* Posts by Graham Cobb

320 posts • joined 13 May 2009

Page:

Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphone

Graham Cobb

Re: Simpler way

I have always assumed that there are already standardised, and legally required, mechanisms in the baseband processors to allow certain remote operations from the air interface. In the past I assumed that included remote monitoring of audio and with the rise of smartphones I presume that includes some way to run code in a highly privileged environment (which can then be used to download and run anything they want). If so, these cannot be bypassed by anything you might install on the device.

The interesting question is whether these hacks only exist in chips for communications where a licence is required (and hence including the feature is a condition of the device getting the necessary licence) or whether they also now exist in chips for unlicensed usage (such as WiFi).

If I was a political activist, or an investigative journalist, and thought I was likely to be the subject of targeted surveillance from government agencies, I would assume anything with an air interface can be monitored.

2
0

US Homeland Sec boss has snazzy new laptop bomb scanning tech – but admits he doesn't know what it's called

Graham Cobb

Re: The theatre opens another season......

"$70 a flight"

I would say that certain recent actions by the US government have just put the price up.

I wonder who gets to benefit...

0
0

Q. What's today's top language? A. Python... no, wait, Java... no, C

Graham Cobb

Re: On Another Note

The IEEE has a royal charter? That must annoy the IEE.

3
0

'Millions of IoT gizmos' wide open to hijackers after devs drop gSOAP

Graham Cobb

Re: SOAP

It would be good to have a list of all the software which relies on the libraries.

Fortunately it seems to be less than I feared. I note that the package is not installed on my systems (Debian workstations) and a quick apt-cache rdepends libgsoap10 doesn't show any well-known things using it. So it may be that the IoT devices are the biggest vulnerabilities.

1
0
Graham Cobb

Re: Requires an incentive

Unfortunately that won't work. It places the incentive on the wrong people.

The people that have to be incentivised are the owners. If I own a crappy IoT device (I may not even know it is one: think teddy bears) I need an incentive to upgrade or replace it if it can be hacked. Even if a refund is available, I guess less than 1% of people will bother if it is "working" for them.

1
1

We'll hit THAT 95% Sigfox coverage target using telly aerials, says WND-UK

Graham Cobb

Re: Am I completely missing the point?

why can't these non-defined 'things' use the existing infrastructure of wired broadband and non-wired internet already blanketing the country?

Good question. The main answer is very low power devices. Don't think about consumer devices (they will be connected to the mains, or be rechargeable). Think about devices that are installed somewhere (inside a water meter, in a river, around the neck of a cow, on a container when it ships from China) and never touched. There are many use cases which only need to transmit a few bytes a day but need to last for many years without being touched.

Current mobile phone protocols can't support these sorts of devices. NB-IoT can (that is what the NB bit is about) but it doesn't exist yet. SigFox and LoRaWAN are trying to get up and running with blanket coverage before the mobile phone companies can roll out NB-IoT. Being first to market obviously puts them in a strong position (although there are also significant technical, and commercial business model, differences between the solutions).

[Full disclosure: my employer sells some of these technologies, although the above is my personal opinion only]

0
0
Graham Cobb

Re: That's nice

The demand for Sigfox and other similar solutions isn't primarily domestic consumer business: that is probably best served by WiFi, combined with either permanent power or phone-style recharging. The demand is primarily for applications which either need wide area coverage (like lorry or package tracking) or very low power (like collars that can be put on livestock and left without recharging for the lifetime of the animal, or monitoring of water flow and quality in streams).

Meter reading may also be a case (because it is hard to ask your customer to provide the power and connectivity necessary for you to send them a bill).

So, I expect that ordinary people won't do much with it. But that doesn't mean it won't be big. Personally I think these business uses are the real IoT business case.

0
0

G20 calls for 'lawful and non-arbitrary access to available information' to fight terror

Graham Cobb

Sure, PGP is great. But the remaining very hard part is the infrastructure that goes around it. Particularly ease of use, key management, and avoiding leaking metadata. PGP-encrypted email, for example, makes no attempt to hide the source and destination, the length of the email and most implementations don't even drop all the optional clear-text headers (such as Subject).

