Don't publish anything that wouldn't hold up in a criminal investigation
Sir, we have photographic evidence that you were at this location around the time of a nearby murder, we'd like you to come down to the station for "questioning."
Securing your local data is easy, because you have end-to-end control. Securing email is complicated because you'll never be able to maintain complete control. It requires coordination and mutual understanding between you and everyone you email, and that's just not going to happen unless you're in a tightly-controlled organization and all of your communication is internal. I'm assuming you're an end-user at home, not an IT manager in a large corporate environment.
If your ISP allows it (and that's a big if in today's spam wars), you could run your own email server to host email service for yourself, your family and your friends and require SSL/TLS connections for all communication. Don't forget TrueCrypt or luks/dm-crypt for disk encryption on the server itself. But this only protects against eavesdropping and snooping for email users on your hosted service. There's basically nothing you can do about emails sent or received from outside of your own service. And then there's the assumption that email recipients inside of your hosted service will adequately secure their own devices (good luck getting grandma to use TrueCrypt).
If you can actually accomplish this, well, you have better powers of persuasion than I (my boss is a smart and tech savvy guy and I can't even convince him). Your best bet is: don't use email for anything you wouldn't want publicized.
It may seem a bit overkill, but I already had a web server setup at home to host my own personal (low traffic) website, so I was mostly there already.
At some point, I needed to send someone a private document that I didn't want intercepted by eavesdropping, so I created an SSL-only vsite subdomain in Apache, uploaded the document and simply provided an HTTPS link to the recipient. Add HTTP auth with.htaccess/.htpasswd to require a login and make the login something you've predetermined with the recipient or based on a clue that only the recipient would be able to decipher. Also use "Options -Indexes" and create a robots.txt to deny all bots for further obfuscation.
For extra security, use cron or something to delete the file after a couple of days or tail Apache's access log to see when the file is accessed by your recipient and manually delete it after it's downloaded.
It took me about an hour to figure out how to setup SSL the first time. If you want to use this method, I imagine it would take a 3 hours or so to initially set this up in a VM on your computer (you could use something like Turnkey Linux' LAMP stack to make it really easy). After that, it's just a matter of a couple of minutes to send each secured file by uploading the file and creating user creds.
Did you really think carriers would actually offer something that's anything more than dressed up as a deal? A family plan saves money... for *them*, ie.: the lowered cost of billing.
Your best deal, as always: don't get sucked in by OOOH SHINY! and a ripoff contract, just buy your own phone privately and put a SIM card on whatever plan you want.
What is this ethanol problem of which you speak? Are ethanol vehicles so prone to leaking fumes that they get you high while you're driving or are people drinking this stuff now?
Amazingly, it has a profoundly simple solution: apply copyright only to *commercial* usages, the way originally functioned and was intended to be.
Having copyright apply to everyone is like requiring everyone to give all of personal transactions oversight by the SEC. Borrow $10 for lunch? Bet a fiver with your buddy over tonight's game? Birthday gifts for your kids? Gotta register and report it!
*That* is how absurd and asinine it is to apply copyright to personal use.
I guess that depends on your world view and personal philosophy. I don't think I'd be able to live with myself working for any organization that commits such atrocities, regardless of what department employed me. You're still in the same organization and you are still contributing to the problem indirectly (maybe that new encryption system you're developing will be used as part of a program injected into systems to spy on citizens)
I realize no organization is sparkling clean, but I know I'd sleep a lot better at night working for an organization whose overarching purpose aims for the betterment of society or at least *doesn't* cause detriment.
TrueCrypt is extremely simple to use and it holds your hand tightly through the entire process. It is really one of the best examples of good open software, where it makes an otherwise complex task very simple. There are no usability gaps typically seen in open source software and it's very well documented.
SSL works fine without a CA cert, but browsers have actually gotten a lot worse at making it a clear process to accept self-signed cert. They used to just allow it through and give you a different padlock icon or something, now it's this big warning that prompts a bunch of reading and clicks to bypass. In other words, it used to be passive notification, now it's an active one.
Email encryption is a problem of coordination and logistics. It's not possible to make a one-click "Encrypt this Email" button because there's the offline factor of key exchange. I haven't even met a lot of people I email, how is this supposed to work?
