you think they put in the caps because they dont have enough bandwidth coming from their towers? you, sir, are sadly mistaken. they do it for one reason. PROFIT.

Do you think radio spectrum is an infinite resource?

Mobile networks absolutely have capacity constraints, often very complicated ones that exist in multiple dimensions or vary by region. But that'd be too complicated for people to deal with, so we end up with an approximation of 1 or 2 GB/month. Which by the way is very standard across the developed world. In Switzerland most carriers are also providing this sort of quota and there are several competing, with a new (UPC) just entering the market now. They are all doing roughly the same thing, although I'm sure they could hoover up customers by offering a lot more bandwidth for the same price. For what most users are doing on the move 1G is currently enough and giving everyone lots more quota would simply result in a small number of people doing craploads of torrenting or downloading multi-gigabyte operating system updates over the air instead of over wires.

You can sum up this situation as "PROFIT!!!1!" if you like, but in reality the market is just optimising for resource usage - building more towers and more backhaul and more core routing capacity so a tiny number of users can chew up 10 GB/month instead of 1 GB/month is just not a good use of limited resources.

Still, bandwidth quotas have gone up over time as technology improved. Remember the days when 3G was new? I wrote a J2ME app back then and we counted every last byte.

If there was a public blacklist, then it'd be easy to build a search engine specifically for blocked content that ran outside the EU, and thus the entire scheme would work even less well than it already does.

What the EU court has set in motion here leads, eventually, to either a Great Firewall of Europe, or the EU getting to perform global censorship against everyone. Neither outcome seems plausible, so, what next?

What's going through their mind is this - we are politicians and regulators. We are in charge. If our power is being challenged by a corporation, we need to slap them down as hard as possible, as fast as possible, so we remain the top dogs. We are not concerned with minor technical details that boffins like to witter about: we are the Democratic Representatives of The People and that means we must be obeyed!

The way this stupid "right" will play out was clear from the first moment the ruling was made. Lots of people with things to hide will try and get their misdeeds erased (check). Google will try and keep its results as uncensored as possible (check). EU will get pissed off that circumvention is easy and try to force them to perform global censorship (check). IP address based filtering will be implemented (not yet). Then people in America set up dedicated proxy sites so people in Europe can search uncensored (not yet). Then the EU will get mad and tell Google to drop the results from all search results, everywhere (not quite yet). And then there's going to be a big fucking showdown and we'll learn who needs who more. Or perhaps the UK will beat the EU to it with their parliament's retarded "Facebook should implement Minority Report" policies.

Whatever happens, it's looking more and more like there's going to be a big fight, either over this or spying, or both. Politicians are running scared because they suspect when forced to make the choice, a significant number of their citizens would side with Google/Facebook/WhatsApp/Apple over them .... and if you're a politician, that attacks the core of your power and identity. They won't be able to tolerate that.

Here's the tricky thing about privacy and social networks: Facebook's privacy support is actually pretty good. Whilst people might tell you in the abstract that they want more privacy from Facebook, figuring out what they would change in concrete terms is very hard. For example, they might say "I don't want to see ads" - but given the choice, they don't want to pay for anything either. So this feedback ends up being pretty useless, equivalent to hearing "I want everything and a pony". It's not a basis for a product.

Google learned this one the hard way with Google+. The original way Google+ tried to differentiate itself from Facebook was with circles. The idea is, Facebooks relatively singular notion of "friend" doesn't reflect the way real people work, this means it doesn't respect people's privacy and so people use the product less .... therefore by giving them better tools, they'd win a lot of users. Facebook responded that they'd tried the same thing, it turns out people don't like making lists of friends and controlling their sharing at a fine grained level, so it wouldn't work. And guess what? Facebook were right. Sure, you interview people in focus groups and they say one thing. In reality they might do something else.

So - decentralised open source social networks. Not gonna work. People might sound enthusiastic when you pitch it to them in the abstract, but actually Facebook works fine for them, and the kind of privacy that matters to them (can people see who views their profile?! Can my parents see my drunken party pics?) is already well supported and tuned.

