Remeber SOPA and PIPA?

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Tue Sep 10, 2013 8:06 pm

Since this blog article could be taken down at any time, due to the NSA and other officials being unhappy with it, I am posting a copy of it here:

A Few Thoughts on Cryptographic Engineering

Thursday, September 5, 2013
On the NSA
Let me tell you the story of my tiny brush with the biggest crypto story of the year.

A few weeks ago I received a call from a reporter at ProPublica, asking me background questions about encryption. Right off the bat I knew this was going to be an odd conversation, since this gentleman seemed convinced that the NSA had vast capabilities to defeat encryption. And not in a 'hey, d'ya think the NSA has vast capabilities to defeat encryption?' kind of way. No, he'd already established the defeating. We were just haggling over the details.

Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for today's bombshell revelations describing the NSA's efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it's true on a scale I couldn't even imagine. I'm no longer the crank. I wasn't even close to cranky enough.

And since I never got a chance to see the documents that sourced the NYT/ProPublica story -- and I would give my right arm to see them -- I'm determined to make up for this deficit with sheer speculation. Which is exactly what this blog post will be.

'Bullrun' and 'Cheesy Name'

If you haven't read the ProPublica/NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:

Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
Influencing standards committees to weaken protocols.
Working with hardware and software vendors to weaken encryption and random number generators.
Attacking the encryption used by 'the next generation of 4G phones'.
Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
Identifying and cracking vulnerable keys.
Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
And worst of all (to me): somehow decrypting SSL connections.

All of these programs go by different code names, but the NSA's decryption program goes by the name 'Bullrun' so that's what I'll use here.

How to break a cryptographic system

There's almost too much here for a short blog post, so I'm going to start with a few general thoughts. Readers of this blog should know that there are basically three ways to break a cryptographic system. In no particular order, they are:

Attack the cryptography. This is difficult and unlikely to work against the standard algorithms we use (though there are exceptions like RC4.) However there are many complex protocols in cryptography, and sometimes they are vulnerable.
Go after the implementation. Cryptography is almost always implemented in software -- and software is a disaster. Hardware isn't that much better. Unfortunately active software exploits only work if you have a target in mind. If your goal is mass surveillance, you need to build insecurity in from the start. That means working with vendors to add backdoors.
Access the human side. Why hack someone's computer if you can get them to give you the key?

Bruce Schneier, who has seen the documents, says that 'math is good', but that 'code has been subverted'. He also says that the NSA is 'cheating'. Which, assuming we can trust these documents, is a huge sigh of relief. But it also means we're seeing a lot of (2) and (3) here.

So which code should we be concerned about? Which hardware?

SSL Servers by OS type. Source: Netcraft.
This is probably the most relevant question. If we're talking about commercial encryption code, the lion's share of it uses one of a small number of libraries. The most common of these are probably the Microsoft CryptoAPI (and Microsoft SChannel) along with the OpenSSL library.

Of the libraries above, Microsoft is probably due for the most scrutiny. While Microsoft employs good (and paranoid!) people to vet their algorithms, their ecosystem is obviously deeply closed-source. You can view Microsoft's code (if you sign enough licensing agreements) but you'll never build it yourself. Moreover they have the market share. If any commercial vendor is weakening encryption systems, Microsoft is probably the most likely suspect.

And this is a problem because Microsoft IIS powers around 20% of the web servers on the Internet -- and nearly forty percent of the SSL servers! Moreover, even third-party encryption programs running on Windows often depend on CAPI components, including the random number generator. That makes these programs somewhat dependent on Microsoft's honesty.

Probably the second most likely candidate is OpenSSL. I know it seems like heresy to imply that OpenSSL -- an open source and widely-developed library -- might be vulnerable. But at the same time it powers an enormous amount of secure traffic on the Internet, thanks not only to the dominance of Apache SSL, but also due to the fact that OpenSSL is used everywhere. You only have to glance at the FIPS CMVP validation lists to realize that many 'commercial' encryption products are just thin wrappers around OpenSSL.

