Exactly. Markets existed in Feudal times and will almost certainly continue to exist into a "post-capitalist" future.
It's not the existence of Markets that define capitalism - it's the fact that Markets are the dominating force that determines how society operates that is the key to what we call capitalism.
> Are you suggesting a bug, or intentionally malicious code?
I was primarily thinking of intentionally malicious alterations.
> I would trust an open source implementation.
So would I, up to a point. It doesn't make security issues magically disappear, but does make things a lot more difficult for a potential attacker.
I'll concede my concerns over plugin security might be overblown, but I stand by my main point that web cryptography cannot be done entirely in javascript without some sort of browser support.
No, I'm referring here to the situation where you're *not* using a plugin, but where all the encryption is done using Javascript.
Several comments have pointed out that it would be a complete joke if you were to give Google your encryption key as it would be no better than not using encryption at all (in fact it would be worse, as you might *think* your email was private).
I was originally trying to make the point that this would be completely insecure even if you were to attempt to keep the private key client-side (or on dropbox etc) and do the encryption locally, which the article implied might be more secure.
While using a plugin is potentially more secure - it's still possible for security to be compromised here too. Suppose the plugin as originally distributed was fine and got the all clear by the security community, but was later compromised by the browser's auto-update feature. How long would it take to be noticed and how much email would be compromised before it was? What if the Feds were targeting you specifically and only you got the compromised plugin, how long would it be before you smelled a rat? Could Google be relied upon to push back against either of these if the government twisted it's arm?
The bottom line is: Do you trust Google? If you do, then HTTPS is all you need to secure your email from everyone else. If you don't trust Google then why would you trust their encryption implementation?
All code running in a browser is downloaded from the server (it can be cached, but you have no control over when it is refreshed).
Therefore you have no real control over anything the code running on your browser is doing, despite the fact that it running on the client rather than on the server.
The biggest problem is the need for a browser plugin to be able to do this securely, which is much more of a big deal to organize than the article suggests.
Any solution that involves adding a button to gmail's web interface fundamentally cannot be secure. Even if you did public-key encryption with all the work done client-side in the browser, that still involves downloading the javascript to do it from the server and there's no way to prevent Google from installing a backdoor at any time if they want or are forced to by the government.
Even *with* a browser plugin it's problematic as it's difficult to do it in a way that ensures it cannot be bypassed. e.g. the client-side javascript could request the text you entered to be encrypted by the browser, so you get all the right feedback, then substitute it with the unencrypted version when submitting it to the server.
And let's not forget that if Google have provided the plugin it also might be compromised through the browser's auto-update feature.
People would certainly question why general purpose computing gets a pass
It'd be interested to look at some of the patents covering modern processors. Wouldn't these already have claims covering the running of arbitrary programs on the hardware?
Why then would taking a PC with a processor whose patent covers running software - and running software on it - generate a new patent?
First of all there is no need to try again. I was asked to show one, I showed Google and you agreed!
Well no, you were asked:
"Show me a historical corporation that got powerful and needed a government to bring it down that wasn't given that power by the government to begin with."
Google wasn't granted any significant power by the government, nor does it show any real need to be "brought down" (FDA's threatened anti-trust investigation non-withstanding). Incorporated in 1998, it arguably isn't even an "historical corporation" ;-)
Second, the statement seemed to indicate that the Government 'helped' specific companies by creating incentives for a specific company or industry, at least that is how I read it. In many cases this is true. The government, for example, helped the railroad, phone companies, etc by creating conditions that made it favorable for the company to do something it otherwise would not. In fact the government required it.
Yes, it granted them significant property rights over the land and a monopoly over the resulting infrastructure. If you're going to do that then you need to properly regulate the companies to ensure they don't abuse the privileged position they've been granted. Unfortunately the government has largely failed to do this and I'm not altogether convinced it is even possible to make this work.
The Government did not aim to create a software company (Microsoft) or a smartphone / tablet maker (Apple). Microsoft and Apple did what all companies, and in fact nearly all people do, they exploit an existing situation to their advantage. That is pretty much nature, you find it in plants, animals, and people.
No argument there - offer someone power and they will take it. It's also clear that they will often abuse it if they can get away with it, particularly in the case of corporations whose only motive is profit. I don't have any magic solutions to this problem, but identifying it as a problem has to be the first step.
Government attempts, often wrong headed to be sure, to level the playing field. The problem, especially today, is that the game is changing nearly daily and the laws don't. Any person or company can, and will use that to their advantage.