TOR isn't simple? Download the standalone TOR bundle, open when done. Anyone for whom that is difficult is someone who barely uses computers at all.
So, it's a matter of both. Some have dealt well with the ease-of-use barrier, some haven't. But the problem nearly all of them still face is a lack of public awareness and an excess of apathy towards personal privacy.
I'm neither and they annoy the hell out of me; and those little "validation games" (dump the fish into the bucket, or whatever) are ridiculous time-wasters. I'm also a web developer, so there's that. CAPTCHAs are for lazy web developers to offload the task of anti-bot protection to the user.
Create some dynamic form elements that only display via Javascript DOM and are required by a backend script. Create a per-IP limitation on registrations per 10 minutes. Require a minimum time between form loading and form submission. Require a cookie to submit the form.
The point is: the more variety of anti-bot systems that exist, the less attractive a target there is for bot makers.
What people don't seem to understand is that police lie. ALL. THE. TIME. They lie selfishly, indiscriminately and callously. They lie overly and omittingly. They lie to suspects, witnesses, passers-by, judges, and juries. They lie in public and under oath. They lie to deceive, coerce and intimidate.
And they get away with it. ALL. THE. TIME.
Go watch the ubiquitous Don't Talk to the Police video. I know you've already watched it. Watch it again. Especially the part where the police officer explicitly states that he and all police officers are "professional liars."
These thoughts have been bouncing around in my head for a while now. I've been following a steady stream of stories and reports chronicling the continual demonization of stigmatization of "hackers" and generally technologically proficient people in general.
People misunderstand or refuse to understand at all. The negative perception caused partly by a few ne'er-do-wells and mostly by corporate propaganda paints us all with a thick coat of black. Misunderstanding transforms into mistrust, mistrust into fear, fear to indignant anger, anger to oppression; before you know it, we have a publically supported, government sanctioned witch hunt on our hands. We technology-savvy individuals are being singled out as the next great threat to the establishment.
The FBI threw Sklyarov in the slammer for giving a security talk on flaws in Adobe's DRM. Russia -- Russia, people, not exactly known for a track record of upholding civil rights -- issued a statement for security researchers to stay the hell out of the US because it had become illegal to do some math.
Auernheimer exposed a blatant security flaw, which only existed because of AT&T's utter laziness and indiscretion, and went to prison simply because the way he exposed it and pissed off AT&T.
Swartz hanged himself after the full force of the federal government hounded him and drove him over the edge by threatening a 35-year prison term for what should have been a slap-on-the-wrist misdemeanor.
An obviously technophobic judge ruled for an injunction against a UK security researcher to prevent him from publicizing an immobilizer security flaw that could be exploited by organized crime to steal millions of dollars worth of expensive sports cars. He is going ahead with it anyway because it's the responsable thing to do when affected parties refuse to address it, and I'm willing to bet the government is going to come down on him heavily for it.
The incidents of tech-savvy people being vilified are too numerous to list, but I'm sure we're all aware of them. The establishment wants their culture of liability, where ordinary individuals are dragged into the big leagues and expected to perform at the same level as corporate and government giants, while our perspective demands greater personal freedoms to offset the goliathan advantage held over us.
I think we're going to see a lot more of this until the societal shift is complete and the new generation becomes leadership, and that's a *very* optimistic view.
The web is a flexible, universal and adaptable medium. Why the hell anyone would want an "app" solely to offer content that could just as easily (more easily, actually) be offered through a web browser is just needlessly jumping on the bandwagon.
I understand the why they might want to offload the graphics and UI to the system to reduce throughput and improve performance, but that's what AJAX and caching are supposed to be for, but they aren't always implemented correctly and almost nobody uses them properly.
1) The entrenched interests have invested too much in existing legacy infrastructure to let this happen. Sure, they've already seen the returns hundreds or thousands of times over, but if they can wring it out longer, they will. It will take the majority of consumers demanding IP-based TV for this to change.
