If it were open source, it's still BS because you KNOW most people that use Tor aren't developers and aren't going to set up an environment to compile an extension to ensure every line of it is clean.
They also haven't read the source code for Tor or for Firefox or for the OS they're running all of it on. Package it with Tor and it's no worse than the rest of the TBB. In fact Cloudflare is trying to do it as an RFC so you could have multiple independent implementations.
Let alone what it sends to CAPTCHA to work around the problem; doing so can be used to easily identify who is using Tor to make them a target rather than the exit nodes or whatever they're called now.
If you'd read it, you'd have seen that they propose to use cryptographic blinding to prevent that. Which is the whole reason for having the extension in the first place.
What is it that they say about "a little knowledge"? There's sure a lot of that going on in this thread.
I honestly think that people are actively sabotaging all of the above approaches.
It's to the advantage of the existing CAs to go make trouble every time something like that comes up at the IETF or wherever. And it's to the advantage of the world's spooks to slow down any standardization that improves security, preferentially slow down the standardization of the most effective alternatives, and make sure that everything is so complicated and option-laden that you can always find a mode you can break.
I don't think there's some vast shadowy conspiracy with central control. Just a lot of players with reasons to fuck things up. Sometimes they may cooperate, but probably they mostly just engage in "leaderless sabotage".
The standards bodies/processes at least try to defend against commercial interests who want to get things they control standardized over technically better alternatives. But once they do get captured, they're hard to un-capture. And they have almost no defenses against players whose only interest is simply to make things not work. And because mentioning the possibility sounds like a conspiracy theory, it's even harder to get them to adopt such defenses.
Oh, I forgot the other major reason that the CA infrastructure is shit, which is that those verification standards are indeed too lax. If you can impersonate the server in the first place, you can probably fake control of the domain well enough to get a certificate. But again Let's Encrypt is no worse than any of the others.
The idiots behind let's encrypt don't understand that the first and role of the public CA system is identity non-repudiation, but they issue certificates with any name to anyone who asks.
You don't have a damned clue how this stuff works, do you?
All the public CAs issue non-EV certificates based on the ability to control email and/or DNS information for domains, and most of them automate it. Their verification standards for non-EV certificates are on page 13 of https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf.
Let's Encrypt does exactly the same verification and meets those standards. Let's Encrypt is actually ahead of some of them in that it uses a published and publicly reviewed verification protocol (ACME) to check control over the DNS.
Yes, the CA infrastructure is shit, mostly because all you have to do to impersonate any domain is to find any CA you can trick. No, Let's Encrypt is not any worse than the hundreds of other CAs that the browsers trust.
What did she do to screw up her ex's life, exactly?
She sent him a nasty message. A message that mostly said she could do fine without him, thanks. He was not in the video. The only "shame" directed at him was basically a statement that it was possible for somebody to exist and have a sex life without involving him.
Yeah, it was a bitchy thing to do, but it was a single message and there was zero chance that the whole world was going to start taunting him about it. It wasn't going to even be part of his life for more than a couple of minutes, and there was sure as hell no way that thousands of people would be on his case and forwarding it all over the Internet for years to come.
Absolutely no comparison. Not even a potential comparison. There was no chance that anything even vaguely close to what happened to her could have happened to him. Sorry.
And if it had, that would have been a bad thing too. Even if HE had somehow invited it.
Something that's smashed will probably have to be replaced even if it still works, and it's easy to assess whether you've stopped it from working. And "any idiot" is more likely to fry the USB port with that thing than to put the whole machine out of commission. They are VERY UNLIKELY to kill the contents of the hard drive, if that's what you mean by "be recoverable".
As for the wall, my power line still works, and so do lots of other things, even if it's on the end of a long cable. The piezo igniter from a $5 barbecue lighter, say. The piezo can also be quiet and inconspicuous if that's what you want, it has higher voltage and very possibly more current. Still unlikely to make the data unrecoverable, though.
Anyway, most devices are not behind walls, and if you ARE putting it behind a wall, you SHOULD be protecting the USB port from this sort of obvious electrical attack.
The point is that damaging things is easy. I could pop parts off a lot of motherboards by putting the intact devices over my knee. On a more robust device, if you have access to a cooling vent and the thing is turned on, you can go ahead and pee in it, and you'll probably do worse harm than you'd do with that thing. Or dump a bit of salt in your orange juice and dump that in. It's plausibly deniable; you don't have a dedicated destructive device to dispose of.
