If you pay a qualified expert, they ought to be able to point you in the right direction. I would want to meet them physically though.
That story you mention sounds like the Jarlsberg one. The idea is you learn to secure your web application by exploiting a demonstrably weak one, so you learn your lesson. If you have the time, I definitely recommend working through it all. (storyJarlsberg homepage)
Another area to look at is simply your web server configuration. Your web application never runs in isolation. You have databases, web servers, sever side languages and other web applications that you use that are exploitable. Try to do as much checking as you scan for any obvious flaws, use tools to help you.
Run configuration file scanners for Apache, PHP*. Although I must stress I have not tried any of these, I just know they exist. I found these by just searching 'php scanner' and 'apache configuration scanner'.
Obviously they do not replace simply being careful or a whitehat's opinion and not trusting tools blindly. (A black hat probably doesn't release all his tools) Also try some generic vulnerability scanners which look for insecure installations that your web host may have installed like web mail and phpMyAdmin.
May 6 John (one of the wall street support technicians) was playin flash games on his workstation. The stock market is stored under "market2010.swf" He forgot to move it into the right folder N:\smarkets\closed\market2010q2.swf usually when this happens it's not so bad because Unfortunately, the network admin did a flash game sweep and deleted *.swf as a routine cleanup What happened was, the market2010.swf was deleted by the routine scan, so now they having to recreate all the data from memory. Stockmen are now trying to guesstimate how many shares they own.
When they say fat fingered, they aren't joking. N:\smarket has TONS of files and it takes AGES to load a 1000 files in icon view on Windows 98!
Walking around the house in the nude does give you a great sense of freedom. I've unfortunately looked into windows while on trains and buses and seen the same... I do it to. Actually, I may even be naked now, while typing this very message.
I'll try explain myself further. My concern about your video viewing history is that it reveals a lot of information about you. It reveals more than just a web search would, take a look at AOL Stalker. The point is not that other individuals can see it (although that's terrible), it's more about what is being added to the Google's online file on you.
Have you seen that Collateral Murder video leaked by Wikileaks? Indication how many people have witnessed the video for the US Army. Attempt further coverup or go clean?
You watch an illegal reproduction of a music video or a film on YouTube? You're liable for having it streamed to your computer. RIAA is suing file sharers now, in the UK you can be disconnected for copyright infringement.
with an account, everything is tied to you as an individual. I assume this makes it easy for the media companies who are in bed with YouTube to receive statistics on their own videos.
It's a bit of a slippery slope argument but why are people so oblivious to what is being collected by them? Do you really think it's for your benefit?
I'm finding my own argument weaker than I thought. Thanks for provoking me into more thought. Essentially I want Google to know less about me online aggregated life.
I am definitely privacy conscious. If paranoid means 'more concerned about privacy than you are' then yes.
As for YouTube, they definitely log what videos you visit. There was once this feature you could see what your friends were watching and what they are watching now. That's what I meant. They will montetize that.
Ad for streetview, check your home address. I felt uncomfortable with my home being there. Car, windows, etc. Maybe you don't, fair enough.
You refer to the UK. Check 192.com, see if your name, address and all your 'house occupants' are there. They take your local council's election register and put it online. (Even if you opt out)
If you're not concerned about privacy and rights, fair enough. We'll be concerned for you.
Buys a product referenced in the advert or visits the site in the future
Otherwise they get nothing. I should know, I have £80 in my adsense account and nobody clicked my adverts and I had 80,000 impressions.
It makes NO difference if you show me an advert or not, I WILL NOT buy it or follow it. I immediately mistrust it. They had to pay to get it in my face. I would rather wait for word of mouth or a review.
Does that make sense now?
Showing me adverts is a lost cause, so it makes more sense for me to block them. Content producers have not lost anything by me not clicking their advert. They would have got nothing from me seeing their advert to begin with. It affects nobody but myself.
You could say they wasted bandwidth on me but that's bollocks. They lose bandwidth on everyone who visits the site but does not click on it.
