I created a unique email address to use with a company I ordered products from. No one else had that address. A while later I got a phishing email (pointing to http://www.official-2011-skype-upgrade.com/) at that address. The email addressed me by my name as well as the email address ("Joe Blow <uniqueaddress@somedomain.tld>").
Is this conclusive evidence that my private/personal information with the company has been compromised? Maybe they lost control of my credit card and address information as well? Is this worth reporting to the district attorney in their state (NY — they have privacy breach reporting laws).
Not that I want to present a false dichotomy, but if you were "preference voting", i.e., listing your preferences in order, aside from the rest of the options, how would you order these two relative to one another?
Has anyone actually looked over his data to see how easily mined it could be, by average folk or dedicated institutions? We can't begin to fully judge his claims of privacy through difficulty decoding until we've seen his technique.
I've glimpsed at his data, his photos, and it doesn't seem like it would be that difficult to build a system to suck it up and index it. I'm kind of surprised Google hasn't made it trivial to search already. E.g., "september 23 site:trackingtransience.net". Or, putatively, "february site:trackingtransience.net xref-image-search:eiffel tower".
So right now it might seem like a lot of effort for a single person to "decode" his data, but I'd expect not all that much. And such a retrieval/indexing system could probably be made extensible, to handle more variety than could easily be built into another, different data blat by a second person.
I think the asymmetry here has the efficiency on the side of decoding, once a general decoding effort is underway. And that's exactly the purview of the "all-seeing eye" government institutions. More vaguely and intuitively, the commenters here are right -- transmitting your information, however obscured, results in you being more visible, not less.
So, moving on, are there any promising candidates in this area?
And what of the infrastructure required? Is there any, such that there has to be some business running servers for VOIP clients to work well? I'm just not that familiar with it. I know you can do client-to-client connections, but what about directory services?
I push my behavior further towards alignment with my principles than I think most people do, but I do it in a way that catches minimal flak from the normal folk around me. Granted, I limit my interactions with people who don't understand. Anyway, I am not even in RMS's ballpark.
These days, in our times of bully hating, if you 'sound' arrogant, then it is enough for people to not like you, even if you're actually the nicest guy in the world.
Wow, that's really ironic, assuming you mean that RMS comes across as a bully for seeming arrogant.
Disdaining his weirdness and being mean towards him is bullying. Letting your fear and contempt of difference make you mock someone? That is bullying.
And arrogant? Nah, he's just rough around the edges. Veritably angular. He's further along the autie spectrum than most of we Slashdotters.
"I wouldn't go so far as to call the brother arrogant, I mean he got a social problem. What's the nigger gonna do? He's a nerd."
I see. You're defining "natural" jargonistically, rather than for everyday (or even casual philosophical) conversation. For a second there I thought you were being philosophical.
I worry, however, that you will still retain an element of seriousness when you, in the future, summarize this matter the way that you are currently.
Text addresses are used in URLs. That's part of the HTTP protocol. The father of the web said we should use decimal dotted quads, so your browser does not take all representations of addresses for URLs. Rest assured that when your browser gets around to making its connections it's not using a text address. But when we speak HTTP, including in the browser address bar, we say a.b.c.d.
Cerf's 'LOL' was epic, I have to say. Even if he didn't understand the issue. Please don't bother the browser developers further.
It exactly specifies the manner of IPv4 address representation, constraining it from the wide world of possible ways to format a 32 bit number. Whether represented as
3626153261 (decimal)
033010532455 (octal)
0xd8.0x22.0xb5.0x2d (hex dotted quad)
or even 0330.34.0xb52d (mixed dotted triad) (this and the dyad are interesting cases)
the point is not about equivalency. And the point isn't about the underlying libraries and whether they can recognize this variety of representations.
The point that really needs addressing is "Which representations work best for URIs?"
