Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Maybe this IS about the tech companies after all (Score 1) 69

Maybe the tech companies are even more central to this than it looks. Obviously, they would be behind a federal bill to protect themselves from having to fork products, even if it wasn't the right thing to do.

But there's just TONS of stories about how poor law enforcement is constantly unable to break into phones. There's no stories about this on PCs, even though that's where huge amount of the data are, and have been for many years.

The difference? PC and its competitors have always been open platforms. The government has known that there's no effective way to keep cryptography out of the hands of the bad guys- maybe with extraordinary pressure they could keep it out of the hands of the good guys, but that's it.

Phones aren't. Phones are becoming slightly more open in pieces, and there's plans for some really open phones, but there's not a huge amount of movement there. These aren't attacks as much on us as they are on the mobile software guys, because once they beat them down the push for an open phone will become substantially magnified in volume- enough to make a product that, no surprise, all the bad guys will use, indistinguishable among the medium sized wave of privacy advocates and techies. When faced with an open platform, the government could still try to ban it, but they would have no success among their target pool- and they would just succeed in griefing people.

So is this just a giant drum to scare the tech companies into paying more? It won't save any lives, obviously, and it's not otherwise that rational a play for the government. Maybe it's a bit of a threat for some cash.

Just a thought.

Comment Re:don't believe his lies (Score 2) 153

Phones don't need to be wiretap friendly, you have no obligation to forfeit privacy, and the constitution guarantees your right to privacy and free speech.

With that said, the phones are not constructed idiotically, and will wipe / key dump if attacked naively with brute force. Additionally, I don't know which phones are limited to 4 character passphrases, but it is sure as FUCK not "most". Android users can set a password, Apple users can set a password. Maybe some trivially untrustworthy shit limits your password length to 4 digits, but nothing worth using.

Comment I will probably subscribe (Score 1) 600

First, I'll make sure I can still visit the site ad-free. There's always a workaround to this kind of malice, after all. It's entirely possible to hit Forbes with an adblocker up, for instance, via a quick google for a nice set of variables to set clientside.

Then, I'll probably just subscribe. I hate ads so very much that I refuse to view them entirely, but 4.5 $/month is not an out of line amount to ask. It's a bit on the high side for a magazine, but not absurd. I can probably afford 52 dollars a year: I can't afford whatever ruinous financial or emotional decisions advertisements will inflict on me.

Comment I mean, this is a little unfair (Score 1) 151

I like shitting on Windows apps as much as the next guy, but if you can replace a library on the drive, aren't you just going to like... win? Maybe there's more protection on real systems, but it's a binary that gets run with the permissions and privileges of whatever is running it. Can someone explain to me how this is a larger concern, and what was done to patch the security of this?

It stands to reason that if you can overwrite a dll, you can overwrite a lot of stuff, same as with an .so or something. Is it something where in Windows its easy to overwrite the DLL in the first place?

Comment Re: How does Ubuntu Linux compare? (Score 1) 570

> The methodology in this story set telemetry to "basic" instead of disabling it.

That doesn't appear to be correct. Linked article states:
"I have chosen the customized installation option where I disabled three pages of tracking options"

It's possible that the ability to select "disabled" for telemetry instead of basic isn't in the three pages of tracking options, I guess. That's news in and of itself though, lol.

> Other users have reported that fully disabling telemetry and shutting down non-essential services does reduce the outbound traffic to only Windows Update.

So your point is that you can't disable telemetry during the installation, but there's some unspecified stuff that you can maybe do to turn it off later, if you have the Enterprise version they won't sell you? Sounds super.

> I don't see anyone arguing that Google not respecting privacy justifies Microsoft not doing so.

In this thread:
http://tech.slashdot.org/comme...
"Google does this a lot more than Microsoft and no one says anything on that."
http://tech.slashdot.org/comme...
"Apple and Google are doing the exact same things with iOS and Android"
http://tech.slashdot.org/comme...
"You guys really have such a big problem with this? Because Google and the NSA are doing far worse."
http://tech.slashdot.org/comme...
"how is this different from Google, Facebook or any cloud service"

All of these were posted AFTER my post about how we could expect to see a bunch of people saying this hop into the thread.

All of them posted AC.

When this is brought up nowadays, you can pretty much count on these posts showing up. Almost always as AC, and almost always singing you a song about how Resistance Is Futile and how Everyone Is Equally Bad. It's like a bullet point in a disinfo packet or something, it's creepy. And yea, they showed up on schedule.

So no, it's not a strawman or logical fallacy. It's a prediction of what would happen, that was proven true in this very thread. Watch for it next time man, you'll see.

