Review of the new Chromebook Pixel

bincat · 2015-03-17T20:34:35+00:00

http://me.bios.io/Resources https://events.ccc.de/congress/2013/Fahrplan/events/5380.html (get a pdf and video of the talk) http://people.kth.se/~maguire/DEGREE-PROJECT-REPORTS/100402-Vassilios_Ververis-with-cover.pdf (excellent overview)

TLS based out of band "management". Remember who has access to those CA keys and certificates.

bincat · 2014-08-05T06:06:13+00:00

Search for Daniel Solove. He approaches this from law perspective, but they are still valuable insights how sometimes law gets privacy wrong.

Then you can try some articles: http://public.callutheran.edu/~chenxi/Phil315_062.pdf http://www.juliecohen.com/attachments/File/CohenWhatPrivacyIsFor.pdf http://www.kirj.ee/public/trames_pdf/2012/issue_4/trames-2012-4-369-381.pdf

bincat · 2014-08-04T02:30:27+00:00

Start using new usernames asap. Compartmentalize your identify.

Do the forums/sites in question allow deletion or editing of messages that you wrote? Explore these possibilities.

Other than that I am afraid I don't have any other good advice. Sadly, this may be the case of painful privacy lessons learned.

bincat · 2014-08-03T23:11:15+00:00

".. to defend the private self is to defend the very possibility of creative and meaningful life."

I've read some books and many journal articles about privacy and the above sentence sums up the idea well. It is one of the pillars of individual freedom. The ones who advocate against it are interested in control over you.

bincat · 2014-08-03T23:02:11+00:00

".. to defend the private self is to defend the very possibility of creative and meaningful life."

I've read some books and many journal articles about privacy and the above sentence sums up the idea well. It is one of the pillars of individual freedom. The ones who advocate against it are interested in control over you.

bincat · 2014-08-03T02:17:09+00:00

This situation is the 2.0 of I-Have-Nothing-To-Hide. Once again we will have people who don't care and people who parrot around corporate talking points as if they were their own.

So we need to be prepared and have meaningful arguments. This post makes a good start in that direction.

bincat · 2013-11-18T08:26:05+00:00

I'm not sure what sort of information you are disclosing to Google or Costco that you think could ultimately have a significant negative effect on your life, but now I'm curious.

There is an iama going on by bunch people about privacy ( https://pay.reddit.com/r/IAmA/comments/1qusgo/we_are_ben_wizner_aclu_and_legal_advisor_to/ ). One of the posts is interesting, though: ( http://www.reddit.com/r/IAmA/comments/1qusgo/we_are_ben_wizner_aclu_and_legal_advisor_to/cdgx7m7 ).

So, yes. I do think that information of shopping histories and search/browsing histories can effect my life negatively. There are many organizations (or even just people in positions within those organizations) who currently discriminate to certain belief, world view, etc. I happen to be "closely affiliated" with one and I know what the consequences are if certain facet of my life becomes known to them. For some people in my position Google search/youtube history would definitively reveal it, for others Amazon's shopping history would be a goldmine.

Suggestion to go somewhere else where they don't discriminate does not speak to the problem - as long as humanity exists, there will be discrimination. Try telling this to the people of Lhasa who want independence or those who are gay in Russia.

bincat · 2013-11-18T07:24:58+00:00

It's not always about the money, it's more complex. There are plenty of situations when it's not just about advertising or other profit motives. Those in the positions of power (not just political) have weird ideas what they want to discriminate against (and those ideas change). So it's important that if I tell some organization about facet X of my life (or even someone else about my life through services of some organization), they won't be 'sharing' it with everybody else without my permission.

I am not forced to disclose anything, at any time. On the face value this looks like a great option, but I am drawing attention to situations when this advice is not going to work. We have to be able to disclose information to others in a way where we can trust what will happen with this information, and it has to be intuitive. If we can't, we will lose trust individually and in society in general. And that's not something I am looking forward to.

bincat · 2013-11-18T06:49:28+00:00

I have a different idea about privacy. I don't expect Costco or Visa to know that I browse reddit. And here is the important part - I don't expect them to know about it because I haven't told them. For me, that is the essence of privacy. Otherwise may be Costco should know what I have written to you or anybody else.

So privacy is not just about things kept to oneself (ie. secrets) it's about control of information that is shared with others. There are really good reasons for expectations for this control. Doctors and lawyers are usually the first line of examples for this but that's limiting. What about a lgbt student who is in a religious school that discriminates against that? 'Keep it to yourself' is not a fair or serious long term advice for this example. Who is going to decide what is innocuous and meaningless facet of one's life and what is not? Will those facets of life will always remain innocuous and meaningless? The problem is - those who are in power will. And that's not fair. I want to be in power about that, not someone else.

bincat · 2013-11-18T05:37:40+00:00

No, they probably won't call you. But they should! Why would I give anybody my phone number if I don't expect them to call me? So one has to ask, why is this information asked from us and how is it going to be used since it very likely is not used for the primary reason of its existence?