The problem is, nearly every example that appears on this site is an example of the government tipping the playing field in favour of someone, or failing to level the playing field when it is clear that they need to do so. Some of it is down to glacial reaction speeds, sure, but often it is down to people or corporations with government granted power and influence using said power to their unfair advantage.
You sound like Obama "If you have a business, you didn't build that". That is patently absurd. People (and corporation are made up of *gasp* people, and will exploit their environment, to their advantage, to reach their goal. This will happen, with or without government intervention.
I'm not one of those people who think corporations and/or capitalism are inherently evil. A free market is supposed to be largely self-regulating, at least in theory. However it's difficult to tell as I'm not sure we have ever had a true free market economy to observe!
You could kill copyright today and in a short period of time those affected would come up with other ways to make money
Good! I don't want companies to stop making money - I just want them to stop gaming the system while they are doing it. Getting rid of copyright and patents would be an excellent first step!
"Show me a historical corporation that got powerful and needed a government to bring it down that wasn't given that power by the government to begin with."
Just one? How about Apple. Nah, I can't stop there; Google; Microsoft; General Electric; I am sure I could come up with a lot more.
Well OK then ...
Microsoft wouldn't even have a business model without copyright (a government granted monopoly whether you agree with it or not).
Apple might do a bit better, but they would probably have done less well if they hadn't been able to enforce their EULA forbidding Mac OS installs on third party hardware. More recently they've used patents mercilessly to try to prevent competition.
General Electric - don't power companies in the US get their operating license from the government?
Which just leaves Google. The only company in your list that didn't get much government help AFAIK and as a consequence doesn't much need to be brought down as it doesn't hold a monopoly position.
Some – admittedly clever – companies, such as Apple, recognized that they could acquire patents, take a perpetual license to them, and then sell them off to NPEs such as Intellectual Ventures
If Apple et al were really that clever, surely they would have heard the maxim "what's good for the goose...". What is to prevent Apple's competitors from selling their portfolios to a different NPE with a nudge and a wink that it might want to go after Apple?
Hell, never mind finding a different NPE, I wouldn't be at all surprised to find IV playing both sides of the fence, just with a different set of shell companies...
This idea needs to be flipped over - instead of trying to charge more for people who act like jerks, try to identify likable/popular players and offer them vouchers for money off your next game.
This is a much more manageable situation - it makes it less likely that you would get trolls attempting to get others classified as jerks as there wouldn't be as much incentive. Instead it encourages players to behave responsibly in the game in order to get the reward - it doesn't even really matter if they're naturally likable people or if they're just repressing they're normal jerky behaviour - it's results that count ;-)
For me, it's not just the prior art and/or obviousness of this kind of patent that should make it invalid. You can often argue about those until the cows come home - whether a particular thing counts as prior art or whether people would really have considered this as obvious at the time, can be rather subjective.
For me it's the lack of any real disclosure that annoys me. Patents are supposed to provide sufficient information that a person skilled in the art can reproduce it with relative ease. Generally this means it should be sufficiently detailed that the recipient does not need to add any significant creativity or ingenuity of his own.
So for example, if I were attempting to patent the Carburetor, I should need to provide blueprints and specifications such that anyone with a workshop and sufficient skill would be able to build one. It would be no good me putting "a device that mixes gasoline and air" and more or less leaving it at that! Even a lengthy explanation of what it does and the principles on which it operates would still be considered insufficient disclosure in most fields.
The equivalent disclosure for software patents should be to provide full source code such that any reasonably skilled developer can reproduce the invention without writing the thing from scratch himself.
Surely the customers were spooked only because they were unaware of how the magic trick worked. If they just added a link to a FAQ that said basically "we're not stalking you, here's how we're doing it" maybe that's all that's needed?
Yes, I've read about it - like you I think they've got some way to go to make it an interesting proposition to the "average joe".
It helps with the cost issue - replacing a rental fee with a one off payment of what - $60 or something like that? That's an improvement but I think they still have a hill to climb to persuade millions of people to shell out for one. They need a killer app - the idea they're running with of it helping you retain control over your private data probably isn't enough of an incentive on its own to get most to open their wallets.
True, but then there's also the cost of running a Diaspora node, or equivalent, that needs to be addressed.
With free software we're lucky that the economics works in our favour - although we aim to emphasize the freedom aspect over "free-as-in-beer", the latter undoubtedly plays a big part when it comes to the widespread adoption of a particular application.
As others have already said, p2p is one solution to the cost problem, but risks taking a step back in ease of use, as you now need a social networking client application instead of just firing up a browser. Might work with mobile apps though.
