* Posts by Graham Cobb

254 posts • joined 13 May 2009

Page:

EU law: Brussels burps up aspirational copyright tweaks

Graham Cobb

Unusual support for Google

Its unusual to see El Reg (particularly Andrew) giving such strong support for Google!

The requirement for platforms to "prevent the availability on their services of content identified by rightholders" immediately kills off any startup trying to compete with YouTube, as they are not going to be able to implement a feature like ContentID. Personally I would much prefer Google to be open to competition, particularly from European alternatives that take into account European cultural priorities, like data protection.

In addition, it also kills off any use of internet platforms for legitimate non-infringing uses of content, such as the new exceptions they are so keen to talk about!

Note to editors: copyright is not, and never has been, an absolute right. Whether use of a particular piece of content requires a licence depends on the type and purpose of use, and other aspects of the context. And the decision on whether new content infringes rights in an earlier content is up to a jury to decide (there are many cases where this decision has been extremely difficult to predict).

1
0
Graham Cobb

Digital single market

The EU expanded so hastily there are huge disparities between income and spending across the region. Issuing grand decrees from Brussels that wish the digital single market into existence doesn’t change that.

You can argue about whether the differences in income and spending mean a single market is a good idea or not. On balance I think it probably is, although I am no economist.

But I don't see how anyone can argue that a single market is good for physical goods (including fashion, cars, iphones) but not for digital goods (like media).

4
0

Google-funded group mad that US Copyright Office hasn't abolished copyright yet

Graham Cobb

Re: Your paranoia is showing, Andrew

But when it comes to products from a person's mind (a song, a book), suddenly it's something else and the creator is not allowed to own it in the same way.

On the contrary, like all property they can own it until they choose to sell it or give it away. It is you who are trying to claim that IP is somehow different from real property! If I build a house I can sell it to someone. They can do whatever they like with it, including sell it to someone else or build an extension. They can even copy it and sell the copy if they want.

Without society's gracious willingness to give IP some additional protections to the normal rules of ownership that is all that creators would have. The first time they sold someone their book, or played their song, the item would be available to be sold on, or copied. That is how property works. However, society is aware that in that case artistic creation would not be worthwhile (copying a book has always been a lot cheaper than copying a house) so we have granted creators additional rights, beyond the right of ownership, to limit copying for a limited time.

Of course that is worthwhile (as I said, I believe copyright has value). But don't try to pretend that there is some sort of "natural right" involved. There is not. Your only "natural right" is to be able to sell each thing you create once at whatever price you can get, or decide not to sell it at all. That is what we all choose.

So, there is a bargain to be obtained between creators and consumers. That bargain trades money for limited additional rights (copyright). Like any bargain, the prices involved are finite (copyright can't be unlimited) and will be different for different people. But we have not (yet) found a way for the bargain involved to be different for each person which is why I said the copyright office should be trying to balance: they should be administering the creation of this bargain.

0
0
Graham Cobb

Your paranoia is showing, Andrew

I don't like Google either, but I don't think you should ascribe everything that you think is wrong with copyright to Google.

Like you, and many others, I am a rightsholder. Although I don't post photos, I do write and release open source code under the GPL. I value copyright. However, that doesn't stop me:

1) Wanting to change copyright. It is, indeed, much too long, and it needs to be much more restricted. I am willing to give creators a very limited monopoly for a very limited period of time. If that isn't good enough for them then stop creating -- that is fine by me (but I am confident they won't).

2) Believing that the job of the USCO, and all other the administrative and legal arms of the government, is to balance the interests of rightsholders and users, not to "further the interests of rightsholders".

12
3

Delete Google Maps? Go ahead, says Google, we'll still track you

Graham Cobb

@ Chris 125, choice is very welcome. If those services are useful to you, and you have chosen to use them and pay the price, that is fine. Is it not obvious to you that there are other people who do not need/use those services and hence are not willing to pay (with private information) for services we don't use?

I still can't see a single downside.

It is about protecting choice, so those of us who wish to decline some offers and accept others can do so.

