This is more or less, what Tom Drake said. Drake, who was a high level NSA official, started to address the agency's illegal activities by going through proper channels. When that failed, he and others within the NSA, leaked information to the NY Times while being very careful to limit the disclosures to things that were not too sensitive but still showed illegal activity. There were congressional hearings and the NSA denied everything. They got away with it because Drake's leaks did not include enough detailed evidence. At this point, they could have cut back those activities, which they had denied doing (but were, in fact, doing) because the process clearly pointed them out as illegal and unwanted by the American public. That's where Snowden came in and provided the detailed evidence. I think that no small part of his decision to flee had to do with creating a dramatic effect. His being on the run helps to keep the issue in the public spotlight. If that stops working, he may choose some opportune time to turn himself in if it can be done for further dramatic effect. So, I think there is actually some benefit for a whistleblower, like Snowden, to break the law to the point of an act of civil disobedience. Meanwhile, Tom Drake was protected as a whistleblower although he had a tough time with his legal defence for a while.
I like Bitcoin as my solution to this problem. I just recently bought some stuff and the site emailed me back my password in clear text. Idiots! That's the point where I was really glad I had paid in Bitcoin.
I don't see how this could benefit Facebook. It just highlights how dangerous all that data about you and your friends really is and how much the ordinary person does have to hide. My guess is that they are trying to appease various US ally governments, especially the British. If you had watched the BBC over the last decade, you would know that they consider Facbook to be a tool that can be exploited by terrorists. The British military recommends against their soldiers using Facebook and if they do, to follow a list of security recommendations. Iran is particularly known for targeting friends and family of their enemies.
One of the major aspects of age discrimination, in all fields, is that seniority is a major component of how much you get paid. This differs from institution to institution but it can often be the case that you pay twice as much for someone in their fourties or fifties than someone right out of college for the same position. If management doesn't understand the skill sets needed for different IT jobs (and they often don't) then it is convenient to believe that younger people are better at IT for some reason.
The point is that guild style unions are very different from closed shop unions. The higher the skill of workers involved, the more likely the union will be guild style. I think, however, that even manual jobs would benefit from something more like a guild style union. Guilds apply evenly across an industry. A closed shop applies to a specific employer and they create a situation where different employers in a given industry compete against each other to bust unions. Closed shops also tend to create a lot of ill will in cases where they advocate for individual employees who don't really deserve help. In these situations, which have happened in places where I have worked, I think that we would have been much better off if collective bargaining and individual bargaining were handled by different orgainizations.
One thing this setup does is to create a large target for criminals, foreign intelligence agencies, terrorists or anyone wanting to break into the video storage to learn about how a specific police department works.
It's no worse than the video being in the possession of the police themselves. Citizens who want to protect themselves against police misconduct will have to take their own video as they have had to in the past.
There are a variety of options. I keep a double encrypted backup copy of my bitcoin wallet on a second hard drive and another one on cloud storage. What I mean by double encrpted is that the wallet, itself, is encrypted by the Bitcoin software (older versions didn't have that feature but current ones do.) Then I encrypt again with GPG from the command line, using a second, different password. I think this is secure enough, even for $100,000, though I don't keep that much in bitcoin myself. Another thing you can do, if you're really worried about bitrot and such, is that you can print out bitcoin as QR codes on paper.
The real problem with this, as I see it, is that you don't make any interest on such storage. What we need, at some point, is to have some good investments denominated in bitcoin. The idea is already out there but I wouldn't trust any of the existing options yet.
I think the idea is this:
Windows XP = open to privacy violations by cyber criminals
Windows 10 = systematic privacy violations by Microsoft
Actually, this second issue about Microsoft having lots of access to your private information is not new. At least as far back as Windows 2000 sp3, there were concerns that the EULA would violate HIPAA (US law protecting the privacy of health information). You would have to have what HIPAA calls a "Business Associates Agreement" (BAA) with Microsoft in order to be HIPAA compliant while using Windows 2000 sp3. IIRC, Microsoft later backed off on the EULA and this was no longer an issue. This time around, given their approach to HIPAA and their cloud service, Azure, maybe they will offer to sign a BAA for everyone using Windows 10 who needs HIPAA compliance.
There's plenty of blame to go around. Some of the end users of the site did things they shouldn't have done. These people and others shouldn't have trusted Ashley Madison. That doesn't make it okay for Ashley Madison to have poor security. They should have done better and suffer the consequences for not doing better. Ashley Madison's poor pracitces don't make it okay for cyber criminals to hack them. They did wrong too. None of this makes it okay for the tech industry to allow such lax security, in general.