Unfortunately while OpenSSL is open source, it periodically coughs up vulnerabilities. Part of this is due to the fact that it's a patchwork nightmare originally developed by a programmer who thought it would be a fun way to learn Bignum division.* Part of it is because crypto is unbelievably complicated. Either way, there are very few people who really understand the whole codebase.

On the hardware side (and while we're throwing out baseless accusations) it would be awfully nice to take another look at the Intel Secure Key integrated random number generators that most Intel processors will be getting shortly. Even if there's no problem, it's going to be an awfully hard job selling these internationally after today's news.

Which standards?

From my point of view this is probably the most interesting and worrying part of today's leak. Software is almost always broken, but standards -- in theory -- get read by everyone. It should be extremely difficult to weaken a standard without someone noticing. And yet the Guardian and NYT stories are extremely specific in their allegations about the NSA weakening standards.

The Guardian specifically calls out the National Institute of Standards and Technology (NIST) for a standard they published in 2006. Cryptographers have always had complicated feelings about NIST, and that's mostly because NIST has a complicated relationship with the NSA.

Here's the problem: the NSA ostensibly has both a defensive and an offensive mission. The defensive mission is pretty simple: it's to make sure US information systems don't get pwned. A substantial portion of that mission is accomplished through fruitful collaboration with NIST, which helps to promote data security standards such as the Federal Information Processing Standards (FIPS) and NIST Special Publications.

I said cryptographers have complicated feelings about NIST, and that's because we all know that the NSA has the power to use NIST for good as well as evil. Up until today there's been no real evidence of malice, despite some occasional glitches -- and compelling evidence that at least one NIST cryptographic standard could have contained a backdoor. But now maybe we'll have to re-evaluate that relationship. As utterly crazy as it may seem.

Unfortunately, we're highly dependent on NIST standards, ranging from pseudo-random number generators to hash functions and ciphers, all the way to the specific elliptic curves we use in SSL/TLS. While the possibility of a backdoor in any of these components does seem remote, trust has been violated. It's going to be an absolute nightmare ruling it out.

Which people?

Probably the biggest concern in all this is the evidence of collaboration between the NSA and unspecified 'telecom providers'. We already know that the major US (and international) telecom carriers routinely assist the NSA in collecting data from fiber-optic cables. But all this data is no good if it's encrypted.

While software compromises and weak standards can help the NSA deal with some of this, by far the easiest way to access encrypted data is to simply ask for -- or steal -- the keys. This goes for something as simple as cellular encryption (protected by a single key database at each carrier) all the way to SSL/TLS which is (most commonly) protected with a few relatively short RSA keys.

The good and bad thing is that as the nation hosting the largest number of popular digital online services (like Google, Facebook and Yahoo) many of those critical keys are located right here on US soil. Simultaneously, the people communicating with those services -- i.e., the 'targets' -- may be foreigners. Or they may be US citizens. Or you may not know who they are until you scoop up and decrypt all of their traffic and run it for keywords.

Which means there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM.

To me, the existence of this program is probably the least unexpected piece of all the news today. Somehow it's also the most upsetting.

So what does it all mean?

I honestly wish I knew. Part of me worries that the whole security industry will talk about this for a few days, then we'll all go back to our normal lives without giving it a second thought. I hope we don't, though. Right now there are too many unanswered questions to just let things lie.

The most likely short-term effect is that there's going to be a lot less trust in the security industry. And a whole lot less trust for the US and its software exports. Maybe this is a good thing. We've been saying for years that you can't trust closed code and unsupported standards: now people will have to verify.

Even better, these revelations may also help to spur a whole burst of new research and re-designs of cryptographic software. We've also been saying that even open code like OpenSSL needs more expert eyes. Unfortunately there's been little interest in this, since the clever researchers in our field view these problems as 'solved' and thus somewhat uninteresting.

What we learned today is that they're solved all right. Just not the way we thought.

Notes:

* The original version of this post repeated a story I heard recently (from a credible source!) about Eric Young writing OpenSSL as a way to learn C. In fact he wrote it as a way to learn Bignum division, which is way cooler. Apologies Eric!