Also, messaging, as it has evolved from chat to today's messaging apps, has very different design priorities from email (such as little interest in store-and-forward or the large amount of metadata in email headers, and a tolerance of centralised or federated servers instead of complete decentralisation).

The lack of an open-source version of WhatsApp, Telegram, etc is proof that PGP is not enough and we have a lot of work still to do.

1
0
Graham Cobb

...nothing to stop the (nominal) targets of this legislation from authoring and using their own encryption tools that don't suffer from the limitation of being breakable

And I am sure this is well underway. Pick your favourite "state sponsor of terrorism" (Russia, Saudia Arabia, China, The Great Satan, Iran, ...): they all have plenty of smart computer scientists who can create a secure encrypted messaging system, with secure distribution (and, probably, a reasonable cover story for using it - like building it into a "community values dating app" or something).

Those who are not terrorists, but who may fear interference from major vested interests (political monitoring, state industrial espionage, etc) need an equivalent.

It is time we, in the global open source community, really invested in creating an open equivalent, where you can be confident that (i) if the endpoints are secure messages cannot be decrypted, and (ii) if the servers are secure metadata is also secure. And make it federated (so you can communicate with people on other servers if you want to, at the cost of possibly exposing your metadata).

Bitmessage was a good attempt, but does not scale. It is time we created a project like the Tor project to do secure messaging properly.

4
0
Graham Cobb

So treat online like offline then

We affirm that the rule of law applies online as well as it does offline.

Thank goodness for that. I thought for a moment that they were going to suggest intrusive and excessive monitoring of private conversations.

Enough of this "Going Dark" nonsense: this is a pure power grab to try to use the online world to get a much higher level of surveillance than was ever possible in the past and eliminate freedoms we have had for the last century or so.

In the "offline world", private, unmonitored conversations are not only possible, they are the norm. Mass surveillance of private conversations is literally impossible and even targetted surveillance is hard, dangerous and very expensive: it involves placing spies very close to the targets, often in their personal lives, combined with sophisticated, expensive and often ineffective bugs. That cost is exactly the reason that we (society) allow it at all: we know it can't be abused too much because we deliberately limit the resources available so the authorities prioritise its use.

What the spooks see now is an opportunity to use the online world to completely remove those costs and barriers. Clearly they could do their jobs much more effectively if they could, in practice, have a tail and a bug recording every conversation on every man, woman and child 24 hours a day!

5
0

GnuPG crypto library cracked, look for patches

Graham Cobb

Re: It's important that it's been fixed..

You'd be measurably safer if all your application writers recompiled their apps to WebAssembly and you only accessed them via a browser.

I am happy to believe you. But you would be much safer still if the apps remained on the websites where they belong and the browser was just using HTML.

Obviously not everything could be done that way, but the answer is not to make it easier to create pages which do a lot of processing locally, particularly processing which is not easily inspected by human beings.

9
2

Constant work makes the kilo walk the Planck

Graham Cobb

Re: Something puzzling me

Actually I was wondering... Is it a matter of averaging (which, of course, can only help with random errors rather than systematic errors) or of intersecting ranges (error bars) which can give smaller error bars than any individual measurement (but relies on all the error bars being correct)?

I know that (at least some) time protocols rely on intersection: if clocks always report the time as a range ("I know the time is currently between 12:55 and 13:07") and you ask several clocks, you can get a more accurate value for the time than any one clock can report by intersecting the ranges (as long as all the clocks are really right in their range reporting, of course).

1
0

Backdoor backlash: European Parliament wants better privacy

Graham Cobb

Re: " “decryption, reverse engineering or monitoring of such communications shall be prohibited”,"

Fortunately we will only have to wait about 20 years to get it. I am sure that within 20 years we will find that we have no choice but to ask to join either the EU or the USA (51st state) in order to have a reasonable position in a world dominated by very large countries (China, India) and very large economic blocks (North America, EU and something Russian-led).

