Internet companies and e-mail providers hear alarm bells in the Postal Service's plans to offer free e-mail accounts. "They're using their monopoly to fund these new offerings. That's not a fair circumstance to have to compete under," says Jason Mahler, vice president of public policy at the Computer and Communications Industry Association, which represents Internet companies including Yahoo! Inc. and Intuit Corp
...and presumably Microsoft and their MSN interests. And where is the article? At MSNBC.
Isn't the real reason for this attack on the proposal that Microsoft has failed to monopolise this market? The MSN offering has completely flopped and has not captured the public's imagination, whereas Microsof saw it as yet another monopoly for them.
I doubt Microsoft has any concerns over privacy. I think they just don't like the competition. They want this market.
At one point, postal executives toyed with the notion of using the database to deliver packages labeled only with a recipient's e-mail address. It seemed like a mixed blessing. On the one hand, consumers could purchase goods and divulge minimal information about themselves. On the other, anyone who knew your e-mail address would have had the ability to send you a package of some kind. Postal officials say they aren't pursuing the idea.
It almost seems like a good idea. I'm possibly missing something here, but wouldn't it be more private to give your "real" address to only one institution? In this way, all SexToys'R'Us would have is your e-mail address (on Hotmail, or whatever) which you would presumably need anyhow to register on the web site. (Assume for the sake of this argument that the sender can not be anonymous.)
I mean, the state already knows where you live and could probably track all your e-mail addresses (Carnivore, RIP,...) so why not formalise it? Sure, there are issues about the database being hacked into, but are they really different from the issues with existing databases (like, say, IRS) - in particular in USA where, it seems, you can alredy know everything about a person if you know the SSN.
You buy single vendor support, usually from one of the big systems integration houses:
So that when a problem arises, you have single-source accountability and responsibility, a single source that is unmatched in experience and technical savvy. A single source that knows and carries clout with all your technology vendors.
And we own everything: problem identification, problem assignment, problem resolution, service-level management, and, if needed, on-site dispatch. Everything with one call. And you get this multi-skilled, knowledgeable resource at a fraction of the cost of building and maintaining it yourself - so it's more cost efficient and more talented. (eLoyalty)
The above is obviously a sale blurb (and not directly relevant to your problem at that) but you get the idea: Pay somebody lots of $$$ to make them own the problem. I'm sure there is a growing market for this type of services.
I can't really recommend anybody for your particular problem.
I should have added that steganography will probably still work. However, that is not what most people are using or seem to be talking about when they say "encryption". Shame, really.
Get used to your e-mails being insecure. I know people are going to say "encryption", but think about this:
Before Quantum Cryptography becomes available, Quantum Computing will have arrived (many suggest within a few years) and it will render insecure most or all encryption methods using conventional computers. It has been proven that a quantum computer will be able to factor large primes (see reference in RSA's overview which, interestingly, predicts that quantum cryptography will be realised before quantum cryptoanalysis -- but they would say that, I guess...).
Sorry guys, but encryption will soon be a thing of the past (before it rises again in a different form on a different infrastructure). Bye, bye privacy, bye e-commerce, bye.
Learn to live with it.
(For the record: there is a different issue in some of the comments: should the Govt snoop your e-mails as a matter of routine? I don't think they should, any more than I think they should read all the postcards that are sent through the mail.)
Yes, it will be intersting to see if anybody ever goes to jail over refusing to give up his keys.
I think the standard answer to the problem of the key requests is to give out the plain text instead (which the RIP allows you to do). I mean, if your encryption is good then "they" will have no way of knowing if it really is the plaintext, will they...?
---
"Where do you come from?"
Re:Encryption is not the answer.
on
Inside Echelon
·
· Score: 1
Maybe my post wasn't clear: Hotmail was offered as an example of a "browser based e-mail service" (as I think the grammer would suggest -- but who counts?). The post in the reference has the links to the services with encrypted e-mail.
Note: I haven't used these services -- see the post for a reference to the original article on FIRP.
---
"Where do you come from?"
Re:Encryption is not the answer.
on
Inside Echelon
·
· Score: 2
Yes, encryption is hard, but see this post for some references to browser based e-mail services (a la Hotmail et al.) that offer strong encryption. Let us know what you think: does this satisfy (some of) your requirements from the list at the end of your post?