Whether the RFC authors (including Berners-Lee, if celebrity makes authority) intentionally constrained host IPv4 addresses from the range of possibilities or whether it didn't occur to them to allow the range of library-supported values is hard to say. I'm guessing the former. But anyway it's moot, and, again, we should be addressing the appropriateness for the protocols at hand, HTTP etc., not IP and general reckoning of addresses.
The Firefox guys seem to be getting it right. They're keeping an eye on the RFC, they're looking at the benefits and penalties, and they're coming down on the side of the simple, common convention. Limiting URI host addresses to decimal dotted quads is not "a fundamental misunderstanding of what an IP address is". It's a(n HTTP) protocol interface/usability decision.
I'm genuinely sorry about the loss of the ability to specify IPs in their myriad ways in Firefox (and other browser) URLs. I myself rather enjoyed showing people how this worked. You have my sympathy for the loss of the clever teaching tool. I can only suggest you use ping for your demonstrations.
If the flock of chickens in my yard happen to stand such that they clearly spell out the word "unique", is that unnatural or just chance? What if they make a pattern that doesn't happen to be significant, but that we can't expect them ever to make again?
Speaking of which, I might suggest a driver-initiated technique to handle the situation: The cruise control might still allow you to change the cruise speed, which may temporarily inactivate cruise control. Push and hold the lever/knob/button to reset the cruise speed. Or use the increase/decrease speed function as your (rather clumsy) accelerator.
The best thing in this situation would be anonymous disclosure of the flaw to everyone as soon as possible.
Everyone? What about anonymous (or pseudonymous) communication with the people who should fix the problem, determining a reasonable time line for a fix, and setting a date for public disclosure?
In this situation, maybe just report the problem to First State Super and tell them they have 5 days before you leak the problem to the security lists and press.
Hm. The URL has my account number in it... I wonder if all accounts are accessible by that param alone? Nah. Well, let's see... I'll just increment the number.
ACCOUNT=1234 while true; do
ACCOUNT=$((ACCOUNT+1))
wget -nv url://site.with.FAIL.security/showstatement?acct=$i > log.$i 2>&1 done
By the time I press Ctrl-c I've hacked over 500 accounts!
That's your idea of a closer analogy? I daresay you are biased and painting things with deceptive license.
Let's make an honestly closer analogy:
When opening my apartment door I notice that my key has the apartment number written on it in a special way. Being a locksmith, I get an idea: Does the fancy lock just read the number to determine if the key's good? Because that would be bad. In the same style, I write a different number on my key, the number of my neighbor's apartment, and try it there. It works. We have a problem. I check the whole floor -- all vulnerable to this silliness.
I call up my locksmith friend and tell him how stupid this is. We have a good laugh and talk about what I should do. The next day I call the apartment manager, explain we've got a real problem, and I tell him what I did. I even walked his handyman through the steps so they could clearly understand. The manager has the problem fixed the next day. Job done, right?
The thing is, the super sends the cops to talk with me. With my having been a locksmith contractor to the same police force, it went okay, but it left me shaken. I mean, I talked with the super directly and gave him all my contact info. He knows who I am. Why send the cops?
Later on, the apartment manager sends a notice to everyone in the building, telling them there was a security problem, but it's fixed, and he sincerely apologizes. In particular he says:
It has come to our attention that a resident of our building devised a way to open your door. Access to your apartment was limited and rectified immediately.
Please note: This incident was not the result of a targeted attempt to access your apartment. This resident alerted us to the ability to open your lock and advised that your door was only opened when testing the security of his own apartment. The member advised that he has not taken pictures of your apartment or taken any items.
And now they've sent me a letter telling me they had to inform the police about how I got into the other apartments because it could be a criminal act; that tell me they've locked me out of my apartment; they say they had to spend money to fix this whole lock problem because of me — the nerve! — they say they have the right to get the money it took to fix their problem from me — what! — they say that they want complete access my keys, pens, desk, and tools; and they say that they want me never to look for security problems in the building again.
