Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - How do I reduce information leakage from my personal devices? 1

Mattcelt writes: I find that using an ad-blocking hosts file has been one of the most effective way to secure my devices against malware for the past few years. But the sheer number of constantly-shifting server DNs to block means I couldn't possibly manage such a list on my own.

And finding out today that Microsoft is, once again, bollocks at privacy (no surprise there) made me think I need to add a new strategic purpose to my hosts solution — specifically, preventing my devices from 'phoning home'. Knowing that my very Operating Systems are working against me in this regard incenses me, and I want more control over who collects my data and how.

Does anyone here know of a place that maintains a list of the servers to block if I don't want Google/Apple/Microsoft to receive information about my usage and habits? It likely needs to be documented so certain services can be enabled or disabled on an as-needed basis, but as a starting point, I'll gladly take a raw list for now.

Comment Re: Frist psot? (Score 1) 172

"Download a generic fleshlight app, and it will demand every permission under the sun just to do its job."

I wasn't aware there was an official fleshlight app, much less a generic one. And I would think there are a lot of permissions necessary to get that intimate with hardware...

In all seriousness, however, I agree. There is a power grab by content creators that simply didn't exist 15 years ago. I'm seeing flash and silverlight being used even on government websites to restrict content access and maintain control even of public data.

More tools need to be available to power users (at the very least) to deconstruct these techniques and allow unfettered access to the information that was once freely accessible.

Comment Re:Sure, Philips... (Score 1) 110

Sadly, I must completely agree with you that most people - even those who should know better - don't care. Often I wish I could be one of them.

Yes, they did respond quickly and positively, but that speaks more to their market awareness than their original intent. And I think the outrage was vociferous as a knee-jerk reaction from those (like us) who do care, are tired of having our rights trampled, and know that crying foul loudly and sharply is often the only way to effect change... which it apparently did in this case.

Comment Re:No, you completely misunderstand. (Score 1) 136

I was actually trying to be informative, not condescending. I'm sorry it came across that way.

Nowhere did I say TLS wasn't capable of authentication. I said it doesn't require authentication. And it doesn't.

I was responding to the parent post's assertion that "Https is exactly about authentication". This statement is false. For HTTPS, authentication is a non-central benefit, not a core requirement, or even necessarily in-scope. TLS doesn't provide adequate authentication service on its own in a lot of circumstances. For instance, consider that in 802.1x, TLS must be paired with EAP (The Extensible Authentication Protocol) for authentication.

Encryption has nothing to do with authentication; the two are fully capable of existing mutually exclusively. Encryption provides two benefits: 1) integrity and 2) confidentiality. Authentication, while at times nice to have, is not essential to either one. There are loads of use cases where the necessity of confidentiality and/or integrity of the data is completely divorced from the identity of the encryptor and decryptor. So it is far from "perfectly useless".

And as a matter of fact, all modern browsers support client authentication with certificates. It's not the state of browser technology that is lacking, but rather the state of providing certificates to end users in a secure and usable manner.

Comment Re:A right? (Score 1) 114

Try explaining that to someone who uses that shadow profile that you claim is "not you" to make decisions - auto insurance, life insurance, job interview, etc. about you. Which anyone can legally do.

But really, why should you be required to defend yourself against something you did not choose to participate in in the first place? And what about decisions based on that profile that are made about you that never make it to your ears? You could be discriminated against through a process that does not involve you, does not accurately reflect who you are, and over which you have no control. I don't know about you, but I don't see how that could not be concerning.

Comment Re:Sure, Philips... (Score 1) 110

"Anyhow, when has it become unreasonable for a company to [be prickish]?"

FTFY.

In all seriousness, the trend in recent years has been for companies [*ahem* Apple, Sony, Keurig, etc. /*ahem*] to lock down their hardware simply because they can.

It is inherently a trade-restricting maneouver, whatever the company's reasoning, public or private. And given the trajectory of such decisions recently, it's not unreasonable for consumers to expect that any company limiting their hardware artificially are doing so simply to pad their bottom line.

Comment Re:No, you completely misunderstand. (Score 1) 136

I think you're conflating HTTPS and CA infrastructure. (It's an understandable mistake.)

There's nothing in the HTTPS protocol that requires authentication. Most HTTPS instances do provide some degree of passive authentication, in that at least one side (generally the server) has a certificate signed by a verified root authority.

This does not, however, prevent someone from creating a self-signed (or even, technically, an un-signed) certificate and using that as their SSL enabler. In that case, there is absolutely NO authentication happening - all the certificate does is provide a public/private keypair for use to create an asymmetric crypto tunnel. There is no assertion whatsoever of an identity.

So I'll repeat what's been said - there is no authentication whatsoever inherent in the HTTPS protocol.

Comment Re:Real bad news (Score 1) 412

This is precisely correct.

Apple have made the lightning microcontroller proprietary and directly licensed only from themselves (as anyone who has seen the "this accessory is not supported" error when trying to charge their idevice can tell you). They have now purchased a headphones manufacturer, so the next logical step is to force users to purchase either their own hardware, or hardware which earns them a licensing fee.

This is about device lock-in; an attempt to create monopolistic conditions legally (if only barely so). I saw this coming as soon as they purchased Beats - I was actually surprised the 6 series hadn't already eliminated the 3.5mm interface.

Personally, I hope the attempt fails miserably. There was a time I loved Apple... but no longer. They have taken Microsoft's entire 2003 playbook and made it even worse for the consumer.

Comment Re:Snow, ice, etc. (Score 1) 258

I think this highlights the basic problem: roads (including hazard warning design and all markers and visual elements) are designed with human consumers in mind. An AI is, by its nature, playing a losing game by trying to translate non-native (i.e., human) elements into machine language and adaptation.

What will happen as autonomous vehicles become more ubiquitous is inclusion of machine-consumable elements into road design. Wireless lane markers, inter-vehicle (mesh) information sharing, and other technologies will be incorporated, making the 'I' in 'AI' a lot more unnecessary in that sense.

Slashdot Top Deals

In every hierarchy the cream rises until it sours. -- Dr. Laurence J. Peter

Working...