The networking of "things" is not a problem as long as you can opt out of it. Can you stop the toaster of the future from talking to the vendor, the crock pot, Google, the neighbors, your router?
Policy-wise we need a requirement of opt-in: the manufacturer can try to convince you that connecting the device to internet is beneficial for you, but has to let you say no.
And on the technical side, if it needs to be authorized in your router, you already have an opt-in. If it's going to connect by default somehow, maybe by open mesh wireless or somesuch, that's a problem for privacy and security.
Implantables, and particularly life-essential ones like pacemakers, are different. They need remote access to enable updating without surgery, but it must be secured well enough to prevent the sort of vulnerabilty the article describes.
BTW, if you were intent on killing someone, wouldn't it be just as effective to direct a strong RF signal to burn out the electronics, overwhelming any access controls?
"an open conversation about knowledge that can easily kill people"
This phrase and the article contain the same fallacy ( ("disclosing 0days when they can kill people"). I may be accused of semantic quibbling here, but I think it is important to state the issues clearly and accurately.
Information cannot kill anyone, nor exert any effects at all, ever. It is not causal. Actions using the information may be enabled by knowledge of the information, but they are human choices and not automatic.
This is not merely a matter of careless expression that does not affect the argument. In fact the fallacy is not only, or not exactly supposing that knowledge is causal, but rather in eliding the whole articulation of what happens between the revealing or acquisition of knowledge and the action that may or may not use it in some way.
The situation has a common element with the gun control issue: if someone has a gun, violence is easier, and this may be considered bad, but it does not excuse conflating the shooter's action with someone else's conduct of merely allowing that person to have a gun. It does not shift any responsibility from a competent adult actor to someone who merely allows a gun to be available.
Note also that the gun-possessor, or the person newly armed with knowledge, need not act on it at all, and those who confuse things by missing these distinctions manage to avoid the fallacy in those cases.
"My recommendation is to plan privacy ahead. Think of your product as something that should not 'keep everything, analyze later' but 'keep what we must, and dump the rest'."
This is what we call "solving the wrong problem". Yes, those observations are good ones (albeit obvious) for anyone seeking to design a privacy-respecting service. But how do we get anyone to do that?
As long as companies are profit-oriented and legally able to do so, they will data-mine everyone as far as they can. What can be done about this? The author has nothing to say on this latter question.
Even a "correct" tap installation might cause an outage due to the particulars of optical-fiber manipulation. There have been occasional reports of cable breaks in the news - I've noticed since about the 1990s. They have been attributed, usually to ship anchors, or other accidental occurrences. (Supposedly also, sharks bite cables, attracted by current, but this may apply more to wire than fiber)
How to get there is a difficult question - particularly the political question of how to get better policies in place. It is effectively a test of democracy, whether the people in each country (the majority of whom, I assume, prefer not to be pervasively wiretapped) can actually influence government behavior.
As for what the policy would look like, well probably each national government will be unwilling to give up much of its interception capabilities, but maybe they would like to avoid interception by other governments. So as one possible reform, one can imagine an international arrangement where nations would monitor the undersea cables and remove any spy devices.
My first thought was, wow, they could have had computers based on sets of these connected in different ways, as logic circuits. As I recall from the Stephenson version, Turing and co. were using something similar in the analog days.
I meant that sending logon + password is somewhat pointless if it's plaintext over the internet, while if you have some encryption going on, someone intercepting the data in transit would have a harder time using it to trick the client or the server. In that sense authentication is more meaningful with a certificate -- even though using a CA still allows interception by a government actor. It narrows the range of those who can "break" the attempted security.
This is the right answer and it's too bad it was way down the page (I upvoted).
For your situation, mark_I_watson, probably get a cert from a CA, the cheap "domain only" variety where you can verify your site to the CA simply by putting a file in the web root directory.
I say this assuming the content is whatever you were already displaying to the world without encryption - therefore low-security. The cert allows you to put meaningful authentication on your site (otherwise passwords go in plaintext, for example).
For a medium security level, sufficient for online money transactions, you would have to get a higher-assurance type of cert - this requires more money, sending business and personal ID documents to verify your business to the CA, etc..