"The real issue is directing outrage mostly at Microsoft when there are plenty of others who deserve criticism for their practices"

No, that's not the "real issue". As I've stated:
1- The fact that phones suck is not a good reasons for desktops to suck now too.
2- There's no inevitable progress or deals associated with spying or spyware, no benefit to the user.
3- Microsoft makes this stunningly hard- I would actually argue impossible- to turn off. Other OSes really DO have toggles that turn this off- Microsoft has a huge nest of options that don't fully disable it (for sure and for reals on Pro and Home, and maybe now on Enterprise).
4- People don't have the same types of data and programs on a phone as they do on a desktop. Those that make due with only a phone generally don't HAVE the features that a PC offers in their life.
5- Windows 10 is aggressively marketed to existing desktop users. Without reading pages of legalese you have no idea that you are transitioning from a desktop OS that you paid for into some new abortion where you are the product and your everything is available to analysis. I would argue this goes further- even a brand new PC purchase is often made with the assumption that what you have on your box is actually private.

> If you don't like Windows invading your privacy, you have the option to install Linux. Unlike your statement that Apple could modify their privacy policy at any time, that doesn't hold true for Linux.

I'm not trying to sell you an iphone dude. I'm just saying that if you buy a phone right now and you choose Apple, they are CURRENTLY doing the "right stuff" regarding privacy, and they could change this later (which would mean you couldn't upgrade effectively), so it's not an ideal solution. You don't really have the "install a better OS" option on most phones at all, Apple ones least of all. If you have enough skills to make your Android serve you correctly, grats.

I'm not comparing this to Linux, which obviously is (along with the open source BSDs) the winner in this race on a desktop.

> you have far more choices with a desktop OS than you do with phones

Yes, of course. The mobile market is vastly more oppressive than the desktop market, because it's stupendously hard to control the hardware we buy. There's open phone solutions that are (IMO) nowhere close to being actually good yet, but at least progress is being made. Desktops are an open platform to users, because you can buy components- phones still take a company ordering them to happen.

> . If your statement is true, then your criticism of Microsoft is invalid because you have choices like Linux, FreeBSD, or to buy a Mac ...but this part isn't true. I said on a phone you have two core options- you can get under the hood with Android and knock its head around until it is correct, or you can buy an iphone (and hope Apple stays consumer-friendly). None of this is relevant to criticizing Microsoft for turning the entire Windows platform into a spybot fuckfest- the fact that it's the same hardware that boots Linux and Windows doesn't matter when criticizing Windows.

> I'm not aware of that happening in Windows 10.

You can pick a custom option (which doesn't imply that "send my everything to Microsoft is hidden in there") and then you can disable a whole bunch of telemetry (but certainly not all of it).

"Android presents me an option during setup to fully disable telemetry; I always do so, and therefore Android's telemetry doesn't bother me"

Well even if the button was well hidden it would still be a lot better than Microsoft, where you can only set Basic without using Enterprise, and where it still does all kind of sketchy connections. But does that button really work? I don't know for sure either way. Regardless it isn't really relevant in an article about Windows spying.

Comment Re:"Annoying"? (Score 1) 39

Not all viruses deleted data, is the point. MANY viruses were not able to generate personal gain in any way, and didn't destroy all your files.

There was one that replaced all the "Microsoft" on your hard drive with "Machosoft". Just a global search and replace in every text file and binary. Machosoft DOS prompts and everything.

Comment Re:The Simpsons have already done it (Score 1) 39

Malware wasn't a term yet because it wasn't needed.

Your three basic types of infection are virus, worm, and trojan horse. Viruses make copies of themselves, and in an era where it was EXTREMELY common to move binaries around from one machine to another, this was a very effective manner of transmission. You didn't need an existing vulnerability for a virus to work, because you were tricked into executing the code. Everyone will ALWAYS be one social engineering attack away from a computer virus. A worm also replicates itself, requires some kind of exploit or issue, and also requires network connectivity. You are very likely safe from worms almost all the time, because you run very few things like a server- and the few that you do run are not ubiquitous, nor as generally vulnerable. A trojan horse is much more targeted, because it doesn't replicate itself.

So these three things are still good terms for malicious software, but then other things started happening. You might be fooled into installing a piece of software that does bad stuff, but it was mentioned in the EULA. It's not a trojan horse, because you said you were ok with it. It's not a virus, because it doesn't replicate itself and because you said you were ok with it. It's not a worm in any event. Possibly, you browsed to a site with a 0 day exploit in your javascript, and then got infected that way. Is that a trojan horse? Not really, because you didn't choose to run it. It isn't replicating, so it's not a virus or a worm. What is it?

Now we have the general term malware, and we have the old subsets underneath it, as well as new ones. We didn't need to call it "malware" back then, because we had so few infection vectors compared to today, that malware simply couldn't do what it could now- the newer types of malware simply couldn't exist back then, without javascript and flash and internet explorer and always-on IP networks to help them out.

