Interesting, though I've been using DoNotTrackMe which is faster than Ghostery and isn't joined at the hip to the ad industry.
I do my browsing in an untrusted or disposable Qubes domain, which is about as strong security as you can get for a functional desktop system. Still, it would be awesome if pwn2own made it one of their target OS's... now for *that* I would get out the popcorn!
Maybe he thinks MS joining NSA PRISM was a heroic act.
He supports high taxes for other people, not for freemarket heroes like himself. Just look at Microsoft's tax history in Washington and Nevada (they use loopholes to dodge taxes). And Gates railed against government interference when the court was considering breaking up/penalizing Microsoft for monopoly abuses.
If the NSA can bring down botnets, why don't they? Are spammers making political contributions?
They are the best and brightest of an unaccountable corporate-run state. In their minds, they are already doing something constructive just by showing up at work and feeling insecure and nosy.
Of course, letting garden-variety criminals front for you engenders a motive for letting those criminals off the hook.
Clearly they have an interest (or conflict of interest) in letting botnets run amok, as it gives them a cover for their own illegal activities.
Qubes systems can keep things like cameras and mics effectively beyond the reach of remote attackers while running Linux and Windows apps.
The core of the system is a pairing of Xen and X11/Linux which isolates the graphics, network and other risky services into less trusted domains. The result is that the trusted X11 can always show you what security context a window or other graphical element represents, even if the untrusted X11 in a VM becomes compromised-- You can't be tricked into thinking a malware element is really a part of the core OS.
And that core OS allows you to (graphically or via CLI) sequester or assign hardware resources to various VMs; You can see at a glance if an untrusted or risky VM still has access to the mic and remove that access with a couple of mouse clicks.
Of course, you still have to trust the hardware and firmware you got from the PC manufacturer.
Securely run Linux or Windows to your hearts' content:
Only an ass would assume the average employee is going to assess their environment like a network engineer.
And I don't care what your anti-malware excuses are. You can have your security measures, but should expect lawsuits if you pull a bait-and-switch which is what you're doing if you keep the standard PKI UI elements while changing the nature of the underlying encryption. Those indicators operate in the end-to-end paradigm only!!!
There is also a significant body of law that does, in fact, state an employee has some expectation of privacy for communication that is personal/private. I have worker at places that provided separate phones and computers for just such a reason.
The very fact that you're trying to use ownership as the end-all blanket excuse for taking abusive shortcuts with your implementation does itself have a whiff of nefarious intent, because then your motives come under the motive of greed (one that expects their mark to trust them utterly in return).
Users don't lose their individuality when they come to work. They may not be entitled to end-to-end security on the corporate network, but you tricked them into thinking they had it.
You have rationalized an attack on Internet protocols because you considered the end users' right to know insignificant. You're a hack and a charlatan.
Another "Liberty" kneejerk corporatist!
None of the serious distros use Wayland yet. I would not call it widely-adopted.
And the chances of that changing are poor, given that Ubuntu and its spinoffs are the only popular distros that are even capable of handling multi-monitor setups correctly.
Apple (actually, NeXT) taught us long ago that if there is one area where you should second-guess and buck the Unix herd, its in graphics architecture. IMO, Canonical are trying to copy some of Jobs'/Apple's engineering decisions.
RedHat/Fedora is way outclassed by Ubuntu in terms of supported hardware. Just check out their respective HCL pages.... I dare any RedHat "workstation" lover to find out if they can stomach the difference and RedHat's obvious neglect.
The RedHat ken only makes *noises* about supporting desktops. There is no commitment or vision. Fedora is a only testbed distro for haphazardly plopping misc desktop components onto a base server OS.
X11 should be dustbinned just for the lack of multi-target network transparency. You know, the limitation that says while OSX and Windows users can efficiently share apps and desktops in a teleconference, Linux systems have to use VNC to toss around bitmap deltas instead. Its like getting a shot of Novocaine in the mouth everytime you head out to a party.
Oooooh, wait! Did I just attack X11 on its hallowed territory... Network transparency?! Well, indeed I have and its true that X11 has not gotten any overhauls to support this very important and common use case.
Security also stinks to high heaven on X11, and it took an OS like Qubes completely re-worked around a VM security model to address that architectural flaw (regular hypervisors like VMware won't even protect you). The priestly developers of X11 implementations do not appear to give a rats ass.
This stack (and its anachronistic neckbeard clique) has run its course and should have been on its way out 10 years ago. I think you're wrong about developing replacements for X11; Apple users never regretted it for an instant.
BTW, I don't know about you but I'm tired of my Linux UI's being interspersed with character-mode upchuck, screens flickering and popping momentarily in an out of existence whenever something different happens in the runlevel or login status or number of displays.
You allowed the user to think end-to-end security was in place, so the hack you implemented was a MITM attack. If the UI had changed to clearly indicate your proxy was in place then it might be different.
"Our network, our traffic." -- No... PKI was created because the user can't control intermediary networks, and that's what the app-level Ui signals are geared for.
The browser is indicating to the user that end-to-end security is in effect, when its actually been subverted. That, more than anything, puts it in the MITM attack category.