Your darn tootin'! If this is the thanks I get! Some people!
I use their XBL. It works great. Don't be confused thinking there's just one "spamhaus list", saying things like "anyone who uses spamhaus is a <insulting term>".
People should know what they're getting into when they subscribe to a DNSBL. DNSBLs are best used as part of a scoring system, rather than as an ultimate authority.
Regarding Spamhaus's SBL:
The SBL database will normally include IPs identified to Spamhaus's best ability as likely direct spam sources, spammer hosting/DNS, spam gangs and spam support services.
I believe Spamhaus knows what they're doing, and it's not simply escalating netblocks to create and enlist collaterally damaged networks to bring pressure. I bet Cyberbunker is complicit in providing a haven to spam operations. And -- this needs confirmation -- I hear that A2B gave Cyberbunker new addresses after Cyberbunker was listed, which makes A2B complicit.
More data goes online every day, even aside from what we put there ourselves, data sourced a myriad ways, ways multiplying constantly. It's a(n ever more) digital life.
There's no pulling the plug. There's only learning to cope. It's just fact that our lives, the lives of everyone, grow ever more transparent.
We get handed a box with two choices. Liberals or conservatives. Most of us choose a side and fight vehemently. We get all worked up. We call the other side evil and stupid.
But maybe we should question the box we're handed? Think beyond it?
BEAST, TLS 1.0 v. 1.1 The BEAST attack is somewhat a concern for TLS 1.0, just how practical the attack is has yet to be seen. Requires malware on your the system, so he says, which means you've already lost the game. Moving to TLS 1.1 would protect against BEAST, but is problematic because of lack of support.
CA System, upgrades
Is there a better way than certificate authorities?
The fact that browsers were designed with built-in root keys is unfortunate. That is the wrong thing, but it's very difficult to change that. We should have separated who is trusted from the vendor. If we cannot separate the root of trust from the vendor then the best we can do is build a side reputation system that everybody consults.
Dreaming Up Alternatives He posits a system with some "trust agility" (as Marlinspike calls it), wherein CAs have reputations and can be updated, rather than are baked into the browser.
And the root of the trust should be the Internet with its built-in reputation ecosystem. All the CAs will have reputations built in because that's how the Internet runs, and then you have a better trust model that way.
Exact model for how and from whom we source reputation ratings not explained: "And I'm not saying I know how to implement this, but it's a better model.... It will just be done in the ecosystem."
Then the interview at first seems to veer back to the protocol implementation. He talks about updating the protocol's software automatically, I assume like Firefox or its plugins, or Windows Update. But I think he's seeing the CA authorizations and protocol implementation as a unit, so they both get updated.
Sound like he's leaving the decision on the roots still with your software provider. I think it should be more "agile" than that, more individually-configurable if so desired.
Existing Alternatives The Perspectives/Convergence model has us looking at what others, from a variety of network locations, see as the certificate for the site we're visiting. (And maybe also how long those other locations have been seeing what they see. (Perspectives does this.)) This is a very basic "reputation score"; notaries just tell us their perspective, which we then analyze to determine whether we think the cert we see is good.
Hybridizing How we choose notaries is a concern. I envision sysadmins sharing notary installations between themselves, but what happens for nontechnical people? It may make sense to have third parties rating notaries, and providing "subscriptions" to their ratings. So you could subscribe to the "EasyList Trustable Notaries" or the "EFF Notaries" lists. As notaries come and go, or as notaries prove themselves untrustworthy, these organizations would update their lists and your subscription would automatically update the notaries your browser uses.
Alternatively, have the list be not of notaries, but CAs themselves. It could replace your browser's baked-in CA list. This, however, doesn't allow people to use self-signed certs, it still rests on the precarious infrastructure of race-to-the-bottom CAs, and it doesn't solve the problem of how a quarter of the SSL web becomes untrustable as soon as Verisign fucks up. This is why I prefer the notary route.
Slashdot Mirror
I created a unique email address to use with a company I ordered products from. No one else had that address. A while later I got a phishing email (pointing to http://www.official-2011-skype-upgrade.com/) at that address. The email addressed me by my name as well as the email address ("Joe Blow <uniqueaddress@somedomain.tld>").
Is this conclusive evidence that my private/personal information with the company has been compromised? Maybe they lost control of my credit card and address information as well? Is this worth reporting to the district attorney in their state (NY — they have privacy breach reporting laws).
Coal or nuclear?
Not that I want to present a false dichotomy, but if you were "preference voting", i.e., listing your preferences in order, aside from the rest of the options, how would you order these two relative to one another?
Has anyone actually looked over his data to see how easily mined it could be, by average folk or dedicated institutions? We can't begin to fully judge his claims of privacy through difficulty decoding until we've seen his technique.
I've glimpsed at his data, his photos, and it doesn't seem like it would be that difficult to build a system to suck it up and index it. I'm kind of surprised Google hasn't made it trivial to search already. E.g., "september 23 site:trackingtransience.net". Or, putatively, "february site:trackingtransience.net xref-image-search:eiffel tower".
So right now it might seem like a lot of effort for a single person to "decode" his data, but I'd expect not all that much. And such a retrieval/indexing system could probably be made extensible, to handle more variety than could easily be built into another, different data blat by a second person.
I think the asymmetry here has the efficiency on the side of decoding, once a general decoding effort is underway. And that's exactly the purview of the "all-seeing eye" government institutions. More vaguely and intuitively, the commenters here are right -- transmitting your information, however obscured, results in you being more visible, not less.
Another CA system is broken article?
Consider an alternative model based on notaries:
Other resources of note: Moxie Marlinspike's article on "trust agility", his Black Hat Conference talk on this topic.
So, moving on, are there any promising candidates in this area?
And what of the infrastructure required? Is there any, such that there has to be some business running servers for VOIP clients to work well? I'm just not that familiar with it. I know you can do client-to-client connections, but what about directory services?
Dude's got integrity. Gotta hand him that.
I push my behavior further towards alignment with my principles than I think most people do, but I do it in a way that catches minimal flak from the normal folk around me. Granted, I limit my interactions with people who don't understand. Anyway, I am not even in RMS's ballpark.
Think different. Way, inconveniently different.
Wow, that's really ironic, assuming you mean that RMS comes across as a bully for seeming arrogant.
Disdaining his weirdness and being mean towards him is bullying. Letting your fear and contempt of difference make you mock someone? That is bullying.
And arrogant? Nah, he's just rough around the edges. Veritably angular. He's further along the autie spectrum than most of we Slashdotters.
"I wouldn't go so far as to call the brother arrogant, I mean he got a social problem. What's the nigger gonna do? He's a nerd."
What was the performance like? How did the parrots react?
And do you consider yourself observant/aware?
Decode is indeed important.
But FLAC is far less compute intensive than ALAC.
Also,
* FLAC is less compute-intensive for decode
1
2
3
Means longer battery life and/or lower power processors.
Decompression speed is important.
IIUC, decompression speed is related to processing effort is related to battery life.
I see. You're defining "natural" jargonistically, rather than for everyday (or even casual philosophical) conversation. For a second there I thought you were being philosophical.
I acknowledge that you are being funny.
I worry, however, that you will still retain an element of seriousness when you, in the future, summarize this matter the way that you are currently.
Text addresses are used in URLs. That's part of the HTTP protocol. The father of the web said we should use decimal dotted quads, so your browser does not take all representations of addresses for URLs. Rest assured that when your browser gets around to making its connections it's not using a text address. But when we speak HTTP, including in the browser address bar, we say a.b.c.d.
Cerf's 'LOL' was epic, I have to say. Even if he didn't understand the issue. Please don't bother the browser developers further.
At first I thought you were right, but I wanted to confirm it so I dug into the issue further.
RFC 2396, regarding URIs, states that URI authority hosts look like so:
It exactly specifies the manner of IPv4 address representation, constraining it from the wide world of possible ways to format a 32 bit number. Whether represented as
the point is not about equivalency. And the point isn't about the underlying libraries and whether they can recognize this variety of representations.
The point that really needs addressing is "Which representations work best for URIs?"
Whether the RFC authors (including Berners-Lee, if celebrity makes authority) intentionally constrained host IPv4 addresses from the range of possibilities or whether it didn't occur to them to allow the range of library-supported values is hard to say. I'm guessing the former. But anyway it's moot, and, again, we should be addressing the appropriateness for the protocols at hand, HTTP etc., not IP and general reckoning of addresses.
The Firefox guys seem to be getting it right. They're keeping an eye on the RFC, they're looking at the benefits and penalties, and they're coming down on the side of the simple, common convention. Limiting URI host addresses to decimal dotted quads is not "a fundamental misunderstanding of what an IP address is". It's a(n HTTP) protocol interface/usability decision.
I'm genuinely sorry about the loss of the ability to specify IPs in their myriad ways in Firefox (and other browser) URLs. I myself rather enjoyed showing people how this worked. You have my sympathy for the loss of the clever teaching tool. I can only suggest you use ping for your demonstrations.
That's an interesting way to define natural.
If the flock of chickens in my yard happen to stand such that they clearly spell out the word "unique", is that unnatural or just chance? What if they make a pattern that doesn't happen to be significant, but that we can't expect them ever to make again?
If there's only one universe, is it unnatural?
Are you criticizing capitalism? Indeed, even libertarianism?
A fight! A fight!
Ha.
Speaking of which, I might suggest a driver-initiated technique to handle the situation: The cruise control might still allow you to change the cruise speed, which may temporarily inactivate cruise control. Push and hold the lever/knob/button to reset the cruise speed. Or use the increase/decrease speed function as your (rather clumsy) accelerator.
Everyone? What about anonymous (or pseudonymous) communication with the people who should fix the problem, determining a reasonable time line for a fix, and setting a date for public disclosure?
In this situation, maybe just report the problem to First State Super and tell them they have 5 days before you leak the problem to the security lists and press.
Hm. The URL has my account number in it... I wonder if all accounts are accessible by that param alone? Nah. Well, let's see... I'll just increment the number.
ACCOUNT=1234
while true; do
ACCOUNT=$((ACCOUNT+1))
wget -nv url://site.with.FAIL.security/showstatement?acct=$i > log.$i 2>&1
done
By the time I press Ctrl-c I've hacked over 500 accounts!
That's your idea of a closer analogy? I daresay you are biased and painting things with deceptive license.
Let's make an honestly closer analogy:
When opening my apartment door I notice that my key has the apartment number written on it in a special way. Being a locksmith, I get an idea: Does the fancy lock just read the number to determine if the key's good? Because that would be bad. In the same style, I write a different number on my key, the number of my neighbor's apartment, and try it there. It works. We have a problem. I check the whole floor -- all vulnerable to this silliness.
I call up my locksmith friend and tell him how stupid this is. We have a good laugh and talk about what I should do. The next day I call the apartment manager, explain we've got a real problem, and I tell him what I did. I even walked his handyman through the steps so they could clearly understand. The manager has the problem fixed the next day. Job done, right?
The thing is, the super sends the cops to talk with me. With my having been a locksmith contractor to the same police force, it went okay, but it left me shaken. I mean, I talked with the super directly and gave him all my contact info. He knows who I am. Why send the cops?
Later on, the apartment manager sends a notice to everyone in the building, telling them there was a security problem, but it's fixed, and he sincerely apologizes. In particular he says:
And now they've sent me a letter telling me they had to inform the police about how I got into the other apartments because it could be a criminal act; that tell me they've locked me out of my apartment; they say they had to spend money to fix this whole lock problem because of me — the nerve! — they say they have the right to get the money it took to fix their problem from me — what! — they say that they want complete access my keys, pens, desk, and tools; and they say that they want me never to look for security problems in the building again.
