If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
And TLS session caching, DNS fingerprinting and port range mapping (CGN).
IPv6 seems dedicated to preventing me from hiding.
IPv6 really does make it easier to track individual systems on a network of more than one user. Even with privacy addresses short term correlation is probably still useful.
Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
IPv6 customers are generally assigned subnets rather than single IP addresses. Whether you get a single IPv4 address or a single IPv6 prefix your "network" can just as easily be tracked in either case.
Options here are same for both IPv4/IPv6 use a VPN/tunnel/proxy/Tor-like overlay or regularly convince your ISP to grant you a new address (dump lease / change MAC / reconnect) unless of course they are in cahoots with trackers.
I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why? What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
The tangible benefit I know of for websites ATM is faster page loads for those stuck behind IPv4 CGNs.
The biggest mistake the IPv6 inventors made was making it incompatible with IPv4 by creating a completely different address space.
This ship sailed when IPv4 was placed into production. By time IPv6 came around it was already too late. You can't unfix a fixed address space without forklift change no matter what.
You would think the people behind standards like this are brains trust IQ 200. In truth they are often arrogant and short sighted and refuse to accept criticism.
Only arrogance here is in failure to understand the problem space and basic precepts of reality (e.g. pigeonhole principal)
This required stupidity like having applications which want to support IPv4 and IPv6 open two different ports for incoming connections. Dumb. Dumb. Dumb.
Most operating systems offer dualstack socket options to avoid this.
There is simply no grand conspiracy or obvious path unexplored because everyone but you must be stupid to see it.
Look at what all of these well intentioned transition schemes turned out to be worth. They actively hindered adoption of IPv6 because the operators demand a production quality network at least as reliable and performant as IPv4. This means NATIVE IPv6 not amateur hour crack-pottery involving the use of IPv4 as an overlay for IPv6.
Restoring the Internet to a network of PEERS is way more important than any annoyance or inconvenience felt in deploying IPv6.
You control at least the last 64-bits. This doesn't have to be unworkable if you don't want it to be. Add in zero compression, representations as hex and factor in ability to get creative with your 64-bits.
I found it somewhat more difficult to remember prefix but not significantly more.
Easier to derive hostnames from rest of the bits available to you if you use a consistent/creative numbering scheme.
For those who work at large shops/ISPs it's likely even easier because you likely control the last 96-bits.
Extreme example of IPv6 not being difficult to remember is Sprints website... 2600 Hz... http://2600/
because that's some mighty fine Whataboutsim right there. It's also got nothing to do with the conversation, which is about Russian election interference which noone disputes was anything less than 100% pro-Trump.
Who cares if Russia blasts Facebook with propaganda? Why should I care about that? Why do Russians have any inherently less of a right to blast Facebook with propaganda than your local variety of ultra left and right wing lunatic?
Personally I don't subscribe to the notion rights to freedom of speech nor the right to act like a dumb fuck end at arbitrary political boundaries drawn on a map.
What Russia did went above and beyond by breaking US law penetrating into systems and exfiltrating data. I don't support or condone that (Yet can't bring myself to shed even a single tear about DNC/Podesta)...
This is all very much a separate matter from the issue at hand which is propaganda on Facebook... which is NOT ILLEGAL.
Excellent use of whataboutism here! Keep up the good work, comrade! #MAGA
Personally I don't believe in the general proposition foreign interests should be banned from attempting to exert political influence.
There is some outlier behavior on the part of Russia + Trump that deserves special attention.
1. Russia seems to have successfully captured a sitting US president. 2. Active hax0r attacks conducted in furtherance of their influence goals broke US law.
Yet Russian Facebook propaganda activity by itself had little or nothing to do with either of the above. Why should I care?
Do you need me personally to create a proof of concept in order for it to become no longer "academic"?
Not relevant.
The point isn't "how" or "whether" something can be achieved. It's the simple fact it has not actually been achieved by any measurable percentage of users therefore any benefit arising from its existence is not being felt... in other words it's academic. Merely creating a "proof of concept" changes nothing.
See, that's superficially a very reasonable argument, but aren't you looking at the wrong problem?
