Google is not the one that would buy the laws. The record industry and the movie industry are pushing in multiple countries to require all video hosts to perform proactive scanning of all uploads for possible copyright infringement, as opposed to merely acting on a notice of claimed infringement. A smaller company isn't going to have the resources to build its own counterpart to Content ID.
"I need food, but nobody will give me a job to earn money to buy food unless I am sufficiently fashionable." I consider a prerequisite for a need on some particular Maslow tier to lie on that same tier.
It wouldn't even add any inconvenience. Virtually all driver's licenses already include a photo. The camera used for that could also include an IR device to measure your height, and it could be placed in front of a scale platform.
I'd be interested to see your mock-up of a user interface to mark a particular LAN as trusted or untrusted that even non-technical users can understand.
The home router firmware would presumably use the ACME dns-01 or http-01 challenge to obtain a certificate from Let's Encrypt for the hostname (not the IP address) that the user has entered into its configuration. Even if the hostname has no public CNAME, A, or AAAA record, the DNS zone can still contain the TXT record that dns-01 requires.
On a public website you can infer what the user is looking at via analysis of timing and payload size.
How reliable is this in practice over the Internet, as opposed to a laboratory setting? And would random addition of 0 to 999 bytes of garbage headers to each response mitigate this in any way?
How do viewers of your site know your competitor didn't pay the ISP to redirect your site to/dev/null?
They put the URL into a troubleshooting tool such as isup.me.
How do you know your competitor didn't pay off your web host to hang an "out of business" banner only visible to potential customers on the other side of town?
You know because your automatic site monitoring scripts notified you of failure to retrieve the root document.
the choice of either adding [Comcast's MITM root CA certificate] or not being able to access any HTTPS site.
That's the sort of Hobson's choice that drives subscribers to Frontier, even if Comcast does manage to afford the support staff to walk PC, smartphone, and tablet owners through installing it.
even "free" things like Let's Encrypt are not free. They will not give me a cert. What they will do is let me run their software which will magically do the cert shit for me.
On my non-technical site (content doesn't have a bias toward users having any particular software) Safari measures (for whatever that's worth; see 1st paragraph) at 34%.
Safari is currently Mac-only among desktop platforms. I'd be surprised if over 34 percent of visitors to your site use a Mac. Or are you counting Safari for iOS in your 34 percent? Rick Schumann doesn't appear to be.
only until a competing service provider (or several) takes chunks of the uploaders they refuse to pay
I don't see "a competing service provider" taking away YouTube's usage share as likely to happen soon, seeing as Vidme has recently gone out of business.
DTube relies on the Steem blockchain for authentication, and according to that blockchain's FAQ: "To create an account on the blockchain, it costs STEEM tokens. When you create an account through Steemit.com, Steemit Inc. is supplying the tokens to pay the account creation fee. [...] The only way to have an account created via Steemit.com is to supply your email and phone number." If the previous holder of your email address or phone number was a Steem user, or if your phone is in an unsupported country or on an unsupported carrier, you will end up having to pay to create an account: "There is a third-party tool called SteemCreate that accepts credit cards, or BTC to create a Steem account. You do not need to have an existing Steem blockchain account to use the service, but there is a charge on top of the blockchain account creation fee for using the service." In turn, from that service's description: "Account creation cost is $45"
As I understand it: Unlike Google Search, DuckDuckGo doesn't track your search history to infer your interests. Therefore, it can't stick you in a filter bubble.
Let's Encrypt will issue a certificate to the domain owner even if the hostname in the certificate is not the hostname of a server reachable through the Internet. For unreachable hosts, Let's Encrypt verifies domain control through the ACME dns-01 challenge, which requires putting a temporary TXT record in your domain's DNS zone.
Hosts on a personal domain need not accept connections from the public. If the domain needs a public presence, it can be hosted on some cheap static site host.
Not every site is about having personal information transmitted or is personal in nature on the queries it responds to.
Nor does every server operator always agree with its viewership on whether the site "is personal in nature on the queries it responds to." For example, some people find Wikipedia not "personal in nature" because they don't regularly read articles about (say) reproductive rights in a socially conservative jurisdiction.
Maybe I just run a site for my bathroom design business with my phone number on it.
How do viewers of your site know that your competitor didn't pay the ISP to change your phone number appearing on its subscribers' view of your site to that of your competitor?
with Let's Encrypt issuing out certificates so sites can phish, it seems like a good way to avoid all the Paypal and other phishing is to block the Let's Encrypt certificate. (they issued like 14,000 phishing certificates)
Why not go a step further to block the domain registrars that issue out domains so sites can phish?
Slashdot Mirror
Google is not the one that would buy the laws. The record industry and the movie industry are pushing in multiple countries to require all video hosts to perform proactive scanning of all uploads for possible copyright infringement, as opposed to merely acting on a notice of claimed infringement. A smaller company isn't going to have the resources to build its own counterpart to Content ID.
the far more likely scenario of someone having replaced content on the server with fake content
Citation needed that intrusion on the server itself is "far more likely".
"I need food, but nobody will give me a job to earn money to buy food unless I am sufficiently fashionable." I consider a prerequisite for a need on some particular Maslow tier to lie on that same tier.