---
"Where do you come from?"
Countermeasures article on FIPR
on
Inside Echelon
·
· Score: 3
FIPR has a rather nice article on how you can protect yourself. The article is aimed against RIP, the draconian UK legislation that is currently winding it's way through parliament, but it is genrally useful.
It is a well written, balanced, and informative article, with useful pointers to resources on the internet.
The two mail services that offer encrypted e-mail are probably worth mentioning explicitly:
The technical thinking behind the Regulation of Investigatory Powers Bill is inept. Criminals can easily circumvent the measures envisaged and the ways in which they are likely to react will actually pose much more serious problems for UK law enforcement authorities than the problems the legislation is intended to solve. At the same time the measures will damage confidence in cryptography and this will be detrimental to the privacy, safety and security interests of honest individuals and businesses and to the UK's aspirations in e-commerce.
Amiga: phah! ZX Spectrum rules!:-) If you can get it to run there, you can get it to run anywhere. (I know it is not true....)
I haven't studied the low-level spec for this purpose, so I wonder: could you make it work on some of these old devices? (The Spectrum wasn't great for comms: no real Basic support.) I have this vision of a computer museum with all the old computers connected via Bluetooth to the toaster and my wrist-watch.
---
"Where do you come from?"
Not Duncan Campbell again!
on
Inside Echelon
·
· Score: 3
Seriously guys: this man goes on and on and on... A quick search on AltaVista for his name and Echelon turns up more than 20 pages of hits.
This guy never stops. He appars to be totally paranoid and he has -- as far as I can tell -- done no original research on his own.
Yes, it is worthwhile to discuss Echelon, the implications of Echelon, and, more generally, the role of intelligence services in democratic and civilised nations. But the ravings of this guy is not the right place to start a sensible discussion.
Please, can we get back to technology now? Try to read about flesh eating robots (seriously!) in the New Scientist for something more interesting than this guy.
The tran sport driver is cetainly a welcome contribution: even if it only covers UART it is a valuable reference inplementation released under the GPL.
But I'm not so sure about BlueDrekar itself. Maybe it is just my natural schepticism against closed source implementations, and maybe it is just the single obviously IBM sponsored evaluation that makes me unhappy, but:
Would you license it? (Maybe here is a topic for a/. poll...) Or do you feel that a free implementation is required before this technology will be implemented in volume?
I think Bluetooth is a neat technology, but I guess it is still some way off general availability.
I don't see why the FBI can't continue to simply tap the phone lines...
That's more or less what the United Kingdom is suggesting. The FBI approach seems to be much less invasive.
The problem is that except for my pathetic dial-up line, most internet traffic goes on dedicated data lines, not over the public standard telephone network (PSTN). Sure, they can tap the telephone switches and have equipment in place to do this, but they do not have similar equipment in all the data networks.
Telephone networks are increasingly becoming obsolete by IP telephones and IP switching equipment. This is likely to worry FBI, and I guess that in all fairness it should (America did approve of telephony tapping). I don't know what the right answers are...
"I'm not convinced that they are doing anything inappropriate," said Rep. Charles Canady, R-Florida, chairman of the Constitution subcommittee of the House Judiciary Committee.
That's an... interesting standard to apply by somebody who is responsible for the review. Surely the standard should be for FBI to prove that what they are doing is appropriate?
I guess nothing much will come out of the hearing...
12-Mile-Limit Cocktail 2 oz. bush rum 2 oz. fresh OJ 2 oz. tamarind juice juice of two limes 3 No-Doz, crushed, or juice of three cola nuts 3 tbs. brown sugar (5 if you use cola nuts)
Blend contents with ice at high speed. Drink up. This will keep you high, alert, and on top of things when you cross the line.
Is this actually true? I think the heat and water helps to extract the chemical? IIRC then caffeine is water-soluble. The amount in you stomach is small: all those acids (no, not those acids:-)) and not enought water.
So brew it and stew it for the maximum effect. That's why filter coffee has a comparatively high caffeine content: that slow dripping of water really does it.
Has anybody tried to stew coffee for a copuple of hours (not boiling water or the good stuff will vaporise) and see if it is more effective? (Try lots of sugar to mask the nasty taste....)