Microsoft is just keeping up with modern ways of doing things. If you want to know how to do something, you Google it. So, they increasingly design things so you need to do exactly that. Just Google it.
That's as long as the process complies with the due process clause of the 5th Amendment to the US constitution and does not undermine it by precendent.
...Nor shall any person be deprived of life, liberty, or property, without due process of law....
As I understand it the main argument, which the ACLU is using, boils down to saying that the no-fly list deprives people of liberty and this "predictive judgement" is not due process of law.
Thanks for that info. IANAL either but my understanding is that most places have a rule with the statute of limitations that the clock stops ticking if you flee from their jurisdiction. So this isn't about a statute of limitations. It's about something more like the U.S. 6th Ammendment which, basically, bans open ended investigations and other Kafkaesque stuff. Within a reasonable timeframe law enforcement has to bring formal charges to a court of law, specifying exactly what the person is accused of, the court decides and that's the end of it.
This reminds me of a thing a few years back where every bottle of laboratory chemicals had to have a sticker on it saying "For the purposes of the New Jersey Right to Know Act, contents partially unknown." It took a few years before they realized that there was no practical value in that labeling requirement. In the meanwhile, I put one of those stickers on my refrigerator. It seemed appropriate.
I think they probably will let you pay full price. Then you have to wonder if it did any good since privacy policies are very hard to enforce. If you make a practice of creating single use email aliases for any length of time, you find out that a good number of those opt out check boxes for subscribing to email announcements (like when you buy something online) don't actually work. "...Oh sorry, that was a bug. We didn't really mean to spam you." "...Sorry we leaked your data. We didn't mean to."
So a tiny number of the 1337 among us, more than small enought to be a rounding error for the behavioural marketers, null routed IP ranges of known advertisers. This worked well for a while but then things changed and the web became practically unusable if you weren't routed through at least one Google property (like Adsense or Doubleclick.) That's when we resorted to using multiple browser addons such as NoScript, BetterPrivacy, Beef TACO, Random Agent Spoofer, HTTPS Everywhere and others on top of hacking stuff in the about:config section of FireFox. Then, of course, you need to separate different activities in different web browsers, preferably using virtual machines or other forms of sandboxing. All this and you still can't be sure you have protected your privacy. I certainly won't play that game with a car.
Wasn't the point of targeted advertising supposed to be that you would need fewer ads to support a site? Behavioural marketers argure that if they had to place ads by the general demographic of a site's visitors, rather than target ads to individuals, then there would have to be as many ads as there are in a print magazine. 25% of traffic seems like a lot from that perspective. I realize that the ads are probably not taking up a huge amount of area on the page but I think they are every bit as intrusive as magazine ads, if not more.
I would not choose Sucralose over Aspartame. It's much less tested than aspartame. The other thing is that Sucralose is just sucrose with some of the hydroxyl groups replaced by chlorine. General experience with organic chlorine is that it tends to be dangerous and often cancer causing. The manufacturers showed that Sucralose is not absorbed in the gastrointestinal tract and that greatly helped it's approval. However, it seems to me that it doesn't have to be absorbed in order to cause trouble right there in the gastrointestinal tract, such as colon cancer.
The one sweetener that may be as good or better than Aspartame is Stevia now that it's approved as an artificial sweetener. It has been used in many other countries for many years. Here in the US, it was previously marketed as a nutritional suppliement and I did not trust it as such. The fact that a non-nutritive sweener could have ever been classified as a nutritional suppliment shows how rediculous the law is.
I'm glad I did my recent router shopping by starting with the list of OpenWRT supported devices. OpenWRT is a community supported router firmware. There is more active scrutiny of OpenWRT than proprietary manufacturer firmwares. They support hardware more actively and longer than the manufacturers, themselves, do because they use a common source with many hardware models. There is less likelihood of backdoors being introduced or going unnoticed if they are introduced. I'm talking about backdoors like the famous port 32764 back door which was found and patched but then the patch was reverse engineered and found to just hide the back door better.
Now this story highlights another issue which is that the manufacturers are trying to add features to their routers. This is antithetical to security. The best thing for security is to keep it simple. HNAP, the basis of the vulnerability in this story, is just such a feature which I don't need or want. I think this all adds up to a situation where you want to avoid manufacturer supplied firmware if at all possible.