And the EU is certainly not going to re-grant us our current rebates and opt-outs. But by then the end of the pound and entry into a fully federal environment (EU or US) will definitely be worth it. If nothing else, to allow us to share our elderly care and pensions problems.

Unfortunately, I am not sure I will still be around to see it.

6
0

UK PM Theresa May's response to terror attacks 'shortsighted'

Graham Cobb

Re: More legislation?

The politicians need to stop trying to blow smoke up our arses, interfering with the the various security bodies, and let them get on with their jobs.

What politicians need to do is GROW UP and explain, in an adult way, that it is impossible to protect everyone all the time and to stop pretending that that is what they are doing. Explain that terrorism has been around a long time and that we have beaten it before, not with guns, prisons or magic (i.e. technology) but by staying firm to our principles and fixing the issues causing people to become terrorists so they prefer to do something else instead. Stop pretending, and do the real hard work of being a leader!

Unfortunately, this would require a charismatic leader. As there don't seem to be any of those around, that should be the government's main priority.

10
0
Graham Cobb

Enough is Enough Teresa

So, the terrorists have, at last, worked out that their best tactic is small scale attacks that can't be defended against without completely disrupting normal way of life. Who needs bombs, or the internet, when a van, a knife and going to your local town at a busy time will be much more effective in causing death, terror and disruption?

There are only two things that can be done about this. Both are within the power of the government, should be obvious and should have been done before now: 1) more police on the streets (both in target areas and in the community), and 2) addressing the source of the problem: the disaffected and violent attackers.

May is trying to a) blame everyone other than herself, and b) find a technological solution to a non-technical problem. More police in back offices, more surveillance, more GCHQ wizardry, changes by "internet giants", harsher punishments, internment will all have zero effect. The people doing this are extremely highly motivated, do not expect to survive (let alone be punished) and do not require specialist support (e.g. bomb-makers) or communications (secret or otherwise). None of the things May is talking about, or has done as Home Secretary or Prime Minister, will have any effect at all on this type of terrorism.

The real fix is to stop creating disaffected and motivated killers by channelling their energy, concern and commitment into a more positive activity. When a jihadist returns from Syria, don't throw them in jail (to radicalise others. become even more radical themselves, and build up all the contacts they need for future violence): work with the community to turn some of these highly motivated and committed returning fighters into community leaders, journalists, lawyers, activists and politicians. Channel that energy to fix what they see as the problems of society into a desire to solve the problem instead of destroying society.

Of course, it won't work with everyone, which is why we need police on the streets and very hard work to make sure the community do not endorse or even permit violence.

Spend money in the communities. Reduce poverty. Address the grievances and concerns. And remember that violence has always been with us, always will be, and is at an extremely low level now compared with both recent and longer term history.

And give up magical thinking that technology either causes or can help reduce this.

12
4

'Cloak and dagger' vuln rolls critical hit against latest Android versions

Graham Cobb

30 year old bug re-emerges on Android

Wow. I remember when computers started requiring that you press BREAK before they would give a login prompt, because people wrote programs that made it looked like the terminal was waiting for login and captured passwords. I think it was VAX/VMS V2, in the 1980's, which first introduced it (at least to me).

Microsoft adopted the same strategy with requiring CTRL-ALT-DEL before you could login.

But someone forgot about this and started writing phone OS's that allow apps that require passwords and you can't use a secure gesture to make sure you are really talking to the right app?

10
0

UK ministers to push anti-encryption laws after election

Graham Cobb

It is appalling that at this time of distress and unity against evil criminals, the government would use the attack to push a trial balloon about removing the very freedoms British people fight for.

When I was child, younger than the innocent victims here, I used to be very scared of an imminent nuclear attack from the USSR. My parents didn't tell me not to worry, they explained why we had to stand up against the threat: to protect the same freedoms that they had stood up for in WW2. The freedom to walk the streets without having to explain who we were, where we were going or why; the freedom from a police state; the freedom to live our lives as we wished.