This is a key misunderstanding: SHOWING an advert does NOT mean money for the web site.
This is a logical fallacy of the content producers. Simply showing me an advert does not translate to an instant income. I have to actually click it. It's like the cosmetic companies saying using their products will make you feel better after 2 weeks. Of course they're going to say that! It makes them cash.
The only time I have EVER clicked an advert is to give a site owner money, which is against the advertisers ToS and rather unscrupulous to begin with.
I donate to the websites that deserve it, like EFF.org
Is your browser cache smart enough to deduplicate between multiple websites?
Website A downloads jQuery Website B downloads jQuery
The browser has no idea what the file contains except a filename. Since they are on different hosts, how would it know*?
It's not possible for the browser to know which is which. The only way the browser cache would benefit this case if you hotlink from the same domain which is incredibly dangerous (say https://jquery.com/jscript.js)
* One solution is to implement a 'web library standard'. Every library has a accompanying file, something like 'jquery.js.lib'. This is placed on the same server as the hosting website. Inside this file is a hash. If the browser's cache has the same filename with same hash, it can use that:-) Of course it needs a browser change.
Blasphemy you say! I've actually been actively weaning myself from Google recently. My stance is that you have all your data hostage unless you maintain active backups with a remote host (Google).
I now use ixQuick, a metasearch across many engines, supports HTTPS.
I am considering moving to paid email hosting, don't want Google processing my emails
Removed myself from Google Street View
Deleted my YouTube account in attempt to kill my video browsing
Blocked Google analytics and Google services at HOSTS level just in case a non-Firefox program attempts to access them
What have you done? What do you recommend? How do you become more self sufficient? Google are getting to big to be benevolent: they own Recaptcha, so even if you block Analytics, they have additional analytics from that.
They know who you are, where you live, what you think, who you're communicating with, where you're trying to go, what websites you're a member of, what you're trying to find out, what you're buying, what news you've been exposed to.
If you're not going to be clicking adverts, I am sure it costs nobody money. It just costs them bandwidth. The adworld is mostly CPC/PPC.
Content websites seem to think that if I do not block an advert, I will actually click it. That is ridiculous!
My principle is that advertising is like a bribe, they paid to put it in my face. That is a product I have no interest in. I will learn about products when I have a need for them.
I think Lynx is the wrong example to use, as it does not have Javascript.
Run Internet Explorer for a few days. Go to the sites you go to now currently and see how unresponsive they are:
Enjoy the flash adverts sucking up your CPU. Enjoy the diet and belly fat banners Enjoy the and accordion and menu animations Enjoy the Google Analytics loading Enjoy the updating banner ads Enjoy loading Prototype/jQuery/Google Ads again and again for every site you go to Enjoy vibrant media in-text adverts. Enjoy some of the sneaky popunders and fake virus warnings I recommend the no-Javascript experience to anyone.
Load up with RequestPolicy, NoScript and AdBlocker Plus and you're sorted for hiding the crap you don't want to see. The AdBlocker is a way to block the stuff you accidentally let through with RequestPolicy.
As to the content producers, say escapist magazine, screw them. They obviously forgot about me when accepting that cheque from selling out. You don't block or try counter adblockers. It's my computer, my bandwidth.
That sounds accurate about the actual parsing complexity but I didn't necessarily mean complexity at run time.
I meant that a XHTML parser would imaginably much simpler than a HTML5 parser.
A HTML5 parser has many more potential code routes: with quotes, without quotes, overlapping, non-overlapping, I believe it needs a much more complex state machine to provide the flexibility. there is more conditionals in processing a document and generating the tree.
A XHTML document can be validated by DTDs or XSchema. Validating HTML5 requires a program as complicated as a browser (to handle the complex cases)
XHTML generates a well understood tree structure. A browser's implementers have to make a decision themselves. What happens if two browsers make a different decision?
Assuming a HTML file is well-formed,
HTML browsers have to 'repair' the document because the developer couldn't be bothered to make sure his markup is valid. As a result, browsers respond by beginning to accept the invalid data and it becomes status quo. The 'HTML' standard is NOT absolutely defined!
