REAL-ID Phone Access Coming Soon
http://mobile.slashdot.org/story/15/02/24/0537219/pakistanis-must-provide-fi... http://www.washingtonpost.com/world/asia_pacific/pakistanis-face-a-deadline-... First it was your name, face, age, height, weight, address, SSN, phone and email, birth location, parents names, ages, etc... just for Internet Access, now it's your fingerprints for Phone Access. And by the way, also your DNA for Access to prove your innocence... http://www.nytimes.com/2013/06/04/us/supreme-court-says-police-can-take-dna-... More things coming soon. What are you going to do? In other news... http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-... Pissed off yet? Or still a sheeple?
On February 24, 2015 12:35:12 PM grarpamp <grarpamp@gmail.com> wrote: --snip--
In other news... http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-...
Pissed off yet? Or still a sheeple?
I am plenty pissed off; have been taking action for a while now. I take more steps than many people to try to block a lot of this data spying and siphoning (for which a few of even you have teased me!), yet I know it's never enough. I have de-googled my phone as much as I possibly can. I use no google products, have never used the google play store nor associated a google account with it (F-Droid & sideloading ftw) and use DDG or ixquick for search. I use a good firewall and limit which apps can have root. I use Ad Away and have modified my hosts file to block/loopback every analytics and tracking URL I can find, anything to do with google or Assbook (and many other popular sites that I personally do not use), all social media and sharing buttons, even gravatars. I monitor logs to see what inter-app calls are being made. I use FOSS, change app permissions and recompile .apks so they don't use permissions they don't need/shouldn't have. Always blocking images in email is handy to stop web beacons. I never click on links with a bunch of tracking info or when I can't see the exact target. I don't use social media of any kind. I don't allow Flash (ever) nor JavaScript or cookies except when temporarily necessary on sites I trust (my credit union and email provider), use private browsing with Flash/plug-ins disabled by defult and clear everything upon exit. Use HTTPS everywhere possible. Block or spoof my browser string, don't allow referrers...and probably more things I'm forgetting. Like proxies. No, I do not notice any appreciable delays as I browse; most pages actually load faster without all that tracking crap. Yes, it means I can't access some sites. No, I don't care that my browsing experience looks more like 1995 than 2015. I prefer it, actually (and I have no flashing .gifs or 'punch the monkey and win!' banners, but I do miss the dancing baby ;) ) While that is much, much more than the average person does (even amongst some cypherpunks I know), it's never enough. My only alternative is probably ditching the damn phone, and I have considered it more than once. What about you (plural)? What are you all doing to make it a little bit tougher for these bastards to track you?
On Tue, Feb 24, 2015 at 5:03 PM, shelley@misanthropia.org <shelley@misanthropia.org> wrote:
On February 24, 2015 12:35:12 PM grarpamp <grarpamp@gmail.com> wrote:
In other news... Pissed off yet? Or still a sheeple? What are you going to do?
I am plenty pissed off; have been taking action for a while now. I take more steps than many people to try to block a lot of this data spying and siphoning (for which a few of even you have teased me!), yet I know it's never enough.
It seems maybe lots of people on the tubes are, subconsciously or not, taking such measures and actions here and there in internet, and in life. A natural reaction of sorts. But are they not largely defensive and never enough? Where among their list of technical defenses are the political measures and actions needed to actually stop or reduce that which they are trying to defend against in the first place? After all, adblock isn't going to stop the ads. DNT isn't going to stop the cookies. Crypto isn't going to stop the metamining surveillance. And as in the subject, standing in line to happily get and show their papers please isn't going to stop that either. Where are that mass of geeks, cryptos, internets... those making such technical measures... where are they acting in politics? Running for office, bringing issues to their councils, donating, and so on.
[snipped list of technical defenses]
Dnia wtorek, 24 lutego 2015 21:23:29 grarpamp pisze:
After all, adblock isn't going to stop the ads. DNT isn't going to stop the cookies.
Hold on there. These are two different beasts. DNT is "please don't track me" and of course it won't work. Adblock is "I am not letting this through, deal with it" and has much more merit and chances of actually stopping stuff from getting to you.
Crypto isn't going to stop the metamining surveillance. And as in the subject, standing in line to happily get and show their papers please isn't going to stop that either.
Agreed.
Where are that mass of geeks, cryptos, internets... those making such technical measures... where are they acting in politics? Running for office, bringing issues to their councils, donating, and so on.