The actual problem is "we have a lot of false positives" combined with "people don't understand statistics very well". And your solution is "we shouldn't look so hard"?
Wouldn't the better solution be to work on improving accuracy while simultaneously working to improve the ability of our justice system to weed out and reject the remaining false positives?
To me your argument sounds a lot like saying "well a lot of drivers get killed in accidents, therefore we shouldn't put more cars on the road". I mean, sure, that's one way to address the problem, but it's pretty ass backwards.
I understand the argument. I just don't believe it to be reasonable to achieve. Simply deploying technology is easy. Changing fundamental dynamics of legal systems is not. "Simultaneously" in my opinion is a wish that stands no chance of being achieved.
There is a difference between philosophy - the world we want and the world we actually have. We all have to live in the context of our time like it or not.
Yes. For example, once you have the content length, you can always request the end of a roughly 4 GB file as a full 4 MB range rather than a partial chunk by seeking 4 MB before the content length. Or for an additional data cost smaller than 1 percent, you can randomly request one to ten extra chunks at various points in the file.
Simply chunking a 4 GB file is not the same as implementing a padding scheme. No doubt measures can be implemented to deny timing and size analysis to adversaries. This isn't really the issue.
None of this actually exists in the real world across vast majority of systems deployed today. To achieve the above you either have to write a custom http client or get explicit buy in from the operator to implement something at a higher level. This has real world consequence in that assertions simply adding SSL meaningfully addresses privacy of users WRT public facing content is simply not true. What is possible is academic if it isn't being done.
Every Wifi captive portal now wont work as the redirect will fail, coffee shops, guest wifi, all broken, great.
I don't know the details by default Firefox transmits some kind of captive portal probe to determine this. You can see it go over the network if you run a capture when starting Firefox.
No, you have it backwards. By never marking HTTP is insecure before we created the false sense of security folks now mistakenly have.
Nonsense. Failing to indicate a disposition is NOT misleading and contributes to no false sense of anything.
In the real world without near universal buy-in for HTTPS exclusively people will browse somewhere... Not secure... oh noes neither is this...or this... too bad I'm going to go here and do that anyway... pretty soon it devolves into a joke about everything causing cancer followed by this scary message AND every other remotely similar scary message no matter what it says being filtered out on a subconscious level from the minds of users.
HTTPS really does mean "secure" (it's the S), but it's not as easy as setting it and forgetting it.
HTTPS as currently deployed is only as secure as the least secure CA on the PLANET or most despotic regime harboring a state run CA in the WORLD.
This is before factoring in the inescapable reality virtually all DV certs assigned are done so in an automated fashion by trusting signals returned from completely INSECURE protocols. At best on a good day assuming all hell isn't breaking loose in China HTTPS is as secure as a leap of faith.
Falsely indicating something to be "secure" when really it's just better than nothing is by far the more damaging disposition.
No it isn't. If you fail to encrypt, your ISP, your ISP's ISP, and any snooping government can tell conclusively what you have downloaded. If you do encrypt, the eavesdropper can see only what domain you're accessing and the sizes of what you download.
For most publically available sites this is simply not true. Counting bytes and timing analysis is more than enough to reconstruct users activities with a high degree of confidence.
You can obfuscate even the sizes by using range requests to pull the 4 GB disk image a 4 MB chunk at a time.
Is it really more difficult for an adversary to sum up a bunch of 4MB chunks?
Then take your business elsewhere. Switch from a hosting provider that charges extra for HTTPS to a competing hosting provider that does not charge extra for HTTPS.
Telling someone who doesn't see the point of HTTPS for x,y and z to get a new provider is probably not likely to result in a positive outcome.
The challenge here is not that these machines canâ(TM)t do HTTPS, itâ(TM)s that theyâ(TM)re not provisioned with a certificate. A lot of times, this is because the device doesnâ(TM)t have a globally unique name, so it canâ(TM)t be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and weâ(TM)re talking to some device vendors about how to improve the situation.
It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem
The solution is logging into the device using TLS-SRP but this doesn't enrich the CAs so no chance in hell.