Slashdot Mirror
This is more or less, what Tom Drake said. Drake, who was a high level NSA official, started to address the agency's illegal activities by going through proper channels. When that failed, he and others within the NSA, leaked information to the NY Times while being very careful to limit the disclosures to things that were not too sensitive but still showed illegal activity. There were congressional hearings and the NSA denied everything. They got away with it because Drake's leaks did not include enough detailed evidence. At this point, they could have cut back those activities, which they had denied doing (but were, in fact, doing) because the process clearly pointed them out as illegal and unwanted by the American public. That's where Snowden came in and provided the detailed evidence. I think that no small part of his decision to flee had to do with creating a dramatic effect. His being on the run helps to keep the issue in the public spotlight. If that stops working, he may choose some opportune time to turn himself in if it can be done for further dramatic effect. So, I think there is actually some benefit for a whistleblower, like Snowden, to break the law to the point of an act of civil disobedience. Meanwhile, Tom Drake was protected as a whistleblower although he had a tough time with his legal defence for a while.
I like Bitcoin as my solution to this problem. I just recently bought some stuff and the site emailed me back my password in clear text. Idiots! That's the point where I was really glad I had paid in Bitcoin.
I don't see how this could benefit Facebook. It just highlights how dangerous all that data about you and your friends really is and how much the ordinary person does have to hide. My guess is that they are trying to appease various US ally governments, especially the British. If you had watched the BBC over the last decade, you would know that they consider Facbook to be a tool that can be exploited by terrorists. The British military recommends against their soldiers using Facebook and if they do, to follow a list of security recommendations. Iran is particularly known for targeting friends and family of their enemies.
... and mobile users saved a multiple of that amount in reduced bandwidth costs.
Okay, I'll add to the list - corporate responsibility... from Enron to AIG to Volkswagen.
One of the major aspects of age discrimination, in all fields, is that seniority is a major component of how much you get paid. This differs from institution to institution but it can often be the case that you pay twice as much for someone in their fourties or fifties than someone right out of college for the same position. If management doesn't understand the skill sets needed for different IT jobs (and they often don't) then it is convenient to believe that younger people are better at IT for some reason.
The point is that guild style unions are very different from closed shop unions. The higher the skill of workers involved, the more likely the union will be guild style. I think, however, that even manual jobs would benefit from something more like a guild style union. Guilds apply evenly across an industry. A closed shop applies to a specific employer and they create a situation where different employers in a given industry compete against each other to bust unions. Closed shops also tend to create a lot of ill will in cases where they advocate for individual employees who don't really deserve help. In these situations, which have happened in places where I have worked, I think that we would have been much better off if collective bargaining and individual bargaining were handled by different orgainizations.
One thing this setup does is to create a large target for criminals, foreign intelligence agencies, terrorists or anyone wanting to break into the video storage to learn about how a specific police department works.
It's no worse than the video being in the possession of the police themselves. Citizens who want to protect themselves against police misconduct will have to take their own video as they have had to in the past.
There are a variety of options. I keep a double encrypted backup copy of my bitcoin wallet on a second hard drive and another one on cloud storage. What I mean by double encrpted is that the wallet, itself, is encrypted by the Bitcoin software (older versions didn't have that feature but current ones do.) Then I encrypt again with GPG from the command line, using a second, different password. I think this is secure enough, even for $100,000, though I don't keep that much in bitcoin myself. Another thing you can do, if you're really worried about bitrot and such, is that you can print out bitcoin as QR codes on paper. The real problem with this, as I see it, is that you don't make any interest on such storage. What we need, at some point, is to have some good investments denominated in bitcoin. The idea is already out there but I wouldn't trust any of the existing options yet.
I think the idea is this:
Windows XP = open to privacy violations by cyber criminals
Windows 10 = systematic privacy violations by Microsoft
Actually, this second issue about Microsoft having lots of access to your private information is not new. At least as far back as Windows 2000 sp3, there were concerns that the EULA would violate HIPAA (US law protecting the privacy of health information). You would have to have what HIPAA calls a "Business Associates Agreement" (BAA) with Microsoft in order to be HIPAA compliant while using Windows 2000 sp3. IIRC, Microsoft later backed off on the EULA and this was no longer an issue. This time around, given their approach to HIPAA and their cloud service, Azure, maybe they will offer to sign a BAA for everyone using Windows 10 who needs HIPAA compliance.
There's plenty of blame to go around. Some of the end users of the site did things they shouldn't have done. These people and others shouldn't have trusted Ashley Madison. That doesn't make it okay for Ashley Madison to have poor security. They should have done better and suffer the consequences for not doing better. Ashley Madison's poor pracitces don't make it okay for cyber criminals to hack them. They did wrong too. None of this makes it okay for the tech industry to allow such lax security, in general.
