If the local police feel that the world is such a dangerous place, perhaps they would be better employed fixing that, rather than interfering with young kids going out to play.

Entirely plausible six-year-old perspective: "Mummy, why did the police take us away after we went to play in the park today? I thought only bad people got arrested by the police. Did I do something wrong?"

In the interests of discussing facts rather than emotional reactions, does anyone know:

(a) whether the CPS worker was actually authorised to act in that way (i.e., following official procedures and lawfully permitted)

(b) what legal weight the parents signing such an agreement in that situation would have had, and

(c) whether the CPS worker, or someone they immediately contacted, would have had the legal authority to immediately remove the children forcibly in that situation if the parents had refused to sign?

Indeed. Apparently these children will be learning very young about the risks of allowing anyone to have special powers over someone else under the law and the importance of restricting those powers to people competent to wield them.

Chrome is using the wrong parts of that model for what it does.

I agree that giving it the ability to opt out is an error from a system security point of view, but not opting in anyway is on Google.

Why do you think all the browsers will be able to implement sandboxed APIs for these kinds of functionality successfully, when no major plug-in in history has been able to do so?

If there were a browser that was written using truly robust coding practices, the kind of thing you'd use if you really were writing safety-critical software, then maybe I'd buy that. But they aren't. Like most commercial software, browsers prioritise speed of development and to some extent run-time performance over quality. And they are large applications, with complicated code bases, written in languages like C++. I see no reason to believe that they won't be subject to the same kinds of attacks, sometimes successfully, as everyone else developing software that way.

Chrome is the most used browser by some way among private individuals. If anyone cracked its auto-update mechanism, every one of those users could be subject to having their private data uploaded without even knowing it, resulting in the usual problems like fraud and identity theft, and/or encrypted and held for ransom, or just deleted.

The actual cost would depend on how fast Google identified the problem and recovered. Obviously if they found it within a few minutes and shut down the system that would reduce the damage considerably from what it could be. Still, keep in mind that recovering from any breach in this particular software would surely mean at least a major and ongoing PR campaign, as anyone who cracked the auto-update mechanism would disable such channels the moment their malware was installed. It seems possible that the resultant damage not just to the economy from direct fraud but to individual quality of life, consumer confidence, and so on could take a long time to recover, not to mention severely damaging or even bringing down Google as a business.

And all because they didn't want users to get a simple message saying an update was available and inviting them to download it with the usual security precautions, as Firefox or IE would?

Of course having timely security updates is better, but as Firefox and IE demonstrate, you don't need to play games that circumvent basic security practices to achieve this.

I wasn't advocating not updating, only not updating without any confirmation and bypassing normal security checks, so this is a straw man.

Moreover, if I asked 100 randomly chosen Chrome users how to do this, I imagine fewer than 10 of them would even realise it was possible, so it's not even a good straw man...

There were explicit prompts for permission before accessing those peripherals with a default answer of "no", which is hardly spying.

In any case, how would you have suggested that someone implement a videoconferencing tool five years ago, without using any of these plug-ins you hate so much because you claim they don't do anything useful and just create security problems?

There are literally billions of people on the Internet. The fact that you don't find Flash or Java applets useful for anything -- given your own personal lifestyle, interests, location, businesses and governments you deal with, other technologies available, and so on -- does not mean that no-one else in the world does. Although the number of users is steadily trending downwards and alternative/replacement technologies are getting more capable, as a matter of fact there are still millions and millions of people using these plug-ins today and no-one offering them a better option for some of the things they need to do.

Do you realise that many of the criticisms you're directing toward Flash -- about rapid updates, numerous security fixes including some that were found by others, auto-updating, and so on -- could also be directly aimed at Chrome?

Chrome is an application that actively circumvents the main Windows security model so that it can update executable code on the user's machine without the administrative privileges usually required to install and modify applications. The day someone breaks into Google's update mechanism for even a short time, whether technically or from within the organisation, the damage will be astronomical.

We could discuss related issues with Microsoft's recommended security models and how much of that update mechanism is actually suggested by Microsoft itself rather than Google, but the facts of what Chrome is doing and the potential danger associated with it are still the same regardless of whose idea it was.

NSA must have cracked Tor...

Exactly. It's all very well hating on Flash for whatever reason, but until the newer technologies can do the same jobs, and do them at least as well as the older technologies they are replacing, this is an apples to oranges comparison.

Why does anyone think the browsers themselves don't have similar security problems, and won't have more when they offer the same kinds of functionality as the insecure plug-ins we've used in the past?

The US is anomalous in terms of its murder and violent crime rates, of course. There are other nations where the general population is also allowed or even required to have firearms that do not suffer the same level with violence, suggesting that the problem may be one of culture rather than tools.

Still, the statistical question is a fair one. Given that routine carrying of firearms by the general population would almost inevitably lead to some level of extra deaths, if only through accidents, and given that the number of people actually hurt or killed in terrorist-style attacks is tiny, it may still be the case that statistically it is a bad bet to routinely arm the general population of the UK as a response to that particular threat. I don't know what the actual numbers would be, but it's a fair question to ask.

(I am not offering any view on the merits or otherwise of arming the general population for any other reasons here. I'm talking specifically about whether generally arming everyone would be a good thing in response to this kind of attack.)

This may be true. Personally, I think the vast majority of people working for these organisations probably are just normal people trying to do an important job under difficult conditions.

However, I don't think you've undermined Xest's point: if a perpetrator of a violent act was already well known to the security services for both their views and their violent disposition, but for whatever reason the perpetrator had not been effectively monitored or contained despite that knowledge, why would we rationally expect that providing any further information would necessarily improve the situation?

You're being kind. The governments and media in much of the West have for some time been doing far more to scare the people through their own direct actions than any actual violence by radical groups has achieved.

I caught part of a review of today's papers on the BBC News last night. The comments by the two guest reviewers actually made me nauseous. One claimed to be concerned about the implications about extending surveillance powers further and that we should have some sort of debate, yet clearly thought we should just hand over whatever it takes to keep us safe. The other was just saying he didn't care who read his e-mails, didn't feel that being spied on limited his freedom of expression, and MI5 were welcome to spy on him, with no apparent consideration for the implications of that policy for anyone else who might not share his views. The host actually quipped -- in possibly the only balancing comment in the entire segment -- that the guest sounded like he was making the old argument about having nothing to fear if you have nothing to hide, and the guest just laughed and said he didn't think so.

So it looks like there was at least one thing Lucas got right with episodes I-III: liberty really does die with thunderous applause.