A XHTML engine should be more maintainable than a HTML one. Simply because the XHTML one can be verified but the HTML is more difficult to do so. You cannot remove 'hacks' from a HTML engine because they become the 'interface'. People WILL come to rely on them.
If markup was a programming language, it's like comparing HTML5 as the dynamically typed language that accepts whatever you throw at it and XHTML5 is a rigid statically typed language.
IMHO, it's better to have clever data structures rather than clever programs. XHTML is a smart format requires a dumb program whereas HTML is a dumb format and requires a smart program.
The web developers should understand the markup they use to develop. It's their responsibility as a developer.
HTML5 requires a more complex parser than XHTML ever will. XHTML can be validated for correctness, HTML5 is more difficult to do so.
I honestly don't understand the reason for following the HTML route. XHTML is already in an industry understood format that tools already exist for.
The market rarely reflects a superior technology. I still support XHTML. HTML5 is messy, ugly and a kludge.
All that needs to happen is to transfer some of the newer tags of HTML5 into XHTML. Perhaps we can borrow from the microformat peeps? Afterall, it's supposed to be modular.
I do computer science and the number of people on my course who think they are better than you if they start talking about something technical. They get really smug and condescending. Even if you know what they are talking about - I just keep my knowledge to myself and try learn anything I don't.
I figure if you have so little going for you as a person, like lack of hygiene, narcissism, arrogance and rudeness then the only way to reinfoce your heightened superiority is to look down on people.
Just remember who is more likely to be getting some, as that is ultimately the 'game' that matters.
I imagine a decentralized social product network. It would be implemented with open standards and by a desktop client. Each manufacturer and retailer produce a catalogue of offered products, downloadable from their root domain ( http://manufactuer.tld/catalogue.xml )
Your client would aggregate data from a number of manufacturers (product specifications) and retailers (sellers).
It would let you compare products across any axes and produce many different fact indicators. It should be possible to compare products based on multiple indicators at the same time. This way you can do some constraint searching, such as I want a processor that offers a high performance per watt but has the lowest idle wattage, a hard drive that spins slow but offers the best data transfer rate and capacity.
There should be a public issue tracker per product so that users can determine what issues are with thay specific product. In a a category of product such as a car, there would be an issue called 'difficult to find parts'. This may be cross linked with multiple cars. The community can identify a severity of an each with each issue so they too can be searched as another axes. (Find me cars that do not have 'acceleration problems')
The reverse is also possible. There could be a positive attribute tracker, such as safety awards, standards (80% PSU Efficiency) and user created ones such as 'no known dangerous flaws 2010'. Of course the last one would be temporal. A product can change over time or the merit of the award becomes less relevant. When the Prius was released it could have no known dangerous flaws when it was released but then the positive attribute could be reversed when the acceleration problem was discovered. This way one could still search what was possible in the past. And what was available.
This is not a review system, it is more objective as it describes clear attributes for a category of products. Laptops would have 'overheating problems', 'exploding battery', 'battery degradation'. These are common to all laptops, with different severities.
The constraints would be very difficult to identify yourself unless you know what you are looking for. Users would contribute a 'saved search' for subjective product categories. Manufacturers should not have the control over this. for example, there is a difference between a DSLR and a point and shoot camera, a consumer router and a enterprise router. Laptops are a prime example: netbooks, ultra portable notebooks, desktop replacement laptops. All these definitions are up to (the knowledgeable) user who shares his searches.
Take a look at Forum Matrix for a good example but imagine more interactivity with the data. The interface should borrow from Drill down dashboards used by execs.
I had no idea there was a configuration option for that.
What my plugin seems to do is make every page I visit look like the first page I visited, by supplying the referrer itself. Some websites do break when they use a referrer to force you to come from a certain page, it seems easier to just click the Referrer icon. (Which also lets me block referrer by host, although the information is probably already leaked to be honest.)
