Recent Posts

5576

General Software Discussion / Re: Chrome’s insane password security strategy

« Last post by wraith808 on August 23, 2013, 07:51 AM »

Of course, you can use Chrome without ever signing in, but as soon as you do, you have no control over what is spread around through the sync function.  As I said, I use Android devices and I also have ported my home and business phone numbers to Google Voice to keep them when I dumped the landlines they were attached to.  This means I need to sign into my Google accounts regularly. I just don't use Chrome to do so, because I don't want whatever is cached locally from other sessions to be synced to those Google accounts.

-xtabber (August 22, 2013, 10:10 PM)

Yes, you do.  The answer is... nothing.  As I said, I never sign in.  Not to the browser.  Not to the extension manager.  It's a pain doing everything myself, but I don't for the very reason that you say.  I don't use sync.  I use xmarks to sync my bookmarks, 1Password for my passwords, and just do everything else manually.

5577

Living Room / Re: Sci-fi novel now available from DC member kyrathaba!

« Last post by wraith808 on August 22, 2013, 03:41 PM »

Besides, if someone terribly savvy wants to hack it, it's free advertising...

-kyrathaba (August 22, 2013, 03:35 PM)

You have said what several companies have not been able to get their minds around LOL

5578

General Software Discussion / Re: Chrome’s insane password security strategy

« Last post by wraith808 on August 22, 2013, 02:26 PM »

The bigger problem IIRC is the default setting to sign you in automatically every time you open Chrome. In fact I don't even recall if that's a setting you can change and I think you also have to go to the Settings page to sign out even though the Sign In link is on every blank tab you open. That's just dishonest.

-Vurbal (August 22, 2013, 02:22 PM)

Which is why I don't ever do it.  And change my default page so I never see that trash again.

5579

General Software Discussion / Re: Chrome’s insane password security strategy

« Last post by wraith808 on August 22, 2013, 12:09 PM »

Chrome has another gigantic security hole baked in: if you sign in to your Google account, it automatically syncs with Google's servers and caches account information on whatever computer you signed in from.

I won't install Chrome on any of my PCs and will only run it from inside a VM. 

I use Android devices extensively, so I am automatically signed in to my Google accounts at all times, but I use Chrome as little as possible for browsing on those devices and always make sure that I have password saving disabled in any browser I use .  There are plenty of good Android browsers that offer much better privacy options.

-xtabber (August 22, 2013, 10:05 AM)

I don't think this is the case.  You have to actually sign into the browser.  Which I don't do.

5580

Announce Your Software/Service/Product / Re: Autographed Paperback copies of Kyrathaba Rising novel available

« Last post by wraith808 on August 21, 2013, 04:29 PM »

^ Darned gender-neutral names!  

5581

General Software Discussion / Re: Chrome’s insane password security strategy

« Last post by wraith808 on August 21, 2013, 03:10 PM »

Besides, even if Chrome had a password encryption scheme it would automatically be suspect as long as the NSA has Google at least halfway under their thumb. Which seems to justify my general policy of not trusting anybody to provide me with both cloud services and any type of sensitive information beyond the scope of those services.

-Vurbal (August 21, 2013, 02:51 PM)

(thanks Ren!)

5582

Living Room / Re: Manning Verdict in: guilty on all counts but one

« Last post by wraith808 on August 21, 2013, 12:07 PM »

While I do think it's true that he indiscriminately released documents that would not fall under the whistleblower category... the one that would seems like it would have been enough to forgive for the others (if only partially).

5583

Living Room / Re: Knight to queen's bishop 3 - Snowden charged with espionage.

« Last post by wraith808 on August 20, 2013, 11:47 PM »

PM 'told Heywood to warn Guardian'

5584

Living Room / Re: Manning Verdict in: guilty on all counts but one

« Last post by wraith808 on August 19, 2013, 08:05 AM »

^ Yeah... we might want to calm that part of things down... it seems headed for basement territory.  Some people view it as torture or unreasonable punishment, especially in light of the fact that he'd not been convicted of anything and this is the US.  Some don't, and view it as just desserts of a traitor.  Let's... leave it at that.

5585

Living Room / Re: Knight to queen's bishop 3 - Snowden charged with espionage.

« Last post by wraith808 on August 19, 2013, 08:01 AM »

^ Yeah, I posted that earlier, and not too many people had nice things to say about him. 

5586

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by wraith808 on August 18, 2013, 11:50 PM »

from boingboing

5587

Living Room / Re: Manning Verdict in: guilty on all counts but one

« Last post by wraith808 on August 18, 2013, 11:48 PM »

Manning sentencing: judge rejects claim leaks had 'chilling effect'

5588

General Software Discussion / Re: Chrome’s insane password security strategy

« Last post by wraith808 on August 18, 2013, 11:12 AM »

This isn't really that new, people have been asking for a Master Password feature, (ala Firefox), in Chrome since about 15 minutes after it obtained the ability to store passwords.

Google's response has always been the same: not interested.

-4wd (August 18, 2013, 12:27 AM)

I guess from the fact that no extensions exist that do that very thing that there's no way to lock down access to that URL with an extension?

5589

Living Room / Re: Hacker Posts About FB Flaw to Zuckerberg's Wall (gets way worse)

« Last post by wraith808 on August 18, 2013, 10:40 AM »

This is exactly why security experts should instead of reporting bugs to companies, should just sell exploits to criminals. If companies won't act in good faith, why should any security experts?

-Renegade (August 17, 2013, 11:28 PM)

That's been tried already ... The NSA screwed them too.

-Stoic Joker (August 18, 2013, 08:11 AM)

  oh no he didn't! 

5590

Living Room / Re: Google Goes Dark for Two Minutes. Panic Ensues.

« Last post by wraith808 on August 17, 2013, 09:10 PM »

Ads and tracking add no value at all for the user. They are actually negative value. Google's hosting of jquery or whatever is just more tracking, and nothing any site can't do itself.

-Renegade (August 17, 2013, 08:57 PM)

Yes, you can do it yourself, but by tapping into the codebase that google provides, you save yourself quite a bit of maintenance, which points to what it provides for the end user in those cases; using a shared library means that if there are any security updates, the sites that use the codebase directly from there are exposed for less time.

Not agreeing one way or the other... just pointing that out.

5591

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by wraith808 on August 17, 2013, 09:32 AM »

Even Heroes get Tired

5592

Living Room / Google Goes Dark for Two Minutes. Panic Ensues.

« Last post by wraith808 on August 17, 2013, 09:31 AM »

Google goes dark for 2 minutes, kills 40% of world's net traffic

You can all relax now. The near-unprecedented outage that seemingly affected all of Google's services for a brief time on Friday is over.

The event began at approximately 4:37pm Pacific Time and lasted between one and five minutes, according to the Google Apps Dashboard. All of the Google Apps services reported being back online by 4:48pm.

The incident apparently blacked out every service Mountain View has to offer simultaneously, from Google Search to Gmail, YouTube, Google Drive, and beyond.

Big deal, right? Everyone has technical difficulties every once in a while. It goes with the territory.

But then, not everyone is Google. According to web analytics firm GoSquared, worldwide internet traffic dipped by a stunning 40 per cent during the brief minutes that the Chocolate Factory's services were offline. Here's the graph of what that looked like:

More at link.

They were updating the NSA's backdoor is my call...

5593

Living Room / Re: Google: Gmail users shouldn't expect email privacy

« Last post by wraith808 on August 17, 2013, 09:28 AM »

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

-app103 (August 16, 2013, 06:14 PM)

I don't think the point is what you would expect, in terms of reality today.  It's what you should be able to expect.  And I don't think that, all things being equal, you should have to lock the virtual door in order to get privacy.  Privacy shouldn't have to be based on security.  Because if it is, then we have no privacy.  There are always people that with the appropriate amount of effort and desire, that can crack any security.

-wraith808 (August 16, 2013, 06:58 PM)

It doesn't matter what you expect. In a broken system, if you know it is broken but aren't willing to admit it, how can you ever expect to come up with a solution to the problem? Pointing fingers of blame at those that point out that there is a problem, isn't a solution. In other words, pointing fingers of blame at Google for stating that there shouldn't be an expectation of privacy, doesn't fix the root problem that caused them to be able to state that.

-app103 (August 16, 2013, 08:41 PM)

In fact it *does* matter what I expect.  Like I said, reality is different from my expectations.  But should I change my expectations just because of that?  I mean, I can change my actions without changing my expectations.  People do it every day.  I expect that I shouldn't have to use security to get privacy.  The reality is, that isn't true. I can expect whatever I want, but know that the system is broken.  People do that everyday also.  But conflating the two isn't doing anything but doing the other side's work for them.

Let's put it another way.  Are you saying that just because your e-mail isn't secure, it's OK for anyone to spy on it?  Is the act of looking at your e-mail addressed to a person an invasion of privacy in and of itself?  Or is only an invasion of privacy if you encrypt/secure it?

5594

Living Room / Re: Edward Snowden's Email Provider Shut Down Rather Than Comply With Feds

« Last post by wraith808 on August 17, 2013, 09:20 AM »

relevant: https://www.riseup.n...p-and-government-faq

5595

Living Room / Re: *Email privacy and security survey*

« Last post by wraith808 on August 16, 2013, 10:10 PM »

My situation is slightly different, in that I need Grandma Dum-Dum to be able to send the info to me, not the other way around. And if after receiving the info, I go and change her passwords on her (because she sent them insecurely), and she can't log into her cpanel or ftp, she is going to panic and think I have hijacked her website instead of securing it for her. I'd like to be able to have her give the info to me securely, use it to complete the job she hired me for, then suggest she change the passwords when the job is done. If at that point she doesn't take my advice, at least with it being me that has the password info, with my knowing I won't do anything harmful with it (if I can't trust myself, then who can I trust?), I won't have to worry as much.

-app103 (August 16, 2013, 07:58 PM)

Why can't they create a new user for you?  That's what I do in those cases.  And if she knows how to use cpanel, then that's not that big of a deal to do.  Same for wordpress.

5596

Living Room / Re: Google: Gmail users shouldn't expect email privacy

« Last post by wraith808 on August 16, 2013, 06:58 PM »

I think that asks a bigger question: Why shouldn't we expect it? Seriously.

-40hz (August 16, 2013, 05:07 PM)

So, you are saying that in my example of a hand to hand delivered postcard or post-it note, that you would expect privacy and security? You would not expect anyone along the chain to read it, and funny looks from a prudish neighbor that was part of the delivery chain would come as a complete surprise and shock to you, and you would expect the $10,000 in cash to remain perfectly safe, and feel no need to change the pin on your credit cards?

-app103 (August 16, 2013, 06:14 PM)

I don't think the point is what you would expect, in terms of reality today.  It's what you should be able to expect.  And I don't think that, all things being equal, you should have to lock the virtual door in order to get privacy.  Privacy shouldn't have to be based on security.  Because if it is, then we have no privacy.  There are always people that with the appropriate amount of effort and desire, that can crack any security.

5597

Living Room / Re: *Email privacy and security survey*

« Last post by wraith808 on August 16, 2013, 03:58 PM »

I'm in favor of the single use ephemeral "reset" password scheme.

-Stoic Joker (August 16, 2013, 03:52 PM)

What is this?

5598

Living Room / Re: Google: Gmail users shouldn't expect email privacy

« Last post by wraith808 on August 16, 2013, 03:56 PM »

The interesting point here is that Americans have always assumed - and the laws previously defaulted - to a presumption of privacy in lieu of notice or explicit laws stating otherwise. That's one of the things that was supposed to be so different about this country.

Our current government is now working overtime to stand that concept on its head and disabuse us of the notion we, as US citizens, are morally and legally entitled to personal privacy.

-40hz (August 16, 2013, 03:37 PM)

And *this* is my point.  By conflating the two, we're reducing our rights.  If we don't secure it, then it's OK to look.. and that's not the America that I grew up in.

5599

Living Room / Re: Google: Gmail users shouldn't expect email privacy

« Last post by wraith808 on August 16, 2013, 03:17 PM »

Perhaps the analogy breaks down.  But I think that the points that I'm making are pretty relevant and obvious... or do you disagree with that?

5600

Living Room / Re: Google: Gmail users shouldn't expect email privacy

« Last post by wraith808 on August 16, 2013, 01:21 PM »

That would be a bit more applicable if security is what we were talking about.  Security =/= Privacy, though they have many of the same concerns.

-wraith808 (August 16, 2013, 09:44 AM)

Would you expect any sort of security or privacy with a hand written letter, placed in an unsealed envelope, handed off to a chain of strangers to be finally delivered to its intended recipient (and I am not talking about any government run postal service here)? Any one of the strangers anywhere between you and the recipient could easily snoop on its contents and do whatever they wanted with any info gained from that snooping.

Email is like sending a postcard. There isn't even an envelope.

The only way an email can remain private and secure between point of origin and final destination is if it is encrypted with PGP or something similar.

-app103 (August 16, 2013, 10:15 AM)

Why yes, I would.  And that's the purpose that violating that is a felony. 

My point is, yes... security can make privacy a non-issue.  But privacy is separate.

I put a lock on my door to secure the house.  But even if my door is not locked, someone breaking in is still in violation of the law.  Even if the door is wide open and you walk into my house without invitation, you can be considered in violation of the law.

That's why I say that they are different.  We shouldn't *have* to secure our communications for people to know that if you aren't on end A or end B, it is not for you to look at.

Now, I know reality is different.  But that still doesn't mean we should conflate the two.