Which aspect, the guarantees not being as strong as a lot of people seem to be assuming or the (possibly unintended) consequences in terms of overheads?
Sadly, I didn't. I might have described something close to what GDPR was meant to be. What it actually is does not provide such strong guarantees to data subjects but does cause significant overheads even for businesses that have no interest in these kinds of creepy data-mining activities.
You want some in-between thing that's partly optimized for one thing and partly optimized for an entirely contrary thing, then no one can guess which amount of optimization you want for which side of the balance, so no one can offer a suggestion for that.
There's nothing contrary about wanting secure local transfer of data between devices. We've been doing it for decades, and no paradox is involved. A whole range of different connections and protocols exist for this purpose, and almost every other popular device can do it right now. But with Apple gear...
Normal people transfer files the way they are given, because they don't know any better.
Normal people are also subject to identity theft, targeting marketing, and all the other risks that come with sharing potentially sensitive data with third parties unnecessarily.
It is baffling to me that you seem to equate the common behaviour with good behaviour. Why on earth would anyone do that?
You are correct. If you want to transfer files with a cable, in a ritualistic homage to historic data handling methods, then an iPhone is a poor choice.
False dichotomy is false. There is no reason any number of local wireless alternatives couldn't be used instead. Apple just chooses not to support them, presumably to promote the lock-in effect within its own ecosystem. It's perfectly reasonable for privacy-conscious users to be wary of that and make another choice when buying a device.
You're afraid of every 3rd-party service. About 98% of everyone else isn't.
I'm not sure that's even close to true. People accepting the use of 3rd party services because they have no realistic alternative while still living a normal life does not mean the approve of those services and everything they do.
Moreover, a big part of the problem is that the average non-geek user has no idea how much damage these data leaks can do. Meanwhile, ID theft is one of the fastest-growing crimes and has devastating effects on its victims, cyber-bullying is one of the biggest problems for young people today and something many parents struggle to protect their kids from, etc.
At some point, those of us who do know how this stuff works and what is really happening has a moral obligation to step up, raise awareness, and campaign for businesses to do better, whether voluntarily or not.
Every method you've suggested so far involves transferring your files via a third party. There is absolutely no reason anyone should have to do that to transfer data between their personal devices that are sitting next to each other on a desk right in front of them, and your whole approach goes against the generally good principle of security and privacy by design and by default.
You're seriously suggesting, in a discussion about online privacy, that a reasonable alternative to sharing your digital life with whoever makes your phone is to make your own phone?
Here's an alternative suggestion: Makers of consumer devices are required by law to make all data collection and use of online services transparent, with notifications prominently displayed on the packaging and UI to legally mandated visibility standards. Moreover, any data sharing that is not essential for the device to operate must be optional, with user controls that stick once set and are set to full privacy by default. Likewise, the user must explicitly opt-in to activate any online service, even if it is essential for the use of the device. Penalty for failure to comply is 10% of global revenues from sales of the affected devices in the first year and the percentage doubles each year, in addition to any server ever touched without the correct user authority being subject to removal and destruction without compensation.
See, anyone can propose severely one-sided rules for this game. The difference is that for some reason we're accepting the rules set by big business in an industry where competition isn't functioning effectively any more because the abuse is too profitable under current laws for any big player to offer an alternative that doesn't come with that abuse.
The unfortunate thing is that this path seems destined to continue as long as Nadella is in charge, and for reasons that escape me Microsoft shares are trending strongly up in recent years despite the obvious elephants in the room, so it doesn't look like Nadella is going anywhere any time soon. He's basically proven that they are so dominant right now that they can screw up on the scale of Windows 10 and still not suffer financially, at least for now. How sustainable that will be when the half-or-so of Windows users still on 7 get abandoned is another question, of course.
You can uninstall the telemetry with Windows 7, and it also doesn't force arbitrary updates/reboots, install ads for games on your serious machine, etc. etc.
There is nothing that will magically force people to move from Windows 7 even when Microsoft deems it EOL. By that point it will have had many years to find and fix security issues, and it's quite possible that third party tools will bridge any gaps.
Normally speaking, you'd expect the ageing support for hardware and networking in 7 to be the deciding factor in moving up, but given the unreliability and general undesirability of 10, it doesn't look particularly attractive for better compatibility either. There are several plausible alternatives already for a lot of users, and what will be interesting is whether the market shifts heavily in a particular direction (quite possibly further towards devices other than desktop/laptop PCs with their own surrounding ecosystems) as the 7 EOL date approaches.