Now if there were a p2p based system that ran in the browser, maybe that would be the sweet spot. I'm not sure that such as thing is currently possible though.
Re: Quantity to quality
It's not the existence of Markets that define capitalism - it's the fact that Markets are the dominating force that determines how society operates that is the key to what we call capitalism.
Re: Re: Re: Why didn't they prevent it?
Re: Re: Why didn't they prevent it?
Just sayin'
Re:
At first I felt sure there was a flaw there somewhere ...
... then I realised - your way is better!
Re: Re: Re: Re: Re: Re: Browser plugin not an optional extra
I was primarily thinking of intentionally malicious alterations.
> I would trust an open source implementation.
So would I, up to a point. It doesn't make security issues magically disappear, but does make things a lot more difficult for a potential attacker.
I'll concede my concerns over plugin security might be overblown, but I stand by my main point that web cryptography cannot be done entirely in javascript without some sort of browser support.
Re: Re: Re: Re: Browser plugin not an optional extra
Several comments have pointed out that it would be a complete joke if you were to give Google your encryption key as it would be no better than not using encryption at all (in fact it would be worse, as you might *think* your email was private).
I was originally trying to make the point that this would be completely insecure even if you were to attempt to keep the private key client-side (or on dropbox etc) and do the encryption locally, which the article implied might be more secure.
While using a plugin is potentially more secure - it's still possible for security to be compromised here too. Suppose the plugin as originally distributed was fine and got the all clear by the security community, but was later compromised by the browser's auto-update feature. How long would it take to be noticed and how much email would be compromised before it was? What if the Feds were targeting you specifically and only you got the compromised plugin, how long would it be before you smelled a rat? Could Google be relied upon to push back against either of these if the government twisted it's arm?
The bottom line is: Do you trust Google? If you do, then HTTPS is all you need to secure your email from everyone else. If you don't trust Google then why would you trust their encryption implementation?
Re: Re: Browser plugin not an optional extra
Therefore you have no real control over anything the code running on your browser is doing, despite the fact that it running on the client rather than on the server.
Browser plugin not an optional extra
Any solution that involves adding a button to gmail's web interface fundamentally cannot be secure. Even if you did public-key encryption with all the work done client-side in the browser, that still involves downloading the javascript to do it from the server and there's no way to prevent Google from installing a backdoor at any time if they want or are forced to by the government.
Even *with* a browser plugin it's problematic as it's difficult to do it in a way that ensures it cannot be bypassed. e.g. the client-side javascript could request the text you entered to be encrypted by the browser, so you get all the right feedback, then substitute it with the unencrypted version when submitting it to the server.
And let's not forget that if Google have provided the plugin it also might be compromised through the browser's auto-update feature.
Time dependent?
I don't think TLS handshakes do anything like this, do they?
Why general purpose computing gets a pass
It'd be interested to look at some of the patents covering modern processors. Wouldn't these already have claims covering the running of arbitrary programs on the hardware?
Why then would taking a PC with a processor whose patent covers running software - and running software on it - generate a new patent?
Re: Re: Re: Re: Re: Re: Re: "If you didn't take the hint [fill in latest corporate policy]"
Well no, you were asked:
"Show me a historical corporation that got powerful and needed a government to bring it down that wasn't given that power by the government to begin with."
Google wasn't granted any significant power by the government, nor does it show any real need to be "brought down" (FDA's threatened anti-trust investigation non-withstanding). Incorporated in 1998, it arguably isn't even an "historical corporation" ;-)
Second, the statement seemed to indicate that the Government 'helped' specific companies by creating incentives for a specific company or industry, at least that is how I read it. In many cases this is true. The government, for example, helped the railroad, phone companies, etc by creating conditions that made it favorable for the company to do something it otherwise would not. In fact the government required it.
Yes, it granted them significant property rights over the land and a monopoly over the resulting infrastructure. If you're going to do that then you need to properly regulate the companies to ensure they don't abuse the privileged position they've been granted. Unfortunately the government has largely failed to do this and I'm not altogether convinced it is even possible to make this work.
The Government did not aim to create a software company (Microsoft) or a smartphone / tablet maker (Apple). Microsoft and Apple did what all companies, and in fact nearly all people do, they exploit an existing situation to their advantage. That is pretty much nature, you find it in plants, animals, and people.
No argument there - offer someone power and they will take it. It's also clear that they will often abuse it if they can get away with it, particularly in the case of corporations whose only motive is profit. I don't have any magic solutions to this problem, but identifying it as a problem has to be the first step.
