Posts by Old Handle 1602 publicly visible posts • joined 4 Mar 2011
If you only run a relay node (not an exit node) the chance of getting a knock at your door is pretty much zero. It has never happened as far as I'm aware. (Obviously I'm assuming you don't live in China, that wouldn't be a a different situation.)
You do risk getting blocked from certain websites though, since apparently they can't be bothered to distinguish between exit and relay nodes despite the Tor Project publishing a list of which is which.
I don't think the author is particularly well informed, especially with regard to terminology. Starting with the (admittedly trivial) fact that Tor is a name, and properly capitalized as such, despite its acronymic origins.
But more importantly, exit node has a specific meaning, and it most definitely doesn't refer to "every user". It's also 100% incorrect that everyone using Tor automatically shares bandwidth, either as an exit node (i.e. a gateway to the normal internet) or otherwise. You have to specifically turn on sharing if you want to help out.
The article seems confused about the JS exploit incident too. The exploit was specifically inserted in hidden service websites hosted by Freedom Hosting (which incidentally included legitimate sites like webmail service). So I'm not sure in what sense it could be "not aimed at Freedom Hosting". And then in the second paragraph down it starts talking about exit nodes again, when hidden services like these don't use exit nodes.
Yes it's possible to install a .apk sent through email (if you turn off the restriction to install only for Google). But it doesn't sound like just clicking on the image would do anything, although it wasn't totally clear. It sounds like you need a "helper" evil app already installed for the code embedded in the image to do anything.
While it's a legitimate problem, I'd really like to hear how they define it. It would be very easy to write this in a way that covers non-malicious actions. If someone sends you an explicit selfie and you share without permission, that's inconsiderate and uncouth, but it doesn't on its own mean you're trying to get revenge. You might just think it's a nice picture.
I do remember hearing it put forward that sending fat astronauts was actually the most logical choice. Basically what you do is put them on a diet after liftoff. The amount of food they're not eating during the mission more than makes up for their weight at the start because fat is a more efficient way to store energy than food.
Because Whisper pushes itself as a privacy app. Duh.
You won't hear people complaining that Whisper's search function is crappy (Is it? Does it even have one? I have no idea. It's just an example.) But if Google suddenly stopped being able to find relevant content it would be a pretty big deal.
You're making the assumption that the people who post passwords on pastebin are making any effort to hide them at all. I don't think that's generally the case. If they wanted it to stay secret they wouldn't put it on pastebin in the first place.
Rather they probably fall into one of two categories:
People who people who stole passwords for the lulz, dubious glory, or to give a certain company a black eye and wish to publicly display their trophy.
More serious cybercriminals who steal a bunch of passwords and post a fraction to prove they've got the goods before trying to sell the rest.
To some extent it's probably true the the FBI does go through the proper court channels when they want access to something, they are after all law enforcement, not a spy agency. But if their job has become harder it's only as a result of the misdeeds of their friends at the NSA. So here's an idea, FBI guys: Why don't you investigate the NSA? Get their unconstitutional bulk surveillance programs shut down and people will presumably relax about security again.
I'm not at all convinced one vague paragraph in the EULA covers that level of spying. It only it says "communicate with Adobe", it doesn't say anything about the content of that communication. Or even hint that it collects or reports data on your reading habits. I think a reasonable person would understand that paragraph to mean it only sends as much information as needed for one of the purposes mentioned. So reporting individual pages or reading time is totally unexpected behavior except in the (highly unlikely) event the particular book you're reading had a license where that mattered. And it shouldn't report anything at all on DRM-free eBooks.
And that's without getting into the allegations that it sends data on books you're not even reading with it or fact that sending it unencrypted is inexcusable. You'd think even from an evil corporate perspective they'd want this encrypted in transit.
That 1988 law actually sounds fairly suitable. Revenge porn is indecent and has intent to cause distress. But if anything, the 2003 law tends to undermine that by banning all 'indecent' messages. If Alice sends Bob a naked selfie, either that's a crime, or it's not a crime when Bob posts it online. It sounds like they're trying for some wiggle room by talkijg about considering the "whole message", but if the photo is simply passed on with minimal commentary, I don't see how that will help.
Sounds like alot, but the moon already weighs 50 billion times that much. I doubt we'd even notice. No one expects real science in typical sci-fi, but this is the kind of detail they could have so easily looked up, like I just did. It shows a total lack of caring.
Another way to put that figure in perspective (of some strange sort) is that Earth itself has lost more mass than that due to escaping hydrogen since dogs were domesticated.
That does sound notably less horrible. Perhaps the biggest remaining problem is that if TIFKAM apps are supposed to be so great, there needs to be a way to install them without going through Microsoft or begging for their permission and still having to do a bunch of intentionally user-unfriendly fiddling.
Even if they could be trusted to obey the law, what he's saying is totally unreasonable. "law enforcement needs to be able to take every legally available step". In other words, if it's legal, we must also make it possible. Would it be legal to remotely disable a suspected kidnapper's car? I'm sure it would. Therefore every car must have a remote killswitch.
I don't think Bitcoin is necessarily the answer, but it does offer something no other popular payment system has. It requires each transaction, including the amount and the payee to be digitally signed by the payer. It seems to me something similar is the ultimate goal we should be working towards for secure payment. There also needs to be a way to make sure a transaction signature can't be used twice. Bitcoins handles that with the blockchain, but it could also be done with either a random number that must be unique, or even a sequential number like checks (cheques) have. A time stamp or expiration date (again, like checks have) would also be a good idea. All of that should be cryptographically signed by the payer.
I was confused by that part as well. 18 U.S.C. § 1030(a)(5) relates leaks that could be "used to the injury of the United States, or to the advantage of any foreign nation", but what's this talk about damaged computers in five or more districts? They must have had something specific in mind when they wrote that, but I can't really make sense of it.
The only thing that comes to mind is perhaps they're talking about a botnet. But if so they're deliberately being very obscure about it.
I'm guessing the source of the confusion is the difference between surfing through Tor and running a Tor exit node. Doing the latter on your home internet connection really isn't a great idea. I did it that for a while a long time ago, but thought better of it after getting my IP address banned on a whole bunch of sites.
I just looked at a list of file types it goes after, and mp3 doesn't seem to be on the list, but zip, rar and 7z are. So if you've happened to download something in one of those formats and left the packed file sitting around you could simply download it again to get your cleartext. Or maybe you emailed a big docx to someone recently. Chances are you can retrieve it from your mail server, or failing that ask the recipient to mail it back.
It does target a wide variety of files so I'd bet that the vast majority of people do have something on their disks in one of those formats which is duplicated elsewhere, even without making an intentional backup.
Plus, if it has to be at an exact angle, even one of 91, the odds of it working are infinitesimal.
Best guess what that was supposed to mean is -45° to 45°, i.e. a 90° arc in the front. But maybe they're considering more than one axis (i.e. pitch and/or roll as well as yaw), in witch case it becomes totally mysterious again.
The manual control requirement is perfectly reasonable, but the insurance requirement is kind of ridiculous. Human-driven cars only need $35,000 worth of liability insurance. And you do have the option of putting up a bond for that amount instead (not that many people actually do). So I don't understand why the requirements need to be so much stricter. Surely it's already been proven that self-driving cars are not 143 times more dangerous!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