Every generation needs to be reminded of what we stand for as a country. We need to shout together that we reject fear and cowardice and stand together to protect our rights, freedoms and way of life.

162
2
Graham Cobb

Yes, please do. I have paid my dues to the ORG since they were established and I used the great resources they had prepared to help me craft my carefully considered response to the Home Office consultation after they had warned us all and published it.

Of course, as I was not invited to respond I suspect my response will be ignored, but at least ORG have brought this out into the open.

10
0
Graham Cobb

Re: good idea but seriously

I fully agree that both the Tories and Labour are massively authoritarian. I strongly suggest not focusing on Left-Right but on the other axis of the Political Compass (https://en.wikipedia.org/wiki/Political_compass): Authoritarian-Libertarian.

On that basis, consider voting for either the LibDems or the Greens, to put a stop to this authoritarian rubbish. After all, it was the LibDems who forced cancellation of Labour's identity card scheme, which the Tories would have been very happy to continue with.

21
3

Proposed PATCH Act forces US snoops to quit hoarding code exploits

Graham Cobb

Simple process

I don't think this needs a complex review board. Much the same benefit could be created with a simple process:

1) A limit (say 5) on the total number of exploits which can be hoarded at any time.

2) An absolute time limit on the length of time it can be hoarded for. 12 months seems reasonable. After that time, it has to be reported to the manufacturer.

3) A risk assessment and contingency plan, including a patch prepared in advance by the NSA so it can be fixed immediately if it becomes known.

The problem is enforcement (trust, but verify), but codifying it in a law would help. At least it would be clear a crime has been committed if a more-than-12-month-vulnerability appears on WIkileaks.

2
0

MP3 'died' and nobody noticed: Key patents expire on golden oldie tech

Graham Cobb

Re: Such Blatantly wrong headlines, MP3 is NOT dead, it's just now FREE

Corrected headline:

MP3 now FREE so use set to explode! Fraunhofer get Andrew to reprint press release in desperate attempt to drum up licence fees for their next patent.

8
0

Microsoft to spooks: WannaCrypt was inevitable, quit hoarding

Graham Cobb

Ministers need to sort out GCHQ

I will post here a comment I made over the weekend in a different location:

I stand by my view that this incident sits squarely at the feet of those who are paid to protect us but played gods by treating life-threatening faults as if they were weapons and had no contingency plans in place to protect us from the fallout.

Ministers should resign over it.

GCHQ need to get real and dramatically change their risk assessments and decisions around exploit hoarding. Of course we won't get rid of it entirely but this impact was completely foreseeable and the policy needs to properly take the risks into account. Not disclosing an exploit must be an exception; it must require sign-off from the highest levels in GCHQ; it must be very time limited (e.g. no more than 12 months); and there must be a contingency plan in place to deal with any public emergence of the bug before they disclose it (including emergency patches prepared to fix the problem).

And ministers need to bang heads together in GCHQ to enforce this culture change.

8
3

Uber cloaked its spying and all it got from Apple was a slap on the wrist

Graham Cobb

Re: Honesty

We need some high profile actions (probably both legal and moral -- including a few boycotts) to demonstrate to (mainly US) corporations that Terms of Service are a two-way street. I have terms of service for suppliers of services to me, and they are just as important as the ones they have for their customers.

They include no corruption, ethical behaviour and CSR. And if you violate them I will push hard to enforce them not just by cancelling my deal with you but by spending time, effort and money in convincing others to stop doing business with you and regulators to tie your behaviour down.

If a government department really has destroyed evidence of unethical influence from Uber then I want to see someone go to prison for the destruction of the evidence.

8
0

Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC

Graham Cobb

Re: Soft target?

Many of us don't bash Microsoft any more than others. There is plenty of Google-bashing on El Reg.

I use a Sailfish phone because it is neither Apple nor Android and is collecting much less data. I also do not install any apps that make intrusive demands, however "useful" or "fun" they might be. I would like to try SwiftKey but have not, exactly for the reason you raise.