So you should be quite pleased with this announcement!? These centres give developers the opportunity to try out their applications on various Linux distributions and AIX, and on various hardware platforms. You can even test your systems remotely over the internet without visiting the centre.
To my mind this is a great step forward. How many small Linux development organisations have the resources to really test on different hardware or even software distributions? With this announcement they have the ability to test and produce the "cross platform software" that you desire.
Sure, I'd like to see even more unixes and more hardware (Sun, HP, Cobalt,...) but that is probably a little much to ask from IBM. Let us instead hold up IBM's initiative to the other vendors, and try to persuade them to launch something similar.
As for "Linux software": I guess the commercial realities of today is such that you have to include the word "Linux" or e-something-new in a press release to (a) get any attention on/. (and the rest of the media) and (b) get your share price going.
This really is good news, if the access is releatively open and free.
Develop on Linux, Scale on AIX -- Getting the best of both worlds Project Monterey is IBM's Unix-based AIX operating system initiative, designed to extend AIX enterprise strengths to the Intel 64-bit architecture. This initiative will include a Linux Application Execution environment for both AIX and Monterey on Intel, allowing many Linux binaries to run on IBM Unix platforms.
This offering allows you to test your applications developed for Linux on an IBM Monterey platform, either by recompiling or by running it under the Linux Application Execution environment. Available on announcement of Monterey
I feel that they could also do something to help in the development of the kernel
I think you may mis-understand IBM's movitves behind this (other than MS-bashing): they want to sell more of the development tools. As Ms. Axton says: it will make more developers familiar with IBM's software, and so spread its use. That's the deal; sell more IDE's (and presumably DB2!?)
There are basically two requirements for this to work:
It must be commercial products that are developed, so the developers can afford to pay for IBM's software, and
The developers must want to use an IDE and other software tools from IBM.
Kernel development probably fails both of these criteria. The first one obviously so and for the second one: I don't hack kernel anymore, but the people I know who does use Emacs or even vi. They don't want no frigging IDE. They would never touch DB2:-)
It's not all bad: yes, there is still a lot of work to be done in the kernel, but having more applications will probably drive the acceptance of Linux in many more places. That will give us more kernel developers; not spreading telephone number sized amounts around (thought they are welcome to spread a little in my direction...).
The opt-out option from DoubleClick is reasonable for what is does:
It does not stop tracking of visited web pages, it simply stops associating that tracking information with you.
So DoubleClick will still know that somebody visited the lesbian p0rn site (or whatever the original example was) and it will know the IP address that the request came from (I always go through a web cache that my provider supplies: this provides some degree of anonymity) but it will not know it is "you" and will not be able to associate this visit with the one you made yesterday (and the day before and the day before that,...)
It's fairly easy to check that the opt-out is working by simply checking the cookies for DoubleClick. If you are using Netscape 4.x and are unfortunate enough to use it on Windows NT, then look for the file:
drive:\Program Files\Netscape\Users\Your User Account\cookies.txt
Search in here for.doubleclick.net. (Other systems will find a similar file somewhere.)
Slashdot Mirror
...and presumably Microsoft and their MSN interests. And where is the article? At MSNBC.
Isn't the real reason for this attack on the proposal that Microsoft has failed to monopolise this market? The MSN offering has completely flopped and has not captured the public's imagination, whereas Microsof saw it as yet another monopoly for them.
I doubt Microsoft has any concerns over privacy. I think they just don't like the competition. They want this market.
---
"Where do you come from?"
I'm not sure this is a bad idea:
It almost seems like a good idea. I'm possibly missing something here, but wouldn't it be more private to give your "real" address to only one institution? In this way, all SexToys'R'Us would have is your e-mail address (on Hotmail, or whatever) which you would presumably need anyhow to register on the web site. (Assume for the sake of this argument that the sender can not be anonymous.)
I mean, the state already knows where you live and could probably track all your e-mail addresses (Carnivore, RIP, ...) so why not formalise it? Sure, there are issues about the database being hacked into, but are they really different from the issues with existing databases (like, say, IRS) - in particular in USA where, it seems, you can alredy know everything about a person if you know the SSN.
---
"Where do you come from?"
Oooops ...... :-) Good point.
---
"Where do you come from?"
You buy single vendor support, usually from one of the big systems integration houses:
The above is obviously a sale blurb (and not directly relevant to your problem at that) but you get the idea: Pay somebody lots of $$$ to make them own the problem. I'm sure there is a growing market for this type of services.
I can't really recommend anybody for your particular problem.
---
"Where do you come from?"
I should have added that steganography will probably still work. However, that is not what most people are using or seem to be talking about when they say "encryption". Shame, really.
---
"Where do you come from?"
Get used to your e-mails being insecure. I know people are going to say "encryption", but think about this:
Before Quantum Cryptography becomes available, Quantum Computing will have arrived (many suggest within a few years) and it will render insecure most or all encryption methods using conventional computers. It has been proven that a quantum computer will be able to factor large primes (see reference in RSA's overview which, interestingly, predicts that quantum cryptography will be realised before quantum cryptoanalysis -- but they would say that, I guess ...).
(Find more about Quantum Cryptoanalysis on AltaVista.)
Sorry guys, but encryption will soon be a thing of the past (before it rises again in a different form on a different infrastructure). Bye, bye privacy, bye e-commerce, bye.
Learn to live with it.
(For the record: there is a different issue in some of the comments: should the Govt snoop your e-mails as a matter of routine? I don't think they should, any more than I think they should read all the postcards that are sent through the mail.)
---
"Where do you come from?"
Yes, it will be intersting to see if anybody ever goes to jail over refusing to give up his keys.
I think the standard answer to the problem of the key requests is to give out the plain text instead (which the RIP allows you to do). I mean, if your encryption is good then "they" will have no way of knowing if it really is the plaintext, will they...?
---
"Where do you come from?"
Maybe my post wasn't clear: Hotmail was offered as an example of a "browser based e-mail service" (as I think the grammer would suggest -- but who counts?). The post in the reference has the links to the services with encrypted e-mail.
Note: I haven't used these services -- see the post for a reference to the original article on FIRP.
---
"Where do you come from?"
Yes, encryption is hard, but see this post for some references to browser based e-mail services (a la Hotmail et al.) that offer strong encryption. Let us know what you think: does this satisfy (some of) your requirements from the list at the end of your post?
---
"Where do you come from?"
FIPR has a rather nice article on how you can protect yourself. The article is aimed against RIP, the draconian UK legislation that is currently winding it's way through parliament, but it is genrally useful.
It is a well written, balanced, and informative article, with useful pointers to resources on the internet.
The two mail services that offer encrypted e-mail are probably worth mentioning explicitly:
The article concludes:
---
"Where do you come from?"
Amiga: phah! ZX Spectrum rules! :-) If you can get it to run there, you can get it to run anywhere. (I know it is not true....)
I haven't studied the low-level spec for this purpose, so I wonder: could you make it work on some of these old devices? (The Spectrum wasn't great for comms: no real Basic support.) I have this vision of a computer museum with all the old computers connected via Bluetooth to the toaster and my wrist-watch.
---
"Where do you come from?"
Seriously guys: this man goes on and on and on... A quick search on AltaVista for his name and Echelon turns up more than 20 pages of hits.
This guy never stops. He appars to be totally paranoid and he has -- as far as I can tell -- done no original research on his own.
Yes, it is worthwhile to discuss Echelon, the implications of Echelon, and, more generally, the role of intelligence services in democratic and civilised nations. But the ravings of this guy is not the right place to start a sensible discussion.
Please, can we get back to technology now? Try to read about flesh eating robots (seriously!) in the New Scientist for something more interesting than this guy.
---
"Where do you come from?"
The tran sport driver is cetainly a welcome contribution: even if it only covers UART it is a valuable reference inplementation released under the GPL.
But I'm not so sure about BlueDrekar itself. Maybe it is just my natural schepticism against closed source implementations, and maybe it is just the single obviously IBM sponsored evaluation that makes me unhappy, but:
Would you license it? (Maybe here is a topic for a /. poll...) Or do you feel that a free implementation is required before this technology will be implemented in volume?
I think Bluetooth is a neat technology, but I guess it is still some way off general availability.
---
"Where do you come from?"
The links in the original post seems to be corrupted -- here they are again:
Can somebody fix the original?
---
"Where do you come from?"
That's more or less what the United Kingdom is suggesting. The FBI approach seems to be much less invasive.