Would the price still be fine for you if Google said the only way they would offer the services is if you agree that they can record all your conversations (not just calls) and publish them on the internet for everyone to listen to? I am sure you would decide that was not a price worth paying. What if they said "OK, we will only allow companies who have a business relationship with you to have copies of all the conversations". Probably still not acceptable. What about "OK, we will only give them access to conversations where their company name is mentioned". Maybe you would think about that. Or "we won't give them the actual audio -- we will analyse the conversation and give them the gist of it". A few more people might agree to that. Or "we will not summarise the conversation at all, just tell them that you were talking about them". Several more would sign up.

My point is that we all have different assessments of the value of our privacy. No one is comfortable with no privacy. Your assessment of the value of your private conversations will be different from mine. That is fine -- but we should all be able to make those trades at the price we are willing to pay.

6
0
Graham Cobb

Re: What's the problem really?

If you don't care, that is fine for you. Feel free to enable all the snooping options. But some of us do care about our privacy.

Partly it is just because it is my data, and none of anyone else's business. If they want to buy it from me with an offer of some benefit in exchange then fine: I will consider the offer and take or leave it as I choose. But they have to be clear and open about it, and I have to have a free choice.

Also it is a matter of principle. It is unlikely anyone really cares about my data. But there are plenty of people for whom this control is vital. Even just for location the list is long, such as journalists, political activists, abuse victims, whistle-blowers, celebrities, etc. If you include control over contacts, audio (microphone access), communications (access to SMS and email) and camera you can extend the list to all doctors, lawyers, politicians, CEOs and anyone with knowledge of a secret that might be worth money to someone.

By making sure that everyone has, and routinely uses, full control we allow those people to have the control they need (and without drawing attention to themselves by using it).

5
0

Petulant Facebook claims it can't tell the difference between child abuse and war photography

Graham Cobb

Re: Facebook can do what they like.

News media such as the BBC and newspapers can, indeed, decide what their policy is (and their readers decide whether they want to read them). And Facebook can do that if it wants to become a media site.

But it claims not to want that, and is trying to attract the media to see it as a channel. In that case it cannot have a policy -- it has to let the media sites publish and be damned.

2
0
Graham Cobb

Re: The issue is News

Actually I don't have a Facebook account -- I have never visited the site.

My post was about what Facebook should do if it wants to attract news media to use it. If they do not believe that Facebook will stay out of editing their content they won't want to use Facebook as a channel. And for those countries where there is some form of press regulation, it needs to do that if it wants to avoid being regulated.

0
0
Graham Cobb

The issue is News

Surely the issue here isn't just that this is a famous, iconic and important photo, but that Facebook is acting as a super-editor for News.

If Facebook want to be a source of news for people, then it needs to get out of the way of mediating between people and their chosen news suppliers. News media need to, and do, take full responsibility for their postings -- Facebook must have a way to clearly label to people that the posting is "news" and will not be censored in any way (even if it may be illegal or deplorable) and is fully the responsibility of the source.

Otherwise, even with the best will in the world, Facebook has become the media organisation and is adding its own views, biases and editorial policies. I don't see how any news supplier, or consumer, could tolerate that. Whether I choose the Daily Mail, the Guardian or Modern Nazi Homes & Gardens as my main source for news, I should not tolerate another party interfering with it.

0
0

You should install smart meters even if they're dumb, says flack

Graham Cobb

Re: Downvoted

Of course it is a bad idea to make it compulsory. Location plays a big factor in whether solar is feasible/useful for any particular house, as well as the design and orientation of the roof. Personally I think it is likely to be of marginal benefit in most UK locations (especially taking into account ongoing costs such as maintenance, cleaning, etc).

If you had said "make it compulsory to do an assessment for PV", that would be fine. It wouldn't be sensible to make it compulsory to actually install even if we were living in California!

19
1

EU will force telcos to offer 90 days of 'roam like home' contracts

Graham Cobb

That's not abuse, that's using the services offered, within the law. If incumbents in, say, Belgium don't like that others offer lower rates, then they are free to cut their prices to match.

I haven't read the regulation but aren't you misunderstanding it (or am I)? I don't see anything in the article saying that a telco cannot offer free roaming for more than 90 days, just that they cannot be forced to do so. If an operator in country X wishes to offer inclusive EU roaming all year, for a total price less than a Belgian deal, they can still do so.

The change is to avoid all mobile prices in low income countries rising because people from high income countries would use their deals and then "roam" all year. Of course, it can be argued that that price levelling is exactly what the single market was supposed to achieve (it was supposed to lead to income levelling as well).