Comment Re: How does Ubuntu Linux compare? (Score 1) 570

> So, we're going to rightly complain about Microsoft invading privacy, but we're going to make excuses for Android. That's bullshit.

No it isn't. Again, the two things are not equivalent, and the fact that phones suck at privacy is NOT reason to go make desktops suck at privacy too.

I don't give Google a free pass. But if Google gets brought up while we are rightfully bashing Microsoft, there's normally ONE reason: to try to normalize Microsoft's behavior. This makes the conversation into a useless expenditure of effort.

The fact is, Microsoft is generally worse than Google about privacy, even if you count Android. But that conversation is this back and forth between someone who is more opposed to keyloggers and serious envelope information leakage about what local applications are used when ("transmit a packet when notepad opens") versus someone who is more opposed to a mostly blind search finding some keywords and displaying sketchy adds because you were discussing a naked singularity in your email. The original shill post is long gone, and the nerds have descended into fighting over which shitty approach is more shitty.

It's meaningless.

If someone had an article about comparing the different forms of exploit info being used against their customer, THAT would be the appropriate place for it.

But for it to come up in this thread, and any other thread about Microsoft is OFF FUCKING TOPIC. Windows 7 (fresh install, don't add the telemetry KBs) isn't a total pile of shit on privacy. Windows 10 absolutely is. Google has NOTHING to do with this!

Also related: You have two main options when it comes to Android spying. The first is to root your phone and fix it, which has a host of downsides- now you are sysadminning your phone, now it's a hobby box as well as production for you, etc. If you are passionate, you will probably do that. The second is to use a goddamned iPhone, which everyone pretends is just as bad on privacy but it really isn't. This isn't a great argument point, however- Apple is perpetually one patch away from having ruinous privacy policies, because they are such a proprietary solution. So you have options even within the "phone" field.

And again- THE FACT THAT PHONES SUCK DOESN'T MEAN WE SHOULD THROW OUR HANDS UP AND ACCEPT THAT DESKTOPS SUCK TOO NOW.

It's a false equivalence, it's offtopic, it devolves the conversation, it's fucking WRONG in the first place (because Microsoft is way shittier than Google with what it is collecting), and that's why it's a top tier shill argument that I see trotted out in every fucking Microsoft thread. It's so clearly from List_of_bullshit_to_post_when_we_get_called_out.txt that it's stupid.

Comment Re:Why are you surprised? (Score 1) 570

The technical preview did push your directory up to Microsoft. I can't find anything in the EULA still giving them permission to do that for the release version though.

Anything you type can go up to Microsoft. That's the input personalization thing, and the EULA means you grant this permission in general. If your emails are kept on outlook, then they also have them, and have a nest of excuses about when to divulge them (including law enforcement, of course, but also just if they make agreements with third parties). Contents of select documents? Well, the crash reports contain this, obviously, but also "Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and who you interact with on your device." Probably if you turn off input personalization and getting to know you and Cortana this gets turned off... are you sure though? EULA still in force, who knows.

The default settings for Windows 10 do everything except the hard drive index thing, and it used to do that too in the tech preview.

Comment Re:Why are you surprised? (Score 1) 570

> Let's not start spewing FUD like that before we actually know what is stored in the packets sent to Microsoft.

Ok AC, you reign in those accusations. The rest of us will discuss how to disable the keylogger:

http://thehackernews.com/2015/...

And be sure to disable these KBs in Windows 7 and 8:
http://thehackernews.com/2015/...

And be sure to download stuff that stops it, for now, maybe:
https://www.reddit.com/r/Windo...

The EULA states that you agree to have your keystrokes sent and such:
https://privacy.microsoft.com/...

"...we share personal data among Microsoft-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf for the purposes described in this statement..."
"We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets."

"Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails in Outlook.com, or files in private folders on OneDrive), when we have a good faith belief that doing so is necessary to:

Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies...
Protect our customers... ...protect the rights or property of Microsoft..."

So basically, they'll disclose your data for almost any goddamned reason, including making an agreement with a third party to disclose your data to them in exchange for money.

And what data in question?

"Microsoft collects and uses data about your speech, inking (handwriting), and typing on Windows devices to help improve and personalize our ability to correctly recognize your input."

" It also includes associated performance data, such as changes you manually make to text..."

Microsoft also tries to guard you from Malware, a noble purpose... but in doing so it can leak pretty much all of your URLs.

The statement you respond to is not quite correct because the line about the "indexes of your harddrives and other storage devices" appears to be specific to the technical preview. But other than that, yea, it's pretty much spot on.

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.

Working...