This is not true, Windows 10 Mobile allows you to do everything local to the phone without an account. Heck even apps update without an account in the store, and you can install "free" apps from the store without the account. If anything its the only mobile OS that DOESN'T require you to have an account to use fully.
Google still requires you to have an account to even use the play store...
Either way, this might have been true in 8.0/8.1 days but with Windows 10 Mobile (probably just going to be Windows 10 S (ARM) in the near future) you can get away with no accounts signed in.
All of my comments are based on first hand experience with "windows phone" as parent indicated. I have never used Windows 10 Mobile and have no comment specific to it.
I will add software can be installed on Android devices from any source. It is trivial to download free software from Google app store without an account or Google play services installed.
Happy owner of a WinPhone here. Dated, sure. Fewer apps, sure. But compared to the iOS and Android phones I'm helping other people with on a daily basis, I find it easier to use. But I may be biased... by my better phone.
Windows phone is a brick without a Microsoft account. You literally can't do anything on it without an account and with one everything is online with no recourse. It's impossible to do something as simple as configure a local address book or simple calendar that is not forcibly uploaded to Microsoft.
Neither can you use wifi or devices local GPS without being forced to contribute to crowdsourced location bullshit and tell Microsoft where you are. It is literally impossible.
Windows Phone is probably worse than Android/w Google play molestation from a privacy perspective while being even more locked down than iPhones.
Would love to see a Linux phone running normal Linux + Wayland rather than Android yet without all the Google spyware (Google Play Services) Android by itself is really not that bad. It is for the most part just Linux. You can cross compile whatever you want without much trouble.
Currently best bet is to find a phone supported by Lineage OS (formerly Cyanogenmod) where you don't have to go through hoops to crack locked boot loaders and extraneous BS. Google play is not included by default with Lineage OS and you get to have "root" if you want.
There are completely offline mapping solutions with voice directions, reroute and fancy map views that don't require any Internet connection at all. ALK offers a fairly decent solution for not much $$$ and it can be legitimately side loaded easily without Google play.
To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.
Can't tell anymore if this was intended to be a joke or you're being serious.
It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.
Or a drive by shooting. Once one has been shot at once - second time is no big deal.
[genie] I am a magic genie, rub my lamp three times and type your wish [luser] My lucky day!! How do I rub your lamp? [genie] Press + (luser has left the channel)
Why would that be relevant? People make false positives all the time, too, and presumably these are double-checked by the actual cops making the arrest, the prosecutor bringing the case, and the judge and jury involved in assessing his guilt.
Just because it happens says nothing about whether making it happen more is beneficial or not.
There is an increase of documented cases of people are being harassed by LEAs and falsely imprisoned simply for being on losing end of the "birthday paradox" lottery. Instances of crazy unlikely coincidences are even starting to show up in DNA database searches.
Hard to imagine all coincidences that would arise from automated large scale facial recognition systems.
And when you lose the lottery prosecutors will assuredly correctly point out the impossible probability of coincidence for your case alone in a vacuum. It will most certainly be used against you even though in aggregate chance of the same impossible coincidence happening to x number of people within population is statistically assured.
They do get experts to help them build a case. It isn't done independent of expert advice.
I have no insights into what expert advice they have or have not received or what was done with that advice. I'm sure Inhofe also consulted experts before bringing a snowball onto the floor of the senate.. obviously just because a process exists outcomes are not guaranteed.
I only know globally respected engineers including those responsible for development of the Internet disagree with the lawyers on basic facts of what the Internet is and is not. Facts that are trivially provable.
Slashdot Mirror
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
And TLS session caching, DNS fingerprinting and port range mapping (CGN).
IPv6 seems dedicated to preventing me from hiding.
IPv6 really does make it easier to track individual systems on a network of more than one user. Even with privacy addresses short term correlation is probably still useful.
Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
IPv6 customers are generally assigned subnets rather than single IP addresses. Whether you get a single IPv4 address or a single IPv6 prefix your "network" can just as easily be tracked in either case.
Options here are same for both IPv4/IPv6 use a VPN/tunnel/proxy/Tor-like overlay or regularly convince your ISP to grant you a new address (dump lease / change MAC / reconnect) unless of course they are in cahoots with trackers.