Government attempts, often wrong headed to be sure, to level the playing field. The problem, especially today, is that the game is changing nearly daily and the laws don't. Any person or company can, and will use that to their advantage.
The problem is, nearly every example that appears on this site is an example of the government tipping the playing field in favour of someone, or failing to level the playing field when it is clear that they need to do so. Some of it is down to glacial reaction speeds, sure, but often it is down to people or corporations with government granted power and influence using said power to their unfair advantage.
You sound like Obama "If you have a business, you didn't build that". That is patently absurd. People (and corporation are made up of *gasp* people, and will exploit their environment, to their advantage, to reach their goal. This will happen, with or without government intervention.
I'm not one of those people who think corporations and/or capitalism are inherently evil. A free market is supposed to be largely self-regulating, at least in theory. However it's difficult to tell as I'm not sure we have ever had a true free market economy to observe!
You could kill copyright today and in a short period of time those affected would come up with other ways to make money
Good! I don't want companies to stop making money - I just want them to stop gaming the system while they are doing it. Getting rid of copyright and patents would be an excellent first step!
Re: Re: Re: Re: Re: "If you didn't take the hint [fill in latest corporate policy]"
Well OK then ...
Microsoft wouldn't even have a business model without copyright (a government granted monopoly whether you agree with it or not).
Apple might do a bit better, but they would probably have done less well if they hadn't been able to enforce their EULA forbidding Mac OS installs on third party hardware. More recently they've used patents mercilessly to try to prevent competition.
General Electric - don't power companies in the US get their operating license from the government?
Which just leaves Google. The only company in your list that didn't get much government help AFAIK and as a consequence doesn't much need to be brought down as it doesn't hold a monopoly position.
Try again.
Clever Apple?
If Apple et al were really that clever, surely they would have heard the maxim "what's good for the goose...". What is to prevent Apple's competitors from selling their portfolios to a different NPE with a nudge and a wink that it might want to go after Apple?
Hell, never mind finding a different NPE, I wouldn't be at all surprised to find IV playing both sides of the fence, just with a different set of shell companies...
Carrot not Stick
This is a much more manageable situation - it makes it less likely that you would get trolls attempting to get others classified as jerks as there wouldn't be as much incentive. Instead it encourages players to behave responsibly in the game in order to get the reward - it doesn't even really matter if they're naturally likable people or if they're just repressing they're normal jerky behaviour - it's results that count ;-)
Re: Re: Re: Re:
password1
password2
password3
password4
...
So then you really ramp up the security and insist on mixed case with mandatory punctuation characters ...
%Password1
%Password2
%Password3
%Password4
...
Disclosure
For me it's the lack of any real disclosure that annoys me. Patents are supposed to provide sufficient information that a person skilled in the art can reproduce it with relative ease. Generally this means it should be sufficiently detailed that the recipient does not need to add any significant creativity or ingenuity of his own.
So for example, if I were attempting to patent the Carburetor, I should need to provide blueprints and specifications such that anyone with a workshop and sufficient skill would be able to build one. It would be no good me putting "a device that mixes gasoline and air" and more or less leaving it at that! Even a lengthy explanation of what it does and the principles on which it operates would still be considered insufficient disclosure in most fields.
The equivalent disclosure for software patents should be to provide full source code such that any reasonably skilled developer can reproduce the invention without writing the thing from scratch himself.
Just 'fess up (as Eclecticdave)
Re: Re: New Texas voter!
http://en.wikipedia.org/wiki/Mr._Smith_%28TV_series%29
Mind you, maybe this Mr Smith would be a better candidate ... he could hardly do a worse job.
Re: Re: Re: Re:
It helps with the cost issue - replacing a rental fee with a one off payment of what - $60 or something like that? That's an improvement but I think they still have a hill to climb to persuade millions of people to shell out for one. They need a killer app - the idea they're running with of it helping you retain control over your private data probably isn't enough of an incentive on its own to get most to open their wallets.
Re: Re:
With free software we're lucky that the economics works in our favour - although we aim to emphasize the freedom aspect over "free-as-in-beer", the latter undoubtedly plays a big part when it comes to the widespread adoption of a particular application.
As others have already said, p2p is one solution to the cost problem, but risks taking a step back in ease of use, as you now need a social networking client application instead of just firing up a browser. Might work with mobile apps though.
Now if there were a p2p based system that ran in the browser, maybe that would be the sweet spot. I'm not sure that such as thing is currently possible though.
More comments from eclecticdave >>
Techdirt has not posted any stories submitted by eclecticdave.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt