Comment Re:SubjectsInCommentsAreStupid (Score 1) 293
Crap, Slashdot truncated it...
Search for: "Photos of {someone you are not friends with}"
Crap, Slashdot truncated it...
Search for: "Photos of {someone you are not friends with}"
No, that's precisely how it should work. If you're putting anything on Facebook that you don't want the general public to see, you're using it wrong. Facebook is already exposing your profile and data all over the place, and selling it to three-letter-agencies and private, commercial companies.
Try doing a search on Facebook for this string: "Photos of " and see how much data it shows you from someone's profile, where going to their profile directly and clicking on "Photos", shows you nothing (for those who have locked their profile down).
Also, your connection is most-definitely NOT anonymous using Tor.
Yes, there are quite a few apps that ask for access/permission to things they clearly should not have permissions for. I've taken quite a few screenshots of the abuse, posted on my Twitpic feed. Look closely at the dates some of these were posted:
I found the issue with Brightest Flashlight almost a full year ago, now it's just recently hit the news. Sigh.
http://twitpic.com/cjlfvr
If you're doing that, might I suggest just using "Tinfoil for Facebook", or use Orbot + Orweb, and browse a bit more anonymously through Tor instead.
You don't need to use the Facebook app on your phone, you can use the mobile version of the website, or if you're using Android (as is the case with the OP's gripe), you can use Tinfoil for Facebook.
Remember to uninstall Facebook as an app and from ROM including the SNS service (not a typo), to completely rid your handset of that mess.
If you don't want to do that, use Orbot and the mobile site over Tor using the Orweb Privacy Browser.
I couldn't be happier now that I've completely purged Facebook and its hidden (SNS, not a typo) services from my ROM and phone, and frozen/deleted all of the other assets in other apps that try to "phone home" to Facebook. Side benefit is that after removing Facebook from my phone, I gained seven solid HOURS of battery life back. I didn't realize how often the SNS service and Facebook itself were sending and receiving data, phoning home, etc.
The combination of Android Permission Manager, DroidWall and LBE Security Master have made things much easier to block, delete, drop packets, deny and forbid services from trying to use unnecessary permissions.
I guarantee that no app is doing what it shouldn't, and those that should have permissions (Camera => Take Photos Permission) are prompted every time they attempt to do so, never allowed by default. If I'm not using the Camera for example, and I get a popup that it tried to take a photo, I permanently deny it and remove/uninstall the app. I don't tolerate any of that out-of-band behavior on my phone.
You should investigate the same. Yes, we all know about the L4 kernel, but this at least will help remove the abuse from the application level.
Unless of course they just happen to see something during a legal search, then they can collect that evidence too, even if it's not related to the warrant.
It's not a grey area. They absolutely cannot have a broad search for your house and then say "Oh, here's safe. It's used to hold things secret. He MUST have something in there he doesn't want us to see. I'll bet there's all sorts of fun stuff in there! 'Sir, open the safe too'..."
They have to know, with absolute certainty that there's directly-related, incriminating evidence contained in that safe before they ask to open it.
If they're searching your house for a murder weapoon or drug parephenalia, and demand you open the safe and you do, and they find documents implicating tax evasion, they can't then decide to throw in charges for that along with the others you're accused of.
Likewise, if they are looking for a murder weapon, demand you open the safe, and inside they find an encrypted USB thumbdrive in the safe and demand the password, you don't have to provide that decryption passphrase at all.
There's already legal precedent here backing this up, until they decide to invalidate that with NSL and FISA orders, of course.
...but if they ask you to open the safe, you have to open it.
Actually, you don't.
You only have to provide access to locations specifically named in the warrant. If the contents of the safe aren't listed on the warrant, you don't have to open it. Also, they have to have evidence that the specific contents in the safe contains incriminating evidence beforehand, else it is off-limits.
Just because they have a warrant, does not mean they can go on a fishing expedition and go looking for evidence. The warrant is there to collect the evidence, not to try to locate it.
If you're still confused, please read the SSD:
This wouldn't work if you were hospitalized, since they could easily scan or duplicate your fingerprints while you're sleeping or medicated. No thanks. Not flawless or bulletproof here, and easily subject to coercion or the $5 wrench method.
That's how I do it for my employers (large fireproof safe, book sealed so you can't open it without me noticing, etc.) and for myself.
Sealed how? For every way you can seal an article, I can probably name a handful of ways to get around it without disclosure. Wax seals, adhesive, envelopes, locks, string, ink stamps, stickers, all easily and transparently bypassed.
What method are you using with your books?
If you find that your residence, automobile, or other personal effects have been entered/searched without your consent or direct knowledge, and everything "looks intact", consider that they didn't come to take something away, but to put something in.
Once your personal effects, especially high-capacity electronics like smartphones and laptops, are out of your direct control, in some other room for hours at a time while you're in a holding cell, you can no longer trust them.
If they can get access to the physical hardware, they can install malware, rootkits, key loggers, replace the network card with one that is known-trojaned, manipulate your certificates, trusts, replace firmware on your devices and anything else they want.
No, once you get your gear back, immediately wipe it. Do not log into it, not even once, and just sell it on eBay or Craigslist.
You can't trust it, so dump it as soon as you can.
They do openly state on their website that they randomly x-ray scan packages however:
...use "a long", not "along", damn Mac keyboard!
Or hash it with a strong algorithm and use along, non-entropic, unpredictable, rotated salt.
Write it down. Heck, even the USPS or FedEx seems to be less compromised - they record the address info (metadata) but I haven't seen anything to imply they've been opening the letters.
They do photograph every single letter and parcel, as well as x-ray scan everything that goes through their facility.
Is that "safe"? I don't know.
Can they discern written text inside a letter in an envelope, through x-ray scanning? I don't know.
Are they photographing every letter under extreme bright lights, making the container effectively transparent?
Not sure, but it's worth exploring every single one of those questions.
BLISS is ignorance.
