when you've grown old.
How will you stop me from taking your gold when I have a gun pointed at you?
The common way in literature is to convince the assailant that you're worth more alive than dead, due to skills or knowledge that would be lost with you. The assailant, on the other hand, will always be a target because he has weapons, goods and enemies.
Guns can, believe it or not, be used for hunting non-human animals.
Look at the areas of the world where there have been great humanitarian catastrophes. People with guns almost invariably use them against fellow man. It's far less work to use a gun to bully the food from someone else than it is to hunt.
And even if you use it to hunt, there will be someone else with a gun who goes for the far less work option. And because you have a gun too, they team up to outgun individuals like you. If you have a gun, the real choice is between joining a militia that exploits people, or death. Few choose death.
I'm not sure when I last saw a bin that didn't include an ashtray in its design. Do people violently oppose installing them where you live?
No, but they're either designed by someone who has never been around smokers and lack a way to extinguish or de-ember cigarettes, they are waterlogged due to bad placement or lack of awning, or if by a miracle they are actual usable ashtrays, they're full of paper waste that others have tossed there, being too lazy to even aim for the hole a few inches lower, making it hazardous to use them as an ashtray.
Egotism and laziness isn't something that smokers have a monopoly on. I remember my old place of work, where the smoking room had a sign saying "If you don't put teabags in my ashtray, I won't put cigarette butts in your tea".
I don't see cigarette butts as more of a problem than leaves or dead insects. Since the 60s, filters are made to dissolve, and the tobacco, well that's leaves. Chewing gum and bottle caps is a much bigger menace in my opinion.
There are lots of other options. Carry your own ashtray with a lid. I've even seen nice leather cases that do that duty. They're stylish and everything.
Yeah, and you can trade them in for a Mogwai.
But they require both hands, and from what I can tell, smokers a much as anyone else often carry stuff. Any solution expected to work has to be convenient. Perhaps the greatest convenience is to ban smoking altogether and subsidize personal mist devices for ex-smokers.
A problem I see as bigger is bottlecaps. They harm nature more than cigarette butts which dissolve within months.
Why is there an expectation that ashtrays should be provided at any random spot that someone might finish smoking? Like any other trash, hold onto it until there is a proper place to dispose of it.
Unless there's a chance to stub it out, a typical cigarette will continue burning and melt the filter, and create a stench that's far worse than the tobacco smell, or burn the person's fingers. Or did you want them to stub it out on the nearest wall? Some do, and I think that's a far worse solution than dropping it and stepping on it.
Best would be if smokers didn't smoke, but they do, and I personally prefer to (a) provide usable ashtrays, and when ashtrays aren't available, (b) for the smoker to dispose of the fire hazard on a patch of fire-proof ground, not a container of flammables, and (c) any other solution.
Slashdot Mirror
But why not? It will have a microphone, camera, likely IR to work as a remote control, be autonomous, have internet access - what could possibly go wrong?
If the traffic is HTTPS : :443 TCP port. But from this point onward, the browser and the web server negociate a connection.
in that case, the exit node sees the conenction to the
Only an entity possessing the private keys of webserver could successfully impersonate the server and pull a man-in-the-middle. Other wise you need to hope that the browser is stupid enough to trust your shady certificate authority
Or hope that the ones running the exit node doesn't also have thumbscrews on as much as a single entity that issues certificates and is a root CA in the certificate stores of most browsers.
How much are you willing to bet that TLAs in the US cannot get certs issued by one of the many US CAs in order to monitor traffic to a given web site?
Also in the specific case of "high illegal source": if even The Piratebay and Duck Duck Go have .onion addresses (as I've mentioned in my 3rd part), you can bet that the juicy stuff that law enforcement would be aiming (whatever is the current descendant of Silk Road ?) has also an onion address and no exit node will ever see the traffic.
An .onion address isn't much help if any part of the rest of the URL is on a special interest list. azix723czou5pTr1k.onion/illegal/content/terrorists_handbook.pdf or th3b9eex7781fgp.onion/vajiralongkorn-buggering-a-pig.png are flags as good as any. .onion addresses are persistent for long enough that the surveillance teams who also browse the illegal content can easily add them to their own scan lists. They don't need to know the IP address or DNS name of a site - all they need to know is that the .onion address at one point pointed to Trigger Site, and scour logs. Even old logs, scanned over again after they map another .onion.
