No. What this is is a default on filter that you specifically have to opt out from in order to see such subversive content as Childline.
No it isn't. It's opt-in parental controls for under-12s to limit access to only whitelisted sites. By all means, get angry about opt-out filters affecting adults which achieve nothing and restrict access to political speech and information, and indeed porn. Just save your anger for cases where they really are opt-out filters which affect adults.
When you are getting angry, though, you may want to present yourself as less of a raving nutbag; otherwise you'll just do the anti-censorship side damage.
The analogy was more around the idea that an under-12 bookshop must explicity and intentionally include everything it contains, and everything it contains is included for under-12s. However, that is far from clear from my original statement, so my bad.
If this filtering were being applied to schools then I think it would warrant much more attention, but what we're talking here is the extreme implementation of 'Parents need to manage what their kids do on the Internet'. Don't get me wrong, I don't think this is the best way for parents to do that, but if parents are having to spend so much time choking on how evil the Internet supposedly is for their kids and it's for porn etc etc then the existence of this kind of filtering is inevitable. Some will argue it is a good thing to give parents this option.
Another challenge that applies to the 'elementary school' situation is that in a school library, Animal Farm is a single book. It's there. Someone ordered it, and it got stacked on the shelf. However, on the Internet there are no doubt many thousands of sources for it so whitelisting them all is impractial.
Yeah, because that's exactly what the guy I linked too was saying when he said, as his entire second paragraph:
As everyone sensible argued in great detail at the time the PM promised it following a Massive Stupid Media Panic, content filtering is pointless: it’s easy to bypass, provides a false sense of security, leads to false positives so that sex education sites get blocked, and puts the infrastructure in place for a more Daily Mail-friendly government to run wider censorship modes.
The point isn't that filtering isn't stupid. It is. The point is that the OP is stupid because it isn't actually discussing the filtering that matters. It's similar to bitching that an under-12s bookshop doesn't include books on politics and censorship.
I suppose different people judge what's reasonable in a different way. I'm in the USA and I wish our laws were more about protecting consumers then corporations, but the warranty issue does feel like there's some trade-off.
I think there's always a trade-off. Requiring companies to repair their products for longer if they don't work will cost them more. It can also incentivize making products that fail less, since the outcome of failure is repair (a cost to the manufacturer) rather than re-purchase (income to the manufacturer). This trade-off extends to poor working conditions for low pay, conflict minerals, pollution, etc (of course I'm not saying you support any of these things)
As much as I'd love for the result of things like this to be higher quality products for consumers that won't fail so quickly, I think it's more likely they'll just factor in the cost of replacing their current products when setting a price.
You may be right: if a company has to factor in making products last, then maybe it will actually increase cost. In a way, it is just spreading risk. It does depend a bit on whether the pricing is driven by maximum tolerable price, or costs (and in reality, it will be both).
This law prevents wholly inadequate warranties being used (e.g. 6 months on a TV). Some will argue that this it is the responsibility of the customer to choose a product with an appropriate warranty, but that ignores two things: 1. Products may not be available with longer warraties (when all companies settle on short ones), and 2. There is a disparity of information, which means the customer is at a disadvantage in the purchasing transaction: the manufacturer knows the failure rates, and the customer does not. It also means that you can't wind up with a situation where everyone just offers a wholly inadequate 6-week warranty. (I'd argue, as Consumer Affairs Victoria does, that for a $6k TV a one-year warranty is essentially a more moderate version of this).
Indeed, it may be as simple as you say with "Danny can expect to pay $6250 now that the TV will definitely last longer." And I'm ok with that.
So, what he's saying is that the blocklist labelled "Parental Control (opt in u12 service)" - i.e. Opt In Under 12 year old - blocks a lot of stuff. Pretty much everything, in fact. That would be scary, except that it isn't the default opt-out list, and it is apparently intended as a whitelist of known ok sites. Any whitelist based system will block most stuff, because that's kind of the point.
I liked this guys post called Content filtering is stupid, but you are stupider. To quote: "However, and unfortunately, most of the last couple of days’ Twitter chat about content filtering has involved gibbering idiots who know fuck all about fuck all talking embarrassing nonsense.". I think that sums the OP nicely.