** I had omitted the Certificate Authority route from the original post due to an oversight -- thanks to Kenny Patterson for pointing this out -- but I still think this is a less viable attack for passive eavesdropping (that does not involve actively running a man in the middle attack). And it seems that much of the interesting eavesdropping here is passive.

*** The major exception here is Google, which deploys Perfect Forward Secrecy for many of its connections, so key theft would not work here. To deal with this the NSA would have to subvert the software or break the encryption in some other way.
Note the original has links in it that you may want to follow.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Wed Sep 11, 2013 5:33 pm

And a bit more today:

New York Times provides new details about NSA backdoor in crypto spec (link)
Today, the NYT says that internal memos leaked by Edward Snowden confirm that the NSA generated the Dual_EC_DRBG algorithm. Publicly, however, the agency's role in development was significantly underbilled: “In publishing the standard, NIST acknowledged 'contributions' from NSA, but not primary authorship,” wrote the NYT. From there, the NSA pushed the International Organization for Standardization to adopt the algorithm, calling it “a challenge in finesse” to convince the organization's leadership.

“Eventually, NSA became the sole editor” of the international standard, according to one classified memo seen by the NYT.

The details come just as NIST released a promise to reopen the public vetting process for SP 800-90. “We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” a memo from the Institute read. “NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the US government and industry at large.”

Still, NIST asserted that its purpose was to protect the federal government first: “NIST’s mandate is to develop standards and guidelines to protect federal information and information systems. Because of the high degree of confidence in NIST standards, many private industry groups also voluntarily adopt these standards.”
 The NSA seems to be dictating how strong security standards can be for nonUS sources and since they want to be able to break in, they will prevent them from being as strong as they need to be.  Further proof.

And a sign of growing upset and distrust of security, companies are now posting stuff like this:  LastPass and the NSA Controversy (link).

Yet more backlash: Court Says Privacy Case Can Proceed Against Google (link) and the legal process begins to rein things back in: Federal Appeals Court Hears Case on Internet Regulation (link) .

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Wed Sep 11, 2013 5:56 pm

OK, here is the most detailed article from the New York Times that I have found yet on exactly what the NSA has done and how it's affecting all of us: N.S.A. Able to Foil Basic Safeguards of Privacy on Web

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Zen on Wed Sep 11, 2013 7:31 pm

So basically in short, they have almost completely achieved total monitoring online...
I didn't even think it was remotely possible.

(had to get somebody to tell me what the hell SSL was @_@)

The way I understand the back doors to be, they're either unintended exploits or easter egg like exploits that can be used by people who know they exist and how to access, so theoretically crooks could get in too since security is half assed on some level to make the backdoor.
If Prism grabs information, theoretically crooks could do the same thing.


avatar
Zen

Posts : 1011
Join date : 2012-06-17
Age : 28
Location : United States West Coast

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Wed Sep 11, 2013 7:57 pm

It's more than just about back doors, please read the last link posted as it makes it more clear. They have actually written the standards, deliberately weakening encryption, what is allowed that is used by all, to insure they could break in. But this means it now becomes easier for anyone to break into anything that is not being used by the federal government.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Thu Sep 12, 2013 4:08 pm

I've noticed in chat that some of you are getting pretty fearful about now, afraid to speak out and stand up for government abuses.  So I thought I'd post the historical cycle in the US on what is happening that I said in chat:

[9/11/2013 8:02:04 PM] melodiccolor: the process to regain sanity has begun
[9/11/2013 8:02:14 PM] melodiccolor: first exposure of full misdeeds
[9/11/2013 8:02:23 PM] melodiccolor: then court procedings
[9/11/2013 8:02:25 PM] melodiccolor: and outrage
[9/11/2013 8:02:35 PM] melodiccolor: and more exposure, more anger, more fear
[9/11/2013 8:02:50 PM] melodiccolor: more speaking out and support for moderation and a return to freedom
[9/11/2013 8:03:06 PM] melodiccolor: finally it reaches the supreme court who reins in abuses
[9/11/2013 8:03:11 PM] melodiccolor: and the process starts again
[9/11/2013 8:03:37 PM] melodiccolor: understanding history is crucial
[9/11/2013 8:03:50 PM] melodiccolor: for proper perspective

We are in the outrage, anger and fear phase of this cycle right now.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by RBM on Sun Oct 06, 2013 11:12 am

This wasn't the thread I was thinking of, but it will do.