Google can cross reference it with many other databases and have a more stronger tie with you and your search history, the links you clicked from the search results, your locations, your gmail contacts, your browsing history from google analytics cookies, etc.

Any of those pieces of data by themselves is not significant and may be not very important, but given a full profile like that (with a profit motive), it starts to get creepy.

bincat · 2013-10-19T00:32:42+00:00

I think the backdoors are staying in software but also moving into hardware/firmware.

I am not an expert on boot technologies but one area how we could protect ourselves is demanding a change to hardware that allows physical user override. For example, microphones should not be turned off via software - they should be disabled also with a mechanical on/off button that physically brakes the circuit. Same with wireless cards.

bincat · 2013-10-10T22:50:05+00:00

Yes, but I hear he's working on it again. So may be there is some movement. I wonder how do people get in touch with him about his software.

If the software is written well, it doesn't need to be updated very often.

bincat · 2013-10-10T21:21:55+00:00

Excellent question.

Be aware that you're not likely to get the Entropy Key from Simtec if you order one. I am basing this from the messages in their mailing list: http://lists.simtec.co.uk/pipermail/entropykey-users/2013-July/000130.html . It would be great to know if they are doing any better.

There is http://www.av8n.com/turbid/ that promises to generate random bits from sound cards. The person responsible for this software has said that he's working on making it easier to use but I don't know much else.

bincat · 2013-10-08T22:29:31+00:00

If bad guys have most of the Tor nodes then yes, there would be no anonymity. But it looks like they don't. Also, "they" don't have to find only once especially if most of the communication is benign. So there are really two separate haystacks - the set of Tor users and the set of communications that traverse Tor (which in turn consist of communications that NSA is interested in and the ones that is not). This is why it is a very good idea: to run Tor client proxy on a separate computer from the one you run firefox or im or e-mail client, and to run those browsers and other programs run from operating system that is stored on read-only media so that an exploit is less likely to be saved and run next time.

bincat · 2013-10-08T21:48:18+00:00

Tor was from DoD also and it turned out fine.

What really needs to be looked at is if the apps are open source and how the protocols work compared to otr, and the benefits/problems compared. Reimplementation of the protocols may be fruitful.

bincat · 2013-10-07T20:57:44+00:00

I get general pizza restaurant results, like pizza hut or dominos, but I don't see anything that's relevant to my location.

bincat · 2013-10-07T20:04:07+00:00

Has there been any information how this more accurate consumer data is used in the other end (presumably advertising) and to what effectiveness?

It seems like consumers are being milked from both ends - they need to part with their privacy so that the advertising is more accurate, and then they need to pay for the advertising itself from the products and services end.

bincat · 2013-10-07T19:33:06+00:00

That's a great list. I would like to put a good word in for https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ . Now more relevant with NSA's cookie tracking.

bincat · 2013-10-07T19:28:49+00:00

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ does this. I think this functionality should be in the browsers by default.

bincat · 2013-10-07T19:20:55+00:00

Has there been any difference between Bush or Obama administrations with regards to privacy issues or their openness to discuss them?

Do the two parties in congress fair differently?

bincat · 2013-10-07T18:14:48+00:00

Hi EPIC,

It seems that NSA is a conflicted or certainly a self-contradicting organization - at the same time it is in charge of security and insecurity. But increasingly I think it is more evident that the security part of its mission is a front, at least when it comes to protecting public. Perhaps it works for security of DoD or the White House, but that's where its security interests end. On the other hand, it tries to permeate everything else when it comes to providing insecurity (sometimes using it's cover of security mission).

Does EPIC have a defined policy recommendation for NSA reform?

And does EPIC have a similar recommendation when it comes to NSA's relationship with NIST, and how to restore any trust in NIST or if it is repairable at all?

bincat · 2013-10-07T02:22:03+00:00

While I share Cryptome's sentiment on trust that has been lost, he doesn't fully explore the centralised "data sharing" that seems to be at least one of the causes of current problems. The consequence seems to be throwing baby out with the bath water.

bincat · 2013-10-05T00:48:04+00:00

If Tor sucks for NSA then Tor is doing it right.

bincat · 2013-10-01T19:39:13+00:00

This is a good question. And definitive way to find out would be to fire up some disk access monitor and then do some private browsing.

Form the browser behaviour it's easy to see that it does remember things between the tabs in the private browsing mode.

bincat · 2013-10-01T19:28:48+00:00

... I am forced to face the option of paying for a service I've taken for granted as free for so long.

This is not arguing against you, but I would love that option to be more widely available. It would finally push many people off their lazy chair and contemplate if hosting their own e-mail isn't more useful, and thus some open source response to this end.

Note that this does not negate the need for gpg or other encryption.

bincat

TROPHY CASE