Ultimately what will do off Facebook, eventually, is a change in how people use social networking that for whatever reason they cannot replicate in their main product.

I think you know this but sometimes it's a bit hard to read tone on the internet.

HSBC processed transactions for Iran in Europe, at a time when the USA had not successfully forced Iranian sanctions onto the EU and thus they were entirely legal.

The USA did not like this one bit, because Congress had a 'fuck Iran at any cost' mentality that extended to trying to make US sanctions global. And one way they did that is by prosecuting or threatening to prosecute American employees of international banks for transactions entirely legal in both the source and destination locations. It's just empire, nothing more.

That's not "lack of diligence", that's a fundamental bootstrapping problem. CA's are meant to verify identities. If the identity you are trying to verify is not itself cryptographically verifiable, then the attempt to verify can be tampered with, but the only way to solve that is to use harder to verify identities. Which is what EV certs do, and my own experience of getting one was pretty smooth.

You might think I'm exaggerating, but even major corporations fuck this up all of the time. There is no "just choose sensible defaults and give me a secure socket" call, because if there were someone would complain that it's not secure and shouldn't be used.

Sure there is. Perhaps not in C but what did you expect? Here we go in Java:

HttpsUrlConnection conn = (HttpsUrlConnection) new URL("https://www.google.com/").openConnection();
Certificate[] certs = conn.getServerCertificates();
InputStream stream = conn.getInputStream(); // read stream here ....

That'll do the right thing by default.

SSL is imperfect, but that's because crypto is hard, not because of some fundamental fuckup somewhere and if only we all used the alternative protocols (which?) everything would be peachy.

Yes, but exploited browser rendering engines have been a large source of infections too. Sandboxing mobile code is just really hard. However the web is indispensable whereas Java applets aren't, so Java is the one that gets thrown out.

I suspect there isn't any way to build support for Java applets that satisfies Google's policies, therefore, they will end up being restricted to other browsers for the small number of people who need them (mostly enterprise apps).

These days the Java sandbox is actually a lot better than it used to be. Last I heard there had been no zero days this year at all. However, the Java update story still sucks, and Sun/Oracle have made Java supremely unpopular on Windows thanks to the crappy update nags and bundled adware. So nobody will be sad to see it go. Java is moving to JRE bundling for distributed apps anyway: I've written one with the new tools and it basically works like a regular desktop app, with a native installer / package on each major platform.

I know, the stingray is essentially a hacking tool. That makes you think though, why on earth is there a large wireless network carrying sensitive data without TLS (transport layer security), or encryption between the modem on the phone, and the carrier? Either the contents are not sensitive, or the carriers / cell phone manufactures are complicit or worse.. incompetent.

GSM dates to 1987. When it was created, the previous mobile telephony standard was analogue - you could listen in on calls just with a regular radio. There was a very small amount of digital signalling to the network, but the field of commercial crypto hardly existed back then and subscriber cloning/piracy was rampant. GSM introduced call encryption and authentication of the handset using (for the time) strong cryptographic techniques. It was very advanced. But it didn't involve authentication of the cell tower to the handset, partly for cost and complexity reasons and partly because a GSM base station involved enormous piles of very expensive, complex equipment that had to be sited and configured by trained engineers. The idea of a local police department owning a portable, unlicensed tower emulator was unthinkable, as the technology to do it didn't exist, and besides .... trust in institutions has fallen over time. Back then it probably didn't seem very likely police would do this because they could always just get a warrant or court order to turn over data instead.

When 3G was standardised, this flaw in the protocol was fixed. UMTS+ all require the tower to prove to the handset that it's actually owned by the network. Little is publicly known about how exactly Stingray devices work but it seems likely that it involves jamming 3G frequencies in the area to force handsets to fall back to GSM, which allows tower emulation.

