Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: baaaannned.... (Score 1) 22 22

well dang, this is gonna get google banned in a few more countries that have human rights abuse issues and corrupt governments... with the possible exception of america, where google would fight tooth and nail to stop that happening. instead i suspect they'll work quite hard to twist what the definition of "verified editorial" is - most likely by deploying operatives within the team. this is gonna be fuun!

Privacy

Privacy Advocates Leave In Protest Over U.S. Facial Recognition Code of Conduct 161 161

Taco Cowboy writes: Nine privacy advocates involved in the Commerce Department process for developing a voluntary code of conduct for the use of facial recognition technology withdrew in protest over technology industry lobbyists' overwhelming influence on the process. "At a base minimum, people should be able to walk down a public street without fear that companies they've never heard of are tracking their every movement — and identifying them by name — using facial recognition technology," the privacy advocates wrote in a joint statement. "Unfortunately, we have been unable to obtain agreement even with that basic, specific premise." The Commerce Department, through its National Telecommunications and Information Administration, brought together "representatives from technology companies, trade groups, consumer groups, academic institutions and other organizations" early last year "to kick off an effort to craft privacy safeguards for the commercial use of facial recognition technology."

The goal was "to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context." But after a dozen meetings, the most recent of which was last week, all nine privacy advocates who have participated in the entire process concluded that they were thoroughly outgunned. "This should be a wake-up call to Americans: Industry lobbyists are choking off Washington's ability to protect consumer privacy," Alvaro Bedoya, executive director of the Center on Privacy & Technology at Georgetown Law, said in a statement. "People simply do not expect companies they've never heard of to secretly track them using this powerful technology. Despite all of this, industry associations have pushed for a world where companies can use facial recognition on you whenever they want — no matter what you say. This position is well outside the mainstream."

Comment: moderator censorship war! (Score 1) 401 401

fuck me as if we don't have enough to contend with here on slashdot with moderators (users) getting into a bun-fight over what comments are appropriate and which aren't, under this ruling the slashdot web site owners would have to review all the comments *and* the moderations *and* all the meta-moderations *anyway*! let the moderation wars begin... starting with this comment, yaay!

Comment: Re:DRM on rentals isn't the same... (Score 2) 260 260

The problem with DRM on "rental" content isn't so much that it goes away (that part is the same for a book I borrow). The problem is that the only way to actually *implement* DRM is to have your machine is now obeying the content owner rather than you. To me this is like renting a DVD and leaving the key to your house at the store so that the clerk can enter your home when it's time to get the DVD back. The problem isn't that the DVD's going away, it's letting someone sneak into your house.

Comment: Re:There is no such thing as non-empirical science (Score 1) 364 364

What I was essentially pointing out is there there's no clear binary decision between testable and untestable. There's stuff that's very hard to test, stuff we may be able to test in 1000 years, stuff we don't know if we'll ever be able to test, ... And then when you have two theories that are "correct" wrt all the tests so far, then you have to use Occam's razor and pick the simplest. When you have hundreds of theory that all agree with experiments, then all the debate shifts to "Occam's razor-type arguments over which is most elegant/simplest". It's kinda unavoidable.

Comment: Re:What about compilation. (Score 1) 143 143

This, this, a thousand times this.

You can look at the source code all you like, but unless you can *use* that source code to build your own binaries and redistribute them, then that means absolutely nothing in terms of security.

The products you buy off the shelf may or may not have any relation to the code you looked at.

That's why Free Software is so important for security-sensitive applications. Not only do you get to look, you get to modify it and redistribute.

EU

Microsoft Lets EU Governments Inspect Source Code For Security Issues 143 143

itwbennett writes: Microsoft has agreed to let European governments review the source code of its products to ensure that they don't contain security backdoors, at a transparency center in Brussels. The second of its kind, the new center follows on the heels of the first, built last June in Redmond, Washington. Part of Microsoft's Government Security Program, the company hopes the centers will create trust with governments that want to use Microsoft products. "Today's opening in Brussels will give governments in Europe, the Middle East and Africa a convenient location to experience our commitment to transparency and delivering products and services that are secure by principle and by design," said Matt Thomlinson, Vice President of Microsoft Security.

Comment: Re:WHAT! (Score 1) 94 94

I googled "chinese cheating": got 22.6M results, top results are about exam cheating.
I also googled "americans cheating", got 14.8M results, top results are about marital cheating.

So, China, with 4.2 times the US population has 1.5 times more cheaters. I guess the irrefutable conclusion from your data is that Americans cheat 2.75 times more than the Chinese, right?

Comment: Re:how can we trust facebook? (Score 1) 138 138

Facebook is not doing encrypted messaging between users. Did you RTFA at all?

i did indeed... but it obviously wasn't clear enough. i believe that would come from the subject line saying "facebook is sending encrypted emails", rather than the subject saying "facebook allowing you to receive GPG-signed administrative notifications by email".

Comment: how can we trust facebook? (Score 1) 138 138

errr, so i want to send a communication, ok? it's supposed to be private, right? but it's a web service: facebook could, at any time (even under secret fascist subpoena) change or be forced to change (without informing us) the user interface so that the encrypted message is no longer encrypted, but is in fact entirely in cleartext.

you might think, "ok, well, surely we could then just have a messenger service or app which does the job, and we could trust that, right?" and the answer is "well no, absolutely not you can't... not unless the entire source code is available, and a chain of trust is established that guarantees a verifiable and traceable compile and distribution chain".

which, basically, means you need a software libre distribution (such as debian) because those have full source available, and GPG-signing right the way from the developers (whose identities are verified via key-signing parties that involve showing proof of ID on each signing), all the way through to distribution where a "Release" file containing the MD5 checksums of every package is, once again, GPG-signed by provably verified individuals.

the bottom line is that just because facebook *says* it's secure doesn't actually make it so, and announcing "yeah we provide a secure encrypted email service" is actually a dangerous DISSERVICE. you can't *EVER* guarantee that the servers have been compromised, and web browser *implicitly* trust what the servers give them to run.

the best thing that facebook could do is provide a programming API via which encrypted emails *may* be sent, and then sponsor software libre teams such as mutt, and everyone else, to provide 3rd party (entirely software libre) applications that deliver *and receive* encrypted mail. the only hurdle to get over there would be whether the software libre teams would view working with facebook to be endorsement of SaaSS (service as a software substitute - http://www.gnu.org/philosophy/...) which i can guarantee in advance that any GNU project will *not* do.

"Even if you're on the right track, you'll get run over if you just sit there." -- Will Rogers

Working...