2) Internet connectivity is mostly shit in North America. Either it's high bandwidth with a deprecating cap, or shitty bandwidth with no cap. Until telcos are reined in by regulation, forcing them to build out the fiber infrastructure for which billions in tax dollars were earmarked and quit this rent-seeking business model, we aren't going to have the sort of connectivity we need for universal IPTV. And let's not forget how a number of ISPs muddy the waters by running their own streaming services; again, due to piss-poor regulation.
Were the tables turned -- if a US injunction prohibited him from publicizing the security flaw -- the US would undoubtedly be leaning on the UK to arrest him as soon as he finished his presentation (or maybe even during it). How much do you want a bet they'll tell the UK to bugger off and deal with it themselves if they are asked to do the same?
I like a hate-on against the budding police state as much as the next Slashdotter, and for all I know, they could very well be monitoring your Google searches, but that doesn't appear to be the case here.
According to Wired, it was actually a former employer that reported the searches to the police after finding them on the man's computer. It's not at all surprising to find that private employer is looking through and monitoring their *own* systems.
Too bad this comment will probably go unread and unmodded amongst the 600+ or so at the time of this posting.
My first thoughts exactly. Who'd have thought, after just a few short decades, that the tables would be so profoundly turned? Not that Russia is any shining beacon of democracy and civility, but the fact that someone must seek asylum from the United States, in Russia of all places, is quite telling.
Another reason why the war on drugs does more harm than good. This guy is lucky to be alive and was very fortunate to have the wherewithal to be one step ahead of the ne'er-do-wells. Anyone else would have had a very real chance of getting injured, maimed or killed by the local paramilitary police force. Let's not kid ourselves, it probably helps that he's white and privileged, too.
If we had sane drug policy, the worst that could have happened is having the drugs confiscated and getting a slap-on-the-wrist regulatory fine.
Slashdot Mirror
Don't publish anything that wouldn't hold up in a criminal investigation
Sir, we have photographic evidence that you were at this location around the time of a nearby murder, we'd like you to come down to the station for "questioning."
Apple gets the presidential blessing for no good reason, how about Samsung?
Patents in both directions are bullshit anyway.
Securing your local data is easy, because you have end-to-end control. Securing email is complicated because you'll never be able to maintain complete control. It requires coordination and mutual understanding between you and everyone you email, and that's just not going to happen unless you're in a tightly-controlled organization and all of your communication is internal. I'm assuming you're an end-user at home, not an IT manager in a large corporate environment.
If your ISP allows it (and that's a big if in today's spam wars), you could run your own email server to host email service for yourself, your family and your friends and require SSL/TLS connections for all communication. Don't forget TrueCrypt or luks/dm-crypt for disk encryption on the server itself. But this only protects against eavesdropping and snooping for email users on your hosted service. There's basically nothing you can do about emails sent or received from outside of your own service. And then there's the assumption that email recipients inside of your hosted service will adequately secure their own devices (good luck getting grandma to use TrueCrypt).
If you can actually accomplish this, well, you have better powers of persuasion than I (my boss is a smart and tech savvy guy and I can't even convince him). Your best bet is: don't use email for anything you wouldn't want publicized.
It may seem a bit overkill, but I already had a web server setup at home to host my own personal (low traffic) website, so I was mostly there already.
At some point, I needed to send someone a private document that I didn't want intercepted by eavesdropping, so I created an SSL-only vsite subdomain in Apache, uploaded the document and simply provided an HTTPS link to the recipient. Add HTTP auth with .htaccess/.htpasswd to require a login and make the login something you've predetermined with the recipient or based on a clue that only the recipient would be able to decipher. Also use "Options -Indexes" and create a robots.txt to deny all bots for further obfuscation.
For extra security, use cron or something to delete the file after a couple of days or tail Apache's access log to see when the file is accessed by your recipient and manually delete it after it's downloaded.
It took me about an hour to figure out how to setup SSL the first time. If you want to use this method, I imagine it would take a 3 hours or so to initially set this up in a VM on your computer (you could use something like Turnkey Linux' LAMP stack to make it really easy). After that, it's just a matter of a couple of minutes to send each secured file by uploading the file and creating user creds.
Did you really think carriers would actually offer something that's anything more than dressed up as a deal? A family plan saves money ... for *them*, ie.: the lowered cost of billing.