1
0

BA check-in system checks out: Staff flung back to cruel '90s world of paper

Graham Cobb

Re: BA FLY Software

Sounds like the usual VPN problem with networked printers on a different subnet. Google for "split tunneling" for the best solution. Installing CUPS (the standard Linux printing software), presumably on a spare server somewhere, seems overkill.

8
0

Radicalisation? UK.gov gets itself in cluster-muddle over 'terrorism'

Graham Cobb

how do we say we're against a particular group in this modern pc sjw world, without offending any precious little diddums?

"We are against terrorists". There, that was easy, wasn't it?

28
0

Facebook, Twitter and Google are to blame for terrorism, say MPs

Graham Cobb

Re: muppetry

This is an important point: people who are progressing in society, and see it delivering positive results for them and their peers, are unlikely to try to destroy it.

Of course, they may decide to help destroy a different regime (e.g. Syria, or Spanish nationalists in the '30s), which is likely to lead to further radicalisation. But the answer to that is not forcing the ISIS propaganda into the underground, with special apps etc (thus increasing its attractiveness to teenagers) but is sensible and effective counter-propaganda. This is a case where the US axiom that bad speech should be dealt with not by bans but by more (counter) speech is definitely true.

As for "Prevent" -- it is toxic and needs to be very publicly killed. If the Muslim community can come up with some alternative that gets support then fund that. Otherwise, just spend the money on the community anyway. What is important is that teens and returning fighters can see their community working to improve lives. Take that anti-everything energy and try to redirect it into (more constructive, although still anti-establishment) political and community activity to improve the lives of those around them.

A bit like Keith Vaz used to be known for, before he got old.

2
0

UK's mass-surveillance draft law grants spies incredible powers for no real reason – review

Graham Cobb

Re: Looking at this the wrong way round

You are partially right (that is why I said "in the past") but it could still be a lot worse. And these powers are a further step along that road.

I believe we do have a choice. That is why this report has been created. The securocrats need the general public (and the press!) to be looking at the benefits and not paying attention to the downside.

I still have a really strong memory from my childhood: in the 1960's as a child under 10 I lived in East Anglia, surrounded by USAF bases, with "Protect and Survive" classes and under a very real threat of being amongst the first to be annihilated in a nuclear war. I used to lose sleep worrying about it. My parents did not try to tell me "don't worry, it won't happen". They told me why we needed to stand firm against the enemy: we needed to stand up for British values of freedom. The main example they used was that in Communist states you had to carry your papers and they could be inspected at any time, but that in Britain you had the right to not identify yourself at all and no one could do anything about it.

16
0
Graham Cobb

Looking at this the wrong way round

This review seems to have got completely the wrong end of the stick.

Of course there are good reasons for invasive powers. And, of course, the people proposing them generally intend them to be used for good. The question that needs to be analysed is not "are they useful?" but "what is the downside?". Of course a police state will reduce crime: the reasons we haven't allowed one to be created in the past is not because we like crime but because of the other effects it has!

My question to Anderson is "what stops bad people abusing these capabilities?". I believe the answer is "very little". And hence the risks of allowing these capabiltiies to even be created far outweigh the potential benefits.

Examples of real, documented and uncontested abuses which have happened even with the more technologically limited capabilities of the past include:

1) Monitoring and disruption of democratic political parties and trade unions [since the 1970's, at least]

2) Victimisation of innocent and human-rights-protected activism [cf. John Catt]

3) Abuse of access to records and data for personal revenge by "bad apples" in the police and security services [cf. several scandals involving looking up or investigating sexual partners]

4) Witch-hunts for whistle-blowers in both private and public organisations (including telecoms companies, local government, and many others).

5) Interference with freedom of the press, privileged communications with lawyers and political contact with our MPs.

Where does this report investigate the dangers of the massive acceleration, cost reduction and easier concealment of these abuses with the new proposed powers and new technological capabilities? We must reduce surveillance because of these concerns, not increase it!

40
1

Ad-blocking ‘plateaus’, claims hopeful ad industry

Graham Cobb

Re: Ad-blocking 'plateaus'

I enjoy verbing nouns and other words and do so whenever I opportunitise.