Article:

Selling Secrets of Phone Users to Advertisers

Now, smartphones know everything — where people go, what they search for, what they buy, what they do for fun and when they go to bed. That is why advertisers, and tech companies like Google and Facebook, are finding new, sophisticated ways to track people on their phones and reach them with individualized, hypertargeted ads. And they are doing it without cookies, those tiny bits of code that follow users around the Internet, because cookies don’t work on mobile devices
Point of Interest:

Drawbridge is one of several start-ups that have figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected. Before, logging onto a new device presented advertisers with a clean slate.
No more clean slate.
avatar
RBM

Posts : 1008
Join date : 2009-04-10
Age : 63
Location : Lincoln NE

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Sun Oct 06, 2013 3:50 pm

Finally someone else recognizes the incredible invasionary tactics of commercial companies who then put this data on the open market. I've always maintained this is as egregious as what the NSA is doing. Being able to track people in every moment of their lives, where they are and what they are doing simply because they use a smart phone is reason enough to never own one.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Mon Oct 14, 2013 4:54 pm

Europe won’t save you: Why e-mail is probably safer in the US (link)

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default To MC/All: Why does a smartphone need your email address?

Post by waterdragon7 on Sun Oct 20, 2013 10:01 pm

melodiccolor wrote:Finally someone else recognizes the incredible invasionary tactics of commercial companies who then put this data on the open market. I've always maintained this is as egregious as what the NSA is doing. Being able to track people in every moment of their lives, where they are and what they are doing simply because they use a smart phone is reason enough to never own one.
MC, you already know of my distaste for government, ever since I was 11 or 12. It took me a little longer to develop a similar disdain for the corporate world...that did not occur until I was 14 or 15. Now that I'm a "sixty-something," the level of my disdain for both has only increased exponentially with each passing decade!

As to smartphones, I bought a used one with a guaranteed "clean" ESN number and had my number ported from my so-called "feature" phone only this past August. It's an older version of Android, and It had a problem, which in retrospect was a fortuitous bit of serendipity. It wouldn't accept my email address, even after searching the internet for a solution and finding one...It still would not accept my email address, although this solution does apparently work with several older phones from other manufacturers.

The solution for my phone was to install the Amazon Android App Store. Unfortunately, this would mean anyone who could crack the passcode on my phone would have access to my Amazon account, so after downloading about twenty apps, said store was then uninstalled.

After uninstalling the store, several downloaded apps would no longer work, displaying a dialogue box complaining the App Store was not installed. These apps were also uninstalled.

My apologies for being long-winded here, but my point is this: It is easily feasible to design a smartphone, a tablet, or for that matter, a computer which has absolutely no need to have anyone's email address. So why have such devices not been designed and marketed? (and yes, I already know the answer!) WTF 
avatar
waterdragon7

Posts : 727
Join date : 2008-05-01

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Mon Oct 21, 2013 4:14 pm

How Much Surveillance Can Democracy Withstand? (link)

This very well thought out article summarizes very well what we've all been feeling and it goes further still. Well worth reading.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Sat Oct 26, 2013 8:58 pm

Along with the previous article I posted, this one really sums up the imbalance of rights of privacy and the public's need to know. Be sure to read the comments after; there is a ton of good writing there too. A lot of it was by David Brin, a major sci fi writer.