I'm just not seeing very many plausible situations where that device would be a go-to choice for a vandal.
I think the dog can truly find the drives in a lot of cases... and not just "find" them. But what justified the warrant for the dog to be there in the first place? Where does the parallel construction come in? You could only use the dog to "parallel construct" after you were already conducting an invasive search, and at that point you wouldn't actually need any parallel construction. So what does it do for you?
Anyway, suppose I'm a guilty person, and you're the cop, and you get a warrant for whatever reason, and your dog finds the drive with the details of my scheme to sell drugs to buy child porn for terrorists. Well, if I'm not an idiot, said drive is going to be encrypted. And the number of idiots of the non-drive-encrypting variety is dropping rapidly, partly because of stories like this.
So my drive is encrypted, and I tell you that I don't know the password.
I have total deniability, because it's not uncommon for an actual innocent person to have an encrypted drive lying around and not know the password. In fact, my original point was that I am an actual innocent person in real life, and I do have many encrypted drives with unknown passwords, some of them probably in places I don't even remember. So what have you proven by finding the drive?
So how could you actually use the dog? Well, it would in fact help you to find good evidence against true idiots if you already had a good reason to search them. But the number of available idiots is probably small and is probably going to crash to insignificance. And you'd probably nail the idiots some other way anyway, because they're idiots and they've already screwed up something else to get you there in the first place.
As for using the dog as probable cause, the way they do with drug dogs at traffic stops, I don't think even today's supine US courts would swallow a hit from this dog as probable cause for anything. Flash drives are as common as dirt. 99.99 percent of them are totally innocent. Probably 99.9 percent of encrypted drives are totally innocent. So even if the dog were perfectly reliable, the hit wouldn't mean anything about crime and wouldn't justify anything further. And I think this is more a house search thing than a traffic stop thing anyway.
Which means I'm still not seeing the use of this dog even if you assume the cops are corrupt. Drug dogs are magic search authorizers for corrupt cops, but this one won't help them. And on the non-corrupt side, I bet the dog rarely actually finds usable evidence, and still less often finds decisive evidence, and I bet that becomes even less common within a few years. People will encrypt the drives, and they will have total deniability. The whole thing is a waste of time.
On reflection I was wrong about the "excuse to ransack your house", though. The dog might clue them in to tear open something they otherwise wouldn't, but I suspect that in most cases, once it gets to the point of executing a warrant, they're just going to tear everything up anyway. And as I said the standard "traffic stop" dog abuse won't work here the way it does for drugs.
Every room in my house is full of electronics. I have a box of proably 20 random USB flash drives in my office. None of them have child pornography or whatever on them, but most of them are encrypted. And I legitimately don't know most of the passwords, because who remembers the password they used for a scratch drive?
The dog is either totally useless, or just an excuse to ransack your house and/or confiscate everything you own.
There's a word for an organism that voluntarily "subjects itself" to natural selection.
That word is "cull".
Because natural selection, unlike ITGs, is actually tough. It does not give a fuck about your desire to feel superior. It does not give points for your delusions of infallibility. It does not play fair and it does not care if you do. It only cares about success.
If you pass up an easy way to assure success, natural selection will be completely happy to kill you.
Any third party service is an extra exposure, period.
You have to be an absolute unmitigated idiot to even think about using something that sends every fucking keystroke to a third party.
And even if you pick the best cloud service every time, you are going to lose if you go out and make yourself dependent on 100 of these things. Not to mention the fact that they often lie and often change their security postures over time. They also love to farm out critical parts of what they do to still more cloud services, increasing your exposure still further. I especially like "I logged into SwiftKey with Google+". So you farmed out not only your goddamned keyboard, but the AUTHENTICATION for access to your keyboard.
I just hope the inevitable collapse of all this "as a service" stuff comes sooner rather than later. Then we can go back to only having to deal with the fact that the local software is crap.
But the truth is, the easier it is for terrorists to conduct attacks, the more of them there will be in the future (why not?).
It was easier in the past, and there weren't more of them then. Terrorism isn't cosmic inflation; it doesn't just spring magically from the laws of physics.
I could as easily argue that you create more terrorists by alienating people with heavy handed policing (why not?).