Microsoft have a dominant position in the personal computer market and should not be allowed to abuse it by not giving people the option to turn off all data collection (maybe for a reasonable fee). Similarly Apple and Google should be required to do the same thing in the mobile market.

What we need is a functioning market in personal information: I should be able to make a personal decision about the value of my data and see whether companies are paying me (often in the form of a discounted price for their product) what I consider it is worth. If so, that is fine; if not I decide whether the undiscounted price is one I am willing to pay and either buy their service with no access to my data or don't buy it. As simple as that.

21
2
Graham Cobb

Enterprise version?

If I understand the TechNet article about the Enterprise version correctly (not at all certain -- could it possibly be deliberately hard to read?), it seems to be possible to turn off ALL connections to Microsoft in that version.

Is it possible for an individual to purchase the Enterprise version? For how much?

I have no plans to ever buy Windows again but it would be nice to know.

4
1

Naming computers endangers privacy, say 'Net standards boffins

Graham Cobb

joining untrusted networks that can probe device names

Sorry, Lee, I think you have missed the point. Are you telling me that you (and all the people you care about) never join a public WiFi network? And never announce names on Bluetooth?

There are many, many cases where even being able to make a halfway-reasonable guess about the owner of a device might be an issue. Think about the battered wife hiding out somewhere not too far from her home so she can still sometimes see her children. If her husband notices her name in some announcement of nearby devices he might immediately realise exactly where she is. Or just cruise the streets scanning for her device.

And then there are the movie-plot examples, Terrorists planning an outrage in Cairo (say): scan for device names and set off the bomb when a van with lots of typical American names goes by to maximise foreign tourist victims.

Just because your particular case doesn't seem to pose any risks, doesn't mean that is true for others.

0
0

Silicon Valley bites back via Europe’s copyright reform

Graham Cobb

Re: Canada is not a member of the EU*

Indeed, Canada is not a member of the EU. However, many Open Media supporters are.

I, for example, used their tools to submit my own views to the consultation, and I wrote to my MEPs to also provide my views. I don't parrot the Open Media messages, although I largely agree with them, particularly about the Link Tax.

I realise that means Andrew believes I am, at best, a naive dupe. I disagree, but I would, wouldn't I.

1
0

Sir Tim Berners-Lee refuses to be King Canute, approves DRM as Web standard

Graham Cobb

Re: DRM means you don't own your content

You NEVER own that content. It's ALWAYS been LICENSED to you. That's what copyright is all about.

No, that's not true. That is what the copyright holders claim, but it is not true.

If you buy a book, you own the book. It is yours to keep, to sell to other people, to tear into little pieces, to burn, to scribble over, and to read. And to do anything else you want to to it or with it unless that act is specifically illegal. You can't murder someone with it, for example. All "copyright is about" is that it temporarily adds one thing you can't do with the book: at certain times and certain situations you can't copy the book without a licence (in certain other cases it is still allowed).

The same is true for a CD or a DVD. They are no different. Just because the creator tries to claim that you have just bought a licence does not make it true.

21
0
Graham Cobb

Trouble is, it's ultimately THEIR content. Copyright means they get the final say on where their content gets shown and under what conditions.

Indeed. But it is MY money and MY eyeballs. That means I actually get the FINAL say on whether I will buy it and under what conditions! They can offer it to me with whatever conditions they wish but only I decide if those are acceptable, for the price.

20
0

Awkward. Investigatory Powers Act could prove hurdle to UK-EU Privacy Shield following Brexit

Graham Cobb

Whatever you think of the IPA and the UK state's fondness for mass surveillance, it is NOTHING like life under the Stasi.

You are right, it is nothing like life under the Stasi -- today. No one is suggesting that life here is currently like life in the DDR.

However, the powers and capabilities in the Snoopers Charter are a Stasi wet dream. I went round a Stasi museum in Germany and I was horrified at what they managed to achieve with a fraction of the powers the Home Office have grabbed. And there are no effective restrictions or controls on the abuse of these powers.