I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why?
What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
The tangible benefit I know of for websites ATM is faster page loads for those stuck behind IPv4 CGNs.
The biggest mistake the IPv6 inventors made was making it incompatible with IPv4 by creating a completely different address space.
This ship sailed when IPv4 was placed into production. By time IPv6 came around it was already too late. You can't unfix a fixed address space without forklift change no matter what.
You would think the people behind standards like this are brains trust IQ 200. In truth they are often arrogant and short sighted and refuse to accept criticism.
Only arrogance here is in failure to understand the problem space and basic precepts of reality (e.g. pigeonhole principal)
This required stupidity like having applications which want to support IPv4 and IPv6 open two different ports for incoming connections. Dumb. Dumb. Dumb.
Most operating systems offer dualstack socket options to avoid this.
There is simply no grand conspiracy or obvious path unexplored because everyone but you must be stupid to see it.
Look at what all of these well intentioned transition schemes turned out to be worth. They actively hindered adoption of IPv6 because the operators demand a production quality network at least as reliable and performant as IPv4. This means NATIVE IPv6 not amateur hour crack-pottery involving the use of IPv4 as an overlay for IPv6.
Restoring the Internet to a network of PEERS is way more important than any annoyance or inconvenience felt in deploying IPv6.
Extreme example of IPv6 not being difficult to remember is Sprints website... 2600 Hz... http://2600/
Why does ./ have to butcher everything? http : // [2600::]
Nobody can remember all those hex digits.
You control at least the last 64-bits. This doesn't have to be unworkable if you don't want it to be. Add in zero compression, representations as hex and factor in ability to get creative with your 64-bits.
I found it somewhat more difficult to remember prefix but not significantly more.
Easier to derive hostnames from rest of the bits available to you if you use a consistent/creative numbering scheme.
For those who work at large shops/ISPs it's likely even easier because you likely control the last 96-bits.
Extreme example of IPv6 not being difficult to remember is Sprints website... 2600 Hz... http://2600/
because that's some mighty fine Whataboutsim right there. It's also got nothing to do with the conversation, which is about Russian election interference which noone disputes was anything less than 100% pro-Trump.
Who cares if Russia blasts Facebook with propaganda? Why should I care about that? Why do Russians have any inherently less of a right to blast Facebook with propaganda than your local variety of ultra left and right wing lunatic?
Personally I don't subscribe to the notion rights to freedom of speech nor the right to act like a dumb fuck end at arbitrary political boundaries drawn on a map.
What Russia did went above and beyond by breaking US law penetrating into systems and exfiltrating data. I don't support or condone that (Yet can't bring myself to shed even a single tear about DNC/Podesta) ...
This is all very much a separate matter from the issue at hand which is propaganda on Facebook... which is NOT ILLEGAL.
Excellent use of whataboutism here! Keep up the good work, comrade! #MAGA
Personally I don't believe in the general proposition foreign interests should be banned from attempting to exert political influence.
There is some outlier behavior on the part of Russia + Trump that deserves special attention.
1. Russia seems to have successfully captured a sitting US president.
2. Active hax0r attacks conducted in furtherance of their influence goals broke US law.
Yet Russian Facebook propaganda activity by itself had little or nothing to do with either of the above. Why should I care?
Got it, now where do I go to see if I've interacted with Israeli propaganda?
How do I report my local politician for having failed to sufficiently express their undying admiration of Israel?
I commend the Japanese for understanding and taking action on the realization that this planet needs fewer people. Thank you, guys.
Population is worthless indication of anything. A single person in the developed world consumes the resources of dozens in an undeveloped country.
If you want a metric that means something try persons per household or resources consumed per person.
We may only hope that other nations (India and China) and continents (Africa and Americas) follow.
You'd probably be interested in this TED talk on population growth and inevitable starvation. And AGW will only make things worse.
Just another fool spewing discredited Malthusian nonsense. If you want something real to be afraid of try loss of crop diversity.
Do you need me personally to create a proof of concept in order for it to become no longer "academic"?
Not relevant.