The folks sworn to protect us are probably decent for the most part
What does that have to do with anything? Decent people get caught up in all kinds of bad things. A lot of terrorists are probably decent in the same sense, just brainwashed about something they think is More Important(TM).
and they do not want to fail, no matter what.
That's what makes them dangerous. The fact that they have enormous resources and public support is what makes them more dangerous than terrorists.
But with every attack there will be more and more people pressure to protect their kids, etc., and this will cost money/freedoms too. "So what's the answer?",
Tell the idiots to suck it up and get over it.
Doing nothing will not work.
You're right. That would leave the present abuses untouched. We need to roll back about the last 17 years of this BS.
Once they spend however many years it takes to work the bugs out of this sort of thing, the obious hope is that it will be able to lie to you much better than a human could, because it will never, ever have any of the tells a human does... but it will be able to send the signals that trick your monkey brain into thinking it's your friend. Better yet, it will be good at misleading you without technically lying. It will never forget to upsell, and it won't just be following a fixed script. It will be superb at manipulating you to get the maximum amount of money out of you, and it will never, ever feel remorse at talking you into a bad deal, no matter how obviously poor and naive you are.
Not just at car dealerships, either. The creepiest thing so far along those lines is the cloud-connected talking Barbie doll.
As a user, having seen the kind of code that's actually offered for me to use, I don't want it to be any easier than it absolutely has to be to leak memory. It can be really easy to drop a cyclic reference, or conversely really hard to keep track of when you have them. The programmers writing phone apps have shown that they're not up to that kind of challenge.
In this day and age, programmers shouldn't have to think about the internals of the runtime. Stuff should just work. And I'm willing to take a performance hit for that if need be.
Battery life is what started this. Battery life on pagers is better than battery life on any phone, even the simplest. And replacement batteries are everywhere.
Coverage is better inside buildings and in other hard to reach places. Many posters mentioned this before you posted.
Somebody already replied to you about "secure areas".
One-way pagers, at least, don't track or report your location; the page is just broadcast over the whole coverage area.
Pagers can be physically smaller than any phone.
Somebody further down mentioned the reliability advantages of being on a totally separate network from the cell network. You CAN have both.
Pager software is simpler and therefore at least possibly more secure, even than the simplest phones.
Pager hardware is slightly cheaper, which may matter if you expect you might break it.
Slashdot Mirror
They also haven't read the source code for Tor or for Firefox or for the OS they're running all of it on. Package it with Tor and it's no worse than the rest of the TBB. In fact Cloudflare is trying to do it as an RFC so you could have multiple independent implementations.
If you'd read it, you'd have seen that they propose to use cryptographic blinding to prevent that. Which is the whole reason for having the extension in the first place.
What is it that they say about "a little knowledge"? There's sure a lot of that going on in this thread.
Actually, "nonce" is a longstanding English word meaning a single specific moment. It survives in common usage in the phrase "for the nonce".
Read what they propose. You may have to learn some math first.
Blinded. Token.
Learn some crypto and go read the proposal.
Because it wants to blind the token.
NSLs don't work that way. Even the DOJ doesn't claim they can do that with an NSL.
There is, of course, a risk in running any code. But in this case one assumes they'll publish the code.
Do feel free to mention any specific relevant items. I don't see any.
I honestly think that people are actively sabotaging all of the above approaches.
It's to the advantage of the existing CAs to go make trouble every time something like that comes up at the IETF or wherever. And it's to the advantage of the world's spooks to slow down any standardization that improves security, preferentially slow down the standardization of the most effective alternatives, and make sure that everything is so complicated and option-laden that you can always find a mode you can break.
I don't think there's some vast shadowy conspiracy with central control. Just a lot of players with reasons to fuck things up. Sometimes they may cooperate, but probably they mostly just engage in "leaderless sabotage".
The standards bodies/processes at least try to defend against commercial interests who want to get things they control standardized over technically better alternatives. But once they do get captured, they're hard to un-capture. And they have almost no defenses against players whose only interest is simply to make things not work. And because mentioning the possibility sounds like a conspiracy theory, it's even harder to get them to adopt such defenses.
Oh, I forgot the other major reason that the CA infrastructure is shit, which is that those verification standards are indeed too lax. If you can impersonate the server in the first place, you can probably fake control of the domain well enough to get a certificate. But again Let's Encrypt is no worse than any of the others.
