Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Bad idea! (Score 1) 95

A large number of journalists and activists end up communicating with sources and each other using direct messaging on Twitter, so there is private information passing around. There's also the question of using login credentials to take over and fake messages. Also, there's the question of correlating Twitter identities with individuals (though I can think of a few strategies for attackers to do that even with https enabled).

Comment Re:Bad idea! (Score 1) 95

I work with independent journalists in this and other at-risk countries, and consult with those seeking to protect activists. While you are perhaps right that the threat is, at heart, one of human rights, protecting those attempting to change or document that situation is also important. And lack of on-the-wire encryption also presents an almost constant temptation to even other countries supposedly better protected by the rule of law. The pervasive data-mining conducted by AT&T on behalf of the NSA is the obvious (and known) example here. I'm sure there are plenty more.

I don't think it's correct to characterise this as a "scarecrow" when a) we have actual evidence of countries using unencrypted communications to repress critics and protests against the regime, and b) this is a problem that all Internet users potentially face worldwide.

In order to protect and improve free speech and other rights, we need to build systems that are resilient when those rights are under attack.

Comment Re:Destroy "someone's" piece of software? (Score 1) 136

I worked at the EFF and spoke with Austin several times about Haystack. On the basis of what I learned then, EFF never publicly advocated using Haystack, and told any journalist or fundraiser who queried us that until Austin submitted the code for an independent security audit, we could not recommend its use.

Austin would inaccurately characterized these conversations (most recently at the Q&A here at Gnomedex, here ) as being that EFF telling Austin that Haystack should be open source.

To be clear: EFF never made this request, and I made it clear to Austin that there were a number of ways that a technical security audit could take place without making the source publicly available (for instance, we offered to put him in touch with independent security consultants who work with Microsoft and Google under NDA).

EFF works has and will work with both closed source and open source vendors to improve their products' privacy and security.

Comment Re:Ok you've got my attention (Score 1) 136

Okay, that's pretty much what we're thinking -- warn now, release details as soon as we can. Right now I'm talking to people to establish how widespread the message is, and also to get some idea of the actual, non-technical risk of "being a Haystack user". One of the problems is that there may be non-trivial amount of retrospective risk.

The service is actually down; that's what Austin claimed he did on Friday.

Comment Re:Ok you've got my attention (Score 2, Informative) 136

Hey, Kangsterizer. I'm sorry if you read my blog post expecting to find substantive technical details; that does seem like a waste of time, and maybe I should have made it clearer at the start that there would not be that level of detail.

My claim, and that of others involved in this (including I believe the coder of the Haystack system, who is posting on this thread also) is that we can't give out more detailed info about the problems because we believe that would put people at risk.

I find this incredibly frustrating, because obviously people in your position are entirely right to be skeptical. I'd like you to not believe it's FUD, but I can't think of a way to convince you short of as I said, a detailed public analysis.

Assuming for the moment what I'm saying isn't an ingenious pack of lies or delusion, what do you think I should do?


Firefox Extension HTTPS Everywhere Does What It Sounds Like 272

climenole writes "HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

Comment Re:I want an iPhone but I am not switching carrier (Score 2, Interesting) 521

Ah yes. It's completely unreasonable for anyone to expect Apple to make a version of their phones with a CDMA (ie. the "wrong standard") radio in it. It's not like any other phone manufacturers build handsets for both standards. Certainly not RIM, Samsung, Palm, Motorola, etc.... Oh wait.

I'm not saying that there's anything _wrong_ with Apple's decision to only address part of the market. If they had to pick only one technology, they'll obviously pick the one with the biggest customer base.

What I'm saying is that the AC's implication that it is somehow strange for DarthVain to expect a phone to support more than one network is kind of ridiculous. It's not strange at all. In fact, Apple is pretty much the only phone manufacturer that sells into North America that doesn't also make CDMA phones. This fact will cost them some sales from people like DarthVain. They obviously know this, and are apparently okay with it.

It is also fairly annoying that it's necessary to hack the phone (jailbreak, whatever) to make it work with an otherwise compatible GSM network though. Vendor lock-in is pretty much par for the course with Apple stuff, though. It's part of why I don't really own any.

Comment Re:Cash for Rare Earth Metals Program (Score 1) 456

Thank you. You had to go and depress me with the truth again didn't you? If the "founding fathers" could have seen the end results of their work I honestly think they'd have put a musket to their heads.

The only way for a democracy to work is to have a strong majority of well educated and engaged citizenry. The only way for a totalitarian government to work is for it to consist wholly of well educated, selfless, empathetic leaders and bureaucrats. As far as I can tell, both are positions of unstable equilibrium and practically speaking unattainable. With that in mind... Anyone got a better idea?

Comment Re:Not a Great Analogy (Score 1) 456

The mine should have not been allowed to close in the first place.

Not allowed? How do you "not allow" private property owners to stop incurring the expense of pulling underpriced dirt out of a hole on their own land? Take the land at gunpoint? Then operate the mine subsidized by tax money to be competitive with Chinese peasant labor? To what end? Why don't we nationalize the entire economy then, Mister Trotsky?

Comment Re:I question a key point from TFA (Score 2, Insightful) 144

You're right on both parts, essentially. I think they also were monitoring calls originating in the US that were made to foreign numbers they believed to have ties with terrorism, too, but honestly it's hard to really figure out what the truth is and was with so much fear-mongering and hyperbole going on.

No, the reason why it's hard to find out the truth is because the government has attempted to cloak the entire process under a "states secrets" privilege. When you decide, as the elected officials of the country, to hide every aspect of your executive plans from your electors, the judicial system, and Congress, you should not be surprised if "hyperbole and fear-mongering" enters the vacuum.

Oh, and the program itself wasn't really new, it's been around forever. Bush & Co. just tweaked the rules around a little bit -- a move that I think was less about invading the privacy of Americans (which they've been able to do for several decades now) and more a matter of removing a bottleneck. The whole secret wiretap deal has to be approved by a secret court, I think there's a 24 or 48 hour window in which they can start a wiretap and then seek approval by this secret court. Well, in the wake of 9/11, they were using this quite a bit, and I'm of the belief that they circumvented the court not because they wanted to be Big Brother but because they knew that most these wiretaps would NOT result in any information but felt that at the time it was best to cast as wide a net as possible, immediately, and later worry about narrowing things down from "possible" to "likely".

This is all supposition on your part. Reassuring supposition, but as absent of proof as the most paranoid theories. If it were the case, there's a very simple procedure the administration could have followed: it could have gone to Congress and asked for the "paperwork", as you call it, to be reformed. That paperwork is there for a reason: it is so we can keep track of who follows the law, and we are nation under the law, not under men.

As it is, we know that there was a new "President's Surveillance Program", that differed substantially enough from previous practice to be described as such. We know, thanks to Mr Klein, that there was an installation in San Francisco whose abilities far exceeded those required for lawful interception. We have a group of telecom companies who seemed so unsure of their own legal position that when asked for the simple, legal authorization documents to clarify the lawfulness of their actions, they lobbied for (and got) blanket retroactive immunity, using the argument that they might owe billions in fines (a possibility that could only have occurred if the numbers of those wiretapped were counted in the hundreds of thousands).

What's a more sensible attitude in the face of apparent law-breaking by the highest levels of government, working in concert with our largest corporations? A genial "well I guess they had their reasons," shrug or a demand that the other branches of government use their power and the responsibility to uncover that illegality?

Slashdot Top Deals

Outside of a dog, a book is man's best friend. Inside of a dog, it is too dark to read.