Also, don't forget that DropBox is closed source, and you can't host your own server. So your private data is subject to one of those nasty "we can change the terms at any time" kind of agreements.

Compare with SparkleShare...

This isn't an interesting cipher, mathematically speaking, because the method is closed so it could be anything. All we have is some jumbled text and (presumably) a sensible answer that we're not privy to. [...] This is just a puzzle-book, and quite boring because it can actually just be gibberish and nobody would really care.

Err... so how was it possible to decode the other three sections then? Obviously it's not gibberish, it's intelligible English text encoded using familiar algorithms. And people have cared enough to invest the time to solve three of the four sections, including people from the CIA and NSA.

Being located on actual CIA grounds, this sculpture is also an artistic statement. It highlights just how much cryptography has changed since the old days when cracking codes was top secret and required expensive supercomputers.

But then, you wouldn't know anything about art, would you? You called the Kryptos sculpture a boring children's puzzle, versus your ideal of a "militarily-important" message encoded using AES. AES never would have been invented if everyone had your pragmatist view. Math is fueled by puzzles with no obligation for usefulness.

Mint.com is pretty great for connecting to whatever bank you have and it'll download your reports and also automatic categorization. I have almost 2 years of data in it, and they let you download it all CSV. It also has me in the habit of checking all of my accounts once a week, by just logging onto one website. Nice way to be on top of anything that might be fraudulent.

What about the privacy issues of a public web site that tracks a household's entire financial profile? Intuit's claim:

"We make money only when you do - We give you personalized ideas on how to save money by presenting the greatest savings from among thousands of financial products. If you decide to make a change that saves you some cash, we sometimes earn a small fee from the bank or company you switch to. You save a lot; we make a little."

And in the Privacy and Security Policy: "Simply put, we do not and will not sell or rent your personal information to anyone, for any reason, at any time."

But they DO seem to sell your information, as long as the data format can be construed as "anonymous" (before being combined with whatever other datasets the buyer might have):

"Intuit may make anonymous or aggregate personal information and disclose such data only in a non-personally identifiable manner to:

• Advertisers and other third parties for their marketing and promotional purposes, such as the number of users who applied for a credit card or how many users clicked on a particular Intuit Offer;
• Organizations approved by Intuit that conduct research into consumer spending; [...]

I'd be willing to bet they make a lot from these sales. "You save a lot; we make a little" indeed. Even if Intuit's current intentions are 100% honorable, let's not overlook the ubiquitous "we can change what you agreed to without your consent" clause in the Terms Of Service:

"Intuit may modify this Agreement from time to time. Any and all changes to this Agreement will be posted on the Mint.com site. In addition, the Agreement will always indicate the date it was last revised. You are deemed to accept and agree to be bound by any changes to the Agreement when you use the Service after those changes are posted."

This practice is where all the privacy trouble started with FaceBook. I have no idea how it's legally enforceable, but somehow it is, and in fact it's standard boilerplate for TOS contracts everywhere. :-)

Just out of curiosity -- what would happen if Google preemptively denied the UK access to its services? Maybe just for a month or two? If nobody in the UK could search using google.com? What would happen?

You assume that Google uses your private information in indirect, anonymous ways to improve advertising or predict general trends. But have you looked at Google's privacy policy?

"We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to operate, develop or improve our services."
http://www.google.com/intl/en/privacypolicy.html

That's the extent of the promise. They can use your data to improve their "services", which obviously include every possible industry and market. The exact potential of what Google can do is difficult to foresee. They have teams of people working 24/7 on new ways to exploit every last byte of data they collect.

Here are a few ideas I came up with:

- get insider trading tips for any market by searching people's private Gmail conversations or corporate Google Docs
- detect DNS names that people are brainstorming, and then preemptively squat on these domains
- search for discussions/documents relating to inventions, then preemptively patent the idea
- search for evidence that will convict you of a crime (copying MP3's?), maybe under a police order in some jurisdiction
- use private discussions to predict locations of possible "terrorist" attacks and sell this information to the military
- predict when a limited item is going to be popular, then buy up those products and sell them at higher price
- help insurance companies identify "high risk" customers
- use your company's internal documents to directly compete with your company

My point is that privacy isn't just about you and your porno history. It's about a global economic market that's supposed to be a fair playing field, but is instead threatened by one company's growing monopoly on everyone else's data.