You don't have a damned clue how this stuff works, do you?
All the public CAs issue non-EV certificates based on the ability to control email and/or DNS information for domains, and most of them automate it. Their verification standards for non-EV certificates are on page 13 of https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.3.7.pdf.
Let's Encrypt does exactly the same verification and meets those standards. Let's Encrypt is actually ahead of some of them in that it uses a published and publicly reviewed verification protocol (ACME) to check control over the DNS.
Yes, the CA infrastructure is shit, mostly because all you have to do to impersonate any domain is to find any CA you can trick. No, Let's Encrypt is not any worse than the hundreds of other CAs that the browsers trust.
What did she do to screw up her ex's life, exactly?
She sent him a nasty message. A message that mostly said she could do fine without him, thanks. He was not in the video. The only "shame" directed at him was basically a statement that it was possible for somebody to exist and have a sex life without involving him.
Yeah, it was a bitchy thing to do, but it was a single message and there was zero chance that the whole world was going to start taunting him about it. It wasn't going to even be part of his life for more than a couple of minutes, and there was sure as hell no way that thousands of people would be on his case and forwarding it all over the Internet for years to come.
Absolutely no comparison. Not even a potential comparison. There was no chance that anything even vaguely close to what happened to her could have happened to him. Sorry.
And if it had, that would have been a bad thing too. Even if HE had somehow invited it.
It was everybody's responsibility not to hound her to death afterwards, but they did.
Don't forget also that if somebody repeated your secret, they could not prove what they said.
I already have a hammer. Sunk cost.
Something that's smashed will probably have to be replaced even if it still works, and it's easy to assess whether you've stopped it from working. And "any idiot" is more likely to fry the USB port with that thing than to put the whole machine out of commission. They are VERY UNLIKELY to kill the contents of the hard drive, if that's what you mean by "be recoverable".
As for the wall, my power line still works, and so do lots of other things, even if it's on the end of a long cable. The piezo igniter from a $5 barbecue lighter, say. The piezo can also be quiet and inconspicuous if that's what you want, it has higher voltage and very possibly more current. Still unlikely to make the data unrecoverable, though.
Anyway, most devices are not behind walls, and if you ARE putting it behind a wall, you SHOULD be protecting the USB port from this sort of obvious electrical attack.
The point is that damaging things is easy. I could pop parts off a lot of motherboards by putting the intact devices over my knee. On a more robust device, if you have access to a cooling vent and the thing is turned on, you can go ahead and pee in it, and you'll probably do worse harm than you'd do with that thing. Or dump a bit of salt in your orange juice and dump that in. It's plausibly deniable; you don't have a dedicated destructive device to dispose of.
I'm just not seeing very many plausible situations where that device would be a go-to choice for a vandal.
Whoopee. I can hit it with a hammer for free, or plug it into the power line for a couple of bucks.
I think the dog can truly find the drives in a lot of cases... and not just "find" them. But what justified the warrant for the dog to be there in the first place? Where does the parallel construction come in? You could only use the dog to "parallel construct" after you were already conducting an invasive search, and at that point you wouldn't actually need any parallel construction. So what does it do for you?
Anyway, suppose I'm a guilty person, and you're the cop, and you get a warrant for whatever reason, and your dog finds the drive with the details of my scheme to sell drugs to buy child porn for terrorists. Well, if I'm not an idiot, said drive is going to be encrypted. And the number of idiots of the non-drive-encrypting variety is dropping rapidly, partly because of stories like this.
So my drive is encrypted, and I tell you that I don't know the password.
I have total deniability, because it's not uncommon for an actual innocent person to have an encrypted drive lying around and not know the password. In fact, my original point was that I am an actual innocent person in real life, and I do have many encrypted drives with unknown passwords, some of them probably in places I don't even remember. So what have you proven by finding the drive?
So how could you actually use the dog? Well, it would in fact help you to find good evidence against true idiots if you already had a good reason to search them. But the number of available idiots is probably small and is probably going to crash to insignificance. And you'd probably nail the idiots some other way anyway, because they're idiots and they've already screwed up something else to get you there in the first place.