Your darn tootin'! If this is the thanks I get! Some people!
Just a point of clarification.
Spamhaus runs several DNSBLs: SBL, PBL, XBL.
I use their XBL. It works great. Don't be confused thinking there's just one "spamhaus list", saying things like "anyone who uses spamhaus is a <insulting term>".
People should know what they're getting into when they subscribe to a DNSBL. DNSBLs are best used as part of a scoring system, rather than as an ultimate authority.
Regarding Spamhaus's SBL:
I believe Spamhaus knows what they're doing, and it's not simply escalating netblocks to create and enlist collaterally damaged networks to bring pressure. I bet Cyberbunker is complicit in providing a haven to spam operations. And -- this needs confirmation -- I hear that A2B gave Cyberbunker new addresses after Cyberbunker was listed, which makes A2B complicit.
More data goes online every day, even aside from what we put there ourselves, data sourced a myriad ways, ways multiplying constantly. It's a(n ever more) digital life.
There's no pulling the plug. There's only learning to cope. It's just fact that our lives, the lives of everyone, grow ever more transparent.
So, how will we adjust?
Who is the "Us" and who is the "Them"?
We get handed a box with two choices. Liberals or conservatives. Most of us choose a side and fight vehemently. We get all worked up. We call the other side evil and stupid.
But maybe we should question the box we're handed? Think beyond it?
Summarizing...
BEAST, TLS 1.0 v. 1.1
The BEAST attack is somewhat a concern for TLS 1.0, just how practical the attack is has yet to be seen. Requires malware on your the system, so he says, which means you've already lost the game. Moving to TLS 1.1 would protect against BEAST, but is problematic because of lack of support.
CA System, upgrades
Dreaming Up Alternatives
He posits a system with some "trust agility" (as Marlinspike calls it), wherein CAs have reputations and can be updated, rather than are baked into the browser.
Exact model for how and from whom we source reputation ratings not explained: "And I'm not saying I know how to implement this, but it's a better model. ... It will just be done in the ecosystem."
Then the interview at first seems to veer back to the protocol implementation. He talks about updating the protocol's software automatically, I assume like Firefox or its plugins, or Windows Update. But I think he's seeing the CA authorizations and protocol implementation as a unit, so they both get updated.
Sound like he's leaving the decision on the roots still with your software provider. I think it should be more "agile" than that, more individually-configurable if so desired.
Existing Alternatives
The Perspectives/Convergence model has us looking at what others, from a variety of network locations, see as the certificate for the site we're visiting. (And maybe also how long those other locations have been seeing what they see. (Perspectives does this.)) This is a very basic "reputation score"; notaries just tell us their perspective, which we then analyze to determine whether we think the cert we see is good.
Hybridizing
How we choose notaries is a concern. I envision sysadmins sharing notary installations between themselves, but what happens for nontechnical people? It may make sense to have third parties rating notaries, and providing "subscriptions" to their ratings. So you could subscribe to the "EasyList Trustable Notaries" or the "EFF Notaries" lists. As notaries come and go, or as notaries prove themselves untrustworthy, these organizations would update their lists and your subscription would automatically update the notaries your browser uses.
Alternatively, have the list be not of notaries, but CAs themselves. It could replace your browser's baked-in CA list. This, however, doesn't allow people to use self-signed certs, it still rests on the precarious infrastructure of race-to-the-bottom CAs, and it doesn't solve the problem of how a quarter of the SSL web becomes untrustable as soon as Verisign fucks up. This is why I prefer the notary route.
Use a password manager like LastPass or KeePass, or, as I do, keep an encrypted file of your sites+logins+passwords.
You really need to manage your passwords. Reusing the same pass in multiple places is just a problem waiting to happen.