Never mind that the
you can bet that the juicy stuff that law enforcement would be aiming (whatever is the current descendant of Silk Road ?) has also an onion address and no exit node will ever see the traffic
I think you misunderstand how Tor works. There will always be an exit node. Earlier, you could specify an exit node with .exit, which ensures that that node is trusted by the destination site, but that has been deprecated (it also allowed goons to take over the exit node, or DoS it, or otherwise interfere).
Rogue exit nodes exist, and they are heavily used. They would not be if there was nothing to gain from it, but there certainly is.
The main problem is inherited trust. You trust someone, but then you also trust who they trust, and in turn who they trust. That is a prevalent weakness in almost all distributed systems, and a very human flaw. It's built in to our brains to do that, as it assists in survival when living with other human beings. But it is a WTF thing to do in security. Friends of friends are easily your enemy. And for TOR, you generally (unless you're a geek) even trust strangers directly.
The original Freenet had some steps to avoid this. But when they revamped it, they fell into that trap too. Where it earlier was unusable due to latency, it became less secure due to inherited trust.
WE are the problem. How we design things is irrational, and based on human concepts and gut feelings that don't work for computer networks.
This is explicitly addressed by TOR :
- TOR itself constantly changes routes. An entity that doesn't control all or a very large fraction of all exit nodes will only see occasional glimpses of out traffic.
A single glimpse is enough. The problem isn't listening on your continued traffic, but being able to fingerprint any users who use that exit node as little as once.
- You are definitely not alone on TOR, some people simply use it for general anonymity or just for shit and giggles, meaning that your traffic will by mixed with traffic of lots of other people, even on the same exit-node
- TOR is a high latency network (multiple jump point)
- All of the above simultaneously make very hard to correlate input and output traffic.
You don't need to correlate input and output traffic. All you need is to log outgoing requests, and at your leisure grep for destinations you don't like, and check the fingerprint of those requests against big entities like Google, PayPal and banks.
If any of the accesses to a highly illegal source have fairly unique fingerprint that any entity is able to match to a person, you get a court order to search that person's computer for evidence.
"any of the countries that roll over to please the US"
Which is most all of them.
Of the countries in the world, depending on how you count, the US does not have extradition treaties or mutual police cooperation with 83-88 of them. Quite a few of these offer VPN solutions.
And over the last couple of decades, relations have soured with several former partners too, especially where there are conflicting laws about human rights.
Perhaps especially in cases of Internet and citizen's data protection rights. In The recent action against child pornography, for example, met resistance from several European partners when it became clear that US agents had hacked computers on foreign soil, tainting the evidence and in effect making many of the suspects immune to prosecution as a result.
- it's a bit better than VPN at hiding your activity from 3rd parties, because there's no single entity that has a complete overview over all your traffic. Everyone only sees small bits of your traffic mixed with small bits of every one else on TOR.
To keep the "cable" metaphore, it would take the police to post one officer in each of your neighborhood's house (including to the redneck that will proudly shoot anyone step un-invited on his home ground) to monitor as many exit points as possible, and another officer at the McDonalds trying to notice when traffic goes out to try to correlate with the observations spread over all the potential exit points.
The flip side is that if any one of the exit points are monitored by an entity, and your browser traffic can be fingerprinted, they now have you on the radar, and can obtain data matching your fingerprint to a person from sites that collect the data (like online payment sites and banks, and ad aggregators that are partners with shopping sites).
Say you want to hide that you visit sedition.ve. If you use a VPN in, say, Russia, the government can only see that you accessed the VPN. If you use Tor, and as little as one of the exit nodes in the network is run by a government entity, you sooner or later will stumble upon that exit node, and the government will see that someone accessed sedition.ve, and the request details in the request. If http, they have a full fingerprint. If https, if they also have a proxy in front of the endpoint, and enough clout to get as much as one of the certificate authorities in your OS' or browser's certificate store to issue a fake cert, they can also fingerprint you.
Now they can go to, say, Google, and request all information that matches the fingerprint. That can easily match to your person.
So instead of snooping your ISP to gather evidence, they can send a van to your physical address.
Is this a problem? Well, some have estimated that in some jurisdictions, as much as 10% of all Tor endpoints is run by or monitored by state sponsored agents.
Tl;dr: While you reduce the risk of your traffic being monitored with Tor, you increase the risk of being caught in dragnets by multiplying your exposure.
and the ISP selling you the VPN has to hand out the information about who rented that box.
