Comments on: How to go about nicking e-Stuff http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/ tim stevens // cyberassemblage Sun, 14 Mar 2010 09:43:06 +0000 http://wordpress.com/ hourly 1 By: Tim Stevens http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/#comment-312 Tim Stevens Thu, 24 Jul 2008 21:14:19 +0000 http://ubiwar.wordpress.com/?p=311#comment-312 Not in this case, no. The U.S. is taking the lead on this kind of thing though, I'm glad to see. Not in this case, no. The U.S. is taking the lead on this kind of thing though, I’m glad to see.

]]> By: Chris http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/#comment-310 Chris Thu, 24 Jul 2008 20:05:13 +0000 http://ubiwar.wordpress.com/?p=311#comment-310 Just to close the loop, here's a collection of Phorm-related atricles at <em>The Register</em>: http://www.theregister.co.uk/2008/02/29/phorm_roundup/ Remember that <em>El Reg</em> is pretty hard-right Libertarian on Internet privacy matters, but we're not looking of balance on this issue, are we? Just to close the loop, here’s a collection of Phorm-related atricles at The Register:

http://www.theregister.co.uk/2008/02/29/phorm_roundup/

Remember that El Reg is pretty hard-right Libertarian on Internet privacy matters, but we’re not looking of balance on this issue, are we?

]]> By: Tim Stevens http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/#comment-244 Tim Stevens Tue, 08 Jul 2008 19:20:14 +0000 http://ubiwar.wordpress.com/?p=311#comment-244 <i>Just for the sake of argument, I’m going to be bold and interpret this to mean “I’m doing nothing illegal, so have nothing to hide”.</i> That's not what I meant at all, but since it's for the 'sake of argument' I'll let it slide. <i>Wouldn’t it be better all round if exercising your right to private communication were the norm, rather than the exception?</i> To quote Homer Simpson, "You're living in a land of make-believe!" If only the default condition of individuals in the war <strike>of</strike> on terror were indeed innocence rather than guilt, nobody would be able to wave the 'if you're doing nothing illegal, you've got nothing to hide' in our faces. At least the principle of <em>habeas corpus</em> seems to be making a bit of a comeback, but it'll probably go the way of Rick Astley's recent resurgence. Schneier at BT. Hmm. Thought I'd heard that somewhere, but must have mentally dismissed it. Will look into it. What's Phorm? Just for the sake of argument, I’m going to be bold and interpret this to mean “I’m doing nothing illegal, so have nothing to hide”.

That’s not what I meant at all, but since it’s for the ’sake of argument’ I’ll let it slide.

Wouldn’t it be better all round if exercising your right to private communication were the norm, rather than the exception?

To quote Homer Simpson, “You’re living in a land of make-believe!” If only the default condition of individuals in the war of on terror were indeed innocence rather than guilt, nobody would be able to wave the ‘if you’re doing nothing illegal, you’ve got nothing to hide’ in our faces. At least the principle of habeas corpus seems to be making a bit of a comeback, but it’ll probably go the way of Rick Astley’s recent resurgence.

Schneier at BT. Hmm. Thought I’d heard that somewhere, but must have mentally dismissed it. Will look into it. What’s Phorm?

]]> By: Chris http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/#comment-243 Chris Tue, 08 Jul 2008 19:09:26 +0000 http://ubiwar.wordpress.com/?p=311#comment-243 <blockquote>I’m adopting an openness policy here</blockquote> Just for the sake of argument, I'm going to be bold and interpret this to mean "I'm doing nothing illegal, so have nothing to hide". This is the sort of thing that makes security researchers hopping mad. They usually counter this argument by asking whether you send all your private correspondence on picture postcards. Most people only worry about using over-the-wire encryption to protect their banking activities. Almost all other traffic is sent <em>en clair</em>, to say nothing of the contents of people's hard drives. ISPs now routinely inspect packets to see whether you're up to tricks, like sharing your Abdullah Ibrahim mp3 collection to all and sundry, and shape (or, like Virgin Media, block) your traffic accordingly. To counter this, SSL is being offered by services like The Pirate Bay, and μTorrent offers easy encryption by default. At this rate, there's a real danger that any SSL traffic will soon be treated as suspect, if not downright villainous. Wouldn't it be better all round if exercising your right to private communication were the norm, rather than the exception? It's interesting you mention Bruce Schneier. He's now the Chief Security Technology Officer at BT, an ISP that has recently engaged the services of those purveyors of über-Stasi snoopware, Phorm.