The problem is that except for my pathetic dial-up line, most internet traffic goes on dedicated data lines, not over the public standard telephone network (PSTN). Sure, they can tap the telephone switches and have equipment in place to do this, but they do not have similar equipment in all the data networks.
Telephone networks are increasingly becoming obsolete by IP telephones and IP switching equipment. This is likely to worry FBI, and I guess that in all fairness it should (America did approve of telephony tapping). I don't know what the right answers are...
---
"Where do you come from?"
That's an ... interesting standard to apply by somebody who is responsible for the review. Surely the standard should be for FBI to prove that what they are doing is appropriate?
I guess nothing much will come out of the hearing...
---
"Where do you come from?"
---
"Where do you come from?"
Ahh, well. Just checked the "rubber bible" and no, caffeine isn't water-soluble.
Wonder how the water method for decaffinating coffee works then -- just lots and lots of water?
---
"Where do you come from?"
Is this actually true? I think the heat and water helps to extract the chemical? IIRC then caffeine is water-soluble. The amount in you stomach is small: all those acids (no, not those acids :-)) and not enought water.
So brew it and stew it for the maximum effect. That's why filter coffee has a comparatively high caffeine content: that slow dripping of water really does it.
Has anybody tried to stew coffee for a copuple of hours (not boiling water or the good stuff will vaporise) and see if it is more effective? (Try lots of sugar to mask the nasty taste....)
---
"Where do you come from?"
So you should be quite pleased with this announcement!? These centres give developers the opportunity to try out their applications on various Linux distributions and AIX, and on various hardware platforms. You can even test your systems remotely over the internet without visiting the centre.
To my mind this is a great step forward. How many small Linux development organisations have the resources to really test on different hardware or even software distributions? With this announcement they have the ability to test and produce the "cross platform software" that you desire.
Sure, I'd like to see even more unixes and more hardware (Sun, HP, Cobalt, ...) but that is probably a little much to ask from IBM. Let us instead hold up IBM's initiative to the other vendors, and try to persuade them to launch something similar.
As for "Linux software": I guess the commercial realities of today is such that you have to include the word "Linux" or e-something-new in a press release to (a) get any attention on /. (and the rest of the media) and (b) get your share price going.
This really is good news, if the access is releatively open and free.
---
"Where do you come from?"
Yes, at http://www.ibm.com/developer/ linux/eu_en/program.html they are quite explicit about this:
---
"Where do you come from?"
The press release from IBM is here: http://www.ibm.com/news/2000/07/21.phtml.
More interesting is the page at http://www.ibm.com/developer/ linux/eu_en/program.html which has a little more detail.
---
"Where do you come from?"
I think you may mis-understand IBM's movitves behind this (other than MS-bashing): they want to sell more of the development tools. As Ms. Axton says: it will make more developers familiar with IBM's software, and so spread its use. That's the deal; sell more IDE's (and presumably DB2!?)
There are basically two requirements for this to work:
Kernel development probably fails both of these criteria. The first one obviously so and for the second one: I don't hack kernel anymore, but the people I know who does use Emacs or even vi. They don't want no frigging IDE. They would never touch DB2 :-)
It's not all bad: yes, there is still a lot of work to be done in the kernel, but having more applications will probably drive the acceptance of Linux in many more places. That will give us more kernel developers; not spreading telephone number sized amounts around (thought they are welcome to spread a little in my direction...).
---
"Where do you come from?"
The opt-out option from DoubleClick is reasonable for what is does:
It does not stop tracking of visited web pages, it simply stops associating that tracking information with you.
So DoubleClick will still know that somebody visited the lesbian p0rn site (or whatever the original example was) and it will know the IP address that the request came from (I always go through a web cache that my provider supplies: this provides some degree of anonymity) but it will not know it is "you" and will not be able to associate this visit with the one you made yesterday (and the day before and the day before that, ...)
It's fairly easy to check that the opt-out is working by simply checking the cookies for DoubleClick. If you are using Netscape 4.x and are unfortunate enough to use it on Windows NT, then look for the file:
Search in here for .doubleclick.net. (Other systems will find a similar file somewhere.)
The Feldhausen story is amusing, but it has got to be a joke. My favourite quote is:
Very funny, /.