The Real Privacy Problem (link)

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Thu Nov 07, 2013 6:26 pm

There's a link in this thread somewhere about how Google took big money to provide information from the NSA. Now they and others are doing damage control. Googlers say “F*** you” to NSA, company encrypts internal network (link)

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by RBM on Thu Nov 07, 2013 7:53 pm

melodiccolor wrote:There's a link in this thread somewhere about how Google took big money to provide information from the NSA.  Now they and others are doing damage control.  Googlers say “F*** you” to NSA, company encrypts internal network (link)
As I recall all encryption programs have been infiltrated by NSA, so Hearn et al, are just blowing a lot of hot air. In other words, I'm skeptical Google isn't still infiltrated at will my NSA.
avatar
RBM

Posts : 1008
Join date : 2009-04-10
Age : 63
Location : Lincoln NE

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Thu Dec 12, 2013 9:25 pm



 What a Face 

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Zen on Fri Dec 13, 2013 3:11 pm

melodiccolor wrote:

 What a Face 

I think the real santa does a better job at keeping tabs on who's nice and naughty!  freakout 
Maybe he outsourced....
avatar
Zen

Posts : 1011
Join date : 2012-06-17
Age : 28
Location : United States West Coast

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Reamsie on Fri Dec 13, 2013 8:08 pm

Yes, all his little elves outfitted with earwigs, sunglasses and getting hourly reports from the NSA.  Be afraid kids, be very afraid affraid 

_________________
What fun is being cool if you can't wear a sombrero!--Calvin, Calvin & Hobbes

People assume that time is a strict progression of cause to effect. But actually from a non-linear, non-subjective viewpoint it's more like a big ball of wibbly-wobbly timey-wimey... stuff.--The Tenth Doctor, Blink
avatar
Reamsie
moderator

Posts : 1481
Join date : 2008-05-02
Age : 46
Location : In the TARDIS

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Wed Dec 18, 2013 5:53 pm

ACLU Petition to Obama to grant Snowden immunity (link)

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Zen on Wed Dec 18, 2013 7:55 pm

melodiccolor wrote:ACLU Petition to Obama to grant Snowden immunity (link)

THX for the link.
avatar
Zen

Posts : 1011
Join date : 2012-06-17
Age : 28
Location : United States West Coast

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Zen on Fri Jan 17, 2014 2:41 pm

Looks like Obama is trying to give people the run around:
http://www.huffingtonpost.com/2014/01/17/obama-nsa-reform_n_4612108.html?1389976297&icid=maing-grid7|main5|dl1|sec1_lnk3%26pLid%3D431724

I have the feeling this doesn't change much of anything other than as a PR stunt. If I was the NSA watching the internet like mod tools on crack I could easily find a work around for what they just did without changing the nature or mindset behind the program. Seemed like changing a minor technicality and what they named things, and still doing that same thing with a few more steps involved.
avatar
Zen

Posts : 1011
Join date : 2012-06-17
Age : 28
Location : United States West Coast

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Fri Jan 17, 2014 4:16 pm

I agree, this is not real reform. However metadata is collected by pretty much everyone from hackers to private companies to the government.

I want real limits on data collecting that is not meta from all sources. Until that happens, any reform is pretty much meaningless.

And in news of the absurd that makes the point: Hackers And Spambots Are Going After Your Fridges and Smart TVs Now (link) Things are going to continue to spiral out of control.

If net neutrality is lost too, then the only ones who don't have free access to everything will be us, the common user.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Mon Jan 20, 2014 4:43 pm

Warning: Your Browser Extensions Are Spying On You (link) It's not just the government, we're being spied on on so many levels.

Google's response to their hand being caught in that cookie jar: Google bans Chrome extensions purchased to deliver adware (link)

It's not just Chrome ad ons that are the problem as the first link shows. It's widespread and malicious.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Wed Jan 22, 2014 6:50 pm

OK, this is one of the worst invasions of privacy by negligence ever seen because everyone will have to be registered there at some point in the US. White hat hacker says he found 70,000 records on Healthcare.gov through a Google search

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Sat Feb 08, 2014 9:42 pm

The Day We Fight Back (link) is a mass protest against the NSA on Feb 11th, including banners, email campaigns, etc., similar to what was done about SOPA in the past.

This is a grassroots movement.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by RBM on Sun Feb 09, 2014 11:54 am

melodiccolor wrote:The Day We Fight Back (link) is a mass protest against the NSA on Feb 11th, including banners, email campaigns, etc., similar to what was done about SOPA in the past.

This is a grassroots movement.  