Your best deal, as always: don't get sucked in by OOOH SHINY! and a ripoff contract, just buy your own phone privately and put a SIM card on whatever plan you want.
This post's subject is untrustworthy
What is this ethanol problem of which you speak? Are ethanol vehicles so prone to leaking fumes that they get you high while you're driving or are people drinking this stuff now?
The jury's still out on ... science
Amazingly, it has a profoundly simple solution: apply copyright only to *commercial* usages, the way originally functioned and was intended to be.
Having copyright apply to everyone is like requiring everyone to give all of personal transactions oversight by the SEC. Borrow $10 for lunch? Bet a fiver with your buddy over tonight's game? Birthday gifts for your kids? Gotta register and report it!
*That* is how absurd and asinine it is to apply copyright to personal use.
I guess that depends on your world view and personal philosophy. I don't think I'd be able to live with myself working for any organization that commits such atrocities, regardless of what department employed me. You're still in the same organization and you are still contributing to the problem indirectly (maybe that new encryption system you're developing will be used as part of a program injected into systems to spy on citizens)
I realize no organization is sparkling clean, but I know I'd sleep a lot better at night working for an organization whose overarching purpose aims for the betterment of society or at least *doesn't* cause detriment.
Yes and no.
TrueCrypt is extremely simple to use and it holds your hand tightly through the entire process. It is really one of the best examples of good open software, where it makes an otherwise complex task very simple. There are no usability gaps typically seen in open source software and it's very well documented.
SSL works fine without a CA cert, but browsers have actually gotten a lot worse at making it a clear process to accept self-signed cert. They used to just allow it through and give you a different padlock icon or something, now it's this big warning that prompts a bunch of reading and clicks to bypass. In other words, it used to be passive notification, now it's an active one.
Email encryption is a problem of coordination and logistics. It's not possible to make a one-click "Encrypt this Email" button because there's the offline factor of key exchange. I haven't even met a lot of people I email, how is this supposed to work?
TOR isn't simple? Download the standalone TOR bundle, open when done. Anyone for whom that is difficult is someone who barely uses computers at all.
So, it's a matter of both. Some have dealt well with the ease-of-use barrier, some haven't. But the problem nearly all of them still face is a lack of public awareness and an excess of apathy towards personal privacy.
Always attribute to malice that which is adequately explained by stupidity when it involves the copyright cartel.
I'm neither and they annoy the hell out of me; and those little "validation games" (dump the fish into the bucket, or whatever) are ridiculous time-wasters. I'm also a web developer, so there's that. CAPTCHAs are for lazy web developers to offload the task of anti-bot protection to the user.
Create some dynamic form elements that only display via Javascript DOM and are required by a backend script. Create a per-IP limitation on registrations per 10 minutes. Require a minimum time between form loading and form submission. Require a cookie to submit the form.
The point is: the more variety of anti-bot systems that exist, the less attractive a target there is for bot makers.
What people don't seem to understand is that police lie. ALL. THE. TIME. They lie selfishly, indiscriminately and callously. They lie overly and omittingly. They lie to suspects, witnesses, passers-by, judges, and juries. They lie in public and under oath. They lie to deceive, coerce and intimidate.
And they get away with it. ALL. THE. TIME.
Go watch the ubiquitous Don't Talk to the Police video. I know you've already watched it. Watch it again. Especially the part where the police officer explicitly states that he and all police officers are "professional liars."
Right, so: Don't Talk to the Police and Don't Waive Your Right to Trial.
What possible reason could there be for a wireless-capable toilet?
Of course, this is Japan who, as we all know, are into all sorts of weird shit.
These thoughts have been bouncing around in my head for a while now. I've been following a steady stream of stories and reports chronicling the continual demonization of stigmatization of "hackers" and generally technologically proficient people in general.
People misunderstand or refuse to understand at all. The negative perception caused partly by a few ne'er-do-wells and mostly by corporate propaganda paints us all with a thick coat of black. Misunderstanding transforms into mistrust, mistrust into fear, fear to indignant anger, anger to oppression; before you know it, we have a publically supported, government sanctioned witch hunt on our hands. We technology-savvy individuals are being singled out as the next great threat to the establishment.
The FBI threw Sklyarov in the slammer for giving a security talk on flaws in Adobe's DRM. Russia -- Russia, people, not exactly known for a track record of upholding civil rights -- issued a statement for security researchers to stay the hell out of the US because it had become illegal to do some math.
Auernheimer exposed a blatant security flaw, which only existed because of AT&T's utter laziness and indiscretion, and went to prison simply because the way he exposed it and pissed off AT&T.
Swartz hanged himself after the full force of the federal government hounded him and drove him over the edge by threatening a 35-year prison term for what should have been a slap-on-the-wrist misdemeanor.
An obviously technophobic judge ruled for an injunction against a UK security researcher to prevent him from publicizing an immobilizer security flaw that could be exploited by organized crime to steal millions of dollars worth of expensive sports cars. He is going ahead with it anyway because it's the responsable thing to do when affected parties refuse to address it, and I'm willing to bet the government is going to come down on him heavily for it.
The incidents of tech-savvy people being vilified are too numerous to list, but I'm sure we're all aware of them. The establishment wants their culture of liability, where ordinary individuals are dragged into the big leagues and expected to perform at the same level as corporate and government giants, while our perspective demands greater personal freedoms to offset the goliathan advantage held over us.
I think we're going to see a lot more of this until the societal shift is complete and the new generation becomes leadership, and that's a *very* optimistic view.
The web is a flexible, universal and adaptable medium. Why the hell anyone would want an "app" solely to offer content that could just as easily (more easily, actually) be offered through a web browser is just needlessly jumping on the bandwagon.
I understand the why they might want to offload the graphics and UI to the system to reduce throughput and improve performance, but that's what AJAX and caching are supposed to be for, but they aren't always implemented correctly and almost nobody uses them properly.
And both of them are horseshit.
1) The entrenched interests have invested too much in existing legacy infrastructure to let this happen. Sure, they've already seen the returns hundreds or thousands of times over, but if they can wring it out longer, they will. It will take the majority of consumers demanding IP-based TV for this to change.
2) Internet connectivity is mostly shit in North America. Either it's high bandwidth with a deprecating cap, or shitty bandwidth with no cap. Until telcos are reined in by regulation, forcing them to build out the fiber infrastructure for which billions in tax dollars were earmarked and quit this rent-seeking business model, we aren't going to have the sort of connectivity we need for universal IPTV. And let's not forget how a number of ISPs muddy the waters by running their own streaming services; again, due to piss-poor regulation.
Were the tables turned -- if a US injunction prohibited him from publicizing the security flaw -- the US would undoubtedly be leaning on the UK to arrest him as soon as he finished his presentation (or maybe even during it). How much do you want a bet they'll tell the UK to bugger off and deal with it themselves if they are asked to do the same?
I like a hate-on against the budding police state as much as the next Slashdotter, and for all I know, they could very well be monitoring your Google searches, but that doesn't appear to be the case here.
According to Wired, it was actually a former employer that reported the searches to the police after finding them on the man's computer. It's not at all surprising to find that private employer is looking through and monitoring their *own* systems.
Too bad this comment will probably go unread and unmodded amongst the 600+ or so at the time of this posting.
and in every category of disease, men are afflicted more than women and are more likely to die from said disease.
Breast cancer?
My first thoughts exactly. Who'd have thought, after just a few short decades, that the tables would be so profoundly turned? Not that Russia is any shining beacon of democracy and civility, but the fact that someone must seek asylum from the United States, in Russia of all places, is quite telling.
Maybe he could live in an igloo. He'd be a snowed-in snow den Snowden.
Another reason why the war on drugs does more harm than good. This guy is lucky to be alive and was very fortunate to have the wherewithal to be one step ahead of the ne'er-do-wells. Anyone else would have had a very real chance of getting injured, maimed or killed by the local paramilitary police force. Let's not kid ourselves, it probably helps that he's white and privileged, too.
If we had sane drug policy, the worst that could have happened is having the drugs confiscated and getting a slap-on-the-wrist regulatory fine.