Since this is just the latest in a sequence of run-ins for Apple with the Australian consumer watchdog, I doubt it. One of the things I like about living in Australia is the consumer protection law. Any phone you buy on a 2-year contract with a provider is required to have a 2 year warranty, thanks to the government consumer watchdog. Recently, another company was fined for lying to people about their rights. Displaying 'No exchanges or Refunds' sign is against the law, since you are legally obliged to provide exchanges or refunds if a product is defective, or does not do what it claims to do.
The claim that 'the current law is, ironically, bad for consumers' is bullshit. It might be bad for the subset of consumers who buy products that work and who have no problems, if we assume that companies charge what they need to rather than the maximum the market will bear in the conditions. It is good for the subset of consumers who companies try to fuck when they sell unreliable crap.
To quote the Consumer Affairs Victoria (Australia) site example: "Danny buys a plasma TV for $6000. It stops working after two years. The store says they will not provide a repair or replacement as the TV only had a 12-month manufacturer’s warranty. They tell Danny he should have bought an extended warranty, which would have given five years’ cover. However, it is reasonable for Danny to expect more than two years’ use from a $6000 TV. He is entitled to a repair, replacement or refund from the store."
I agree with Consumer Affairs Victoria. A $6000 TV should work for more than two years.
Hmm. I feel OK about trusting someone who understanding encryption standards sufficiently well to to identify SSL implementation bugs in major browsers (and construct exploits for them) working on encryption software that I use. What I got out of the F-Droid conversation was that someone complained about a bug (which they overstated) that had already been fixed, and because Moxie himself wasn't publishing to F-Droid the version on it didn't get updated.
No, it really doesn't! If someone compromises your machine, they can capture your keepass database and your password.
With this device, you're not entering your password into a system running piles of software that virtually no-one ever personally fully verifies (and how can they? Too much code), and furthermore if your password is captured you can't just clone the database to get all the passwords.
Keepass on Dropbox + keyfile on local devices + password is pretty good, but it isn't as good as this device from a security perspective.
Actually, it doesn't fulfil all the requirements. You walk into a net cafe and want to log into random site you don't care much about password of. Will you plug in your stick and enter your encryption password, thus allowing the theft of all your passwords? Having a device which masquerades as a USB keyboard addresses this use case.
I've been wanting to do this for quite some time with an old Android phone. It provides a touch-screen interface. Many include a MicroSD meaning you can add software/updates to it without ever networking it. Kernel source is available for many, so you can build with the Linux HID Gadget driver to make it behave like a keyboard. Plus, people have the devices sitting around idle.
Well, if we really want to stop people using passwords, we should just start using client certificates across-the-board for authentication. Systems like LastPass, KeePass, etc can continue to exist as certificate synchronization tools rather than password synchronization tools.
(Note: I'm being facetious: this system fails as soon as you need to use your certificate in an Internet café. Currently, you can be running LastPass or KeePass on your phone, get your password, and enter it by hand. That doesn't work with certificates. What you really need is a way for a USB or other external device - e.g. your phone - to work as an authentication device without handing over the raw credentials such as password or certificate to the computer. This could be achieved by having a browser plugin that can route client certificate authentication to the external device so that the certificate is never actually on the untrusted computer. Or many other ways.)
The funny thing is that everybody seems to want to roll out an oyster card system, but many places want to roll out their own oyster card system, and that leads to cost blowouts because (it seems) many organisations can't manage to do an IT project without falling on their face. e.g. Auckland Transport with their AT HOP card. myki in Melbourne, Australia which blew out by about $1 billion (on an original ~$0.5 billion cost). To quote from a report discussed in this article: ''Keane [who won the contract to make the card system] had no corporate experience in developing, implementing and operating a ticketing system Keane has barely demonstrated adequate capacity.''
Actually, the best question is in that same article: "Another question is why, given the ambitions for the project, the company was chosen over smartcard specialists, including Cubic, which created many US systems and worked on Oyster, and the group behind Hong Kong's Octopus smartcard." And why does everyone make this same mistake.
But it is only tamper-evident if you possess more than one key for the target concurrently available. If you're only aware of one of the keys out there, then you can't detect tampering.
If the server is providing the key with attached signatures, even if you can determine a chain of trust through certificates then that doesn't help you, unless you know for sure that there are no other keys for that particular site out there which have been signed by someone else to which you can establish a chain of trust. If you have 3rd party key servers (much like currently exists for PGP encryption), then you need to check all of them, and you need to trust that they haven't all been leaned to to only keep the dodgy key, not the real key.