It wouldn't even add any inconvenience. Virtually all driver's licenses already include a photo. The camera used for that could also include an IR device to measure your height, and it could be placed in front of a scale platform.
I thought South Korea already dropped disco on the West with "Gangnam Style".
I'd be interested to see your mock-up of a user interface to mark a particular LAN as trusted or untrusted that even non-technical users can understand.
The home router firmware would presumably use the ACME dns-01 or http-01 challenge to obtain a certificate from Let's Encrypt for the hostname (not the IP address) that the user has entered into its configuration. Even if the hostname has no public CNAME, A, or AAAA record, the DNS zone can still contain the TXT record that dns-01 requires.
A split-horizon public dummy mirror with the same hostnames as the private network.
On a public website you can infer what the user is looking at via analysis of timing and payload size.
How reliable is this in practice over the Internet, as opposed to a laboratory setting? And would random addition of 0 to 999 bytes of garbage headers to each response mitigate this in any way?
How do viewers of your site know your competitor didn't pay the ISP to redirect your site to /dev/null?
They put the URL into a troubleshooting tool such as isup.me.
How do you know your competitor didn't pay off your web host to hang an "out of business" banner only visible to potential customers on the other side of town?
You know because your automatic site monitoring scripts notified you of failure to retrieve the root document.
the choice of either adding [Comcast's MITM root CA certificate] or not being able to access any HTTPS site.
That's the sort of Hobson's choice that drives subscribers to Frontier, even if Comcast does manage to afford the support staff to walk PC, smartphone, and tablet owners through installing it.
Quotation mark code points that have been in Unicode for decades (since 1993) aren't "idiosyncratic".
even "free" things like Let's Encrypt are not free. They will not give me a cert. What they will do is let me run their software which will magically do the cert shit for me.
Or you could read the published specification for Automatic Certificate Management Environment (ACME) and write your own such software.
Yes I know your ISP could inject crap before serving it to someone, but you remind the ISP that is illegal.
ISP's reply: "So what? We'll continue the illegal practice."
So who has standing to sue an ISP that deliberately flouts this law? The subscriber or the operator of the site that was modified?
Answer: Nobody does. It was a trick question. Mandatory arbitration clauses are a standard practice nowadays.
On my non-technical site (content doesn't have a bias toward users having any particular software) Safari measures (for whatever that's worth; see 1st paragraph) at 34%.
Safari is currently Mac-only among desktop platforms. I'd be surprised if over 34 percent of visitors to your site use a Mac. Or are you counting Safari for iOS in your 34 percent? Rick Schumann doesn't appear to be.
If Comast is your ISP, they can MITM you and inject ads regardless of HTTP v HTTPS.
I don't see how. What CA would Comcast use to make the fake certificate for the HTTPS site I'm visiting?
only until a competing service provider (or several) takes chunks of the uploaders they refuse to pay
I don't see "a competing service provider" taking away YouTube's usage share as likely to happen soon, seeing as Vidme has recently gone out of business.
DTube relies on the Steem blockchain for authentication, and according to that blockchain's FAQ: "To create an account on the blockchain, it costs STEEM tokens. When you create an account through Steemit.com, Steemit Inc. is supplying the tokens to pay the account creation fee. [...] The only way to have an account created via Steemit.com is to supply your email and phone number." If the previous holder of your email address or phone number was a Steem user, or if your phone is in an unsupported country or on an unsupported carrier, you will end up having to pay to create an account: "There is a third-party tool called SteemCreate that accepts credit cards, or BTC to create a Steem account. You do not need to have an existing Steem blockchain account to use the service, but there is a charge on top of the blockchain account creation fee for using the service." In turn, from that service's description: "Account creation cost is $45"
For some reason, advertisers think I already need a new pair of shoes of the exact model I just bought
Perhaps they expect you to buy another pair in a different size as a gift for someone.
As I understand it: Unlike Google Search, DuckDuckGo doesn't track your search history to infer your interests. Therefore, it can't stick you in a filter bubble.
Let's Encrypt will issue a certificate to the domain owner even if the hostname in the certificate is not the hostname of a server reachable through the Internet. For unreachable hosts, Let's Encrypt verifies domain control through the ACME dns-01 challenge, which requires putting a temporary TXT record in your domain's DNS zone.
Hosts on a personal domain need not accept connections from the public. If the domain needs a public presence, it can be hosted on some cheap static site host.
You can get a FQDN for free under other existing domains.
But then you're more likely to run into CA-imposed rate limits because many subdomain providers aren't on the Public Suffix List yet.
Not every site is about having personal information transmitted or is personal in nature on the queries it responds to.
Nor does every server operator always agree with its viewership on whether the site "is personal in nature on the queries it responds to." For example, some people find Wikipedia not "personal in nature" because they don't regularly read articles about (say) reproductive rights in a socially conservative jurisdiction.
Maybe I just run a site for my bathroom design business with my phone number on it.
How do viewers of your site know that your competitor didn't pay the ISP to change your phone number appearing on its subscribers' view of your site to that of your competitor?
with Let's Encrypt issuing out certificates so sites can phish, it seems like a good way to avoid all the Paypal and other phishing is to block the Let's Encrypt certificate. (they issued like 14,000 phishing certificates)
Why not go a step further to block the domain registrars that issue out domains so sites can phish?