Comment Re:why does the CRTC need this list? (Score 2) 324
that nobody cares about
Your ignorance is showing.
that nobody cares about
Your ignorance is showing.
Which is exactly what I said, he listens and says whether he likes the results of what the engineers come up with. Apparently enough people agree with his judgement that he was able to sell his company for a few billion dollars.
Um, no, he's much, much less an expert than Dre is. As a respected producer at least Dre has some validity as a good ear, and he can evaluate the results of different parametric curves on tone signature, Bono can claim no such expertise in container formats unless he's gone back and studied CS while the world wasn't watching.
Uh, we're getting chips over the next 12 months, next September is when the liability shifts to the merchant if you have a chip card and they accept it as a swipe so every issuer is going to be sure to have cards out there by then and every large merchant is going to have the ability to use them. The one thing is in the US we're mostly going to be chip and signature, not chip and pin.
Android security team, eh? Are you the guy who thinks that my phone implicitly trusting the Chinese government, Turktrust, et al is perfectly reasonable, while at the same that constantly complaining about my own personally verified CA is "WorkingAsIntended"?
No.
Yeah I think your right actually. Its nearly 30 years ago, so in my defence my memory is somewhat hazy on the exact details of how the "poke of doom" worked.
Still seems more "cute" than "cool".
It's actually really convenient. You'd have to try it to see just how smooth it is. Much easier than the "share" button.
I know everybody talks about encryption, but the word itself is just the tip of security. What's the key size? What's the algorithm?
It uses Linux dm_crypt. Here's the source code that configures it, and protects the dm_crypt master key: https://android.googlesource.c...
What data is encrpyted?
The
Most of the rest of your post is speculation assuming that Google is intensively mining everything backed up. I'm quite certain that's not true, but I probably shouldn't comment in more detail.
The only thing it will do is keep your private information out of the hands of someone who picked up your lost phone and decided to keep it (or sell it).
Yes, that's what device encryption is for.
(Disclaimer: I'm an Android security engineer. I'm speaking for myself, not for Google.)
You need your head read. Google has shown time and again that it does not care about your security. There is no need to trade off convenience for security in cloud backup. Encrypt locally and send the data encrypted to backup. This would be great but i bet that Google also holds they keys and decrypts on their end. Google says it wouldn't be able to use your data for their massive data mining and information theft machine if it were properly encrypted. This is why the data sits on their servers unprotected by encryption, they are the antithesis of your guardians of security. If you value your data, turn off all Google services and manage your own backups.
There are two different threat models to consider. Device encryption protects against one, but not the other.
The purpose of device encryption is to protect your data from someone who obtains physical possession of it, because it was lost, stolen, confiscated, etc. The goal really isn't so much to protect it from law enforcement or the NSA -- if the NSA is interested in your data, they'll get it, period -- but against people who might want to, for example, steal your bank account information, etc.
Device encryption obviously does nothing to keep your data secret from someone you actively send the data to. If you have Google's backup services enabled on your phone, then it will back up a bunch of stuff. I don't know everything that's backed up, but I think Wifi configuration is, your list of apps are, the list of accounts on your phone, your contacts, and similar. Separately from device backup, you can also have the Google+ app upload your photos and videos automatically, and you can also configure the device to report your location, in various ways and for various services (there are several controls). Whatever you have backed up is (a) not protected by device encryption and (b) cannot be secure from whoever you backed it up to unless you have some sort of encryption key which the holder does not.
It's also clear that anything that is stored by Google and which isn't encrypted with some key not available to Google is also accessible to the US government and local law enforcement, assuming they have the legal right to demand it from Google. Device encryption does not do anything to defend against that. This is all obvious and not in dispute. It also doesn't make device encryption worthless, it just means that it defends against different threat.
Also, I have to say that from my perspective as a security engineer at Google you couldn't be more wrong about Google's concern for user security. Actually, if you look at the company's track record on security technology creation and deployment, I think that point is unarguable. Perhaps what you really meant to say is that Google doesn't care about your privacy, which is different from (but connected to) security. From my perspective, I think that's also wrong. It seems to me that what Google wants to do is to get your permission to make a trade, your data for targeted advertising in exchange for Google's services, and if you don't want that trade, Google wants to enable you to opt out of it (hence all of the opt out tools, privacy dashboard, etc.). Obviously, if Google is not careful to protect users' privacy, no one will be willing to make that trade, so Google is very, very careful.
(Disclaimer: I'm a Google engineer, but I'm speaking for myself, not in an official capacity.)
Intel CPUs are not defective, they just act that way. -- Henry Spencer