After last year, I have no confidence that my fellow voters are not stupid enough end up with a government led by a "strongman" (maybe as a result of a coalition of aggressively authoritarian parties such as the Tories and Labour) who is not afraid to abuse those powers "for the good of the country". If we look back at the serious abuse that occurred in the 1970s (arrests of protesters, tapping of journalists, undercover police in families, monitoring of legitimate political and trade union activities) even under a supposedly freedom-loving government, how hard is it to imagine a DDR-like society being imposed "for our own good"?

20
1

Polls? How very 2016. Now Google Street View AI scanner can predict how people will vote

Graham Cobb

Fundamental misunderstanding

But what if there was a way to get the information without having to deal with mountains of paperwork or bothering people at all?

Either I, or the article author, have a fundamental misunderstanding here. This analysis doesn't replace things like the ACS survey, it builds on them!

The only way the guessing of things like income, race and voting preferences from vehicle choice, house style, size of garden, location, etc work is because of surveys like ACS providing the correlation information! Sure, this analysis of street view images might help for spotting some changes (such as gentrification of an area) earlier than waiting for the survey but if the surveys didn't happen the guesses would rapidly get out of date!

I have not read the paper, only the article. I would hope this point is explained in the paper.

3
0

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Graham Cobb

Re: "Why does the size have to be identical? "

@tomdial: I don't think you understand how signing works.

1
2

More brilliant Internet of Things gadgetry: A £1,300 mousetrap

Graham Cobb

Business case

Ah, at last! A business case for the amount of money we are spending on building a new extension to replace our old, falling down, and definitely not mouse-proof old utility room.

I never realised how much money I was spending on those mousetraps I had to buy every winter. Tanks to Rentokil I now realise that the new mouse-proof extension will pay for itself!

1
0

Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents

Graham Cobb

Regulation is required

Consumer protection regulations, with significant penalties, are needed. Any devices (not just toys) that don't meet the following should be classed as illegal surveillance devices:

1) All recording or monitoring (even locally on the device) of audio or video must be very clearly highlighted on packaging, and explained, and must be able to be fully turned off (no further monitoring at all, even for the activation command, until it is turned back on again), with a parental control lock to prevent re-enabling by children if the parent has turned it off.

2) Any feature which can send audio or video (live or recorded) anywhere outside the device must require a locally processed activation command to initiate the recording/sending. This might be a spoken command (such as the name of the device), processed locally, but it could also be something like a button on the device or a menu item. The recording/sending must be for limited time (less than 1 minute, maximum duration explained on the packaging).

3) Activation must not be possible remotely (even for law enforcement or "safety" purposes) - it must require a local user interaction.

4) There must be feedback to people in range of the collection (e.g. an led or an icon on a screen) whenever the device believes it has received the command and so is recording/sending audio or video.

If someone like the EU took the lead on this, then it is likely that these very reasonable protections would become generally accepted standards.

7
0

Planned Espionage Act could jail journos and whistleblowers as spies

Graham Cobb

Public Interest

Public Interest should be a defence for every proposed offence in this Act. And intent must be taken into account during any sentencing.

And there should be no offence involved in publishing information already released on the Internet. There is absolutely no point going back to the completely failed "Spycatcher" days of attempting to prevent publication in the UK of something freely available elsewhere.

12
0

GDPR: Do not resist! Unless you want a visit from the data police

Graham Cobb

Impact of TISA?

Any analysis of the impact of the Trade in Services Agreement? Reports (not necessarily reliable) say that it outlaws any restrictions on sending data out of the country? Would this prevent the EU signing up? Or override EU rules?

After Brexit, if we retain GDPR-level rules (so we can exchange data with the EU) what would be the implication if we were then to sign up to TISA, or a bilateral trade agreement with similar text?

1
0

Who do you want to be Who? VOTE for the BBC's next Time Lord

Graham Cobb

Rory Kinnear

The best "Iago" I have seen. He would make a masterful Doctor.