The solution isn't to sick the government on Google. The solution is to educate people about why they should protect their privacy, because apparently this concept has been forgotten in all the excitement of blogs and social nets.

Apple's position is clearly that by letting google extend their platform to the iphone they would clearly gain converts to it, but without letting apple control that environment they lose the ability to provide distinction, and maintain their competitive advantage.

Nobody is forcing users to install Google Voice. So, what you are saying is that if users have the choice, they will install Google Voice and not use Apple's services anymore.

So, you are basically saying that Apple's "competitive advantage" is in propping up an uncompetitive product (their services) with a good product (their phone hardware).

Just thought I'd put that into perspective for you.

>>>>>Apple charges me around $100 each year to upgrade

>>update. You can see I'm not being flippant by making a side-by-side of what each path offers. Also, your OS X updates were free.

I apologize, but I don't understand what you mean by comparing the words "upgrade" versus "update", and since English spans the entire world, it's doubtful these words mean the same thing across international borders. Where I live (USA) these two words are interchangeable. I could have just as easily said I "updated" from 10.3 to 104. to 10.5 and so on.

ANYWAY..... let me put it this way so you can better understand my point - I bought my current Wintel OS (XP) in 2002. I'm still using it after all these years. If I was still using the Mac OS that I had in 2002, it would essentially be unusable. QED the wintel OS is cheaper (no money spent in 7 years) versus the Mac OS, because I had spend money to keep my Mac working.

I always look at the bottom line.
"Free" looks pretty damn good.

Wikipedia provides full citations for the author/source of all uploaded photos. If a professional photographer wanted to increase his exposure (no pun intended), he could contribute to wikipedia under a free license. The upsides really dwarf the downsides.

-Gonz

Outlook was probably slow because you were loading against Google's IMAP server on the internet, rather than from an Exchange server in the same office. :-P

A web-based system is LESS efficient because nothing is cached locally. I use Gmail for some accounts, and every time I jump to a new message ("conversation"), I have to wait several seconds while the page loads. I periodically have cases where I get a blank white page because the internet connection timed out. If the network goes offline for some reason, my e-mail is totally inaccessible. Outlook (or in my case Thunderbird) has NONE of these problems because all the messages are right their on your laptop's hard disk. You can read them and search them with no internet at all.

In other words, NO, Gmail does not have simple folders. It has a different system called labels. If you want to use Gmail, you need to learn how to use labels, and accept the claim that labels are better than folders.

This claim might be true, but it's interesting that to this day, simple folders are still the model used by file systems. When filing, you want things to have a single location in a nice hierarchical tree. Searching is useful, but it's not the same as filing.

No, Google's challenge is to actually be better. It's great for personal e-mail, but regular people rarely need to "manage" their personal e-mail, since it's mostly chatter that expires after 1 week. By contrast, business e-mails are documents that need to be searched and sorted, with deadline pressure from the boss.

You've shown that this woman was unable to refute your spirited technical arguments. But does that really mean she's clueless and incapable of deciding which product meets her needs?

-Gonz

You're comparing apples and oranges here. With hosted Exchange, you're entrusting your data to a medium-sized company that specializes in hosting Exchange. They charge a fee because that's really their business plan. With Google Apps, you're entrusting your data to a massive leviathan that aims to eventually be a competitor for every business in every industry, and who specializes in mining the hell out of everyone else's data. Google doesn't charge a fee because your data is way more valuable to them than the actual cost of hosting it.

Sure, Google has a privacy policy. But what good is a promise to only use your data to "improve our services" and "develop new services", when those "services" are completely unbounded? Google is constantly trying to invent new services, and inevitably its services will turn into a conflict of interest.

Google might be appropriate for individuals who don't see any value in data privacy. But it's not appropriate for a business.