I’m adopting an openness policy here

Just for the sake of argument, I’m going to be bold and interpret this to mean “I’m doing nothing illegal, so have nothing to hide”. This is the sort of thing that makes security researchers hopping mad. They usually counter this argument by asking whether you send all your private correspondence on picture postcards.

Most people only worry about using over-the-wire encryption to protect their banking activities. Almost all other traffic is sent en clair, to say nothing of the contents of people’s hard drives.

ISPs now routinely inspect packets to see whether you’re up to tricks, like sharing your Abdullah Ibrahim mp3 collection to all and sundry, and shape (or, like Virgin Media, block) your traffic accordingly. To counter this, SSL is being offered by services like The Pirate Bay, and μTorrent offers easy encryption by default.

At this rate, there’s a real danger that any SSL traffic will soon be treated as suspect, if not downright villainous. Wouldn’t it be better all round if exercising your right to private communication were the norm, rather than the exception?

It’s interesting you mention Bruce Schneier. He’s now the Chief Security Technology Officer at BT, an ISP that has recently engaged the services of those purveyors of über-Stasi snoopware, Phorm.

]]> By: Tim Stevens http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/#comment-238 Tim Stevens Mon, 07 Jul 2008 21:38:19 +0000 http://ubiwar.wordpress.com/?p=311#comment-238 Bruce Schneier digs TrueCrypt so that's good enough for me. Not that I use it or anything, but I should. As for GMail, jeez, I know those bastards are tracking me relentlessly. I'm adopting an openness policy here - how intelligence (or God forbid, the police) would ever be able to parse my surfing habits, given what I look at for academic and work purposes, is beyond me. Good luck trying though. You'll never catch me alive, copper, etc. Bruce Schneier digs TrueCrypt so that’s good enough for me. Not that I use it or anything, but I should. As for GMail, jeez, I know those bastards are tracking me relentlessly. I’m adopting an openness policy here – how intelligence (or God forbid, the police) would ever be able to parse my surfing habits, given what I look at for academic and work purposes, is beyond me. Good luck trying though. You’ll never catch me alive, copper, etc.

]]> By: Chris http://ubiwar.com/2008/07/05/how-to-go-about-nicking-e-stuff/#comment-237 Chris Mon, 07 Jul 2008 21:08:16 +0000 http://ubiwar.wordpress.com/?p=311#comment-237 I noted with simultaneous satisfaction and alarm that Neil Entwistle's conviction for the murder of his wife and child was partly secured on his Internet search history. His "username" had searched for the "best" way to kill someone four days before the murders. I wondered if he had left himself logged in to his gmail while searching, but maybe they just scraped his browsing history: GET formdata is encoded in the URL. So, use Scroogle over SSL for the win: https://ssl.scroogle.org/sslnote.html For the discerning cyberwarrior, TrueCrypt offers the best protection for your storage. My favourite feature is the second hidden volume. When tortured for your passphrase, you can provide the key that unlocks the less-sensitive of two areas of disk, safe in the knowledge that your real secrets remain hidden. I noted with simultaneous satisfaction and alarm that Neil Entwistle’s conviction for the murder of his wife and child was partly secured on his Internet search history. His “username” had searched for the “best” way to kill someone four days before the murders. I wondered if he had left himself logged in to his gmail while searching, but maybe they just scraped his browsing history: GET formdata is encoded in the URL. So, use Scroogle over SSL for the win:

https://ssl.scroogle.org/sslnote.html

For the discerning cyberwarrior, TrueCrypt offers the best protection for your storage. My favourite feature is the second hidden volume. When tortured for your passphrase, you can provide the key that unlocks the less-sensitive of two areas of disk, safe in the knowledge that your real secrets remain hidden.

]]>