0
0

New Windows 10 privacy controls: Just a little snooping – or the max

Graham Cobb

Re: "Just don't use Windows 10 on-line."

WTF are consumer agencies doing to help...???

Good question. Obviously any info Microsoft collects will be available to the US authorities on request (probably even if "deleted" using the dashboard). Note that recent US laws allow (require?) Microsoft to lie about whether that is a true statement or not!

Surely this must prevent Microsoft being able to send the data to the US under EU law? How do we get the process started to have Microsoft prosecuted in the EU?

6
0

WD slims down SSD to squeeze into little Black drive range

Graham Cobb

What sort of motherboard slot?

I will admit to knowing nothing about NVMe or M2! Is this a card that plugs into a PCI slot? Or does it plug into an M2 slot (presumably a different type of slot on a motherboard)? Or something else?

I am wondering what sort of motherboard features I will need to look out for on my next upgrade so that I can use these sorts of drives. As I tend to keep a motherboard for about 5 years, but add disk capacity steadily, I am particularly interested in what I will need to be able to use large versions (multi-TB) when they become available for the consumer market.

0
0

Hackers could turn your smart meter into a bomb and blow your family to smithereens – new claim

Graham Cobb

Re: FFS

No it hasn't. There is still at least one "metre" left. Although the sentence containing it looks as though it could have been added as an afterthought.

2
0

Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

Graham Cobb

Re: Ridiculous

It's ridiculous to suggest these should all be optically isolated.

USB ports are different from those other examples:

1) Those other interfaces are not used for massively common and cheap devices, that people routinely plug into their systems when they find them lying around.

2) Those interfaces are not normally shared, where plugging a bad device into one port can damage other devices other people have plugged into other ports (as is common in charging stations).

2
0

Still too much discretion when it comes to that 'terrorism' stuff, repeats David Anderson QC

Graham Cobb

Don't blame Snowden, blame GCHQ

...the spread of encryption, a long-standing trend accelerated since 2013 in reaction to Edward Snowden unconscionable mass surveillance...

FTFY

17
0

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Graham Cobb

Re: Blackmail! (remember Monty Python?)

That happened in the miners' strike over 30 years ago. The police stopped some colleagues on their way to a client site on the suspicion they were flying pickets.

Which is why I really don't understand why Labour did not oppose this. I realise that they are just as authoritarian as the Tories, but can't they see that trade unionists (let alone Momentum sympathisers) will be some of the first victims of this? The first time there is serious disruption caused by industrial action, both the spooks and the police will be looking up in the database who has been visiting extreme left wing sites!

Labour have so much more to lose than the Tories do (no one is going to be targetting people who visit the Country Life website).

1
0
Graham Cobb

Re: Blackmail! (remember Monty Python?)

And not just the powerful... How do you think they will get everyone to watch and inform on everyone else (not fanciful -- that is exactly what the Stasi did)?

Need someone to report on (or maybe make up, so they are seen to be valuable) goings on at the local mosque? Quick database search (sorry, not a "database", just "filters" -- oh, how we IT people laughed when we heard that!) to find a Muslim teen worried about whether he might be gay: "you wouldn't want anyone finding out you are gay, would you? We can make sure those records are all deleted if you just help us out".

The big concern is not just that this is not targetted on suspects, not even the potential for blackmail of specific people, but the collection of data on everyone allowing potential fishing expeditions and correlation with other data to search for vulnerable people to target.

Do you want to reduce the number of people turning out for a animal-rights/pro-life/pro-abortion/anti-globalisation/anti-immigration/whatever demonstration? Just correlate web browsing records with ANPR data and stop the cars of the people most likely to be relevant activists from even getting to the event. The police wouldn't do that? 20 years ago I lived near a cat farm which was subject to massive animal rights demonstrations. The police took to literally stopping anyone driving towards the area in a beat-up old car and turning them round if they were heading to the demonstration (they never stopped me, but I drove a nice car). How much easier now they can know the number plate of anyone who has ever accessed a relevant campaign web site!