To try to describe more precisely: I try to connect to 'wikipedia.org' using a secure connection. To do so, I need to get a key. The 'wikipedia.org' server could provide me with a key, and have signatures attached to that key. I then need to be able to establish trust of one or more of those signatures to make sure I'm using a valid key. If someone (Person A) I personally know and trust (and whose key I already) has signed the key. That's great, I can trust the key. That's about as safe as it can get. Failing that, let's say someone (Person B) who signed the key is trusted by someone (Person A) I trust, and Person A signed the key of Person B. If I can get the key of Person B, with the signature of Person A, then I can establish a chain of trust to the 'wikipedia.org' key. Failing that, let's say someone (Person C) who signed the key is trusted by someone (Person B)..... etc. So we're now out two levels, and if everyone has signed the keys of 20 other people, that means we're trusting 420 signers (excluding ourself). In practice, there will be overlap so the actual number will be less. If one of these 420 signers isn't trustworthy, they can have signed a dodgy 'wikipedia.org' key and a MITM attack can be attempted. If the real 'wikipedia.org' key has been signed by someone I trust, and I can find that key somewhere (because presumably the server to which I am connected will feed me the dodgy certificate) then the result is that I can no longer trust either certificate. I'm stuck, and can't safely communicate with 'wikipedia.org'. I could check third-party key servers, but connections to those servers could be intercepted as well (either preventing me getting the key, or feeding me a false key). Potentially, 'trusted' key servers could have their public keys embedded in my browser, but then we just hit another problem of certification again.
Peer signing of keys, without a very sophisticated trust-weighting system, will not work simply because Dodgy Co. can manufacture a dubious certificate, get it up somewhere, and bring encryption to a particular site screaming to a halt. You wouldn't need to lean on CAs to make dodgy keys; you just make all the keys untrustworthy so no-one can use encryption.
The system you're proposing is interesting, but doesn't work because all you need to do to make encryption impossible is inject some dodgy keys into the system. Once you have multiple different keys for the one site which are both signed as valid, then you can't safely encrypt traffic to that site. Don't want people to be able to conduct Google searches? Generate a bunch of dodgy Google keys, get random people to sign them (because not everyone is dilligently checking IDs) and voila - no-one can trust any keys for Google any more.
-- If this post is marked Troll, I pissed off a fanboy again.
If your post is marked troll, it is because you're being a tosser by saying:
My solution would firstly involve complete sentences, and secondly was already stated previously.
...without linking to your 'solution' (which I assume is this post).
Note: having a 'web of trust' requiring peer signing of keys for SSL is a really, really stupid idea. How big is your web of trust going to have to be to validate every possible certificate you're going to want to use? If you're trusting six degrees of separation, then how can you be even moderately confident that somewhere in your entire six degrees someone isn't a spy and thus can sign a fake key.
How much use does peer signing get even in current e-mail PGP utilisation? How useful is it when I want to validate Bob on the other side of the world and with whom I've never interacted (nor with any of Bob's friends, let alone trusting them enough to trust their signatures on a key)?
That's a nice idea, but the problem is that you have to trust someone to declare the certificate valid, otherwise you're just making it easier to MITM SSL connections by removing the need for intelligence agencies to lean on certificate providers to give 'fake' certificates.
Being notified of the 'duplicate' responses from the server would have helped too. That's not a normal running condition.
I don't mind so much that browsers don't cache SSL certificates and notify of changes, but it is a shame that the server can't request that behaviour (using something like HSTS).
Yeah, it's weird isn't it. If insurance premiums were actually lower for computer-driven vehicles, then it follows that computer-driven vehicles are (on average) less expensive to cover, which means the total cost of accidents they have is lower than the total cost of accidents in human-driven vehicles. Mind you, that doesn't mean they have less accidents. The criteria could be met if the cars have more accidents, but they are uniformly minor - a tiny one-panel dent, and no write-offs. That requirement could equally be met if the computer-controlled cars work fine and indeed never have minor accidents, but occasionally and randomly have spectacular and death-inducing accidents. Indeed, the number of spectacular and death-inducing accidents could increase, and the premiums could still drop so long as a whole lot of very minor accidents (e.g. a sideswipe destroying two panels) were avoided.