Only if the ISP is doing business in the same jurisdiction, or is in a country that is a de facto suzerainty to the country that seeks the information.
If in the US, avoid any ISP that has any office or serves in the US or any of the countries that roll over to please the US.
Any one along the way can inject MiTM JavaScript attacks to benign html. They can replace images. They can replace content itself. They can do anything, and in many places they actually are doing it.
Sure, and I find that much less of a privacy problem than Google (and anyone who can serve Google a letter) building a complete dossier on what we surf. The difference between obtaining one datum and obtaining all data.
You don't get it? Privacy. I really don't give a flying f if I'm looking a recipe for peanut butter cookies, it's no one elses business and HTTPS means you have no idea what I'm looking at, just which server.
Privacy is indeed the worry. With HTTPS, those who run the recipe site and their "partners" like Google knows who looked at the recipe for peanut butter cookies.
The biggest privacy problem isn't people sitting in the middle snooping on the traffic, but the remote endpoints collecting data on you. HTTPS makes that easier, which is why Google is all for it. It's not out of the goodness of their hearts and concern for anything but the advertising dollars.
Because in my desktop browser (and whenever possible on my Android) I click links in my Bookmarks or just type the URL into Firefox (not Chrome) and go direct to the site. How could Google intercept that?
Web bugs and scripts. Like on this very page:
No prize for guessing where the google-analytics.com request goes to. When using https, the request will go directly to Google, who will know your IP and browser fingerprint. When using http, Google can't know whether it's you or someone on behalf of you, and may not even get a hit, because it's cached in a proxy.
Authentication means proving the identity of the party you're communicating with. It has nothing to do with encryption, other than the fact that certain tools can be useful for both purposes.
You are a good example of why a little knowledge is dangerous.
The problem isn't authentication, but that an unintercepted endpoint-to-endpoint connection tells you who requests an URL.
When a user goes through a caching proxy server (which can very well be transparent and at the ISP) with a http request, all the remote web server sees is the IP address of the proxy server, and when others access the same resource while it is still fresh, the remote web server sees nothing at all because it's served from cache. This is a thorn in the side for Google, whose money making model relies on knowing who accesses which pages and sees which ads.
Enforcing https helps them achieve that. While users can use https through proxies, it requires hoops like importing and maintaining CA certificates which no regular user is going to go through, and lowers security in that what should be secure like banking information can also get cached along with the kitty pics.
So leave the kitty pics and weather reports on http, and banking and political discussions on https.
The best of both worlds. Choice. Yours, not Google's.
Why not? Do you speak in code to other people? Do you watch billboards where you have to decrypt the message?
Information needs to be free. Not subject to logging who saw it, requiring extra resources on the sending and receiving end, and disappearing when certificates expire and the one to renew them is dead.
Look for the simplest solutions. Like Mac users visiting shopping sites more. i.e. a correlation between being a consumerist and using a Mac.
Despite Google's other not so nice activities, I gotta give them a thumbs-up here. Getting the web to transition away from HTTP to HTTPS is fantastic. There's no reason for skimping on your web server anymore, encryption is easy and even crappy virutal machines can serve up HTTPS without issue. Good job Google.
You're too quick go give them credit. Follow the money trail. HTTPS and SPDY makes it far easier to ensure that ads are transmitted, and to whom. That HTTPS largely defeats anonymous proxy caching and other techniques that makes counting ad impressions harder is why Google pursues it; security is how they sell it, despite it being slower, to a high degree defeats bandwidth saving techniques, and requires extra resources on both server and client endpoints.
There's little reason why publicly available non-controversial information should be encrypted, and that makes up the majority of the web. Snooping traffic generally doesn't happen mid-transfer, but at the end point, by companies like Google and their partners. HTTPS does nothing to prevent that.
Getting companies to agree on a security standard? Good luck with that,
Blackhats love security standards. That's documentation that makes life much simpler.
It's like a HOA that mandates that all front doors must have locks of one particular brand, and that audible alarms must be tested every 30 days.
Also, as /.ers usually are quick to point out: Correlation is not causation.
There are likely many other reasons too for why traffic deaths are up.
One of them is the elephant in the room that it's taboo to talk about: Suicide by car; a method that when well executed leaves little evidence, and allow for people hitting hard times to exit with a substantial payout to their loved ones. As more people hit hard times due to rising health care costs and job/pension uncertainties, the amount of suicides go up.