8
0

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

Graham Cobb

Re: Snapping up cheap spy tools, nations 'monitoring everyone'

A false dichotomy. Third options are actually much less difficult than in the past. The keys are education and opportunity for as many people as possible: enlightened self-interest is the best defence we have against both anarchy and the police state.

0
0

Microsoft and pals re-write arms control pact to save infosec industry

Graham Cobb

Re: I won't sell you a weapon...

I see your point but I don't think it is as hard to draw the line as you think.

Wassenaar is not about stopping a gangster buying a gun. It is about stopping nation states buying extremely high-level weapons to use against other nations or their own people.

So, it really doesn't need to be about preventing access to knowledge of vulnerabilities (after all, any information available in the US will be easy to get hold of elsewhere). Nor is it about stopping crooks building new attacks. It isn't even about stopping "bad" nations from creating their own "Hacking Team" -- as long as they are having to do their own development they will be some distance behind us. It is really about stopping commercial entities (such as the real Hacking Team) from developing and selling weapons to anyone who can pay.

I think the issue will be over defensive uses: does Wassenaar really want to stop Microsoft, etc selling defenses against our weapons.

1
0

Thermostat biz Nest warms to home security, touts cam with cloud storage subscription

Graham Cobb

Does it register with the Information Commissioner’s Office?

Two questions:

1) Is it secure or can hackers watch it like with most internet-connected cameras?

2) Does it come with automatic registration with the Information Commissioner’s Office as a CCTV operator? And does Nest handle Subject Access Requests to allow people to see the CCTV images you record of them?

8
0

UK gov says new Home Sec will have powers to ban end-to-end encryption

Graham Cobb

Re: A suggestion

The "safe spaces" aren't going away, whatever the government might do. That cat is well out of the bag. And it is a good thing too: it is a small step towards restoring law enforcement's powers back to historical norms. The last decade has been a complete aberration in police/spook intrusion.

But, even if they don't agree, there is nothing they can do except make life hard for ordinary people. All this will do is massively reduce the UK's international competitiveness -- great idea at the time of Brexit!

34
0

Salesforce bins all Android phones bar Nexii and Galaxies

Graham Cobb

Re: I believe they've made the correct choice

business users ... up to date with a relatively rigorous older version retirement scheme

Ha, ha! I think more and more companies are extending their mobile lifetimes to reduce cost (my employer is large and has just recently extended it again).

But the SFDC decision will please sales people everywhere! They now have an unbeatable business justification to ignore the company policy of "no replacements until 36 months, and even then only if it is broken". New handsets every 6 months -- and only the highest-end models!

0
0

Comms intercept commish: There were some top secret orders

Graham Cobb

Department for Business, Innovation and Skills?

The only reason I can think of would be industrial espionage, presumably directed at foreign companies.

And presumably the reason the PM blocked the commissioner from investigating it, and is busy rapidly cancelling it, is because he discovered some of it was directed against the US.

2
0

Theft of twenty-somethings' IDs surges

Graham Cobb

Don't lie -- just refuse to do business

I wish that more people would just refuse to do business with companies that want intrusive information.

If a company asks for date of birth, or a phone number when they don't need it, I refuse to do business with them. I don't make something up. More often than not, I tell them that I would have done business with them but am not because of their nosy data gathering.

I started this when I got my first bank account in the 1970's. In those days, some shops wanted me to put my address on the back of a cheque, even if it was guaranteed (young'uns can ask their parents about something called "cheque guarantee cards"). I refused and, if necessary, walked away from the transaction.

If fewer companies were asking for personal data it would improve general "data hygiene" and people would be less willing to share.

2
0

Tor onion hardening will be tear-inducing for feds

Graham Cobb

Re: Jacob should fork Tor

Unfortunately it is very hard to make useful security tradeoffs. We all know that there is no perfect security and we are used to the idea of a need to tradeoff between security and cost (how valuable is the item you are trying to secure? No point on spending more money than that on securing it).

What we very often forget about is usability. If you increase security by reducing usability (ease-of-use, performance, etc) then you are reducing the number of people who will use that security. So, your choices here will depend on whether you are aiming at committed, hardcore, tinfoil-hat-wearing security geeks or Facebook-loving grandmothers or where in between.