For really secret communications - getting into a degree of NSA-proofing - among other things you have to avoid involving a CA, and preferably make browser certificates for trusted clients, to spare them the warnings that browsers throw up on non-CA server certificates. This is unsuitable for (legal) commerce (commercial payment processors would reject your business), and still vulnerable to metadata collection (unless you put it on TOR or equivalent), and still vulnerable to state coercion of private keys or forced code-trojaning.
Note that the third solution requires that your clients have a means of verifying that the site is yours rather than an imposter - you avoid a CA having the power to enable some other site to impersonate yours, but trusted users must have a basis for trust by a "side channel" such as knowing you personally, you being their employer, or reputation of your digital signature over time.
Amusingly, the areas where the most US Americans are familiar with SI are gun calibers and recreational drugs. [n] (OK, I may have a warped sense of humor, but it's true)
As a USian I can testify that there's a lot of irrational opposition here. Disclaimer: I don't have scientific sources on this, just subjective impressions from a lot of little interactions and clues.
The resistance seems to be largely: (a) older people who doubt their own ability to adjust (b) right-wingers who are convinced it's a socialist conspiracy or somesuch (these are people who think international cooperation is taking sovereignty from the US, or something like that - they're a bit incoherent) and (c) politicians perceive it as unpopular and risky to advocate (presumably because of a and b) or just not a vote-getter.
I've occasionally tried to promote SI by using units in casual contexts, but it's perceived as pretentious or obnoxious. The situation is better online as I participate only in fora like this where US obtuseness is not necessarily expected. It is hard to even find products like thermometers and measuring cups (for cooking) with all-SI.
Ghostery, the last time I checked it out was closed-source, subject to control or influence by advertisers, and reporting to the vendor about users' browsing. Clearly lots of people like it, but I would consider it gross breach of my security policy.
My recommendation for anyone who's serious about controlling his/her online footprint is Request Policy. It's open source and simply blocks requests according to user directions - you can put it on a whitelist or blacklist basis, and decide for yourself what servers to contact from each page. Of course this is too inconvenient for most people, but it gets asyptotically less troublesome as the list is perfected.
Somehow I'm missing your point. If sites make requests to Google Analytics, Google APIs, etc., then anyone who looks at those sites and allows the requests is being tracked and data-mined, and is contributing to Google's power as an internet participant, and contributing to widespread dependence on one company. That's fact, not emotion.
There is an emotional element in either caring about this or not, so maybe that is what you mean. Also, listing the Google properties like he does probably overstates things for a rhetorical effect - certainly not everyone is such a heavy user of Google services. I would guess that most people online use only a few of them (and that you would demand numbers rather than guesses). Nevertheless the point is sound, though expressed in a hyperbolic way.
I wonder whether it is also a bad practice to set the contact email to an address on one of the domains that that registrar controls. I.e., register example.com with DomainCo, and your contact is [email protected]?
I actually do this and am considering changing the contact email for registrar 'A' to something independent of 'A'.
It does seem hard to have enough confidence in the reliability of any email address.
Yes, it's called front-running. There have been accusations against some registrars in the tech news.
I just go to register as soon as I'm sure I would like the domain name. That way, worst case it's already registered, best case there's minimal opportunity for front runners.
Even trying it in a browser might alert someone monitoring DNS for interesting NXDOMAIN replies. (Yes, this may be paranoid, but it's hard to keep up with the nefarious tricks that actually go on)
Deleting the emails would have put Levison/Lavabit in violation of long-established law (destruction of evidence is a crime). Note that with PFS (if I recall correctly, Lavabit did not use PFS), preserving past emails does not help the adversary.
Deleting the account, however, seems much more viable for similar situations. Forcing a company (like Lavabit) to provide service to an individual might be supportable, based in part on past precedents to do with race discrimination and general regulation-of-business principles, but would be unprecedented in regard to a non-commercial entity. Arguably it would run afoul of the 13th Amendment in the US.
Of course, written law has little bearing on what the government can do in practice in today's USA.
