It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by XPLodER
reply to post by HattoriHanzou
Heh, you don't understand how these big web sites think. Their users are their PRODUCT. For this magical UCE technology to be put in place, you have to show a benefit for the site owners AND the users. If there is anything that impacts Twitter or Facebooks chances of seeing the user's private data, they will not implement it.
I don't feel sorry for the users of most web sites. They are usually oblivious and oblivious people do not deserve pity. And the site owners? I have been in a war with them for a decade, blocking their ads and cross site tracking schemes that they all seem to favor.
well twitter uses HTTPS for user privacy and security, in that case the "tweets" themselves are the advertising
and the public facing nature of tweets are the product, not the private user information, yes it does help with "directed" advertising, but when you can "tweet" you dont need exterior "direction of advertising"
well only "first party advertisers" would be able to push ads at you and third party tracking would be denied.
with UCE cross sight scripting would be virtually imposable.
facebook is not interested in privacy, and should not be confused with sights that consider privacy as "important"
ps i wound not use Facebook if you payed me
xploder
If you think Twitter and Facebook are not using all the information you provide them, including your passwords, to build a profile of you, you aren't paranoid enough. People often reveal very personal details of their lives and minds in their passwords, and this is valuable for building a marketing profile. It follows that this information is used.
Cross site scripting is the only way that site owners and ad-companies can cooperate, because they mutually distrust each other. Basically their priorities, at any for-profit web site, put users last because they are merely a product.
Jonathan Mayer, a researcher at Stanford, has contributed a patch for Firefox that will block third-party cookies from installing on the user's browser. The patch is set to be incorporated into Firefox 22. For some sense of timing on the project, Firefox 19 was released on Tuesday.
With the patch, Firefox would allow all cookies from sites that a user actively visits, but it would block cookies from third-party sites if a user has not visited that cookie's origin site. Advertisers generally place third-party cookies and can collect data about a user across several websites with them. This is used to serve more targeted ads or refine where an advertising firm should spend its money.
Blocking third-party cookies would not be new or unheard of among browsers; Apple's Safari already rejects cookies from third parties. In a blog post on Friday, Mayer called the Firefox patch “a slightly relaxed version of the Safari policy.” Chrome allows all cookies, and Internet Explorer blocks some third-party cookies, although not all.
Originally posted by HattoriHanzou
reply to post by XPLodER
I think you're missing my point. At this juncture, using a web site is not akin to negotiating with another person. You must accept that not only will the site owner do whatever they want to extract all possible revenue from you, but that they will sell this information to anybody and everybody. Additionally, they will change their terms of service continually in order to exploit their users more and more.
The problem, though, is ultimately that the users of these web sites are by and large unconcerned about the implications of all of this. Until the vast majority of users start becoming concerned with their privacy, and show that they will not longer use web sites that gather, sell, or use their personal data in order to make a profit, nothing will change.
People in the know will continue to protect their privacy and most will go along with the program, happy in their ignorance.
Originally posted by XPLodER
Originally posted by HattoriHanzou
reply to post by XPLodER
I think you're missing my point. At this juncture, using a web site is not akin to negotiating with another person. You must accept that not only will the site owner do whatever they want to extract all possible revenue from you, but that they will sell this information to anybody and everybody. Additionally, they will change their terms of service continually in order to exploit their users more and more.
The problem, though, is ultimately that the users of these web sites are by and large unconcerned about the implications of all of this. Until the vast majority of users start becoming concerned with their privacy, and show that they will not longer use web sites that gather, sell, or use their personal data in order to make a profit, nothing will change.
People in the know will continue to protect their privacy and most will go along with the program, happy in their ignorance.
it is my belief that more and more people will become concerned about privacy as more and more information comes out about the practices of the advertisers.
in fact mega.co.nz shows that that there is a market for privacy services,
and more and more people are using add blockers,
and more and more web browsers will block third party cookies by default.
so maby the could be a market for "ethical" advertisers over time,
and this would increase privacy over time.
now would be a good time to start an "privacy by design advertising company"
where customers "choose" who can advertise to them
xploder
People like the idea of privacy, but are unwilling to undergo any difficulties or expend any effort to achieve it. They like placebos. Take Mega - the encryption keys to any given file are held not just by the user, but by Mega as well.
This means they are susceptible to a court ordered seizure.
Slashdot had a good article a few weeks back on the security missteps that Kim Dotcom made.
He's just trying to protect his own ass and benefit by leeching ad bucks off pirates, same as with his old site, but now he is saying that because the files are encrypted, that Mega can't tell if they are pirated, so it's a CYA maneuver and nothing more.
Unlike you I am not hopeful, because people by and large don't even think about privacy. Since 9/11 we have endured a police state with deeper surveillance than East Germany, and ever more intrusive activities by the government and companies alike.
You're still working under what I think is an incorrect assumption, which is that the users are in control of their interactions with sites and advertisers. I mean, they could be if they wanted to be, but they don't so they aren't. This is why privacy has been suffering.
For my own benefit, I'll keep blocking the ads and using my hosts file and ad-busting proxy and such, but I am clearly in the tiniest of minorities here.
Originally posted by XPLodER
Originally posted by kwakakev
To safely store private information on the internet, UCE is the most common sense method. A big problem with encryption is how to safely transfer keys. If the key does not need to go anywhere and just remain with the user then there is no need to transfer it and risk potential exposure of it.
If the users system has been compromised with key loggers, packet sniffers and other system monitors then there is still a risk of the key being stolen. For Mega's system it does provide an added level of safety as each users system will need to be hacked to decrypt the whole lot. With a 2048 bit key it is going to take a lot of grunt to brute force it. If Mores law is still in effect, but the latest developments are under a national security blanket then the exponential growth of computer power will hack it some time in the future. With some of the proposed claims of quantum computing power, new algorithms and techniques will have to be developed. But the core concept of the key and encryption taking place on the users machine will remain strong.
hi bud
another interesting idea is the public/ private key combination becomes the public key for a second public/private key pair,
you are correct about key loggers, there are screen based keyboard software, with mulitipule mouse pointers moving around, so that key loggers and screen shots are much less effective. but even with packet sniffers or a "man in the middle attack" you would find it difficult to collect enough of the hand shake exchange to do much good.
as for quantum computation, i dont think its as far off as we think,
xploder
Quantum will be kept out of the hands of everyday people for as long as possible. I would estimate that it will be decades before you can buy off-the-shelf quantum anything, even though it's operational in labs today and we have the technology for mass production now.
Quantum algorithm breakthrough February 24, 2013 An international research group led by scientists from the University of Bristol, UK, and the University of Queensland, Australia, has demonstrated a quantum algorithm that performs a true calculation for the first time. Quantum algorithms could one day enable the design of new materials, pharmaceuticals or clean energy devices.
Read more at: phys.org...
Originally posted by XPLodER
reply to post by HattoriHanzou
Quantum will be kept out of the hands of everyday people for as long as possible. I would estimate that it will be decades before you can buy off-the-shelf quantum anything, even though it's operational in labs today and we have the technology for mass production now.
phys.org...
Quantum algorithm breakthrough February 24, 2013 An international research group led by scientists from the University of Bristol, UK, and the University of Queensland, Australia, has demonstrated a quantum algorithm that performs a true calculation for the first time. Quantum algorithms could one day enable the design of new materials, pharmaceuticals or clean energy devices.
Read more at: phys.org...
i have read about other teams that are also having promising results,
worth the read.......
xploder
Originally posted by ecoparity
It's not the implementation of UCE by Mega that matters, it's the concept.
Someone is going to make millions by coming up with an easy to implement version of this to protect digital rights in content.
The obstacles are all surmountable. The cert authorities who were compromised should be taken out of the CA business. It's not difficult to keep your master hash seeds and certs in a sterile server (a sterile server or PC is a computer which is booted from a non writable image such as vmware, VPS, etc which has no browser plugins or even web browser if it's not needed, no java, etc. Ideally it is not even connected to the internet or company network). Human laziness always seems to be the break in the chain....
Apparently Mega did a poor job of implementing the concept but they've already begun fixing those issues and by releasing it to the Unis they hope it will be developed to it's full potential.
I'm tired of watching the modern day example of industry holding up progress for the sake of preserving their business model that passes for Hollywood and the music industry. Anyone who thinks the energy companies, auto companies and biotech are not doing / have not been doing the same is blind to what's right in front of you. Anything Hollywood can do the big oil companies can do much easier and much better, see?
People don't realize how much is held up by this issue. Faster internet in the US, for example. Make it possible for HWood to distribute new releases via the Internet and you'll see fiber internet spread like copper. It's about damn time someone came up with an idea that has the potential to solve the problem.
Originally posted by XPLodER
Originally posted by ecoparity
It's not the implementation of UCE by Mega that matters, it's the concept.
yes,
spot on, this concept can be used in all sorts of environments
Someone is going to make millions by coming up with an easy to implement version of this to protect digital rights in content.
you buy a temp password that expires after a period of time.
mega could already achieve this, or some similar implenentation
The obstacles are all surmountable. The cert authorities who were compromised should be taken out of the CA business. It's not difficult to keep your master hash seeds and certs in a sterile server (a sterile server or PC is a computer which is booted from a non writable image such as vmware, VPS, etc which has no browser plugins or even web browser if it's not needed, no java, etc. Ideally it is not even connected to the internet or company network). Human laziness always seems to be the break in the chain....
or a network interface controller that has hardware for send on the sterile server and receive on the distributing server, hardware level isolation, it just means physical access is required to administer the cert server
Apparently Mega did a poor job of implementing the concept but they've already begun fixing those issues and by releasing it to the Unis they hope it will be developed to it's full potential.
i agree this is a great product, and has potential to change privacy and security world wide.
the next logical step is to supply it to universities,
one point to make is that by its design, it can be updated centrally in hours without requiring updates downloaded to all end users
I'm tired of watching the modern day example of industry holding up progress for the sake of preserving their business model that passes for Hollywood and the music industry. Anyone who thinks the energy companies, auto companies and biotech are not doing / have not been doing the same is blind to what's right in front of you. Anything Hollywood can do the big oil companies can do much easier and much better, see?
disruptive innovation brings about change by its very nature, UCE is better faster and less expensive,
if it saves money and time it will be adopted
People don't realize how much is held up by this issue. Faster internet in the US, for example. Make it possible for HWood to distribute new releases via the Internet and you'll see fiber internet spread like copper. It's about damn time someone came up with an idea that has the potential to solve the problem.
at this point its either adapt or be left behind,
the technology has progressed passed the point of being suppressed,
it offers savings and people find it fast and easy to use.
the way of the future
xploder
Originally posted by kwakakev
As someone currently developing a website, the issues of protecting private information greatly concern me. Passwords can easily be protected through hashing, but as for the other user data like names and email addresses, this data does need to be searchable and accessible through the database. Sure I could encrypt the whole database as well, but if someone gains administrator or copy rights to the website, they also get access to all the source code which will make any further encryption ineffective and easily defeated.
Since most of the content in the website will be accessible by the public, this information effectively becomes public domain. As a website administrator, I do have grave concerns with the integrity of the information if I am to provide a user controlled encryption for this site. What happens if the users machine is damaged or they lose their password? then all of their private content becomes corrupted and unusable. How popular would facebook, twitter or even ATS be if they had to permanently lock you out of your account because it is impossible to verify any personal information?
For sites like Mega, UCE is a great way to provide plausible deniability and establish reduced responsibility for the website administrator with the content that does pass through their site.
For other sites, UCE does create a multitude of problems for the website administrators in fulfilling user access requirements.
One thing's for sure - we're all on a train that is headed down a set of tracks to somewhere, but nobody knows quite where yet.