There might, or might not, be hackers among us who are trying to hack on policy level. But those hackers, if they indeed are following (or maybe even taking part in) the discussions here, might not want to come out with such information, as the level of hostility towards any persons or organisations that can be painted as "working with The Man" or "taking the Man's money" is too damn high™. In other words, FUD spread by "the Man" and the disinformation campaign, sowing dissent, creating hostility and distrust within the community, and in general the divide and conquer approach work wonders. I consider these many levels more problematic than the fact that Project A takes government money to write FLOSS. But I digress. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
Hold on there. These are two different beasts. DNT is "please don't track me" and of course it won't work.
In fact, it's worse. DNT, if set either way, is another pure bit of browser entropy; it actually *assists* certain forms of tracking, because it can be expected to remain invariant between visits of a given browser/user. This is just one of the things making me think the "web" needs a total re-boot to redesign for security from the boots-up. Servers shouldn't require user-agents to know how to treat visitors. Scripting is useful for a rich experience but should be more sand-boxable (ideally, scripts can be sandboxed to their position in the DOM tree!) and tightly permission'd. Canvas and other elements should behave deterministically; this should be part of browser test-suites. Browsers should be allowed cache fonts but not disclose to the server whether they have a font in their cache or not. DNT was another nail in the coffin. Either a browser can be tracked by design, or it can't. On 03/03/15 10:19, rysiek wrote:
Dnia wtorek, 24 lutego 2015 21:23:29 grarpamp pisze:
After all, adblock isn't going to stop the ads. DNT isn't going to stop the cookies.
Hold on there. These are two different beasts. DNT is "please don't track me" and of course it won't work. Adblock is "I am not letting this through, deal with it" and has much more merit and chances of actually stopping stuff from getting to you.
-- Scientific Director, IndieBio Irish Programme Got a biology-inspired business idea that $50,000 - & 3 months in a well equipped lab could accelerate? Apply for the Summer programme in Ireland: http://indie.bio/apply-to-ireland Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey
Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
Hold on there. These are two different beasts. DNT is "please don't track me" and of course it won't work.
In fact, it's worse. DNT, if set either way, is another pure bit of browser entropy; it actually *assists* certain forms of tracking, because it can be expected to remain invariant between visits of a given browser/user.
Absolutely. However, I did use to give even more bits of entropy bu setting my UA String in a particular way: http://rys.io/en/56 Now I just need to start filing lawsuits, I guess. ;)
This is just one of the things making me think the "web" needs a total re-boot to redesign for security from the boots-up. Servers shouldn't require user-agents to know how to treat visitors. Scripting is useful for a rich experience but should be more sand-boxable (ideally, scripts can be sandboxed to their position in the DOM tree!) and tightly permission'd. Canvas and other elements should behave deterministically; this should be part of browser test-suites. Browsers should be allowed cache fonts but not disclose to the server whether they have a font in their cache or not.
But look, HTTP/2.0 is comming! Oh, wait: https://queue.acm.org/detail.cfm?id=2716278
DNT was another nail in the coffin. Either a browser can be tracked by design, or it can't.
+over9000 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
I tried setting my UA to '' once and found, sadly, that it breaks all sorts of sites whose frameworks or webmasters were too small minded to think about the absence of a user-agent. As functionally inspired languages become more common and exhaustible case blocks filter in, perhaps this problem will be fixed by accident? I love your concept of embedding agreements in UA. :) On 4 March 2015 00:45:15 GMT+00:00, rysiek <rysiek@hackerspace.pl> wrote:
Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
Hold on there. These are two different beasts. DNT is "please don't track me" and of course it won't work.
In fact, it's worse. DNT, if set either way, is another pure bit of browser entropy; it actually *assists* certain forms of tracking, because it can be expected to remain invariant between visits of a given browser/user.
Absolutely. However, I did use to give even more bits of entropy bu setting my UA String in a particular way: http://rys.io/en/56
Now I just need to start filing lawsuits, I guess. ;)
This is just one of the things making me think the "web" needs a total re-boot to redesign for security from the boots-up. Servers shouldn't require user-agents to know how to treat visitors. Scripting is useful for a rich experience but should be more sand-boxable (ideally, scripts can be sandboxed to their position in the DOM tree!) and tightly permission'd. Canvas and other elements should behave deterministically; this should be part of browser test-suites. Browsers should be allowed cache fonts but not disclose to the server whether they have a font in their cache or not.
But look, HTTP/2.0 is comming! Oh, wait: https://queue.acm.org/detail.cfm?id=2716278
DNT was another nail in the coffin. Either a browser can be tracked by design, or it can't.
+over9000
-- Pozdrawiam, Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
participants (5)
-
Cathal (Phone) -
Cathal Garvey
-
grarpamp -
rysiek -
shelley@misanthropia.org