But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options)
What alternate options does Cloudfare provide that don't require a VPN? I didn't see them mentioned in the link you provided. Is it an https tunnel through their servers?
"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.
How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.
You can't improve your response to queries when you can't even get the query itself right. Siri still has trouble with basic dictation. Garbage In, Garbage Out.
The best definition of a bubble is when a large group of a population engages in profit-seeking behavior that has no net economic benefit. Tulip craze, flooz, housing bubble, and now cryptocurrency.
Google Being the default search engine (which you can change) is a FAR CRY from Apple handing over data THEY collect to them. So, is that the best you can do? Change your search to use DuckDuckGo, and STFU, Hater. You can do that in iOS and macOS.
Mr. Cook complains about Google's evil, privacy-invading practices, while collecting billions of dollars to enable Google's evil, privacy-invading evil practices from Apple's own customers. That is the best I can do because hypocrisy has never been done better than that.
How dark and dank a world you must live in, where everything is a conspiracy, and all people and corporations have no other motivation other than to see how much money and information and advantage they can gain on you.
June 2, 2015: Apple's Tim Cook Delivers Blistering Speech On Encryption, Privacy - "Cook lost no time in directing comments at companies (obviously, though not explicitly) like Facebook and Google, which rely on advertising to users based on the data they collect from them for a portion, if not a majority, of their income." https://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy/
Which likely means Facebook didn't want to pay Apple's price for allowing them to steal Apple's customers' privacy then. It seems Google is still happily paying that price, to the tune of billions of dollars a year.
It's the difference between shooting someone in the head yourself vs taking someone to a place where you know someone else will shoot them in the head, and then get paid for taking them there.
Apple also takes money from Google (billions per year to make Safari the default search engine) and likely Facebook (for deep IOS integration). So Apple doesn't take your data - they let others do it for them, and they receive a rich reward to let them do it.
He sold his soul to FB for $19B. That's an obscene amount of money so I certainly can't blame him. But don't come at us like you're the Pied Piper of privacy protection.
The planned obsolescence via expensive, non-user replaceable batteries isn't working like it used to. It's time for phone makers to come up with a more expensive part to wear out, one which can't so easily be manufactured by third parties. How about they start designing the screens to get dimmer over the life of the phone, so that by the third year they're completely dark? That should do the trick to get the upgrades rolling again.
This article reads like the unfinished outline of a Microsoft PowerPoint presentation. If Apple is as lazy in development as this author is in writing then it's no wonder iOS is a buggy mess.
Since the protection exceptions only happen in the speculated code which is never retired, they are not protection exceptions and the OS knows nothing about them.
That's incorrect. The exceptions occur, at least in the current working examples of the exploit. The Meltdown paper speculates about a possible technique of avoiding the exception by having the kernel-memory access logic within a conditional block that only gets executed speculatively by a trained branch-prediction path but I haven't seen any samples of that actually working.
Are you SURE that TSX is the issue? I didn't see anything in the article about TSX being the problem, but I'm not really read up on this.
TSX is what allows a Meltdown exploit to do its indirect probing of kernel space without generating exceptions the OS can detect. This allows it to execute much faster, and also avoid detection if the OS added the type of logic I suggested in my post.
Since Meltdown exploits require an enormous number of exceptions to walk all of kernel memory the threshold could be set high to avoid false-positives, maybe a thousand exceptions. After that the OS UI could pop up a warning, giving the user the option to either terminate and/or black-list the app. Or white-list it so that future exceptions would be allowed/ignored.
It seems to me the best way for Intel to pevent Meltdown exploits is by disabling Intel's TSX functionality (which I believe microcode can do), along with OS logic to terminate processes which generate an excessive number of protection exceptions for the same portion of code. The TSX change will force an exploit to throw exceptions for the indirect-memory access loop that probes for data values, and the OS change will then identify processes incurring these repeated exceptions inside a single block of code and then terminating it.
Slashdot Mirror
But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options)
What alternate options does Cloudfare provide that don't require a VPN? I didn't see them mentioned in the link you provided. Is it an https tunnel through their servers?
From the article:
"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.
How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.
You can't improve your response to queries when you can't even get the query itself right. Siri still has trouble with basic dictation. Garbage In, Garbage Out.
The best definition of a bubble is when a large group of a population engages in profit-seeking behavior that has no net economic benefit. Tulip craze, flooz, housing bubble, and now cryptocurrency.
Google Being the default search engine (which you can change) is a FAR CRY from Apple handing over data THEY collect to them.
So, is that the best you can do? Change your search to use DuckDuckGo, and STFU, Hater. You can do that in iOS and macOS.