If I understand correctly, this applies to domain owners ?
avatar
RBM

Posts : 1008
Join date : 2009-04-10
Age : 63
Location : Lincoln NE

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Zen on Sun Feb 09, 2014 3:35 pm

RBM wrote:
melodiccolor wrote:The Day We Fight Back (link) is a mass protest against the NSA on Feb 11th, including banners, email campaigns, etc., similar to what was done about SOPA in the past.

This is a grassroots movement.  

If I understand correctly, this applies to domain owners ?

Users can do stuff too, they usually have a way you can email/call/"contact" your congressman
Last time their servers imploded under the traffic....... They got their attention.....
avatar
Zen

Posts : 1011
Join date : 2012-06-17
Age : 28
Location : United States West Coast

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Sun Feb 09, 2014 5:48 pm

RBM wrote:
melodiccolor wrote:The Day We Fight Back (link) is a mass protest against the NSA on Feb 11th, including banners, email campaigns, etc., similar to what was done about SOPA in the past.

This is a grassroots movement.  

If I understand correctly, this applies to domain owners ?

The site page was done poorly as you need to scroll down to get to the meat of it. There is lots you can do.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by RBM on Sun Feb 09, 2014 6:12 pm

melodiccolor wrote:
RBM wrote:
melodiccolor wrote:The Day We Fight Back (link) is a mass protest against the NSA on Feb 11th, including banners, email campaigns, etc., similar to what was done about SOPA in the past.

This is a grassroots movement.  

If I understand correctly, this applies to domain owners ?

The site page was done poorly as you need to scroll down to get to the meat of it.  There is lots you can do.

OK, I didn't scroll down enough; I found the rest of the page.
avatar
RBM

Posts : 1008
Join date : 2009-04-10
Age : 63
Location : Lincoln NE

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by RBM on Sun Feb 09, 2014 8:02 pm

By the way, a post I made at INTJf, is relevant to this thread:

Originally Posted by LaoTzu

   Look folks, Nothing has changed.

Well, there *have* been lows and highs.

The last low, if you will, was, I'd say, the result of the FBI break-in.

Here's Glen Greenwald, Tuesday, January 07, 2014,, 4 points about the 1971 FBI break-in:
 

   The New York Times this morning has an extraordinary 13-minute video from a team of reporters including the independent journalist Jonathan Franklin, and an accompanying article by Mark Mazzetti, about the heroic anti-war activists who broke into an FBI field office in 1971 and took all of the documents they could get their hands on, and then sent those documents to newspapers, including the New York Times and Washington Post.

   Some of those documents exposed J. Edgar Hoover's COINTELPRO program, aimed at quashing internal political dissent through surveillance, infiltration and other tactics. Those revelations ultimately led to the creation of the Church Committee in the mid-1970s and various reforms. The background on the Church Committee's COINTELPRO findings and the "burglary" operation which exposed it is here.

Here's a link with the embedded video from NYT, mentioned in the opening sentence:

Burglars Who Took On F.B.I. Abandon Shadows

Most on this board need to research this, as they were not of an age to understand the events, assuming they were even alive. In addition, UT Documents is an excellent source, as it is Glenn's public presence. He does a good job making the case for Snowden's activities and pushes back, hard, on those who wish to maintain the surveillance state.

The OP, if I recall correctly, is old enough to remember, having been alive but possibly not cognizant of the events.

Edited for Dimensions

Cheers.


Last edited by RBM on Mon Feb 10, 2014 6:20 pm; edited 1 time in total
avatar
RBM

Posts : 1008
Join date : 2009-04-10
Age : 63
Location : Lincoln NE

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by melodiccolor on Sun Feb 09, 2014 9:21 pm

Unfortunately you have to be a member of INTJf and logged in to see those links, so please copy and paste them directly in your post. Thanks.

_________________
Life is complex.  Parts of it are real and parts of it are imaginary.  (read in a novel by Gregory Benford.)

Absurdity is one of the great joys of life.

All you need for a rich life is to see more.
avatar
melodiccolor
Admin

Posts : 11747
Join date : 2008-04-27
Location : The Land of Seriously Sombrerosy Wonky Stuff

View user profile

Back to top Go down

default Re: Remeber SOPA and PIPA?

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum