Comment Re:Is free cheap enough? (Score 1) 286
mod parent up - great service.
mod parent up - great service.
Consider the stupidity of giving Facebook your email username and password, so that Facebook can log in to your email account as you, and scrape all your contact info. (While they are at it, why don't they get your emails too...) They've conned people into doing just that.
Facebook may have done this once, but they had stopped doing it a while ago and instead started to use Google Contact's API via OAuth -- that's what started this all off, Google changed the terms/conditions of their API preventing Facebook from using the system.
Deciding to not take this lying down, Facebook then instead directly linked users to the Google Contacts Export page, then Google modified said export page to throw up that big scary warning described in the article.
That said, Facebook still happily logs into webmail for sites which don't use OAuth like user's ISP webmail, exactly how you described.
I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.
You're not the first to think of such an idea, it actually has a name. I learnt about it way back when I was doing Legal Studies as a subject during my VCE (Victoria, Australia's version of your typical high school certificate).
So anyway, we did a unit on Juries and the different types and how we ended up with the one we have today in our legal system. One of the jury types that were turned down was exactly how you described and I recall thinking "that actually sounds like a good idea". The reason that it's not used (at least, according to my text book) was that juries who were in the same line of work as the defendant tended to be unfairly harsher then your stock standard jury.
For example, say that in this case, all the jury members were IT networking professionals (yes, I realize in this case one of them did have a CCIE). There's the tendency that all the jury members would think "Well, this guy just brought down our entire industry and did something I would never do -- let's give him [insert harsher verdict/sentence than a standard person would give]"
I know, for example, if I were put on a jury for some guy who allegedly made a botnet and was hiring it out for the highest bidder, I would certainly be giving a very harsh verdict/sentence.
That all said, I can't for the life of me recall what this jury type was called, and my 30 seconds on Google didn't find a result, so please take this post as [citation needed].
they will assume they've been given the wrong password and continue torturing you
That's only true if they know for sure that data is what they were looking for.
But they must have some idea of what they're looking for. It seems unlikely someone thug is going to break into my house or police detain me for 'no reason whatsoever', find an encrypted volume and ask me for the password.
What seems much more likely is that police detail you for suspected tax evasion or securities fraud and go looking for your second set of books. When they ask for your password and open up the volume to find a set of books which are completely legitimate they're going to go "Well, obviously he gave us the wrong password" when in fact maybe you did give them the real password and you've been falsely accused.
One of the great features of TrueCrypt is the whole alternate partition/segment idea. One password gives access to real data, while another (a duress password) would give some other access to an alternate segment. Put some benign documents in the alternate partition, and then under threat of water boarding, hand out the duress password. Assuming this all works, they find nothing, you go home.
But all this just brings you back to the random data vs. encrypted data dilemma. If you give them the duress password and they don't find what they're looking for, they will assume they've been given the wrong password and continue torturing you.
What's even worse is if you're really innocent and give them the "real" password but they incorrectly conclude you gave them the duress password 'cos they can't find incriminating files and continue torturing you to give them the "real" password.
8 Catfish = 1 Octo-puss