The point isn't "how" or "whether" something can be achieved. It's the simple fact it has not actually been achieved by any measurable percentage of users therefore any benefit arising from its existence is not being felt... in other words it's academic. Merely creating a "proof of concept" changes nothing.
See, that's superficially a very reasonable argument, but aren't you looking at the wrong problem?
The actual problem is "we have a lot of false positives" combined with "people don't understand statistics very well". And your solution is "we shouldn't look so hard"?
Wouldn't the better solution be to work on improving accuracy while simultaneously working to improve the ability of our justice system to weed out and reject the remaining false positives?
To me your argument sounds a lot like saying "well a lot of drivers get killed in accidents, therefore we shouldn't put more cars on the road". I mean, sure, that's one way to address the problem, but it's pretty ass backwards.
I understand the argument. I just don't believe it to be reasonable to achieve. Simply deploying technology is easy. Changing fundamental dynamics of legal systems is not. "Simultaneously" in my opinion is a wish that stands no chance of being achieved.
There is a difference between philosophy - the world we want and the world we actually have. We all have to live in the context of our time like it or not.
Yes. For example, once you have the content length, you can always request the end of a roughly 4 GB file as a full 4 MB range rather than a partial chunk by seeking 4 MB before the content length. Or for an additional data cost smaller than 1 percent, you can randomly request one to ten extra chunks at various points in the file.
Simply chunking a 4 GB file is not the same as implementing a padding scheme. No doubt measures can be implemented to deny timing and size analysis to adversaries. This isn't really the issue.
None of this actually exists in the real world across vast majority of systems deployed today. To achieve the above you either have to write a custom http client or get explicit buy in from the operator to implement something at a higher level. This has real world consequence in that assertions simply adding SSL meaningfully addresses privacy of users WRT public facing content is simply not true. What is possible is academic if it isn't being done.
Every Wifi captive portal now wont work as the redirect will fail, coffee shops, guest wifi, all broken, great.
I don't know the details by default Firefox transmits some kind of captive portal probe to determine this. You can see it go over the network if you run a capture when starting Firefox.
No, you have it backwards. By never marking HTTP is insecure before we created the false sense of security folks now mistakenly have.
Nonsense. Failing to indicate a disposition is NOT misleading and contributes to no false sense of anything.
In the real world without near universal buy-in for HTTPS exclusively people will browse somewhere... Not secure... oh noes neither is this...or this... too bad I'm going to go here and do that anyway... pretty soon it devolves into a joke about everything causing cancer followed by this scary message AND every other remotely similar scary message no matter what it says being filtered out on a subconscious level from the minds of users.
HTTPS really does mean "secure" (it's the S), but it's not as easy as setting it and forgetting it.
HTTPS as currently deployed is only as secure as the least secure CA on the PLANET or most despotic regime harboring a state run CA in the WORLD.
This is before factoring in the inescapable reality virtually all DV certs assigned are done so in an automated fashion by trusting signals returned from completely INSECURE protocols. At best on a good day assuming all hell isn't breaking loose in China HTTPS is as secure as a leap of faith.
Falsely indicating something to be "secure" when really it's just better than nothing is by far the more damaging disposition.
No it isn't. If you fail to encrypt, your ISP, your ISP's ISP, and any snooping government can tell conclusively what you have downloaded. If you do encrypt, the eavesdropper can see only what domain you're accessing and the sizes of what you download.
For most publically available sites this is simply not true. Counting bytes and timing analysis is more than enough to reconstruct users activities with a high degree of confidence.
You can obfuscate even the sizes by using range requests to pull the 4 GB disk image a 4 MB chunk at a time.
Is it really more difficult for an adversary to sum up a bunch of 4MB chunks?
Then take your business elsewhere. Switch from a hosting provider that charges extra for HTTPS to a competing hosting provider that does not charge extra for HTTPS.
Telling someone who doesn't see the point of HTTPS for x,y and z to get a new provider is probably not likely to result in a positive outcome.
Q. What about my home router? Or my printer?
The challenge here is not that these machines canâ(TM)t do HTTPS, itâ(TM)s that theyâ(TM)re not provisioned with a certificate. A lot of times, this is because the device doesnâ(TM)t have a globally unique name, so it canâ(TM)t be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and weâ(TM)re talking to some device vendors about how to improve the situation.