Although I may consider the configuration option as no doubt it uses less resources...
I meant this link: Why I don't use Facebook. I was going to link to that actual link, as well about general privacy.
If you don't take privacy into your own hands, don't expect web browsers to. Especially given that they are owned by either businesses who love marketing, Google, Apple, Microsoft. Don't expect governments to protect you.
I filed a TRUST complaint with Facebook. I urge you to do the same. Not that they will do anything though unless they reach a criticial mass. It shocks me so many people have endorsed the seal.
That's a really cool idea; just make all your family join your site or better yet, register them without your permission. It could read IMAP to fetch their emails and place them into it as if they were actually logged in.
IMHO you must be comfortable with your job if you use Facebook freely - at home or especially so at work. I do not think it's safe in a modern world to use social networks. It exposes information you probably should not reveal, especially amaking vindicative people more dangerous.
I use StatusNet when I can be bothered to microblog about something although it is only accessible to me. If I want to talk to someone I phone them. If you believe in privacy, install Freenet if you have CPU to burn and I2P otherwise.
I am completely with you! If you want privacy now you have to work for it now which is definitely wrong. If you use FireFox then I recommend these extensions:
- No Referrer - removes the referrer
- NoScript - kill the scripts that are the source of vulnerabilities
- Cs Lite - block the cookies that track you
- Refresh Blocker - prevents annoying meta refreshes
- Ad Hacker - shows what networks are being used for ads or tracking
- Redirect Cleaner - cleans URLs with embedded URLs to remove tracking such as SERPs
- AdBLocker - should pick up same-domain ads that Request Policy omits if I temporary allow to get website looking okay
- Request Policy - avoid loading junk
I think this is pretty well rounded but the biggest weakness is JS revealing everything by default which is annoyng because there are no extensions for this yet.
Those individuals need to be careful because those that take offence can be rather dangerous, which is ridiculous really... this should never happen in a free world.
In which case, they should download and run Freenet and do it there, anonymously.
I thought it shows how he values his own privacy and thinks others are silly for trusting others, such as himself. He has found a way to profit from stupidity.
Slashdot Mirror
If you pay a qualified expert, they ought to be able to point you in the right direction. I would want to meet them physically though.
That story you mention sounds like the Jarlsberg one. The idea is you learn to secure your web application by exploiting a demonstrably weak one, so you learn your lesson. If you have the time, I definitely recommend working through it all. (story Jarlsberg homepage)
Another area to look at is simply your web server configuration. Your web application never runs in isolation. You have databases, web servers, sever side languages and other web applications that you use that are exploitable. Try to do as much checking as you scan for any obvious flaws, use tools to help you.
Run configuration file scanners for Apache, PHP*. Although I must stress I have not tried any of these, I just know they exist. I found these by just searching 'php scanner' and 'apache configuration scanner'.
Obviously they do not replace simply being careful or a whitehat's opinion and not trusting tools blindly. (A black hat probably doesn't release all his tools) Also try some generic vulnerability scanners which look for insecure installations that your web host may have installed like web mail and phpMyAdmin.
Just remember the environment.
This is the actual analysis:
May 6
John (one of the wall street support technicians) was playin flash games on his workstation.
The stock market is stored under "market2010.swf"
He forgot to move it into the right folder N:\smarkets\closed\market2010q2.swf usually when this happens it's not so bad because
Unfortunately, the network admin did a flash game sweep and deleted *.swf as a routine cleanup
What happened was, the market2010.swf was deleted by the routine scan, so now they having to recreate all the data from memory. Stockmen are now trying to guesstimate how many shares they own.
When they say fat fingered, they aren't joking. N:\smarket has TONS of files and it takes AGES to load a 1000 files in icon view on Windows 98!
Walking around the house in the nude does give you a great sense of freedom. I've unfortunately looked into windows while on trains and buses and seen the same... I do it to. Actually, I may even be naked now, while typing this very message.