The government might not like it, but whether they can do much about it is another question. It would be difficult to draft a law that covered tools like this without causing significant collateral damage.
Of more immediate practical interest might be that visitors from Tor tend to be restricted in what they can do online because there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.
You're talking about what you'd like to happen. I'm talking about mathematics. No security is being broken here, because the local endpoint is actively configured to trust the intermediary by its authorised administrator. The violation of the protocol is only in the sense that if the local user is not also the administrator of the system, and if that user has not been made aware of the arrangement, then their trust in the system as a whole is misplaced.
An approach that works for computers too. Company sets some rules - but they certainly don't have to manage every device on the network.
Unfortunately, in modern times it doesn't work so easily. That's why handling BYOD policy is one of the current big discussions in corporate IT, why dual-purpose devices where there is a remote wipe controlled by corporate IT exist, and so on.
When you vpn in to work from home/hotel, they can't know whats on those networks anyway.
And again, that's why VPNs and on-site guest networks that have devices outside the firewalls tend to have more limited access.
Have an internal network that is robust, instead of the silly idea of having mega-vulnerable equipment behind very strict firewalls.
It's not either/or. Deploying these kinds of tools is all about having layers of security and isolating different parts of the network as much as possible.
I had my office PC on a public IP till 2016 - this was not a problem.
Perhaps, but if there was a zero-day vulnerability then your PC might have given the attackers a path directly into the network. Assuming that you really do mean directly connected and not just having its own assigned IP but still behind the firewalls/proxies, of course.
No, you don't. There is an entire industry based on this kind of technology, and the underlying mathematics is well understood. If you think you can prove that what this industry does every day can never work, then you have misunderstood what is actually happening.
If the legislators/regulators want the Internet to work that way, then as long as you're using equipment managed by someone under the authority of those legislators/regulators, that's very likely exactly what will happen. If you don't like it, don't use other people's equipment to connect to the Internet.
The basic premise of these systems is that the person managing the endpoint has voluntarily configured it to trust a MITM device that will impersonate (through certificate forgery, essentially) the other endpoint. Given that certificate forgery, how do you know you can trust any signature either?
Ultimately, if you don't manage the endpoint you're using, the game is already over.
That position is untenable both mathematically and legally.
It's perfectly logical that an intermediary device can decrypt and re-encrypt data with no flaw in the security protocols, if suitable certificates and trust are configured on both the originating device and the intermediary.
And while technical people will naturally be concerned about the possibilities of abuse with MITM-style devices, the fact is that we live in the real world and the people responsible for corporate security and regulatory compliance aren't just going to run open pipes in and out of large organisations in most cases. That could lead to business-ending liabilities in all kinds of ways just because Joe in Accounts Receivable thought running taylor_swift_naked.exe that he downloaded from his GMail account seemed like a good idea.
That's a nice ideal, but in a corporate environment you may have legal and regulatory constraints that prohibit you from actually providing end-to-end encryption from inside your network to outside or vice versa, and the kinds of devices we're talking about fit in between. If you're using someone else's computer, for example at work, then you should never assume that your browser is truly end-to-end encrypting a connection to your bank or GMail or whatever. It is common these days for large organisations to operate their own internal CA and add it as a root authority on all of the organisation's devices for exactly this purpose.
Just to be clear, this doesn't necessarily imply that anything sinister is going on. There are several legitimate and practical reasons to deploy these kinds of tools, which is why it's a problem if they don't work properly and degrade security in the process. In many places, it is also a legal requirement to disclose the possibility rather than doing it covertly. Still, if you want a truly secure and private connection, you should use your own devices obtained from reputable sources, not something managed by your employer or any other third party.
But the reasoning behind that ruling (the whole de minimis thing) derived from EU rules, which said that any exception to be introduced by a national government should be balanced by compensation to rightsholders unless it was shown that no significant harm was done. The government at the time did take that position, but because they didn't actually have hard data to support it, their opinion wasn't considered sufficient by the court, and they decided not to challenge the result.
In other words, Big Media managed to overturn a law made by a democratically elected government, largely on the basis that the government hadn't actively proved that it wasn't harming Big Media. Whether or not any hypothetical harm to Big Media would have been justified anyway and whether or not the old laws were hopelessly outdated and no longer fit for purpose were not major factors in the decision.
I don't disagree with you about the need to handle lobbying and so on, but this very clearly was an EU thing.
It's suspicious that a judge received a request and issued a formal instruction for a CDN to disclose who is using its facilities to allegedly break the law, so that the rightsholders can take legal action against them? Really?
There's plenty to question about the US legal system and how copyright matters are handled, but isn't this exactly how it's supposed to work?
AmiMoJo was correct. This was a significant step in the European Parliament, but that does not in itself result in a new law being enacted. The next stage is a "trilogue" between the three main branches of the EU administration, the Parliament, Council and Commission.
The problem is partly that the Council and Commission are much less democratic than the Parliament and have form for pushing heavily pro-big-copyright agendas, but the good news is that there will still be at least one further chance for the Parliament to realise what is going on here and stop it later in the process.
Even the UK government has attempted to modernise copyright law to an extent, to make it somewhat more realistic and proportionate in light of modern technology. For example, in 2014 a private copying exception was introduced that legalised actions like format-shifting where someone had a legally obtained, permanent copy of a work and the copy was only made for their own private use.
The EU, in contrast, has been very consistently pro-big-copyright for a long time. When that UK private copying exception was struck down by a High Court judge in 2015, it was largely on the basis of failure to comply with EU law requiring fair compensation to rightsholders should a member state introduce such an exception without also demonstrating that any harm was minimal.
Personally, I'm a dumbphone hold-out. There is not very much I could do with a smartphone that I couldn't do better or at least more conveniently with either a small phone with much longer battery life or a larger device like a tablet or laptop or DSLR camera. It's certainly not a perfect solution; one significant exception is the increasing dependence on transport and parking apps, where it often would be more convenient to access them for a few moments from a device in my pocket rather than getting a tablet out of my bag. But you can buy a lot of tablet or laptop or camera equipment for the difference in price between a dumbphone and whatever marketing-driven high-end smartphone people are buying this week, and I'm a bit old school about spending my money on things that are actually good.:-)
Slashdot Mirror
Which aspect, the guarantees not being as strong as a lot of people seem to be assuming or the (possibly unintended) consequences in terms of overheads?
You just described GDPR.
Sadly, I didn't. I might have described something close to what GDPR was meant to be. What it actually is does not provide such strong guarantees to data subjects but does cause significant overheads even for businesses that have no interest in these kinds of creepy data-mining activities.
You want some in-between thing that's partly optimized for one thing and partly optimized for an entirely contrary thing, then no one can guess which amount of optimization you want for which side of the balance, so no one can offer a suggestion for that.
There's nothing contrary about wanting secure local transfer of data between devices. We've been doing it for decades, and no paradox is involved. A whole range of different connections and protocols exist for this purpose, and almost every other popular device can do it right now. But with Apple gear...
Normal people transfer files the way they are given, because they don't know any better.
Normal people are also subject to identity theft, targeting marketing, and all the other risks that come with sharing potentially sensitive data with third parties unnecessarily.
It is baffling to me that you seem to equate the common behaviour with good behaviour. Why on earth would anyone do that?
You are correct. If you want to transfer files with a cable, in a ritualistic homage to historic data handling methods, then an iPhone is a poor choice.
False dichotomy is false. There is no reason any number of local wireless alternatives couldn't be used instead. Apple just chooses not to support them, presumably to promote the lock-in effect within its own ecosystem. It's perfectly reasonable for privacy-conscious users to be wary of that and make another choice when buying a device.
You're afraid of every 3rd-party service. About 98% of everyone else isn't.
I'm not sure that's even close to true. People accepting the use of 3rd party services because they have no realistic alternative while still living a normal life does not mean the approve of those services and everything they do.
Moreover, a big part of the problem is that the average non-geek user has no idea how much damage these data leaks can do. Meanwhile, ID theft is one of the fastest-growing crimes and has devastating effects on its victims, cyber-bullying is one of the biggest problems for young people today and something many parents struggle to protect their kids from, etc.
At some point, those of us who do know how this stuff works and what is really happening has a moral obligation to step up, raise awareness, and campaign for businesses to do better, whether voluntarily or not.
Every method you've suggested so far involves transferring your files via a third party. There is absolutely no reason anyone should have to do that to transfer data between their personal devices that are sitting next to each other on a desk right in front of them, and your whole approach goes against the generally good principle of security and privacy by design and by default.
You're seriously suggesting, in a discussion about online privacy, that a reasonable alternative to sharing your digital life with whoever makes your phone is to make your own phone?
Here's an alternative suggestion: Makers of consumer devices are required by law to make all data collection and use of online services transparent, with notifications prominently displayed on the packaging and UI to legally mandated visibility standards. Moreover, any data sharing that is not essential for the device to operate must be optional, with user controls that stick once set and are set to full privacy by default. Likewise, the user must explicitly opt-in to activate any online service, even if it is essential for the use of the device. Penalty for failure to comply is 10% of global revenues from sales of the affected devices in the first year and the percentage doubles each year, in addition to any server ever touched without the correct user authority being subject to removal and destruction without compensation.
See, anyone can propose severely one-sided rules for this game. The difference is that for some reason we're accepting the rules set by big business in an industry where competition isn't functioning effectively any more because the abuse is too profitable under current laws for any big player to offer an alternative that doesn't come with that abuse.
The unfortunate thing is that this path seems destined to continue as long as Nadella is in charge, and for reasons that escape me Microsoft shares are trending strongly up in recent years despite the obvious elephants in the room, so it doesn't look like Nadella is going anywhere any time soon. He's basically proven that they are so dominant right now that they can screw up on the scale of Windows 10 and still not suffer financially, at least for now. How sustainable that will be when the half-or-so of Windows users still on 7 get abandoned is another question, of course.
You can uninstall the telemetry with Windows 7, and it also doesn't force arbitrary updates/reboots, install ads for games on your serious machine, etc. etc.
There is nothing that will magically force people to move from Windows 7 even when Microsoft deems it EOL. By that point it will have had many years to find and fix security issues, and it's quite possible that third party tools will bridge any gaps.
Normally speaking, you'd expect the ageing support for hardware and networking in 7 to be the deciding factor in moving up, but given the unreliability and general undesirability of 10, it doesn't look particularly attractive for better compatibility either. There are several plausible alternatives already for a lot of users, and what will be interesting is whether the market shifts heavily in a particular direction (quite possibly further towards devices other than desktop/laptop PCs with their own surrounding ecosystems) as the 7 EOL date approaches.
The government might not like it, but whether they can do much about it is another question. It would be difficult to draft a law that covered tools like this without causing significant collateral damage.
Of more immediate practical interest might be that visitors from Tor tend to be restricted in what they can do online because there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.
Sorry, but that simply isn't true.
You're talking about what you'd like to happen. I'm talking about mathematics. No security is being broken here, because the local endpoint is actively configured to trust the intermediary by its authorised administrator. The violation of the protocol is only in the sense that if the local user is not also the administrator of the system, and if that user has not been made aware of the arrangement, then their trust in the system as a whole is misplaced.
An approach that works for computers too. Company sets some rules - but they certainly don't have to manage every device on the network.
Unfortunately, in modern times it doesn't work so easily. That's why handling BYOD policy is one of the current big discussions in corporate IT, why dual-purpose devices where there is a remote wipe controlled by corporate IT exist, and so on.
When you vpn in to work from home/hotel, they can't know whats on those networks anyway.
And again, that's why VPNs and on-site guest networks that have devices outside the firewalls tend to have more limited access.
Have an internal network that is robust, instead of the silly idea of having mega-vulnerable equipment behind very strict firewalls.
It's not either/or. Deploying these kinds of tools is all about having layers of security and isolating different parts of the network as much as possible.
I had my office PC on a public IP till 2016 - this was not a problem.
Perhaps, but if there was a zero-day vulnerability then your PC might have given the attackers a path directly into the network. Assuming that you really do mean directly connected and not just having its own assigned IP but still behind the firewalls/proxies, of course.
No, you don't. There is an entire industry based on this kind of technology, and the underlying mathematics is well understood. If you think you can prove that what this industry does every day can never work, then you have misunderstood what is actually happening.
If the legislators/regulators want the Internet to work that way, then as long as you're using equipment managed by someone under the authority of those legislators/regulators, that's very likely exactly what will happen. If you don't like it, don't use other people's equipment to connect to the Internet.