Some things (like the move to https: instead of http:) have so little impact on usability that they are no-brainers. However, the decisions made by the Tor project, including the controversial ones (like whether or not to enable Javascript in the Browser, whether to support UDP, whether to add background traffic, etc) are really hard as they have considerable impact on usability and hence real-world takeup.

@AC may have preferred different choices. And I think that some Tor developers and researchers are moving towards some changes, as the threat environment and usage has changed. But I think the Tor developers have generally made pretty good choices and I certainly acknowledge that these are hard decisions with no right answers.

@AC can go ahead and fork Tor/TBB with different choices, and then try to build up enough usage to get useful levels of anonymity. But I think the better choice is to work within the Tor environment, discuss potential changes, conduct (or sponsor) research and development and operate (or fund) relays.

Ranting on El Reg is not likely to help (yes, I know I am guilty of it as well!).

0
0
Graham Cobb

Re: don't get it

There are really two ways to break Tor-based anonymity. One is to break the Tor anonymity itself (which seems like it may be possible for nation-state-level players, although it may be expensive and/or they may be reluctant to share the data with other players like law enforcement). The other is to break the anonymity above the Tor level: get the user (or, in this case their browser) to tell you who they are without ever having to break Tor!

It is the latter which is addressed in this article. This is about making the "Tor Browser" (not really anything to do with Tor itself but a browser with Tor access conveniently built in) more secure. Like any other browser, Tor Browser has bugs which could be exploited (and have been) to run code on the user's system. That code can make the system report its real name and IP address to the adversary -- allowing law enforcement to know who has accessed what pages, for example. This article is about helping to make the Tor Browser more secure by making those bugs harder to exploit.

0
0

'Nobody cares about your heart-rate'

Graham Cobb

Re: Rush to judgement much?

I think that a robust on-premise gateway/firewall/IoT manager is a good idea. It would be a good idea even if the devices had decent security (for managing them all, storing historical data, etc). It just must not be:

1) Off-site -- it must always be under the full control of the user

2) Locked-in to the devices -- I should be able to choose my gateway vendor independently of the IoT devices it controls

3) Closed, or patent-protected protocols/interfaces -- I want a wide selection of gateways to choose from. I want to see Apple, Google, Facebook, etc competing for that business (yes, even with their cloud-based data slurping). And I want to see open-source versions as well for those of us who value privacy.

Why can't I find an open initiative to develop this that I could join?

0
0

Snoopers' Charter 'goes too far' says retired Met assistant commish

Graham Cobb

renaming internet connection records as browsing history is a good first step

Yes. And we need to explain how this means everyone has a permanent police tail on them 24 hours day. Adapted from my post almost exactly 2 years ago... http://forums.theregister.co.uk/forum/containing/2225266

Collecting internet connection records is exactly the same as placing a police tail on you: the tail can't hear what you are saying but they track exactly where you go, who else is nearby, who you talk to (and for how long), what posters you stop and read, what shops and other buildings you go into. If the Snooper's Charter was in effect, the tail can even follow you inside the buildings and video everything you do there.

Having a permanent police tail on everyone seems like the clearest example of a police state that I have seen.

1
0

Brexit: More cash for mobile operators or consumers? Pick one

Graham Cobb

Re: Scaremongering

And now my own positive reasons to remain. Please discuss these as well...

1) The EU provides a brake on our government's fawning give-away of our rights to assist their friends in big business. The Tory government are doing this with TTIP -- they will sign it instantly if we leave the EU but are currently constrained by the EU who are (fortunately for us all) concerned about the ISDS clauses. But Labour are no better: they handed the copyright cartels all they asked for, but that is also somewhat constrained by EU work on copyrights.

2) Remaining, and keeping free movement, will gradually reduce the xenophobia, intolerance and racism that drives the extreme right and tricks some people into supporting them. It will take many more years but it will happen. Note that nowadays even Liverpudlians are allowed to live in London without being attacked :-) Seriously, not only have "No Dogs or Irish" signs disappeared for legal reasons but in fact the casual hate behind them has mostly gone.

10
2
Graham Cobb

Re: Scaremongering

all I have so far asked is for a positive reason to remain. I am still waiting.

No, you are not waiting. The GDP issue was posted earlier and is a positive reason to remain.

You may not agree it is important, or you may not even believe it. But it is certainly a positive reason to remain and has been provided. So, over to you to discuss it...

