Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Security through legislation is no security at (Score 1) 206

You must have stopped reading after the second sentence of my post. Please allow me to repeat the third sentence:

It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on.

Comment Re:Security through legislation is no security at (Score 1) 206

You're correct that the motivation is fundamentally economic, but it has nothing to do with revenue generated from Russian datacenter leases, which are less than a drop in the bucket compared to the value derived from legally guaranteed physical access to servers for Russian government representatives. You really haven't thought this through, have you?

Comment Security through legislation is no security at all (Score 4, Interesting) 206

As stated in the subject line, security through legislation is no security at all. If anything, this will weaken information security for Russians. It's a transparent and comically unenforceable attempt to keep Russian data precisely where the Russian government wants it: on servers they can put their hands on. I'm genuinely amused.

Comment Re:Great (Score 0) 133

Here we have a fine example of an "undocumented poster" (to use fashionable left wing terminology) making sweeping and emotionally charged bullshit statements about a political party which he or she believes to be an ideological rival of his or her "favorite sports team." I'm shocked, shocked I tell you.

For reference, I'm neither a Republican nor a Democrat, but I am fully in support of you going off to fuck yourself. Have a great day, you spineless little piece of shit.

Comment Re: Data Security Officer (Score 1) 192

Thank you for the first reasonable reply I've received throughout this thread. You've caught the gist of part of what I'm hoping to illuminate here (which is probably far more important in the larger scheme of things), but you haven't seen the full picture yet. I have a challenge for you. Using your own line of reasoning as a premise to be challenged, can you analyze it from an adversarial perspective and develop a proposal for how additional inferences might be made regarding unique identification of medallions in the event that each medallion has been replaced with an arbitrary token? In your deliberations, please consider every facet of the reported data. It's quite apparent that those who have replied to my comments in this thread either (1) haven't directly considered the data themselves, or (2) lack the insight required to observe relationships between apparently unrelated constructs.

In short, under this challenge, I can deliver ~90% of the medallion identifiers using no external information other than full knowledge of the means by which the original medallions are assigned. Given a tiny parcel of additional correlation, I can hit 100%.

I look forward to your reply. By the way, what do you do for a living at the moment?

Comment Re:Not a good sales pitch: (Score 2) 138

The sort of services being offered are easily worth USD $1M/month when you consider who the clients are, the scale of their operations, the degree to which their systems are interconnected with those of other institutions (large and small), and the complexities involved with regulatory/legal/reputation compliance and management. Risk management and threat analysis are not simple subjects.

To put it simply, these aren't your sort of client engagements.

Comment Re: Data Security Officer (Score 1) 192

Throughout this conversation, I've been patiently waiting for someone to realize there's a lot more correlating data available in plain sight than anyone is owning up to. Provided that realization is made in the first place, the ensuing thought experiment should rapidly progress through probability, curve fitting, and rote process of elimination in a key space drastically reduced from even the space represented by the raw medallion search space.

If someone else, anyone else, would bother to think about this for a few moments, they might just arrive at a deeply uncomfortable conclusion: some data sets cannot be properly anonymised at all. Put another way, engineering a cryptographic solution in a vacuum is a lot like gasping for breath in outer space: you can perform actions you are utterly convinced are perfectly valid, but owing to context the end result is going to be highly unpleasant.

This is why we can't have nice things, specifically things involving sane public policy regarding privacy. Regardless of how the voting populace and their elected representatives might desire to craft policy in one direction or another, fundamental lack of understanding of the underlying environment and its rules of operation implies a necessary disconnect between intent and outcome.

This is why people need to study formal reference materials and think about things before they make recommendations, and it is why large scale intelligence outfits will continue to trump those under observation. Tunnel vision is a motherfucker.

Slashdot Top Deals

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne

Working...