The basic premise of these systems is that the person managing the endpoint has voluntarily configured it to trust a MITM device that will impersonate (through certificate forgery, essentially) the other endpoint. Given that certificate forgery, how do you know you can trust any signature either?
Ultimately, if you don't manage the endpoint you're using, the game is already over.
That position is untenable both mathematically and legally.
It's perfectly logical that an intermediary device can decrypt and re-encrypt data with no flaw in the security protocols, if suitable certificates and trust are configured on both the originating device and the intermediary.
And while technical people will naturally be concerned about the possibilities of abuse with MITM-style devices, the fact is that we live in the real world and the people responsible for corporate security and regulatory compliance aren't just going to run open pipes in and out of large organisations in most cases. That could lead to business-ending liabilities in all kinds of ways just because Joe in Accounts Receivable thought running taylor_swift_naked.exe that he downloaded from his GMail account seemed like a good idea.
That's a nice ideal, but in a corporate environment you may have legal and regulatory constraints that prohibit you from actually providing end-to-end encryption from inside your network to outside or vice versa, and the kinds of devices we're talking about fit in between. If you're using someone else's computer, for example at work, then you should never assume that your browser is truly end-to-end encrypting a connection to your bank or GMail or whatever. It is common these days for large organisations to operate their own internal CA and add it as a root authority on all of the organisation's devices for exactly this purpose.
Just to be clear, this doesn't necessarily imply that anything sinister is going on. There are several legitimate and practical reasons to deploy these kinds of tools, which is why it's a problem if they don't work properly and degrade security in the process. In many places, it is also a legal requirement to disclose the possibility rather than doing it covertly. Still, if you want a truly secure and private connection, you should use your own devices obtained from reputable sources, not something managed by your employer or any other third party.
Why are criminal charges relevant here?
But the reasoning behind that ruling (the whole de minimis thing) derived from EU rules, which said that any exception to be introduced by a national government should be balanced by compensation to rightsholders unless it was shown that no significant harm was done. The government at the time did take that position, but because they didn't actually have hard data to support it, their opinion wasn't considered sufficient by the court, and they decided not to challenge the result.
In other words, Big Media managed to overturn a law made by a democratically elected government, largely on the basis that the government hadn't actively proved that it wasn't harming Big Media. Whether or not any hypothetical harm to Big Media would have been justified anyway and whether or not the old laws were hopelessly outdated and no longer fit for purpose were not major factors in the decision.
I don't disagree with you about the need to handle lobbying and so on, but this very clearly was an EU thing.
It's suspicious that a judge received a request and issued a formal instruction for a CDN to disclose who is using its facilities to allegedly break the law, so that the rightsholders can take legal action against them? Really?
There's plenty to question about the US legal system and how copyright matters are handled, but isn't this exactly how it's supposed to work?
AmiMoJo was correct. This was a significant step in the European Parliament, but that does not in itself result in a new law being enacted. The next stage is a "trilogue" between the three main branches of the EU administration, the Parliament, Council and Commission.
The problem is partly that the Council and Commission are much less democratic than the Parliament and have form for pushing heavily pro-big-copyright agendas, but the good news is that there will still be at least one further chance for the Parliament to realise what is going on here and stop it later in the process.
Even the UK government has attempted to modernise copyright law to an extent, to make it somewhat more realistic and proportionate in light of modern technology. For example, in 2014 a private copying exception was introduced that legalised actions like format-shifting where someone had a legally obtained, permanent copy of a work and the copy was only made for their own private use.
The EU, in contrast, has been very consistently pro-big-copyright for a long time. When that UK private copying exception was struck down by a High Court judge in 2015, it was largely on the basis of failure to comply with EU law requiring fair compensation to rightsholders should a member state introduce such an exception without also demonstrating that any harm was minimal.
Personally, I'm a dumbphone hold-out. There is not very much I could do with a smartphone that I couldn't do better or at least more conveniently with either a small phone with much longer battery life or a larger device like a tablet or laptop or DSLR camera. It's certainly not a perfect solution; one significant exception is the increasing dependence on transport and parking apps, where it often would be more convenient to access them for a few moments from a device in my pocket rather than getting a tablet out of my bag. But you can buy a lot of tablet or laptop or camera equipment for the difference in price between a dumbphone and whatever marketing-driven high-end smartphone people are buying this week, and I'm a bit old school about spending my money on things that are actually good. :-)