It's not exactly illegal, and the new secret-orders tactics are the government's workaround.
In the 1990s there was a series of political/legal conflicts over encryption, which was about to go mainstream (the whole episode is now referred to as the "clipper chip" controversy). The USG wanted strong encryption without backdoors banned, and everyone to use instead a set of encryption protocols which would have provided keys for the government (the "key escrow" idea), and the USG would promise not to abuse the power to decrypt everyone's communications.
Some heroic technical people worked around that and actually exported what eventually became PGP/GPG on paper to take advantage of a loophole in the ban. The controversy faded and the civilian right to non-backdoored, strong encryption became the nominal law and policy.
Since then the USG has been working to undo and reverse this situation by any means it can find. What it's come up with is (a) the NSA mass-wiretapping regime (actually a continuation Echelon and several other prior, longstanding mass-surveillance schemes) and (b) the set of legal tools applied to Lavabit.
And they've mostly succeeded. Secure communication is theoretically legal, but if the government can coerce encryption keys, secure communication is defacto subject to being stopped anytime the government takes an interest in someone. And while providing secure comms as a service is technically still legal, if the feds can demand a combination of trojaning the service and concealment of the subversion from users, then they have effectively banned secure communications in practice, while maintaining the written law as-is.
"When you say Levison's system made claims it couldn't possibly backup, do you mean that from a technical perspective, or from a legal perspective?"
Both. I can't speak for tptacek but can explain his comment. Lavabit may not have known about the legal possibilities, but the technical design was such that Lavabit could expose users' communications.
The technical shortcoming was that the system used the password input by the user as a key for the encryption. I may have some details mixed up, but basically they could capture the password in plaintext and unlock the user's comms with it. They made a practice and promise of not doing so, but one of the government demands was to intercept it.
That's actually a contradiction. DRM and security are mutually exclusive. The level of control that enables a remote party to "trust" a computer makes it impossible for the owner to have a rational basis for trusting it. For security you have to have the possibility of complete information and control at every moment, and that is exactly what DRM is designed to exclude.
Thanks for saying that. It's remarkable that so many writers will declare a subjective preference as if it were an objective fact ("$SOME_UI is so ugly!").
Although I also agree with "remembering just how unimportant this arguing is", I'll illustrate by providing a counterexample to the Fine Article's idea that OSX is "an aesthetically pleasing OS". My idea of an esthetically pleasing UI is one with text labels instead of icons, relatively direct access to all information and controls, and a lot less of the shiny accents, animations, forced mousing, and other decorative, annoying or obstructive junk.
I'd also like a laptop with the keyboard in front and the trackpad behind, but apparently I'm a freak or something.
"How would content producers possibly deter copying without exerting control on the consumption hardware and software?"
Imagine this fictional scenario. Copyright owners sell audio and audio/video files for download. These are without ads, trailers, DRM or other restrictions; they're high quality, complete, available right away, and in popular codecs and formats. In other words, just like Pirate Bay, but legal, and prices are very low.
What would happen if this were real? In the mad minds of the cartel, one person would buy each file, and copy for everyone else, and everyone would get the files from torrents, p2p etc..
In reality, if I'm paying Netflix rates for my files (divide say $15 over a month), and others can do the same, why would I copy it for them? They can just get their own. Moreover almost everyone would be willing to pay for their own, because they'd be getting a bargain, and on these terms they would be pleased to support the creators (who sometimes get some pennies from the middle-man companies).
Policy-wise we need a requirement of opt-in: the manufacturer can try to convince you that connecting the device to internet is beneficial for you, but has to let you say no.
And on the technical side, if it needs to be authorized in your router, you already have an opt-in. If it's going to connect by default somehow, maybe by open mesh wireless or somesuch, that's a problem for privacy and security.
Implantables, and particularly life-essential ones like pacemakers, are different. They need remote access to enable updating without surgery, but it must be secured well enough to prevent the sort of vulnerabilty the article describes.
BTW, if you were intent on killing someone, wouldn't it be just as effective to direct a strong RF signal to burn out the electronics, overwhelming any access controls?