5
2

UK.gov is about to fling your data at anyone who wants it. How? Why? Shut up, pleb

Graham Cobb

Re: One way for plebs to be heard

I have written to my MP several times. On no occasion have I had a reply I agreed with, and in many cases I received an obviously stock reply. In one case, I sent an email and the assistant tasked with responding accidentally copied me on their email to Conservative Central Office asking for the stock reply :-)

However, I continue to do it on occasion. Not so much because I think my MP will actually read it or even hear my carefully argued points, but because they measure public opinion by weight. Getting lots of letters on a subject does put the wind up ministers (why else did the PM overrule the proposals on the BBC?).

11
0

Curiosity find Mars' icecaps suck up its atmosphere

Graham Cobb

Re: New Orderly World Orders AI …. for Live Operational Virtual Environments ‽

Better to have the ability to haul any potential asteroid-mitigating technology inro orbit, and / or wirk towards a self sustaining extraterrestial colony.

Genuine question: Why?

Of course, I don't want humanity destroyed but I am not that bothered. If it happens, it will make no difference to the universe. Nor will it mean anything to all of us who die.

Also, it is extremely unlikely to happen any time soon. So unlikely that attempting to "assure our survival" is a pointless waste of time. Better to spend the resources on faster scientific progress and being able to do a better, and more efficient job, some time in the future.

1
5

Google open sources Thread in bid to win IoT standards war

Graham Cobb

None of these sound like what consumers want

What we need is an open standard for local (in the home) connectivity, with many competing implementations of the home hub with different features and capabilities. Some might be really simple to use but restrictive, for example provided by Apple and fully integrated with their ecosystem for people who use that. At the other extreme, some might be really geeky: running on OpenWRT and configured by editing text files with vi. In between, there would be some which integrate well with other ecosystems (Samsung, Xbox, etc) and have various levels of controllability, security and privacy.

Within the home, it must be possible to have devices (IoT devices and controllers like phones) talk to each other, without any information passing outside (like using DLNA to control your home media today).

In some cases (for example for remote access when travelling) it may be useful to have internet servers to co-ordinate and secure access -- but those must be able to be chosen independent of the hub manufacturer and selected by the user just as they choose email services today. In the same way as for email, these must also be able to be self- or community- hosted, not just owned by big internet companies.

None of that will stop Apple, Google, Samsung, etc being big players in IoT -- many people will choose their products, just as they choose their phones, TVs, and email services today. But the discerning or privacy-conscious consumer should be free to choose alternatives which match their requirements, lifestyle, language, community norms, etc.

Who is representing consumers (and geeks) in these discussions?

6
0

Brits still not happy about commercial companies using their healthcare data

Graham Cobb

Re: Any room left in that 17%

I would extend Ben's prison sentences and ban from access to data to include anyone attempting any form of de-anonymisation, wherever performed, whether successful or not, for whatever reason (however noble), and whether it would lead to actual identification (name, address, email, etc) or just a description of a unique person.

And whistle-blower protection/reward needs to be explicitly provided for in the law.

With that I would probably be willing. But the opt-out still needs to be there for those who will not accept the remaining risk (which is mainly that even if someone is punished, the leaked information will still have been leaked).

2
0

Knackered Euro server turns Panasonic smart TVs into dumb TVs

Graham Cobb

Off topic: you might want to read the "separated by a common language" blog. Although I don't think she has really addressed this jarring with words which do have the same meanings but where the most frequently used senses are different.

1
0

GCHQ: Crypto's great, we're your mate, don't be like that and hate

Graham Cobb

Re: Goodwill?

They were surprised by the vehemence of my concern and by my proposed solution: massive budget cuts to bring them under proper control and focus their minds on the things that are really important. Needless to say, they did not agree. Not that they were in a position to do anything about it anyway (as far as I know, of course).

2
0
Graham Cobb

Re: Goodwill?

That is what I said to someone I know who works at GCHQ just after the Snowden leaks. GCHQ have, by their actions over the last 20-30 years, voided our trust. They will never again be allowed, by my generation, to have the same power again.

Until those of us who remember their crimes are gone they can beg, whine, scream, threaten or corrupt as much as they like but they will be fighting the population.