As for using the dog as probable cause, the way they do with drug dogs at traffic stops, I don't think even today's supine US courts would swallow a hit from this dog as probable cause for anything. Flash drives are as common as dirt. 99.99 percent of them are totally innocent. Probably 99.9 percent of encrypted drives are totally innocent. So even if the dog were perfectly reliable, the hit wouldn't mean anything about crime and wouldn't justify anything further. And I think this is more a house search thing than a traffic stop thing anyway.
Which means I'm still not seeing the use of this dog even if you assume the cops are corrupt. Drug dogs are magic search authorizers for corrupt cops, but this one won't help them. And on the non-corrupt side, I bet the dog rarely actually finds usable evidence, and still less often finds decisive evidence, and I bet that becomes even less common within a few years. People will encrypt the drives, and they will have total deniability. The whole thing is a waste of time.
On reflection I was wrong about the "excuse to ransack your house", though. The dog might clue them in to tear open something they otherwise wouldn't, but I suspect that in most cases, once it gets to the point of executing a warrant, they're just going to tear everything up anyway. And as I said the standard "traffic stop" dog abuse won't work here the way it does for drugs.
Every room in my house is full of electronics. I have a box of proably 20 random USB flash drives in my office. None of them have child pornography or whatever on them, but most of them are encrypted. And I legitimately don't know most of the passwords, because who remembers the password they used for a scratch drive?
The dog is either totally useless, or just an excuse to ransack your house and/or confiscate everything you own.
There's a word for an organism that voluntarily "subjects itself" to natural selection.
That word is "cull".
Because natural selection, unlike ITGs, is actually tough. It does not give a fuck about your desire to feel superior. It does not give points for your delusions of infallibility. It does not play fair and it does not care if you do. It only cares about success.
If you pass up an easy way to assure success, natural selection will be completely happy to kill you.
You live in its world. It does not live in yours.
Any third party service is an extra exposure, period.
You have to be an absolute unmitigated idiot to even think about using something that sends every fucking keystroke to a third party.
And even if you pick the best cloud service every time, you are going to lose if you go out and make yourself dependent on 100 of these things. Not to mention the fact that they often lie and often change their security postures over time. They also love to farm out critical parts of what they do to still more cloud services, increasing your exposure still further. I especially like "I logged into SwiftKey with Google+". So you farmed out not only your goddamned keyboard, but the AUTHENTICATION for access to your keyboard.
I just hope the inevitable collapse of all this "as a service" stuff comes sooner rather than later. Then we can go back to only having to deal with the fact that the local software is crap.
It was easier in the past, and there weren't more of them then. Terrorism isn't cosmic inflation; it doesn't just spring magically from the laws of physics.
I could as easily argue that you create more terrorists by alienating people with heavy handed policing (why not?).
What does that have to do with anything? Decent people get caught up in all kinds of bad things. A lot of terrorists are probably decent in the same sense, just brainwashed about something they think is More Important(TM).
That's what makes them dangerous. The fact that they have enormous resources and public support is what makes them more dangerous than terrorists.
Tell the idiots to suck it up and get over it.
You're right. That would leave the present abuses untouched. We need to roll back about the last 17 years of this BS.
Bullshit. "Fruit of the poisoned tree". It still means something in spite of SCOTUS' recent attempts to eviscerate it.
That is, of course, the whole point.
Once they spend however many years it takes to work the bugs out of this sort of thing, the obious hope is that it will be able to lie to you much better than a human could, because it will never, ever have any of the tells a human does... but it will be able to send the signals that trick your monkey brain into thinking it's your friend. Better yet, it will be good at misleading you without technically lying. It will never forget to upsell, and it won't just be following a fixed script. It will be superb at manipulating you to get the maximum amount of money out of you, and it will never, ever feel remorse at talking you into a bad deal, no matter how obviously poor and naive you are.
Not just at car dealerships, either. The creepiest thing so far along those lines is the cloud-connected talking Barbie doll.
As a user, having seen the kind of code that's actually offered for me to use, I don't want it to be any easier than it absolutely has to be to leak memory. It can be really easy to drop a cyclic reference, or conversely really hard to keep track of when you have them. The programmers writing phone apps have shown that they're not up to that kind of challenge.
In this day and age, programmers shouldn't have to think about the internals of the runtime. Stuff should just work. And I'm willing to take a performance hit for that if need be.
No, it's not. It's meant to slow down address-harvesting bots and comment spammers. Which you would know if you'd bothered to read the article.