Re: We don't know what encryption the NSA can crack.
"Generally, it's a good idea to not depend on one layer of protection to obfuscate your communication from the NSA or from law enforcement (or from competitors). When you have active enemies, you probably want redundant layers of data security."
YES.
This is security 101. If you only have one line of defense, no matter what that defense mechanism is, then your security is woefully inadequate. Even if the attacker you're worried about isn't a government agency.
If you're of that mindset, then you also need to avoid using the telephone (cell or landline) and third party service providers such as payment processors, etc.
There is never any such thing as perfect security, so the answer to this, as with all security questions, is "it depends". Security is a tradeoff.
For example, the amount of effort required to take advantage of this weakness ensures that it won't be used for blanket surveillance. You'd have to be of special interest to the NSA. Whether or not you are comfortable relying on being sufficiently uninteresting is a personal call. Only you can answer that question.
If you aren't comfortable, then there are other encryption scheme you can use that don't have this weakness (although they may be a bit less convenient). This isn't a weakness of encryption as a whole, just this particular type of scheme.
Yes, the topic gets ridiculously polarizing. I blame the corporatists, though, since they are the ones who started to (and continue to) demonize all regulation as being evil. It's very hard to engage with that sort of mindset without sounding like you're saying that all regulation is good.
You are correct, but I do find it interesting that the massive amount of deregulation that has happened in the US has made things worse, as abusive or outright fraudulent behavior on the part of companies has increased.
Re: Re: Major confusion in article: Psychiatry versus Psychology
The problem is that "sanity" is a rather subjective term that is defined by society. This is why increasing numbers of therapists, psychiatrists, and the like avoid things like trying to determine what is "sane".
Instead, they are moving to a different criteria: is there a psychological problem than is impairing the person's life? If not, then there's no problem.
Personally, I've never met a person that I would call "sane" as a blanket term. Everyone has a bit of crazy in them.
I believe the law is radically incorrect in defining what counts as PII. In my view, PII is any information that can be used to identify an individual. Device IDs can be used for this easily, even router device IDs. Therefore they are PII.
I am fully aware that the law disagrees with my definition, but the law is wrong.
True, but you are fingered as the owner of the device, so device IDs do identify you personally. IP addresses are different, as they can change, but device IDs are a constant.
"(but by voluntary sending it in you've lost the right to claim IP, much like how FB lays claim to any and all of its users' content that it hosts)"
Without some sort of contract saying otherwise (such as the one Facebook uses), this is not true. Further, a company cannot make it true by retroactively asserting such a thing.
On the post: If The NSA's Not Complaining About Encryption, It's Likely Because It Has Already Found A Way In
Re: They could've just asked...
On the post: If The NSA's Not Complaining About Encryption, It's Likely Because It Has Already Found A Way In
Re: We don't know what encryption the NSA can crack.
YES.
This is security 101. If you only have one line of defense, no matter what that defense mechanism is, then your security is woefully inadequate. Even if the attacker you're worried about isn't a government agency.
On the post: If The NSA's Not Complaining About Encryption, It's Likely Because It Has Already Found A Way In
Re:
If you're of that mindset, then you also need to avoid using the telephone (cell or landline) and third party service providers such as payment processors, etc.
On the post: If The NSA's Not Complaining About Encryption, It's Likely Because It Has Already Found A Way In
Re:
For example, the amount of effort required to take advantage of this weakness ensures that it won't be used for blanket surveillance. You'd have to be of special interest to the NSA. Whether or not you are comfortable relying on being sufficiently uninteresting is a personal call. Only you can answer that question.
If you aren't comfortable, then there are other encryption scheme you can use that don't have this weakness (although they may be a bit less convenient). This isn't a weakness of encryption as a whole, just this particular type of scheme.
On the post: Konami Ingeniously Fuses Two Things Everybody Hates: Insurance And In-Game Microtransactions
Re:
Never playing the game at all sounds like the best option to me.
On the post: Business Whines That Even EU's Mild, Unsatisfactory Reform Of Corporate Sovereignty Goes Too Far
Re: Re: Re: Re:
On the post: Guy Who Won Original Right To Be Forgotten Case Loses His Attempt To Have New Story About His Past Forgotten
Thomas Goolnik
On the post: Business Whines That Even EU's Mild, Unsatisfactory Reform Of Corporate Sovereignty Goes Too Far
Re: Re:
On the post: Court Tells State Psychology Board It Can't Use Its Powers To Regulate Protected Speech
Re: Re: Major confusion in article: Psychiatry versus Psychology
Instead, they are moving to a different criteria: is there a psychological problem than is impairing the person's life? If not, then there's no problem.
Personally, I've never met a person that I would call "sane" as a blanket term. Everyone has a bit of crazy in them.
On the post: AT&T Lawyers Want You To Know That AT&T's CEO Will Never Listen To Customer Suggestions
Re: I disagree with the assessment
The problem is that the reply from AT&T was antagonistic. There is exactly zero reason for that.
On the post: 'There Is No Human Right To Patent Protection' -- UN Special Rapporteur
Re:
We don't? Please point me to where our rights have been restricted in such a broad way.
On the post: AOL CEO Promises 'The Market' Will Keep Verizon, AOL Honest About Sleazy New Stealth Cookies
Re: Re:
On the post: AOL CEO Promises 'The Market' Will Keep Verizon, AOL Honest About Sleazy New Stealth Cookies
Re:
On the post: Appeals Court Says Downloading And Using A Free App Doesn't Make You A 'Subscriber'
Re:
I am fully aware that the law disagrees with my definition, but the law is wrong.
On the post: Appeals Court Says Downloading And Using A Free App Doesn't Make You A 'Subscriber'
Re: Re: PII
On the post: Appeals Court Says Downloading And Using A Free App Doesn't Make You A 'Subscriber'
Re: Re: PII
On the post: AT&T Lawyers Want You To Know That AT&T's CEO Will Never Listen To Customer Suggestions
Re: Back in the day...
Without some sort of contract saying otherwise (such as the one Facebook uses), this is not true. Further, a company cannot make it true by retroactively asserting such a thing.
On the post: AOL CEO Promises 'The Market' Will Keep Verizon, AOL Honest About Sleazy New Stealth Cookies
Re:
It can, certainly. But it fails to work that way often enough that it is a mistake to rely on it.
On the post: AOL CEO Promises 'The Market' Will Keep Verizon, AOL Honest About Sleazy New Stealth Cookies
Then stop
If that's the case, then stop stealing my goddamned oil.
On the post: Appeals Court Says Downloading And Using A Free App Doesn't Make You A 'Subscriber'
PII
That's too bad, since device IDs are clearly PII. That contracts and the law don't recognize this plain truth is a shame.
Next >>