I'll try explain myself further. My concern about your video viewing history is that it reveals a lot of information about you. It reveals more than just a web search would, take a look at AOL Stalker. The point is not that other individuals can see it (although that's terrible), it's more about what is being added to the Google's online file on you.
It's a bit of a slippery slope argument but why are people so oblivious to what is being collected by them? Do you really think it's for your benefit?
I'm finding my own argument weaker than I thought. Thanks for provoking me into more thought. Essentially I want Google to know less about me online aggregated life.
I am definitely privacy conscious. If paranoid means 'more concerned about privacy than you are' then yes.
As for YouTube, they definitely log what videos you visit. There was once this feature you could see what your friends were watching and what they are watching now. That's what I meant. They will montetize that.
Ad for streetview, check your home address. I felt uncomfortable with my home being there. Car, windows, etc. Maybe you don't, fair enough.
You refer to the UK. Check 192.com, see if your name, address and all your 'house occupants' are there. They take your local council's election register and put it online. (Even if you opt out)
If you're not concerned about privacy and rights, fair enough. We'll be concerned for you.
Adverts pay for hosting.
Adverts ONLY pay for hosting if me, the surfer:
Otherwise they get nothing. I should know, I have £80 in my adsense account and nobody clicked my adverts and I had 80,000 impressions.
It makes NO difference if you show me an advert or not, I WILL NOT buy it or follow it. I immediately mistrust it. They had to pay to get it in my face. I would rather wait for word of mouth or a review.
Does that make sense now?
Showing me adverts is a lost cause, so it makes more sense for me to block them. Content producers have not lost anything by me not clicking their advert. They would have got nothing from me seeing their advert to begin with. It affects nobody but myself.
You could say they wasted bandwidth on me but that's bollocks. They lose bandwidth on everyone who visits the site but does not click on it.
Everyone wins.
It doesn't give them money Dave, if I do not click an advert (click) and do not buy the product referenced in the advert (impression)...
They get nothing.
Are you a content producer by any chance?
This is a key misunderstanding: SHOWING an advert does NOT mean money for the web site.
This is a logical fallacy of the content producers. Simply showing me an advert does not translate to an instant income. I have to actually click it. It's like the cosmetic companies saying using their products will make you feel better after 2 weeks. Of course they're going to say that! It makes them cash.
The only time I have EVER clicked an advert is to give a site owner money, which is against the advertisers ToS and rather unscrupulous to begin with.
I donate to the websites that deserve it, like EFF.org
If anything, I'm *saving them* bandwidth.
I will never click on of their adverts, so why should I see it?
I'd hazard a guess that they cost me more in CPU usage than it ever does them. It costs me MORE than I get for the content.
Is your browser cache smart enough to deduplicate between multiple websites?
Website A downloads jQuery
Website B downloads jQuery
The browser has no idea what the file contains except a filename. Since they are on different hosts, how would it know*?
It's not possible for the browser to know which is which. The only way the browser cache would benefit this case if you hotlink from the same domain which is incredibly dangerous (say https://jquery.com/jscript.js)
* One solution is to implement a 'web library standard'. Every library has a accompanying file, something like 'jquery.js.lib'. This is placed on the same server as the hosting website. Inside this file is a hash. If the browser's cache has the same filename with same hash, it can use that :-) Of course it needs a browser change.
Blasphemy you say! I've actually been actively weaning myself from Google recently. My stance is that you have all your data hostage unless you maintain active backups with a remote host (Google).
What have you done? What do you recommend? How do you become more self sufficient? Google are getting to big to be benevolent: they own Recaptcha, so even if you block Analytics, they have additional analytics from that.
They know who you are, where you live, what you think, who you're communicating with, where you're trying to go, what websites you're a member of, what you're trying to find out, what you're buying, what news you've been exposed to.
If you're not going to be clicking adverts, I am sure it costs nobody money. It just costs them bandwidth. The adworld is mostly CPC/PPC.
Content websites seem to think that if I do not block an advert, I will actually click it. That is ridiculous!
My principle is that advertising is like a bribe, they paid to put it in my face. That is a product I have no interest in. I will learn about products when I have a need for them.