Mr. Cook complains about Google's evil, privacy-invading practices, while collecting billions of dollars to enable Google's evil, privacy-invading evil practices from Apple's own customers. That is the best I can do because hypocrisy has never been done better than that.
Wrap another layer of tinfoil on that hat, buddy
How dark and dank a world you must live in, where everything is a conspiracy, and all people and corporations have no other motivation other than to see how much money and information and advantage they can gain on you.
June 2, 2015: Apple's Tim Cook Delivers Blistering Speech On Encryption, Privacy - "Cook lost no time in directing comments at companies (obviously, though not explicitly) like Facebook and Google, which rely on advertising to users based on the data they collect from them for a portion, if not a majority, of their income."
https://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy/
January 22, 2016: Google Paid Apple $1 Billion To Keep Search Bar On Iphone - Secret Sum Surfaced in Transcript of Court Proceedings From Oracle Corp.'s Copyright Lawsuit Against Google
http://adage.com/article/digital/google-paid-apple-1-billion-search-bar-iphone/302287/
Which likely means Facebook didn't want to pay Apple's price for allowing them to steal Apple's customers' privacy then. It seems Google is still happily paying that price, to the tune of billions of dollars a year.
It's the difference between shooting someone in the head yourself vs taking someone to a place where you know someone else will shoot them in the head, and then get paid for taking them there.
With a margin of error +/- 5% shenanigans.
Apple also takes money from Google (billions per year to make Safari the default search engine) and likely Facebook (for deep IOS integration). So Apple doesn't take your data - they let others do it for them, and they receive a rich reward to let them do it.
https://www.cnbc.com/2017/08/14/google-paying-apple-3-billion-to-remain-default-search--bernstein.html
He sold his soul to FB for $19B. That's an obscene amount of money so I certainly can't blame him. But don't come at us like you're the Pied Piper of privacy protection.
The planned obsolescence via expensive, non-user replaceable batteries isn't working like it used to. It's time for phone makers to come up with a more expensive part to wear out, one which can't so easily be manufactured by third parties. How about they start designing the screens to get dimmer over the life of the phone, so that by the third year they're completely dark? That should do the trick to get the upgrades rolling again.
It's hard to precisely match the tint and odor.
It's not every day that people are willing to give you millions of dollars in real money in exchange for tokens of fake money.
It's short for We don't give "two fucks, asshole".
This article reads like the unfinished outline of a Microsoft PowerPoint presentation. If Apple is as lazy in development as this author is in writing then it's no wonder iOS is a buggy mess.
It's so they can piss on us and say it's raining.
"Sorry, I wasn't able to find sod around the woods for pounding sneakers. Here are some web results though."
Since the protection exceptions only happen in the speculated code which is never retired, they are not protection exceptions and the OS knows nothing about them.
That's incorrect. The exceptions occur, at least in the current working examples of the exploit. The Meltdown paper speculates about a possible technique of avoiding the exception by having the kernel-memory access logic within a conditional block that only gets executed speculatively by a trained branch-prediction path but I haven't seen any samples of that actually working.
Are you SURE that TSX is the issue? I didn't see anything in the article about TSX being the problem, but I'm not really read up on this.
TSX is what allows a Meltdown exploit to do its indirect probing of kernel space without generating exceptions the OS can detect. This allows it to execute much faster, and also avoid detection if the OS added the type of logic I suggested in my post.
So you do 500 tests before you spawn a new process...
Which the OS could alert the user to as well. It doesn't have to be confined to the number of exceptions for a single process.
Even if this pseudo-fix actually worked, it would only fix Meltdown and not Spectre.
It's only meant to address Meltdown, and without the performance penalty of moving the kernel out of the user process's address table.
GREAT IDEA!!! So how many is "excessive"?
Since Meltdown exploits require an enormous number of exceptions to walk all of kernel memory the threshold could be set high to avoid false-positives, maybe a thousand exceptions. After that the OS UI could pop up a warning, giving the user the option to either terminate and/or black-list the app. Or white-list it so that future exceptions would be allowed/ignored.
It seems to me the best way for Intel to pevent Meltdown exploits is by disabling Intel's TSX functionality (which I believe microcode can do), along with OS logic to terminate processes which generate an excessive number of protection exceptions for the same portion of code. The TSX change will force an exploit to throw exceptions for the indirect-memory access loop that probes for data values, and the OS change will then identify processes incurring these repeated exceptions inside a single block of code and then terminating it.
-Steven Colbert, 2006 White House Correspondents' Dinner