Microsoft is just keeping up with modern ways of doing things. If you want to know how to do something, you Google it. So, they increasingly design things so you need to do exactly that. Just Google it.
That's as long as the process complies with the due process clause of the 5th Amendment to the US constitution and does not undermine it by precendent.
...Nor shall any person be deprived of life, liberty, or property, without due process of law....
As I understand it the main argument, which the ACLU is using, boils down to saying that the no-fly list deprives people of liberty and this "predictive judgement" is not due process of law.
Thanks for that info. IANAL either but my understanding is that most places have a rule with the statute of limitations that the clock stops ticking if you flee from their jurisdiction. So this isn't about a statute of limitations. It's about something more like the U.S. 6th Ammendment which, basically, bans open ended investigations and other Kafkaesque stuff. Within a reasonable timeframe law enforcement has to bring formal charges to a court of law, specifying exactly what the person is accused of, the court decides and that's the end of it.
Quis custodiet ipsos custodes?
I seem to be quoting that a lot lately but it is a classic after all.
Right. Is it going to automatically blind any cop who is directing traffic?
This reminds me of a thing a few years back where every bottle of laboratory chemicals had to have a sticker on it saying "For the purposes of the New Jersey Right to Know Act, contents partially unknown." It took a few years before they realized that there was no practical value in that labeling requirement. In the meanwhile, I put one of those stickers on my refrigerator. It seemed appropriate.
I think they probably will let you pay full price. Then you have to wonder if it did any good since privacy policies are very hard to enforce. If you make a practice of creating single use email aliases for any length of time, you find out that a good number of those opt out check boxes for subscribing to email announcements (like when you buy something online) don't actually work. "...Oh sorry, that was a bug. We didn't really mean to spam you." "...Sorry we leaked your data. We didn't mean to."
So a tiny number of the 1337 among us, more than small enought to be a rounding error for the behavioural marketers, null routed IP ranges of known advertisers. This worked well for a while but then things changed and the web became practically unusable if you weren't routed through at least one Google property (like Adsense or Doubleclick.) That's when we resorted to using multiple browser addons such as NoScript, BetterPrivacy, Beef TACO, Random Agent Spoofer, HTTPS Everywhere and others on top of hacking stuff in the about:config section of FireFox. Then, of course, you need to separate different activities in different web browsers, preferably using virtual machines or other forms of sandboxing. All this and you still can't be sure you have protected your privacy. I certainly won't play that game with a car.
Wasn't the point of targeted advertising supposed to be that you would need fewer ads to support a site? Behavioural marketers argure that if they had to place ads by the general demographic of a site's visitors, rather than target ads to individuals, then there would have to be as many ads as there are in a print magazine. 25% of traffic seems like a lot from that perspective. I realize that the ads are probably not taking up a huge amount of area on the page but I think they are every bit as intrusive as magazine ads, if not more.
Who will guard the guards themselves
I would not choose Sucralose over Aspartame. It's much less tested than aspartame. The other thing is that Sucralose is just sucrose with some of the hydroxyl groups replaced by chlorine. General experience with organic chlorine is that it tends to be dangerous and often cancer causing. The manufacturers showed that Sucralose is not absorbed in the gastrointestinal tract and that greatly helped it's approval. However, it seems to me that it doesn't have to be absorbed in order to cause trouble right there in the gastrointestinal tract, such as colon cancer.
The one sweetener that may be as good or better than Aspartame is Stevia now that it's approved as an artificial sweetener. It has been used in many other countries for many years. Here in the US, it was previously marketed as a nutritional suppliement and I did not trust it as such. The fact that a non-nutritive sweener could have ever been classified as a nutritional suppliment shows how rediculous the law is.
I'm glad I did my recent router shopping by starting with the list of OpenWRT supported devices. OpenWRT is a community supported router firmware. There is more active scrutiny of OpenWRT than proprietary manufacturer firmwares. They support hardware more actively and longer than the manufacturers, themselves, do because they use a common source with many hardware models. There is less likelihood of backdoors being introduced or going unnoticed if they are introduced. I'm talking about backdoors like the famous port 32764 back door which was found and patched but then the patch was reverse engineered and found to just hide the back door better.
Now this story highlights another issue which is that the manufacturers are trying to add features to their routers. This is antithetical to security. The best thing for security is to keep it simple. HNAP, the basis of the vulnerability in this story, is just such a feature which I don't need or want. I think this all adds up to a situation where you want to avoid manufacturer supplied firmware if at all possible.
TFA basically says that you can detect trolls early on but, the faster you censor them, the more antisocial they become.