I think Lynx is the wrong example to use, as it does not have Javascript.
Run Internet Explorer for a few days. Go to the sites you go to now currently and see how unresponsive they are:
Enjoy the flash adverts sucking up your CPU.
Enjoy the diet and belly fat banners
Enjoy the and accordion and menu animations
Enjoy the Google Analytics loading
Enjoy the updating banner ads
Enjoy loading Prototype/jQuery/Google Ads again and again for every site you go to
Enjoy vibrant media in-text adverts.
Enjoy some of the sneaky popunders and fake virus warnings
I recommend the no-Javascript experience to anyone.
Load up with RequestPolicy, NoScript and AdBlocker Plus and you're sorted for hiding the crap you don't want to see. The AdBlocker is a way to block the stuff you accidentally let through with RequestPolicy.
As to the content producers, say escapist magazine, screw them. They obviously forgot about me when accepting that cheque from selling out. You don't block or try counter adblockers. It's my computer, my bandwidth.
That sounds accurate about the actual parsing complexity but I didn't necessarily mean complexity at run time.
I meant that a XHTML parser would imaginably much simpler than a HTML5 parser.
If markup was a programming language, it's like comparing HTML5 as the dynamically typed language that accepts whatever you throw at it and XHTML5 is a rigid statically typed language.
IMHO, it's better to have clever data structures rather than clever programs. XHTML is a smart format requires a dumb program whereas HTML is a dumb format and requires a smart program.
The web developers should understand the markup they use to develop. It's their responsibility as a developer.
Why are we using HTML5 and not XHTML 2?
XML abuses aside, XHTML is superior to HTML5.
HTML5 requires a more complex parser than XHTML ever will. XHTML can be validated for correctness, HTML5 is more difficult to do so.
I honestly don't understand the reason for following the HTML route. XHTML is already in an industry understood format that tools already exist for.
The market rarely reflects a superior technology. I still support XHTML. HTML5 is messy, ugly and a kludge.
All that needs to happen is to transfer some of the newer tags of HTML5 into XHTML. Perhaps we can borrow from the microformat peeps? Afterall, it's supposed to be modular.
I know exactly what you mean!
I do computer science and the number of people on my course who think they are better than you if they start talking about something technical. They get really smug and condescending. Even if you know what they are talking about - I just keep my knowledge to myself and try learn anything I don't.
I figure if you have so little going for you as a person, like lack of hygiene, narcissism, arrogance and rudeness then the only way to reinfoce your heightened superiority is to look down on people.
Just remember who is more likely to be getting some, as that is ultimately the 'game' that matters.
Wouldn't you have to do that a thousand times to get something remotely interesting?
What we need is something like AlterSlash which compiles lots of highly rated Slashdot posts into one place.
That I would use because there are people smarter than me who use twitter.
I already use Slashdot in RSS and it's pre-filtered for spam for me.
RSI sufferers would disagree. I love my trackball and recommend it to anyone. Seriously, use one, you won't want to go back to a mouse.
It might not be that common as it's a niche. Many disabled people need them too.
Digital Retail should NOT be web based
I imagine a decentralized social product network. It would be implemented with open standards and by a desktop client. Each manufacturer and retailer produce a catalogue of offered products, downloadable from their root domain ( http://manufactuer.tld/catalogue.xml )
Your client would aggregate data from a number of manufacturers (product specifications) and retailers (sellers).
It would let you compare products across any axes and produce many different fact indicators. It should be possible to compare products based on multiple indicators at the same time. This way you can do some constraint searching, such as I want a processor that offers a high performance per watt but has the lowest idle wattage, a hard drive that spins slow but offers the best data transfer rate and capacity.