At the most extreme disjoint of the two sets, that means that 50% of people believe that letting a car drive their children to school would put them at higher risk, and yet they'd do it anyway for money. At least 2/3 of all the people who said yes, and it's likely more because there have to be at least some people who think it would be safer and who wouldn't do it in spite of the money for other unknown reasons.
That's kind of horrifying, actually, regardless of what you think about auto-drive.
As you say, it isn't always trivial to match VPN traffic to a user without a pen register order. Unless someone is practicing safe browsing, though, it is often trivial. If the user has logged into FB, Google and Twitter, and the traffic from the badges on what seems like half the sites on the net will identify them. Apart from that, there is also the users agent and plug-in details. Finally, there is traffic/timing correlation.
VPN services let consumers gain extra privacy and security while using the Internet. A user establishes an encrypted connection with a VPN service, routing all Internet traffic to the VPN before sending it on to the rest of the Internet.
and
"Our system does not support recording any of the information commonly requested in a pen register order, and it would be technically infeasible for us to add this in a prompt manner," CryptoSeal continued. "The consequence, being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion and likely unconstitutional. But until this matter is settled, we are unable to proceed with our service."
So basically, they provide a VPN-to-Internet service, but do not record the data required for a pen register order. Based on the EFF information on pen registers, that would constitute connection data (i.e. incoming and outgoing connections - IP addressed, ports, etc, but not content of the connections).
Without putting too fine a point on it, I'm dubious about CryptoSeal's claim that they can't do this. How would they enforce their terms of service? They may not, by default, collect this data but I would be surprised if they were not already set up to collect this data if they wanted to, for example to check if someone was abusing their service. Then again, I could be wrong. Still, it smells to me like a case of: 1. Set up beta 2. Get attention and goodwill through having free accounts, and get corporate sign-ups 3. ? 4. Profit!!! Where '?' = 'Shut down the free/low-cost service, blame the NSA, and ride the wave of solidarity and support'
I agree with the essence of what I think you are saying. Right now is an excellent time for companies in private e-mail, encryption provision, or any related area who are not seeing good returns on some part of their business to close it down (potentially without refunds, if paid), say 'Oh, I shut down because NSA', and ride a wave of good publicity.
I'm not saying that was the case for Lavabit, or for Silent Circle Mail. Both of them are special cases, because not only did they hold the private keys but they held data at rest. Thus, getting the private key and forcing the provider to implement passphrase capture from the client was necessary to get the data that was at rest. This is simply not true of a VPN service. They don't have data at rest, and the NSA can (I expect...) use the current legal processes to collect the data directly from the VPN provider. They don't need the private keys of the customer to do that.
Note: all this depends on my understanding of CryptoSeal being a VPN provider in the sense of 'VPN-from-home-to-CryptoSeal-to-Internets' rather than 'VPN-from-home-to-work-directly-using-CryptoSeal-software'. If I misunderstood that, then my argument about the NSA not needing the private keys falls apart a somewhat. (I did check their site but it seemed like a VPN-to-Internet service).
That's all part of the development of social norms. The reason that signs such as 'we will not serve you while you are using your mobile phone' exist is because a set of norms are not universally accepted. Someone, at some point, decided that the norm they wanted in the store was one of not using your phone while interacting with the staff. By expressing your preferences and expectations, you are contributing to the formation of those standards of social behaviour. That may have been because it took longer to serve distracted people, or because the staff or management felt it was rude for people to be on their phones while being served. In any case, it is norm formation and enforcement.
Of course, generally norm formation doesn't extend to punching someone in the face. There are norms against assault. Norms, and laws.
We're continuously adjusting society for various technological changes. At some point, there would have been social adjustment for whether it was polite to have a record on in the background while having guests, or answering the landline telephone during a conversation, or having the TV on in the background when eating dinner. This is no different. Social norms need to be developed to match new developments in technology.
There is a valid discussion to be had about the social impacts of being continuously connected to a broader 'network' of friends, information, and so on. I think that is the discussion you want to have, not the one about social norms.
Slashdot Mirror
No. What this is is a default on filter that you specifically have to opt out from in order to see such subversive content as Childline.
No it isn't. It's opt-in parental controls for under-12s to limit access to only whitelisted sites.