The abuse had been going on since the 70s: completely illegal and dis-proportionate abuse of powers to monitor legitimate political parties (including the Labour party!) and trade unions. Later, helping the police to drive towards a police state for anyone who dares to protest (see the John Catt case). Finally their "climate of fear" pushing of a serious but very infrequent crime (terrorism) as if it was a serious threat to life or liberty.

The actual threat to liberty is the abuse of extremely dangerous powers which should be being used maybe once a year, not on the whim of a politician or police officer.

37
0

No tit for tat, or should that be tat for tit ... Women selling stuff on eBay get lower bids

Graham Cobb
Facepalm

Could be a useful study

Next time I bid for something on eBay I will decide how much I am willing to bid and then make sure I only bid on auctions posted by women. If they get lower prices I am less likely to have to go to my top bid! Sounds great to me.

On the other hand, maybe the study is just crap.

2
0

Why Tim Cook is wrong: A privacy advocate's view

Graham Cobb

Re: Not even wrong...

Perhaps you'd be happy flying on a plane knowing no one had bothered to check the luggage because the 200 or so of you on there is less than the daily roadkill so who cares if you die?

Absolutely yes. Without a doubt. Unless the stats had changed so that the risk of flying came near to the other risks -- which would happen after a while, of course, if we stopped checks which are actually useful.

If some check has little impact on the risk numbers (for example, if it is ineffective, like much security theatre) then I have no problem going without it. A few hundred deaths a year won't worry me, until it gets to be comparable with other risks I take every day (like driving to the airport).

2
1

UK to stop children looking at online porn. How?

Graham Cobb

Re: Gubmint knows this will fail, it's just a way to move further along to their ultimate goal...

You would almost think our legislators have shares in the VPN business.

Not the VPN business... the Media business (and not just shares: very lucrative donations, revolving doors and cosy relationships). I assume this is being pushed by Big Media, who are very annoyed at the censorship of films in cinemas, on DVD, and on TV which is bypassed by porn sites.

Of course it helps that it plays well with the authoritarian wing of the Tory party, but there is no money in that so that can't be the real driver.

0
0

Apple must help Feds unlock San Bernardino killer's iPhone – judge

Graham Cobb

...it may be that they're going to be regularly exposed as having given offenders the means of committing their crimes. Now that's not going to look good in the papers.

Why? It doesn't seem to do car companies, electricity companies, or grocery stores any problem that they are used by criminals as well as non-criminals. What makes you think it would be a problem for Apple?

0
0

Gmail growls with more bad message flags to phoil phishers

Graham Cobb

Re: WTF?!!

The reason to have all email using TLS is to make it normal. Pre-Snowden, all email was in the clear and spooks could just sweep up everything by tapping a few links. You could even, easily, see whether the mail was end-to-end encrypted and, even if it was, the addresses of both sender and receiver. At that time, anything which was encrypted was a red flag that this was likely to be worth looking at.

Over time, much email is now TLS encrypted. It cannot be just swept up "just in case it is useful one day". And it is impossible to see which are the interesting messages, which messages are encrypted, and who they are to and from. To make that stronger, even the most boring messages should be encrypted. I am looking forward to being able to turn off all non-TLS email receiving on my personal servers.

In today's world, encryption isn't about protecting YOUR messages, it is about protecting EVERYONE ELSE'S messages.

0
0
Graham Cobb

Re: Value depends depends on implementation

While you are right, anything which names and shames the players who don't use TLS in the hop to/from gmail would be welcome. Use of TLS on that hop doesn't mean that the mail was secure but it, at least contributes to making TLS use not suspicious. When we, eventually, have certificate checking as well (using DANE or something else) then TLS may actually start to make a useful contribution to security.

On my personal mail server I already flag all incoming mail which has not been received using TLS. Unfortunately my emails to the senders to complain are invariably ignored.

0
0

TTIP: A locked room, no internet access, two hours, 300 pages and lots of typos

Graham Cobb

Re: Who knows? Really?

@philthane

So what do we do about it? I have much the same experience -- I tear my hair out over how to get TTIP onto people's awareness. At the moment, if I write to my MP about TTIP, he treats me like a green ink nutter.

Campaign suggestions on a postcard...

3
0

Are Indians too stupid to be trusted with free Internet?

Graham Cobb

Re: Some Way, Some How.

Isn't there some way to support free internet for India's poorest, while not turning them into fodder for the Facebook and Google machines?

