Most of the time we do care about (not!) exposing information to third parties. This even applies to generally lower-importance scenarios such as watching YouTube and Netflix videos. ISPs are of special importance,…
I think this is the first time I've heard of NDN, and I've only spent a short while reading about it. My first impression is: 1) It involves addressing chunks of data rather than hosts that hold those chunks. Somewhat…
Wouldn't proper compartmentalization dictate that email providers be explicitly eliminated from the end-to-end encryption process? Apart from being able to inspect email and recognize that it contains content that looks…
Earlier today, and for the first time I recall, Firefox presented me with a slow startup notification. I had some very demanding programs running at the time and knew to dismiss the message without a moments thought.…
I noticed that you said that, and expected others to notice as well. I don't really think your post unreasonable. I'm just a little concerned that, even in a case of pure intentions and desire for balance, extension…
I think this is the fourth or fifth time, in recent memory, that I've seen someone from Mozilla criticize Adblock Plus and call on its developers to make changes. ABP startup time and memory consumption were subjects I…
In order to be effective against the numerous tracking techniques that are in use, the extension MUST block requests. If you aren't breaking many popular websites as a result of blocking their third party requests then…
FYI: The latest versions of Adblock Plus and Adblock Edge yield to Firefox during startup. Which, it seems, prevents them from having loaded all of their rules by the time Firefox begins to process requests. IOW, they…
If I may suggest a slight rephrase: If you are concerned about RELIABLY destroying your data (which involves being able to verify for yourself that it was thoroughly destroyed when you think it was destroyed), you…
Yes! If you don't have a reasonably easy way to inspect and modify what is being sent over the encrypted connections your device makes, you are in very serious trouble. Your device will be [ab]used against you.
It doesn't hurt to dream. Normally ;) BTW, this type of thing might be or become more widespread than I initially thought: http://www.cablewifi.com/
Well, there is Comcast's program to deploy dual-WiFi APs. One side for the subscriber, one side for Comcast to use as it sees fit (public hotspot being a declared use):…
Lets ask the other question too: why do I not want IPv6? It seems to me that NAT serves a very useful role in terms of helping to hide information about your internal network (the devices on that network, their roles…
Snowden or no Snowden, a security focused developer wouldn't want someone else signing on their behalf or someone else controlling availability and updating. A security focused user wouldn't want to see that either.
I think Mozilla may be headed in the same direction. Add-on File Registration System: http://www.ghacks.net/2013/11/01/mozillas-add-file-registrat... Merging of AMO with Firefox Marketplace:…
Given that the business model in question has come to revolve around highly targeted advertising achieved via extensive tracking and profiling of users, it certainly deserves to be threatened. Unfortunately, the…
> We still need servers as rendezvous points, and we can't expect everybody to run their own services. Properly setting up a mail server is hard. What could be done about this? Running a server on someone else's…
Some reporting suggested that the NSA and FBI are working together in a way. Perhaps the NSA uses PRISM to spy on foreigners (freely) while the FBI uses PRISM to spy on Americans (with more restraint, hopefully)?
To your first point, who is the identity provider? In practice, it will almost always be 1) a third party, and 2) an email provider that is unlikely to deviate from the "must be a functional email address" approach. So…
It would seem that developers receiving verified email addresses of users was deemed more important than privacy and supporting scenarios where email addresses aren't required to establish accounts :( IMO, a hard…
The threat is from government and collaborators. Some collaborators are probably lobbying to have government surveillance programs expanded because they think it will benefit their bottom line. Other collaborators may…
Based on my server logs, Google will offer STARTTLS and also use STARTTLS when offered. So there can be MTA<->MTA encryption. Unfortunately, many MTAs don't do one or both, and that includes those run by some of…
Have you asked your attorney why he adds that warning, and asked whether attorney-client privilege is waived if email messages and documents are exchanged over an SMTP system which allows the messages to be read by…
It appears to me that in order to run your own Persona Identity Provider you must setup and maintain an SSL capable webserver for your email domain, equipped with a certificate that chains up to one in Mozilla's bundle…
Most of the time we do care about (not!) exposing information to third parties. This even applies to generally lower-importance scenarios such as watching YouTube and Netflix videos. ISPs are of special importance,…
I think this is the first time I've heard of NDN, and I've only spent a short while reading about it. My first impression is: 1) It involves addressing chunks of data rather than hosts that hold those chunks. Somewhat…
Wouldn't proper compartmentalization dictate that email providers be explicitly eliminated from the end-to-end encryption process? Apart from being able to inspect email and recognize that it contains content that looks…
Earlier today, and for the first time I recall, Firefox presented me with a slow startup notification. I had some very demanding programs running at the time and knew to dismiss the message without a moments thought.…
I noticed that you said that, and expected others to notice as well. I don't really think your post unreasonable. I'm just a little concerned that, even in a case of pure intentions and desire for balance, extension…
I think this is the fourth or fifth time, in recent memory, that I've seen someone from Mozilla criticize Adblock Plus and call on its developers to make changes. ABP startup time and memory consumption were subjects I…
In order to be effective against the numerous tracking techniques that are in use, the extension MUST block requests. If you aren't breaking many popular websites as a result of blocking their third party requests then…
FYI: The latest versions of Adblock Plus and Adblock Edge yield to Firefox during startup. Which, it seems, prevents them from having loaded all of their rules by the time Firefox begins to process requests. IOW, they…
If I may suggest a slight rephrase: If you are concerned about RELIABLY destroying your data (which involves being able to verify for yourself that it was thoroughly destroyed when you think it was destroyed), you…
Yes! If you don't have a reasonably easy way to inspect and modify what is being sent over the encrypted connections your device makes, you are in very serious trouble. Your device will be [ab]used against you.
It doesn't hurt to dream. Normally ;) BTW, this type of thing might be or become more widespread than I initially thought: http://www.cablewifi.com/
Well, there is Comcast's program to deploy dual-WiFi APs. One side for the subscriber, one side for Comcast to use as it sees fit (public hotspot being a declared use):…
Lets ask the other question too: why do I not want IPv6? It seems to me that NAT serves a very useful role in terms of helping to hide information about your internal network (the devices on that network, their roles…
Snowden or no Snowden, a security focused developer wouldn't want someone else signing on their behalf or someone else controlling availability and updating. A security focused user wouldn't want to see that either.
I think Mozilla may be headed in the same direction. Add-on File Registration System: http://www.ghacks.net/2013/11/01/mozillas-add-file-registrat... Merging of AMO with Firefox Marketplace:…
Given that the business model in question has come to revolve around highly targeted advertising achieved via extensive tracking and profiling of users, it certainly deserves to be threatened. Unfortunately, the…
> We still need servers as rendezvous points, and we can't expect everybody to run their own services. Properly setting up a mail server is hard. What could be done about this? Running a server on someone else's…
Some reporting suggested that the NSA and FBI are working together in a way. Perhaps the NSA uses PRISM to spy on foreigners (freely) while the FBI uses PRISM to spy on Americans (with more restraint, hopefully)?
To your first point, who is the identity provider? In practice, it will almost always be 1) a third party, and 2) an email provider that is unlikely to deviate from the "must be a functional email address" approach. So…
It would seem that developers receiving verified email addresses of users was deemed more important than privacy and supporting scenarios where email addresses aren't required to establish accounts :( IMO, a hard…
The threat is from government and collaborators. Some collaborators are probably lobbying to have government surveillance programs expanded because they think it will benefit their bottom line. Other collaborators may…
Based on my server logs, Google will offer STARTTLS and also use STARTTLS when offered. So there can be MTA<->MTA encryption. Unfortunately, many MTAs don't do one or both, and that includes those run by some of…
Have you asked your attorney why he adds that warning, and asked whether attorney-client privilege is waived if email messages and documents are exchanged over an SMTP system which allows the messages to be read by…
It appears to me that in order to run your own Persona Identity Provider you must setup and maintain an SSL capable webserver for your email domain, equipped with a certificate that chains up to one in Mozilla's bundle…