It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem
The solution is logging into the device using TLS-SRP but this doesn't enrich the CAs so no chance in hell.
Thanks for pouring napalm on the fire.
This is not true, Windows 10 Mobile allows you to do everything local to the phone without an account. Heck even apps update without an account in the store, and you can install "free" apps from the store without the account. If anything its the only mobile OS that DOESN'T require you to have an account to use fully.
Google still requires you to have an account to even use the play store...
Either way, this might have been true in 8.0/8.1 days but with Windows 10 Mobile (probably just going to be Windows 10 S (ARM) in the near future) you can get away with no accounts signed in.
All of my comments are based on first hand experience with "windows phone" as parent indicated. I have never used Windows 10 Mobile and have no comment specific to it.
I will add software can be installed on Android devices from any source. It is trivial to download free software from Google app store without an account or Google play services installed.
Happy owner of a WinPhone here. Dated, sure. Fewer apps, sure. But compared to the iOS and Android phones I'm helping other people with on a daily basis, I find it easier to use. But I may be biased... by my better phone.
Windows phone is a brick without a Microsoft account. You literally can't do anything on it without an account and with one everything is online with no recourse. It's impossible to do something as simple as configure a local address book or simple calendar that is not forcibly uploaded to Microsoft.
Neither can you use wifi or devices local GPS without being forced to contribute to crowdsourced location bullshit and tell Microsoft where you are. It is literally impossible.
Windows Phone is probably worse than Android /w Google play molestation from a privacy perspective while being even more locked down than iPhones.
Don't even consider it.
Would love to see a Linux phone running normal Linux + Wayland rather than Android yet without all the Google spyware (Google Play Services) Android by itself is really not that bad. It is for the most part just Linux. You can cross compile whatever you want without much trouble.
Currently best bet is to find a phone supported by Lineage OS (formerly Cyanogenmod) where you don't have to go through hoops to crack locked boot loaders and extraneous BS. Google play is not included by default with Lineage OS and you get to have "root" if you want.
There are completely offline mapping solutions with voice directions, reroute and fancy map views that don't require any Internet connection at all. ALK offers a fairly decent solution for not much $$$ and it can be legitimately side loaded easily without Google play.
To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.
Can't tell anymore if this was intended to be a joke or you're being serious.
It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.
Or a drive by shooting. Once one has been shot at once - second time is no big deal.
[genie] I am a magic genie, rub my lamp three times and type your wish
[luser] My lucky day!! How do I rub your lamp?
[genie] Press +
(luser has left the channel)
Why would that be relevant? People make false positives all the time, too, and presumably these are double-checked by the actual cops making the arrest, the prosecutor bringing the case, and the judge and jury involved in assessing his guilt.
Just because it happens says nothing about whether making it happen more is beneficial or not.
There is an increase of documented cases of people are being harassed by LEAs and falsely imprisoned simply for being on losing end of the "birthday paradox" lottery. Instances of crazy unlikely coincidences are even starting to show up in DNA database searches.
Hard to imagine all coincidences that would arise from automated large scale facial recognition systems.
And when you lose the lottery prosecutors will assuredly correctly point out the impossible probability of coincidence for your case alone in a vacuum. It will most certainly be used against you even though in aggregate chance of the same impossible coincidence happening to x number of people within population is statistically assured.
I don't think so.
I think so and I'm not alone.
https://www.eff.org/document/i...
They do get experts to help them build a case. It isn't done independent of expert advice.
I have no insights into what expert advice they have or have not received or what was done with that advice. I'm sure Inhofe also consulted experts before bringing a snowball onto the floor of the senate.. obviously just because a process exists outcomes are not guaranteed.
I only know globally respected engineers including those responsible for development of the Internet disagree with the lawyers on basic facts of what the Internet is and is not. Facts that are trivially provable.
Simple.... https://www.google.com/chrome/
Never ever trust again a browser that can pull stunts like this.
Chrome is one of the worst browsers imaginable from a privacy perspective.