There should be a public issue tracker per product so that users can determine what issues are with thay specific product. In a a category of product such as a car, there would be an issue called 'difficult to find parts'. This may be cross linked with multiple cars. The community can identify a severity of an each with each issue so they too can be searched as another axes. (Find me cars that do not have 'acceleration problems')
The reverse is also possible. There could be a positive attribute tracker, such as safety awards, standards (80% PSU Efficiency) and user created ones such as 'no known dangerous flaws 2010'. Of course the last one would be temporal. A product can change over time or the merit of the award becomes less relevant. When the Prius was released it could have no known dangerous flaws when it was released but then the positive attribute could be reversed when the acceleration problem was discovered. This way one could still search what was possible in the past. And what was available.
This is not a review system, it is more objective as it describes clear attributes for a category of products. Laptops would have 'overheating problems', 'exploding battery', 'battery degradation'. These are common to all laptops, with different severities.
The constraints would be very difficult to identify yourself unless you know what you are looking for. Users would contribute a 'saved search' for subjective product categories. Manufacturers should not have the control over this. for example, there is a difference between a DSLR and a point and shoot camera, a consumer router and a enterprise router. Laptops are a prime example: netbooks, ultra portable notebooks, desktop replacement laptops. All these definitions are up to (the knowledgeable) user who shares his searches.
Take a look at Forum Matrix for a good example but imagine more interactivity with the data. The interface should borrow from Drill down dashboards used by execs.
Hope I've made sense and please contribute.
I had no idea there was a configuration option for that.
What my plugin seems to do is make every page I visit look like the first page I visited, by supplying the referrer itself. Some websites do break when they use a referrer to force you to come from a certain page, it seems easier to just click the Referrer icon. (Which also lets me block referrer by host, although the information is probably already leaked to be honest.)
Although I may consider the configuration option as no doubt it uses less resources...
Woops, sorry about all the mistakes.
I meant this link: Why I don't use Facebook. I was going to link to that actual link, as well about general privacy.
If you don't take privacy into your own hands, don't expect web browsers to. Especially given that they are owned by either businesses who love marketing, Google, Apple, Microsoft. Don't expect governments to protect you.
I filed a TRUST complaint with Facebook. I urge you to do the same. Not that they will do anything though unless they reach a criticial mass. It shocks me so many people have endorsed the seal.
Facebook TRUSTe
That's a really cool idea; just make all your family join your site or better yet, register them without your permission. It could read IMAP to fetch their emails and place them into it as if they were actually logged in.
IMHO you must be comfortable with your job if you use Facebook freely - at home or especially so at work. I do not think it's safe in a modern world to use social networks. It exposes information you probably should not reveal, especially amaking vindicative people more dangerous.
I wrote a indepth list of reasons not to use facebook here before: Why I Don't Use Facebook
I use StatusNet when I can be bothered to microblog about something although it is only accessible to me. If I want to talk to someone I phone them. If you believe in privacy, install Freenet if you have CPU to burn and I2P otherwise.
Cheers
A real attacker would be smart, maybe even going so far to add some random behaviour like only opening a page in a proportion of cases.
You could strike gold with only 1 Facebook account out of 1000 as the chances are the email password will be the same.
I am completely with you! If you want privacy now you have to work for it now which is definitely wrong. If you use FireFox then I recommend these extensions:
- No Referrer - removes the referrer
- NoScript - kill the scripts that are the source of vulnerabilities
- Cs Lite - block the cookies that track you
- Refresh Blocker - prevents annoying meta refreshes
- Ad Hacker - shows what networks are being used for ads or tracking
- Redirect Cleaner - cleans URLs with embedded URLs to remove tracking such as SERPs
- AdBLocker - should pick up same-domain ads that Request Policy omits if I temporary allow to get website looking okay
- Request Policy - avoid loading junk
I think this is pretty well rounded but the biggest weakness is JS revealing everything by default which is annoyng because there are no extensions for this yet.
Those individuals need to be careful because those that take offence can be rather dangerous, which is ridiculous really... this should never happen in a free world.
In which case, they should download and run Freenet and do it there, anonymously.
I thought it shows how he values his own privacy and thinks others are silly for trusting others, such as himself. He has found a way to profit from stupidity.
In other words, he is malicious.