By all means, get angry about opt-out filters affecting adults which achieve nothing and restrict access to political speech and information, and indeed porn. Just save your anger for cases where they really are opt-out filters which affect adults.
When you are getting angry, though, you may want to present yourself as less of a raving nutbag; otherwise you'll just do the anti-censorship side damage.
The analogy was more around the idea that an under-12 bookshop must explicity and intentionally include everything it contains, and everything it contains is included for under-12s. However, that is far from clear from my original statement, so my bad.
If this filtering were being applied to schools then I think it would warrant much more attention, but what we're talking here is the extreme implementation of 'Parents need to manage what their kids do on the Internet'. Don't get me wrong, I don't think this is the best way for parents to do that, but if parents are having to spend so much time choking on how evil the Internet supposedly is for their kids and it's for porn etc etc then the existence of this kind of filtering is inevitable. Some will argue it is a good thing to give parents this option.
Another challenge that applies to the 'elementary school' situation is that in a school library, Animal Farm is a single book. It's there. Someone ordered it, and it got stacked on the shelf. However, on the Internet there are no doubt many thousands of sources for it so whitelisting them all is impractial.
Yeah, because that's exactly what the guy I linked too was saying when he said, as his entire second paragraph:
As everyone sensible argued in great detail at the time the PM promised it following a Massive Stupid Media Panic, content filtering is pointless: it’s easy to bypass, provides a false sense of security, leads to false positives so that sex education sites get blocked, and puts the infrastructure in place for a more Daily Mail-friendly government to run wider censorship modes.
The point isn't that filtering isn't stupid. It is.
The point is that the OP is stupid because it isn't actually discussing the filtering that matters. It's similar to bitching that an under-12s bookshop doesn't include books on politics and censorship.
Yeah, that'd be clever except that Aussies also pay more for software, and you'd be hard pressed to find anyone who claimed a warranty on software.
I suppose different people judge what's reasonable in a different way. I'm in the USA and I wish our laws were more about protecting consumers then corporations, but the warranty issue does feel like there's some trade-off.
I think there's always a trade-off. Requiring companies to repair their products for longer if they don't work will cost them more. It can also incentivize making products that fail less, since the outcome of failure is repair (a cost to the manufacturer) rather than re-purchase (income to the manufacturer). This trade-off extends to poor working conditions for low pay, conflict minerals, pollution, etc (of course I'm not saying you support any of these things)
As much as I'd love for the result of things like this to be higher quality products for consumers that won't fail so quickly, I think it's more likely they'll just factor in the cost of replacing their current products when setting a price.
You may be right: if a company has to factor in making products last, then maybe it will actually increase cost. In a way, it is just spreading risk. It does depend a bit on whether the pricing is driven by maximum tolerable price, or costs (and in reality, it will be both).
This law prevents wholly inadequate warranties being used (e.g. 6 months on a TV). Some will argue that this it is the responsibility of the customer to choose a product with an appropriate warranty, but that ignores two things: 1. Products may not be available with longer warraties (when all companies settle on short ones), and 2. There is a disparity of information, which means the customer is at a disadvantage in the purchasing transaction: the manufacturer knows the failure rates, and the customer does not.
It also means that you can't wind up with a situation where everyone just offers a wholly inadequate 6-week warranty. (I'd argue, as Consumer Affairs Victoria does, that for a $6k TV a one-year warranty is essentially a more moderate version of this).
Indeed, it may be as simple as you say with "Danny can expect to pay $6250 now that the TV will definitely last longer."
And I'm ok with that.
So, what he's saying is that the blocklist labelled "Parental Control (opt in u12 service)" - i.e. Opt In Under 12 year old - blocks a lot of stuff. Pretty much everything, in fact.
That would be scary, except that it isn't the default opt-out list, and it is apparently intended as a whitelist of known ok sites. Any whitelist based system will block most stuff, because that's kind of the point.
I liked this guys post called Content filtering is stupid, but you are stupider.
To quote: "However, and unfortunately, most of the last couple of days’ Twitter chat about content filtering has involved gibbering idiots who know fuck all about fuck all talking embarrassing nonsense.". I think that sums the OP nicely.
Since this is just the latest in a sequence of run-ins for Apple with the Australian consumer watchdog, I doubt it.
One of the things I like about living in Australia is the consumer protection law. Any phone you buy on a 2-year contract with a provider is required to have a 2 year warranty, thanks to the government consumer watchdog. Recently, another company was fined for lying to people about their rights. Displaying 'No exchanges or Refunds' sign is against the law, since you are legally obliged to provide exchanges or refunds if a product is defective, or does not do what it claims to do.
The claim that 'the current law is, ironically, bad for consumers' is bullshit. It might be bad for the subset of consumers who buy products that work and who have no problems, if we assume that companies charge what they need to rather than the maximum the market will bear in the conditions. It is good for the subset of consumers who companies try to fuck when they sell unreliable crap.
To quote the Consumer Affairs Victoria (Australia) site example:
"Danny buys a plasma TV for $6000. It stops working after two years.
The store says they will not provide a repair or replacement as the TV only had a 12-month manufacturer’s warranty. They tell Danny he should have bought an extended warranty, which would have given five years’ cover.
However, it is reasonable for Danny to expect more than two years’ use from a $6000 TV. He is entitled to a repair, replacement or refund from the store."
I agree with Consumer Affairs Victoria. A $6000 TV should work for more than two years.
Hmm. I feel OK about trusting someone who understanding encryption standards sufficiently well to to identify SSL implementation bugs in major browsers (and construct exploits for them) working on encryption software that I use.
What I got out of the F-Droid conversation was that someone complained about a bug (which they overstated) that had already been fixed, and because Moxie himself wasn't publishing to F-Droid the version on it didn't get updated.
No, it really doesn't!
If someone compromises your machine, they can capture your keepass database and your password.
With this device, you're not entering your password into a system running piles of software that virtually no-one ever personally fully verifies (and how can they? Too much code), and furthermore if your password is captured you can't just clone the database to get all the passwords.
Keepass on Dropbox + keyfile on local devices + password is pretty good, but it isn't as good as this device from a security perspective.
Actually, it doesn't fulfil all the requirements.
You walk into a net cafe and want to log into random site you don't care much about password of. Will you plug in your stick and enter your encryption password, thus allowing the theft of all your passwords?
Having a device which masquerades as a USB keyboard addresses this use case.
I've been wanting to do this for quite some time with an old Android phone. It provides a touch-screen interface. Many include a MicroSD meaning you can add software/updates to it without ever networking it. Kernel source is available for many, so you can build with the Linux HID Gadget driver to make it behave like a keyboard. Plus, people have the devices sitting around idle.
Well, if we really want to stop people using passwords, we should just start using client certificates across-the-board for authentication. Systems like LastPass, KeePass, etc can continue to exist as certificate synchronization tools rather than password synchronization tools.
(Note: I'm being facetious: this system fails as soon as you need to use your certificate in an Internet café. Currently, you can be running LastPass or KeePass on your phone, get your password, and enter it by hand. That doesn't work with certificates. What you really need is a way for a USB or other external device - e.g. your phone - to work as an authentication device without handing over the raw credentials such as password or certificate to the computer. This could be achieved by having a browser plugin that can route client certificate authentication to the external device so that the certificate is never actually on the untrusted computer. Or many other ways.)
The funny thing is that everybody seems to want to roll out an oyster card system, but many places want to roll out their own oyster card system, and that leads to cost blowouts because (it seems) many organisations can't manage to do an IT project without falling on their face.
e.g. Auckland Transport with their AT HOP card.
myki in Melbourne, Australia which blew out by about $1 billion (on an original ~$0.5 billion cost). To quote from a report discussed in this article: ''Keane [who won the contract to make the card system] had no corporate experience in developing, implementing and operating a ticketing system Keane has barely demonstrated adequate capacity.''
Actually, the best question is in that same article:
"Another question is why, given the ambitions for the project, the company was chosen over smartcard specialists, including Cubic, which created many US systems and worked on Oyster, and the group behind Hong Kong's Octopus smartcard."
And why does everyone make this same mistake.
But it is only tamper-evident if you possess more than one key for the target concurrently available. If you're only aware of one of the keys out there, then you can't detect tampering.
If the server is providing the key with attached signatures, even if you can determine a chain of trust through certificates then that doesn't help you, unless you know for sure that there are no other keys for that particular site out there which have been signed by someone else to which you can establish a chain of trust. If you have 3rd party key servers (much like currently exists for PGP encryption), then you need to check all of them, and you need to trust that they haven't all been leaned to to only keep the dodgy key, not the real key.
To try to describe more precisely: ..... etc.
I try to connect to 'wikipedia.org' using a secure connection. To do so, I need to get a key.
The 'wikipedia.org' server could provide me with a key, and have signatures attached to that key. I then need to be able to establish trust of one or more of those signatures to make sure I'm using a valid key.
If someone (Person A) I personally know and trust (and whose key I already) has signed the key. That's great, I can trust the key. That's about as safe as it can get.
Failing that, let's say someone (Person B) who signed the key is trusted by someone (Person A) I trust, and Person A signed the key of Person B. If I can get the key of Person B, with the signature of Person A, then I can establish a chain of trust to the 'wikipedia.org' key.
Failing that, let's say someone (Person C) who signed the key is trusted by someone (Person B)
So we're now out two levels, and if everyone has signed the keys of 20 other people, that means we're trusting 420 signers (excluding ourself). In practice, there will be overlap so the actual number will be less. If one of these 420 signers isn't trustworthy, they can have signed a dodgy 'wikipedia.org' key and a MITM attack can be attempted.
If the real 'wikipedia.org' key has been signed by someone I trust, and I can find that key somewhere (because presumably the server to which I am connected will feed me the dodgy certificate) then the result is that I can no longer trust either certificate. I'm stuck, and can't safely communicate with 'wikipedia.org'. I could check third-party key servers, but connections to those servers could be intercepted as well (either preventing me getting the key, or feeding me a false key). Potentially, 'trusted' key servers could have their public keys embedded in my browser, but then we just hit another problem of certification again.
Peer signing of keys, without a very sophisticated trust-weighting system, will not work simply because Dodgy Co. can manufacture a dubious certificate, get it up somewhere, and bring encryption to a particular site screaming to a halt. You wouldn't need to lean on CAs to make dodgy keys; you just make all the keys untrustworthy so no-one can use encryption.
The system you're proposing is interesting, but doesn't work because all you need to do to make encryption impossible is inject some dodgy keys into the system. Once you have multiple different keys for the one site which are both signed as valid, then you can't safely encrypt traffic to that site. Don't want people to be able to conduct Google searches? Generate a bunch of dodgy Google keys, get random people to sign them (because not everyone is dilligently checking IDs) and voila - no-one can trust any keys for Google any more.
-- If this post is marked Troll, I pissed off a fanboy again.
If your post is marked troll, it is because you're being a tosser by saying:
My solution would firstly involve complete sentences, and secondly was already stated previously.
...without linking to your 'solution' (which I assume is this post).
Note: having a 'web of trust' requiring peer signing of keys for SSL is a really, really stupid idea. How big is your web of trust going to have to be to validate every possible certificate you're going to want to use? If you're trusting six degrees of separation, then how can you be even moderately confident that somewhere in your entire six degrees someone isn't a spy and thus can sign a fake key.
How much use does peer signing get even in current e-mail PGP utilisation? How useful is it when I want to validate Bob on the other side of the world and with whom I've never interacted (nor with any of Bob's friends, let alone trusting them enough to trust their signatures on a key)?
That's a nice idea, but the problem is that you have to trust someone to declare the certificate valid, otherwise you're just making it easier to MITM SSL connections by removing the need for intelligence agencies to lean on certificate providers to give 'fake' certificates.
... suddenly, all my extensions weren't running under incognito mode without disabling and enabling them again every time I went into incognito mode.
Back to FF I go.
Being notified of the 'duplicate' responses from the server would have helped too. That's not a normal running condition.
I don't mind so much that browsers don't cache SSL certificates and notify of changes, but it is a shame that the server can't request that behaviour (using something like HSTS).
Yeah, it's weird isn't it. If insurance premiums were actually lower for computer-driven vehicles, then it follows that computer-driven vehicles are (on average) less expensive to cover, which means the total cost of accidents they have is lower than the total cost of accidents in human-driven vehicles.
Mind you, that doesn't mean they have less accidents. The criteria could be met if the cars have more accidents, but they are uniformly minor - a tiny one-panel dent, and no write-offs. That requirement could equally be met if the computer-controlled cars work fine and indeed never have minor accidents, but occasionally and randomly have spectacular and death-inducing accidents. Indeed, the number of spectacular and death-inducing accidents could increase, and the premiums could still drop so long as a whole lot of very minor accidents (e.g. a sideswipe destroying two panels) were avoided.
At the most extreme disjoint of the two sets, that means that 50% of people believe that letting a car drive their children to school would put them at higher risk, and yet they'd do it anyway for money. At least 2/3 of all the people who said yes, and it's likely more because there have to be at least some people who think it would be safer and who wouldn't do it in spite of the money for other unknown reasons.
That's kind of horrifying, actually, regardless of what you think about auto-drive.
That is a fantastic point.
As you say, it isn't always trivial to match VPN traffic to a user without a pen register order. Unless someone is practicing safe browsing, though, it is often trivial. If the user has logged into FB, Google and Twitter, and the traffic from the badges on what seems like half the sites on the net will identify them. Apart from that, there is also the users agent and plug-in details. Finally, there is traffic/timing correlation.
From the article at ArsTechnica:
VPN services let consumers gain extra privacy and security while using the Internet. A user establishes an encrypted connection with a VPN service, routing all Internet traffic to the VPN before sending it on to the rest of the Internet.
and
"Our system does not support recording any of the information commonly requested in a pen register order, and it would be technically infeasible for us to add this in a prompt manner," CryptoSeal continued. "The consequence, being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion and likely unconstitutional. But until this matter is settled, we are unable to proceed with our service."
So basically, they provide a VPN-to-Internet service, but do not record the data required for a pen register order. Based on the EFF information on pen registers, that would constitute connection data (i.e. incoming and outgoing connections - IP addressed, ports, etc, but not content of the connections).
Without putting too fine a point on it, I'm dubious about CryptoSeal's claim that they can't do this. How would they enforce their terms of service? They may not, by default, collect this data but I would be surprised if they were not already set up to collect this data if they wanted to, for example to check if someone was abusing their service.
Then again, I could be wrong. Still, it smells to me like a case of:
1. Set up beta
2. Get attention and goodwill through having free accounts, and get corporate sign-ups
3. ?
4. Profit!!!
Where '?' = 'Shut down the free/low-cost service, blame the NSA, and ride the wave of solidarity and support'
I agree with the essence of what I think you are saying. Right now is an excellent time for companies in private e-mail, encryption provision, or any related area who are not seeing good returns on some part of their business to close it down (potentially without refunds, if paid), say 'Oh, I shut down because NSA', and ride a wave of good publicity.
I'm not saying that was the case for Lavabit, or for Silent Circle Mail. Both of them are special cases, because not only did they hold the private keys but they held data at rest. Thus, getting the private key and forcing the provider to implement passphrase capture from the client was necessary to get the data that was at rest.
This is simply not true of a VPN service. They don't have data at rest, and the NSA can (I expect...) use the current legal processes to collect the data directly from the VPN provider. They don't need the private keys of the customer to do that.
Note: all this depends on my understanding of CryptoSeal being a VPN provider in the sense of 'VPN-from-home-to-CryptoSeal-to-Internets' rather than 'VPN-from-home-to-work-directly-using-CryptoSeal-software'. If I misunderstood that, then my argument about the NSA not needing the private keys falls apart a somewhat. (I did check their site but it seemed like a VPN-to-Internet service).
That's all part of the development of social norms. The reason that signs such as 'we will not serve you while you are using your mobile phone' exist is because a set of norms are not universally accepted. Someone, at some point, decided that the norm they wanted in the store was one of not using your phone while interacting with the staff. By expressing your preferences and expectations, you are contributing to the formation of those standards of social behaviour.
That may have been because it took longer to serve distracted people, or because the staff or management felt it was rude for people to be on their phones while being served. In any case, it is norm formation and enforcement.
Of course, generally norm formation doesn't extend to punching someone in the face. There are norms against assault. Norms, and laws.
We're continuously adjusting society for various technological changes. At some point, there would have been social adjustment for whether it was polite to have a record on in the background while having guests, or answering the landline telephone during a conversation, or having the TV on in the background when eating dinner.
This is no different. Social norms need to be developed to match new developments in technology.
There is a valid discussion to be had about the social impacts of being continuously connected to a broader 'network' of friends, information, and so on. I think that is the discussion you want to have, not the one about social norms.