To be honest, I am amazed that Zuck hasn't done this. I am certain that he could come up with a subsidy offer that does not require a walled garden, was (at least) financially break-even and which would gather him MASSIVE positive support, and a billion new customers, in the world's largest democracy.

Why not just sponsor (limited speed) internet access, with no site restrictions but with massive advertising and promotion of facebook, and (financially contributing) partner sites. Completely neutral and advertising subsided. The way things work in other markets!

6
0
Graham Cobb

Re: It would be the same anywhere

Demonstrably, they are. Basics is live in 37 countries and has been shut down by the elites in just two.

Many, but by no means all, countries have legislation preventing the sale of physical goods at below-cost prices, to help prevent monopolisation. Just as in this case, whether to make that illegal is a national decision, taking into account their own national circumstances and their national approach to regulation. Does that mean that the poor in Belgium, Canada and South Africa are being treated unfairly?

8
1

Privacy advocates left out of NHS care.data 'oversight' board

Graham Cobb

Re: A note on "anonymous" data

if this could be done well it really would be invaluable for research, which really could bring material benefits to people

So, we need a two pronged approach: good anonymisation (but leaving data useful for research) combined with extremely strong privacy enforcement. There must be strong legal penalties against any deanonymisation attempt (however much it might help the research), starting with prison time for managers who allow it on their watch -- a very effective deterrent against white collar criminals, as the H&S industry has demonstrated. This must specifically criminalise any use of the data in marketing, insurance assessment, discrimination (housing, jobs, etc) or for any purpose other than the approved clinical research (with both criminal and civil penalties).

The third leg of this stool has to be that individuals can still opt-out. If I am paranoid (clinically or otherwise), or I have a lot to lose (in the public eye?), or I just have a different trade-off between my risk and the benefit to society, then I must be able to opt-out of being included in any released data.

Why is this so hard?

3
0

Cops hate encryption but the NSA loves it when you use PGP

Graham Cobb

Re: Ah, Traffic Analysis

But I think I'm right in saying that if that email is sent to a foreign (**) email server via a STARTTLS-ed SMTP session, the spooks probably can't even tell whether it uses PGP or not because the metadata was encrypted in that case too

You are right that TLS encryption of SMTP exists and hides the metadata from easy interception. On the other hand, it has numerous weaknesses, including:

1) In most cases, TLS is set up opportunistically -- most servers do not insist on TLS and will drop back to sending without it if the receiver doesn't (appear to) accept it. Most servers prefer not losing email to link security. My personal servers insist on TLS for submitting mail for sending but are forced to accept incoming mail from anyone (although I do add a header to tell me it arrived without using TLS -- and I sometimes complain to the sender that they should turn it on).

2) In many cases no certificate validation is done, so it is easy to MITM. For example at international gateways.

3) It is not end-to-end, it is link-by-link, so if the receiving system is compromised, or if it can be convinced to forward the message on to another system without using TLS (see 1) then the metadata is exposed.

4) There are some attempts to help with problems 1 & 2 by setting up information that says "my mail server always wants to see TLS -- if you try to connect to me and don't get TLS then don't send" and "my certificate looks like this -- if you don't see that certificate don't send". But it is hard to do and fragile and, in practice, no one implements it (search for DANE TLS for more info).

1
0
Graham Cobb

Re: Light things up?

Sadly, statistically few people will use it, because so few people understand the need for privacy all the time, not just some of the time.

More importantly, the problem is that so few people understand that it is nothing to do with your need for privacy: by using all the available privacy tools all the time you are protecting the people who do need privacy and who are important to you. That may be journalists, campaigners, battered wives, or even politicians.

1
0

Five reasons why the Google tax deal is imploding

Graham Cobb

Re: Think about it...

Eh? Tax isn't about taxing some piece of money, it is about taxing transactions. Otherwise, every time the government printed a pound it could only tax it once!

Of course we paid tax when we earn't the money, then paid tax when we spent it, then the company needs to pay tax when they earn it and should also pay tax when they spend it (in fact, companies do not -- mostly they pay tax only on profits, apart from employers NI and some transaction costs, but certainly not on revenues). And the shareholders and employees get taxed when they receive it, and round we go again. That is how tax works.

1
0

Page:

Forums