The latest rumours are that the company that makes Stingrays has somehow found a way to build a version that works on 3G+ networks too called "Hailstorm", but it's dramatically more expensive and as mobile networks phase out GSM in the coming years police departments are having to pay large sums of money to upgrade. The whole thing is covered in enormous secrecy of course so it's unknown how Hailstorm devices are able to beat the tower authentication protocol. Presumably the device is either exploiting baseband bugs, or is using stolen/hacked/court-order extracted network keys, or it was built in cooperation with the mobile networks, or there are cryptographic weaknesses in the protocols themselves.

it's all, once again, a lot of buzzwords, and zero security.

That's a bit unfair. Yes, any security system that tries to be entirely transparent cannot really be end to end secure, but nobody has ever built a mainstream, successful deployment of end to end encryption that lets you use a service even if you don't trust it. There are many difficult problems to solve here. Forward secure end to end encryption behind the scenes is clearly an important stepping stone, and OWS has said they will expose things like key verification in future updates. Just because they haven't done everything all at once, and solved every hard problem, does not mean it's just a lot of buzzwords.

You're willing to sit on the sidelines while ISIS engages in a campaign of genocide and ethnic/religious cleansing? ...... They're barbarians and they need to be terminated with extreme prejudice.

You're against ethnic/religious cleansing but want to "terminate with extreme prejudice" an entire very large group of people largely defined along ethnic and religious lines .........

words fail me

If the entire government became Libertarian today, it would take less than 10 years for corporations to take total control of governance and we'd have just as much (or probably more) squashing of individual liberties, but no longer any accountability to voters.

Isn't that a contradiction? I'd think a libertarian government would not want anyone, owners of large corporations included, to take over governance. That's kind of the definition of libertarianism, I thought.

Additionally, I'm having a hard time recalling the last occasion on which a company squashed my civil liberties. Actually I don't think it ever happened. Companies, even big ones, are typically very simple creatures compared to governments - they have simple needs and simple desires. Even companies that can't be easily reduced down to the profit motive (most obviously Google in this day and age) still have quite simple motivations, in their case "build sci fi stuff".

On the other hand, our awesome western governments routinely kill people for merely being in the wrong place at the wrong time or receiving a text message from the "wrong" person (see: signature driven drone strikes).

Whilst these governments aren't quite at the stage of drone striking people who are physically in western countries yet, they certainly are willing to do lots of other nasty things, as residents of gitmo will attest. So given a choice between a government that did very little and mostly let corporations get on with it, or the current state of affairs, it's pretty hard to choose the current state of affairs given the very very low likelyhood of companies deciding to nuke people out of existence of their own accord.

There are many powerful players in society and I'm not one of them. Does it make me a crony capitalist or a welfare queen when I decide I'd rather the power go to those I can vote out of office than those I can't?

No, it doesn't make you either of those things. It does mean you have a lot more faith in voting than other people do. This can be described as either very reasonable or perhaps naive, depending on where you live. E.g. in places like America or the UK voting is driven almost entirely by the economy and matters of foreign policy or the justice system have no impact on elections, politicians know that so they do more or less whatever they like. In places like Switzerland where there are referendums four times a year, preferring voting power to market power would make a lot more sense.

Yes, that is exactly how sanctions work.

Do they?

Your whole post is reasonable and articulate, and written from an entirely US centric point of view. But taxis are regulated in most parts of the world (perhaps everywhere), and government isn't always as dysfunctional as in the states.

Lavabit is a bad example - the FBI only requested the private SSL key directly after the Lavabit guy refused to co-operate with a more tightly scoped warrant and claimed he had no way to intercept the data of just the user they were interested in (Snowden) ..... a claim that was manifestly false and everyone knew it. If he had handed over just the data of the one user requested, the SSL key would probably still be private. But after proving that he was utterly unco-operative and quite possibly untrustworthy too, the approach the FBI took was not entirely surprising. Additionally it did go through all the motions and there was plenty of oversight of the whole thing - a lot better than some silent interception.

Yes, if the NSA decided that the signing keys for cell tower certificates had to be handed over using some crappy secret national security court then there's not much the phone companies can do. However, it's still good enough to stop your average local police force who just can't be bothered justifying themselves to a judge and going through the overhead of a proper legal request ... which is what TFA says the driving rationale for these devices is.