-Gonz

The web site doesn't clearly explain the difference between "Chameleon" versus "PrivateEye". I found the answers in this PDF:

http://oculislabs.com/Oculis_Whitepaper_1.pdf

It sounds like PrivateEye is the $19.95 edition for consumers using a simple web cam. Whereas Chameleon is the "high end" version using a special "Gazetracker" hardware device that probably has a much better reaction time. There's no price listing for Chameleon, i.e. it's intended for someone spending taxpayer's money rather than their own.

The demo is on the Chameleon page:

http://oculislabs.com/Products/ChameleonP.htm

It took me awhile to figure out that this "PROTECTING DATA IN USE" image is actually an interactive Flash applet. What you do is hover the mouse over "Oculus in Action", and then wait until a blue/red oval slides across the screen. After the oval disappears, you can use the mouse to bring it back on the screen and move it around. The text inside the oval is readable, everything outside is scrambled.

The obscured text is pretty strange actually. On the "This is what the attacker sees" preview tab, the letters in each word are shuffled and easily deciphered. But on the "Oculus in Action" tab, they substitute random words of equal length, apparently sampled from a corpus of gay Satanic rites:

States --> Yapper
Government --> Satanology
degree --> faerie
classifies --> spermatova
determine --> doohinkus
classifying --> luciferidae

(No joke, these are real excerpts!)

From moving the oval around and trying to read what's inside, it's pretty apparent that reaction time is extremely important to the usability of this product. Since there's no downloadable demo program (and a whole lot of marketing patter), I'm guessing that PrivateEye is way too sluggish to be practical. Chameleon might be usable, but you probably have to pay full price to find that out as well heheh.

-Gonz

Kaspersky tends to be underrepresented in anti-virus discussions, maybe because they don't market as heavily. But IMO it's totally worth the price tag. I finally shelled out for Kaspersky AntiVirus (not the full firewall thing) in December of last year, when two virus infections caused enough downtime to impact my consulting hours. An Adobe PDF vulnerability was enabling my PC to be infected from simply browsing web pages with Firefox, even with AVG Internet Security fully enabled.

I tried products like Symantec and McAfee, but they're very "noisy" GUI's (in terms of advertising their presence), and it's difficult to temporarily disable them. I need this feature because I use driver debuggers and other programmer tools that conflict with antivirus services. This was a major factor in my decision to use Kaspersky, which is a very no-nonsense app with an "off" switch that works.

As far as detection rates, I browse pages and run files from a lot of (ahem) untrusted sources, and Kaspersky catches at least one real virus for me every month. No misses so far. In addition to actual threats, Kaspersky also detects potential vulnerabilities such as outdated Java or Flash DLL's, which is pretty cool. So if you can afford for-pay protection, definitely give it a try.

-Gonz

I disagree -- SpyBot is not a passive scanner. It hooks into the operating system in fairly complex ways, similar to an anti-virus program (or actual virus). You cannot expect such programs to coexist without eventually interfering with each other. I suppose Kaspersky and Safer Networking could collaborate to ensure compatibility (e.g. by providing documentation and guarantees regarding the ways they interface with the OS), but this is fairly unrealistic for two competitors.

If Microsoft provided a standardized API interface for virus scanners, the problem would be much simpler. But is that even possible? These tools defend against a very wide range of inventive attacks.

-Gonz

Not really. This site has some statistics:

Applying basic probability, if ("ideally") the chance of pregnancy is 2%, then the chance of NOT getting pregnant over 10 years is (100%-2%)^10 = 81.7%. In other words, 1 out of 5 dudes is gonna paying child support after 10 years.

More realistically, if the failure rate is 4%, then that's (100%-4%)^10 = 66.4% chance of NOT getting pregnant. In other words, 1 out of THREE dudes will be paying child support after 10 years. Condoms suck!

And statistics is counterintuitive. If contraceptive rates were quoted per-decade rather than per-year, contraception research would actually get the funding it deserves.

-Gonz

Interesting point... except that a lifetime cost of $648,000 is worth way less than $400,000 up front. Give me $400,000 today, and I'll happily pay you $1800/month for the next 30 years. Just tell me where to send the checks! ;-)

-Gonz