5
0
Graham Cobb

Re: Is anyone working to overcome this?

Thanks for the suggestions. I also use A&A and have paid my dues to ORG and other campaign groups for many years.

But I think the time has come to move on from campaigning to actually doing some things aimed not at geeks (like A&A) or even politicos (like ORG) but at ordinary people. I am thinking about creating apps, setting up offshore companies to provide services, creating and publicising howtos, helping commercial players understand how they need to change their policies around anonymity and Tor in the light of these UK actions, etc. I am looking for a group of people brainstorming ideas for how to actually deal with this. I would be happy to join something led by RevK if he wants to do that but, if not, is there anyone else?

3
0
Graham Cobb

Is anyone working to overcome this?

Does anyone know of a group that is seriously working to overcome this illiberal measure? I would be interested in contributing my time, experience, skills and maybe even money to (legal) activities designed to defeat these measures and eventually result in their replacement by sensible liberal and proportionate measures.

I am looking for a chance to contribute to real activities, on the political, publicity, education, legal, technical and commercial fronts.

I realise not everyone would support this -- feel free to ask about groups doing the opposite if you wish. But the time has come to go beyond the Don't Spy on Us campaign coalition and some of us with technical and commercial experience might be interested in contributing to helping people legally bypass the unacceptable parts of the IP and DE bills.

4
1
Graham Cobb

Re: Don't worry: it won't affect the bad guys

As usual, a bad and poorly drafted law will merely inconvenience the innocent, allow abuse by government and trouble the real criminals not at all.

More seriously, it just makes the problems of actually tracking real suspects much harder.

Most people do not have a problem with court-ordered targeted surveillance or even forced decryption as long as it is very much limited to specific targets and with real independent oversight and protections. In that world (just yesterday), you don't see much takeup of uncrackable end-to-end encryption: people are perfectly happy that big company products will protect them from criminals. There is little noise about real end-to-end encryption and almost everyone, even those on the edges of or at low levels in terrorist organisations, do not bother with them.

But, with these over-the-top and anti-democratic powers, everyone will rapidly adopt tools just to protect their own privacy. Every teenager wanting to find information about their sexuality, or concerned about a medical issue or getting involved in political activity, will use them. So, they will quickly become completely normal and the security services really will go dark. It won't be the fault of those of us concerned about privacy, it will be the fault of the government for being so stupid!

I can only hope that people realise this soon and punish the government at the next election for seriously endangering us with these actions.

16
0

UK Parliament waves through 'porn-blocking' Digital Economy Bill

Graham Cobb

Re: Stazi

The Stazi is exactly the issue. If you get the chance, I strongly recommend visiting a Stazi museum. I went to the one in Liepzig, which played a pivotal role in the fall of communism. It is so scary to see how close the Stazi came to preventing the popular, peaceful protests which led to the fall of the Berlin Wall. And that was with 1980's surveillance techniques.

If the Stazi had had modern internet surveillance tools, they would have had no problem at all in keeping full control and Europe would look very different today.

I would love to see a Stazi museum in the Geek's Guide! “Those who fail to learn from history are doomed to repeat it”

11
0

100k+ petition: MPs must consider debating Snoopers' Charter again

Graham Cobb

Re: People. The person you need to write to is your MP.

Done. Here is an extract from my letter...

A bill which effectively provides a police "tail" on all members of the public at all times while they surf the internet, just in case it may be useful in the future, is not acceptable in a democracy, only in a police state.

15
0

No super-kinky web smut please, we're British

Graham Cobb

Re: TOR & VPNs

I did it after checking if I wasn't cutting out valid visitors.

But that has just changed. As a matter of principle, as soon as the IPBill was passed, I changed my normal web browsing from my main personal PC to go via various foreign VPN proxies. I have been using it for several days now, including things like reading this site and many purchases.

Any company that wants my business from now on will have to accept connections from anonymising sources. I don't suppose I am the only one.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017