Another is that there are more and faster cars per mile of road every year. It's not a linear equation, where the amount of accidents follow the number of cars. The accident rate increases more than that because there are more other cars to hit or to hit you, and they have the ability to go faster.
A third factor is road maintenance. Rome 2.0 is dying, and cuts have to be made to pay for panem et circenses. Budgets are being cut in most states.
Does increased cell phone usage play a role? Probably. But how much of a role is hard to determine.
If they can still centrally read all GMail, then so can anyone else (with a large enough budget).
Or anyone with a secret court order or national security letter.
That doesn't just include the government, but any individual working for the government in a position to gain such access, as well as anyone who controls such a person. And anyone who works in a position of trust in Google, and anyone who controls such a person.
And anyone who has breached either Google's or the government's security.
The front door is the least of the worries here.
Whoops. He had an enemy. Now he's just less one bullet.
You don't just eliminate enemies by killing them. You create enemies that way - the relatives, friends and sympathizers of the ones you kill.
There's a limit to how many you can kill before you become eliminated.
Think of what I said. Writing down, by hand, the price of EVERY item in a grocery store. Multiple times, as many as you have checkouts at the store. You'd have to shut down the store just to wait for those lists to be ready.
How do you think stores worked before there were 24/7 self-serve supermarkets? These are not problems that people haven't already dealt with (or still do, in rural areas).
The by far largest part of the value of gold is 'it looks nice, I want some!'
Brass looks nice too. For most people, it's hard to tell from gold. But gold is malleable and doesn't corrode and tarnish. Gold jewelry looks lovely even when you've grown old.
How will you stop me from taking your gold when I have a gun pointed at you?
The common way in literature is to convince the assailant that you're worth more alive than dead, due to skills or knowledge that would be lost with you.
The assailant, on the other hand, will always be a target because he has weapons, goods and enemies.
Guns can, believe it or not, be used for hunting non-human animals.
Look at the areas of the world where there have been great humanitarian catastrophes. People with guns almost invariably use them against fellow man. It's far less work to use a gun to bully the food from someone else than it is to hunt.
And even if you use it to hunt, there will be someone else with a gun who goes for the far less work option. And because you have a gun too, they team up to outgun individuals like you.
If you have a gun, the real choice is between joining a militia that exploits people, or death. Few choose death.
I'm not sure when I last saw a bin that didn't include an ashtray in its design. Do people violently oppose installing them where you live?
No, but they're either designed by someone who has never been around smokers and lack a way to extinguish or de-ember cigarettes, they are waterlogged due to bad placement or lack of awning, or if by a miracle they are actual usable ashtrays, they're full of paper waste that others have tossed there, being too lazy to even aim for the hole a few inches lower, making it hazardous to use them as an ashtray.
Egotism and laziness isn't something that smokers have a monopoly on. I remember my old place of work, where the smoking room had a sign saying "If you don't put teabags in my ashtray, I won't put cigarette butts in your tea".
I don't see cigarette butts as more of a problem than leaves or dead insects. Since the 60s, filters are made to dissolve, and the tobacco, well that's leaves. Chewing gum and bottle caps is a much bigger menace in my opinion.
There are lots of other options. Carry your own ashtray with a lid. I've even seen nice leather cases that do that duty. They're stylish and everything.
Yeah, and you can trade them in for a Mogwai.
But they require both hands, and from what I can tell, smokers a much as anyone else often carry stuff. Any solution expected to work has to be convenient. Perhaps the greatest convenience is to ban smoking altogether and subsidize personal mist devices for ex-smokers.
A problem I see as bigger is bottlecaps. They harm nature more than cigarette butts which dissolve within months.
Why is there an expectation that ashtrays should be provided at any random spot that someone might finish smoking? Like any other trash, hold onto it until there is a proper place to dispose of it.
Unless there's a chance to stub it out, a typical cigarette will continue burning and melt the filter, and create a stench that's far worse than the tobacco smell, or burn the person's fingers. Or did you want them to stub it out on the nearest wall? Some do, and I think that's a far worse solution than dropping it and stepping on it.
Best would be if smokers didn't smoke, but they do, and I personally prefer to (a) provide usable ashtrays, and when ashtrays aren't available, (b) for the smoker to dispose of the fire hazard on a patch of fire-proof ground, not a container of flammables, and (c) any other solution.