We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption.
Note these encryption methods relate to data in transit. Data at rest is still easily obtainable from the four providers on this chart who got perfect scores.
Your data will never be secure if you give it to other people. This is a basic concept.
Back in April, BitTorrent launched its open alpha, after a select 20,000 users managed to sync over 200TB worth of files. When the public beta arrived in July, users had synced 8 petabytes of data using the tool.
This truly is a testament to the gullibility of users. This software hasn’t been vetted at all. “It’s decentralized and keeps your data private, we swear” is all the assurance you get. For over a million people to have bought that line hook line and sinker is really sad.
Don’t trust software that claims to protect your privacy unless it was developed publicly.
The United States is not alone in facing these risks. One of the reasons Germans have been so sensitive to the recent revelations is their own history of how surveillance has been used aggressively, and violently, to target their own citizens.
Even if the NSA officials play by the rules and regulate themselves, their ability to contain information that could be enormously damaging to the United States and to individual citizens is greatly diminishing in the current era. They no longer are in full control, whatever their intentions might be.
Good article. It goes on to wish for an insightful dialog in order to curb the NSA’s reach. I think that’s naïve to say the least.
Much has changed since the beginning of the free software movement: Most people in advanced countries now own computers — sometimes called “phones” — and use the internet with them. Non-free software still makes the users surrender control over their computing to someone else, but now there is another way to lose it: Service as a Software Substitute, or SaaSS, which means letting someone else’s server do your own computing activities.
Both non-free software and SaaSS can spy on the user, shackle the user, and even attack the user. Malware is common in services and proprietary software products because the users don’t have control over them. That’s the fundamental issue: while non-free software and SaaSS are controlled by some other entity (typically a corporation or a state), free software is controlled by its users.
Why does this control matter? Because freedom means having control over your own life.
“Google has cited no case that stands for the proposition that users who send emails impliedly consent to interceptions and use of their communications by third parties other than the intended recipient of the email,” Koh wrote.
Consumer Watchdog, a nonprofit consumer advocate group based in Washington, D.C., called Koh’s ruling a “tremendous victory for online privacy.”
“This thinly disguised corporate propaganda is inaccurate and inappropriate,” says Mitch Stoltz, an intellectual property attorney with the Electronic Frontier Foundation, who reviewed the material at WIRED’s request.
“It suggests, falsely, that ideas are property and that building on others’ ideas always requires permission,” Stoltz says. “The overriding message of this curriculum is that students’ time should be consumed not in creating but in worrying about their impact on corporate profits.”
– David Kravets
Couldn’t have said it better myself.
Wired article: http://www.wired.com/threatlevel/2013/09/mpaa-school-propaganda/
The team is now focused on adjusting the system to completely block this unreleased version of the Android app when we go live with the official BBM for Android app. We are also making sure that the system is reinforced to handle this kind of scenario in the future. While this may sound like a simple task – it’s not. This will take some time and I do not anticipate launching this week.
This smacks of a considerable level of architectural inelegance. With all the experience the industry has in access control and registration, the pre-release cannot simply be blocked by version number? Maybe these guys should have a drink with Mozilla developers – forever adept at blocking old addons from Firefox with incredibly simplistic logic. That this wasn’t thought of in the case of BBM is shocking.
What kind of massively deployed messaging system would not ship with a method of blocking unauthorized clients, or at least a group of admins clever enough to accomplish it?
Sometimes I worry about the future.
No it isn’t. I’ve consulted for companies that try to rely on third parties, and their false promises of redundancy and reliability bite them every time.
Even those reliant on Amazon EC2 now simply accept that they must pay double or even triple the monthly rate to run copies of their virtual machines in 3 different Amazon data centers. Such a joke.
As seen in the demo URL, the Canonical severs are anonymizing directly the URL with the probable behavior: typing a word in the Dash, pushes the word against (along with the locally-installed scopes) the Canonical servers, the Canonical servers decide the best results, the results are then anonymized and finally landed in the Dash.
This isn’t enough. Anonymity means that no one, not Amazon, not Canonical, receives your personal information. Canonical simply becomes the focal point of attention when “they” come knocking.