Sat Jun 15 2019 08:03:50 EDT from IGnatius T Foobar @ Uncensored
But ... encryption keys? When you connect to wifi from an Android device, your encryption key is captured and sent to Google? That's over the line, and it's enough to flip my opinion on whether that is acceptable behavior.
On what basis do they claim this has any value to the customer?
User convenience. There is a setting buried in Android settings that stores WiFi keys - ANY WiFi key, on Google Servers so that when a user gets a new Android device and logs in with their Google account, it downloads all their previous WiFi connections so that they can just go to where that AP is and it will connect automatically without having to re-enter the key.
They were REALLY upset with me and basically told the German tech site that I was an idiot when I posted this in 2011, and people were divided. A lot of people were responding, "It is totally opt-in when you're setting it up and can be turned off in settings." Which is true, but most people get a device and a Verizon redshirt sets it up and just flips through the screens accepting the defaults and the end user doesn't know this has been selected or how to turn it off. Worse, it isn't granular. You can't turn it on or off on a case by case basis - it is all in or nothing - and they've done nothing to change this since 2011 when I discovered it.
Then two years later Horowitz put together that with them knowing the geolocation of every WiFi hotspot and knowing every WiFi password, then getting compromised by the NSA and having all their internal traffic unencrypted - that the NSA now effectively has every WiFi password ever accessed by any Android device and a map to where that WiFi password is located.
Isn't that special?
ax.25 is cool and all, but hard to get traction at the speeds we usually use.
Thu May 30 2019 05:57:59 PM EDT from IGnatius T Foobar @ UncensoredThat's kind of what the ham radio packet networks are for. Perhaps ax25 can tell you all about ax.25 :)
And if the sidenet needs infrastructure, Tor exists today and runs as an overlay over the existing Internet infrastructure. I suppose if the shit really hits the fan, Big Brother will consider the operation of an encrypted overlay as presumption of guilt, but if we get that far, we probably have bigger things to worry about.
I've got to be honest though, I originally wanted all of this as a way to drive traffic to my BBS. A way to get back the users that Facebook stole from me and all the other operators of small sites. If I had access to The Button, I *would* push it and nuke Silicon Valley off the map, just so we could get our Internet back. But ... it's clear that the stakes are bigger now; it's not just about finding a way to effect a diaspora from the big sites (see what I did there?), it's now about reversing the power that the big sites are amassing to literally control the minds of everyone in the world.
Yes, my posts are full of hyperbole but they are directionally accurate.
Online discourse on a global collection of small BBS's was far more stable than things are now.
Tue Jul 02 2019 15:35:57 EDT from IGnatius T Foobar @ UncensoredIt should be obvious that anything you do on an Android device is automatically compromised by bad actors such as Google and the NSA. And it should also be obvious that every wifi key is sent to Google even if you opt out of the sync service.
When I was raising this alarm in 2011 - I was getting called a hack, a technology professional fraud and a conspiracy theorist.
Then, in 2016 at DefCon - they were talking about how the NSA was intercepting laptop shipments, modifying them with hardware rootkits, sealing them back up - and shipping them on to the intended target.
Yeah - part of my interest in retro-computing is that I don't think the Government had technology and telecommunications on their mind in the 8 and 16 bit era - at least, not the way they do today. I think that the real cyberpunk Dystopian future won't be people on cutting edge hardware and equipment - it'll be people rigging together retro-computing from before the 32 bit era and using sidenets to bypass the information highway and stay in the dirty back alleys of virtual reality.
You know, kinda like this place. :)
It would be about staying out of their view. Even just having systems that don't automatically trip their scanning-everyone software would be fine.
For example, your "safe" 8-bit computer might be used to run software that hides a message inside a dummy text, which is then copied (perhaps by hand) to a "compromised" 64-bit computer and sent over the Internet to its recipient.
Thankfully, we do not yet live in a world where that needs to be done. For the time being, anyone who wants to avoid the current crop of bad actors can simply steer clear of them.
Sat Jul 20 2019 09:02:11 EDT from IGnatius T Foobar @ UncensoredIf we get to that point, it isn't going to be about building systems that the government can't break into. They measure their computing power in *acres*.
It would be about staying out of their view. Even just having systems that don't automatically trip their scanning-everyone software would be fine.
For example, your "safe" 8-bit computer might be used to run software that hides a message inside a dummy text, which is then copied (perhaps by hand) to a "compromised" 64-bit computer and sent over the Internet to its recipient.
Thankfully, we do not yet live in a world where that needs to be done. For the time being, anyone who wants to avoid the current crop of bad actors can simply steer clear of them.
Well, whatever it becomes - it'll always be a game of cat-and-mouse between the people trying to preserve their liberties and the bad-actors, State and privateer, who want to exploit you.
But it does seem like old technology that is off their radar is the real first step - or DIY home-brew machines made by hand. Something a little less polished than a modern gaming notebook from MSI or Alienware, anyhow.
Not because of any approval of what they say or promote, but because protecting unpopular speech is the VERY ESSENCE of protecting free speech in general.
You can see that in the news today regarding 8chan.
The problem, of course, is that the Orwellian power mongers and their SJW useful idiots continue to expand the scope of what they consider wrongthink.
They also continue to expand the number of pinch points where they can silence dissenting voices -- not just the big places like Fecesbook and Twatter where they can simply shut them off, or Google/YouTube where they can de-rank and de-monetize, but now also the domain registrars and payment processors, where they can choke the life out of dissenters.
This is the part of the conversation where someone usually says "The more the Empire tightens its grip, the more star systems slip through its fingers." This isn't quite a perfect match for that analogy, but it's close. I am likening it more to the overuse of broad-spectrum antibiotics creating a superbug. First the bad people start censoring major social media sites, and the good people respond by creating their own. The bad people mount an assault on those sites, and the good people respond by making the alternative sites into a distributed network. The bad people then go after domain registrars, and the good people respond by finding a way to keep the network operating without DNS.
Make no mistake: the people who operate Facebook, Twitter, and Google are currently the absolute worst people in the world. If their power is not removed by returning the Internet to a decentralized, open, and uncensored platform, their power will eventually be removed when, in the immortal words of Douglas Adams, they "will be the first up against the wall when the revolution comes."
Well said.
I am starting to be afraid of the clearnet (regular Internet). Most of my Internet activity is in shady deep web/hidden services/minoritary platforms these days because I don't feel safe as a user. It is not because I am concerned that governments or corporations might mine my data (which they would) but because there is this threat of ideological, legal and social persecution.
I mean, I am in the very unpoliced parts of the Internet, dealing with the ocasional nutjob, sexual predator, you name it, on a daily basis. And I have zero problems. I recently registered to a web service without the protection of an anonimity layer for the first time in more than a year and I got into a hell of a lot of trouble because some service administrator interpretated that I was poaching kids online. How fucked up that is. And now this people has my data.There is this tendency to bubblewrap a certain sector of the population at the expense of making the lives of everybody else impossible, and it is getting very bad on the Internet, but if you use an anonimity network overlay it makes you tremendously free. I mean, if I post "My humor is so black that it has been arrested" in a joke site and some administrator threatens to sue me or whatever for racism, I know I am covered because it is very unlikely this person has the resources to identify me. If I post a collection of political books with no protection and somebody takes issue, I am screwed. You can get jailed or killed in certain countries for possessing the wrong book. Including in some actually democratic countries.
Laws and sociological conditions for setting clearnet services are getting crazy. Check that European GDPR, for example. In theory it is designed to protect users, which is a good thing. In practice, it makes a lot of developers to waste tons of time and money makig their services compliant. Then they take the data of users and sell them anyway. The people who gets damaged by this thing are the small sysadmins who want to set a hobby site and now have to hire ten lawyers in order to ensure the cops won't rip their balls off. Well, there are lots of laws that can get your website trashed in many places of the world. And you usually don't know about them until they come knocking at your door with a warrant or a very nice fine.
So yes, I agree with IG. Side channel tech is extremely important so at least a certain sector of the population can procure a safe space for itself. We really need it.
So if we can get a solution for dynamic IP addresses and dynamic DNS being the single point of failure soon - that would be just awesome. :)
Banning a whole Dynamic DNS provider is just bollocks.
Which reminds me: do you know of Opennic? It is an alternative no IANA governed DNS namespace. They even have their own dynamic dns provider (in their own namespace, obviously). If you are the only one who needs to access a service located in a dynamic range, they are quite a good solution.
From 1996 until 2000, this BBS was attached to the Internet on a dialup connection.
I paid my ISP for a static IP address and permission to keep the connection pinned up over an unmetered local call. It was crude, but it worked, and it saved the board from extinction when everyone moved over to the Internet.
In fact, it became more popular than before because it was multiuser and some old friends returned who had moved out of the area. Eventually I was able to secure a DSL connection with a static IP address and explicit permission to run servers, which served us well until 2007 when I moved it into a hosting center.
There's nothing about DNS that makes it a baked-in part of using the Internet.
It's really just based on a consensus that everyone's going to use the same root. Sidenets can -- and should -- use their own discovery and location protocols.
you want to be able to reach them remotely. IPv6 will fix that, but
its adoption is long overdue.
I am very skeptical of ipv6 for a number of reasons.
I suspect many ISPs could have been offering cheap or free static IP addresses for residential subscription for a long time and they didn't, because it makes more sense for them to offer dynamic by default and charge premium for static. I don't see how ipv6 can change that. ISPs can buy ipv6 blocks and refrain from offering static addressing the same as they do with ipv4.
Also, adoption is slow because implementations suck balls. Many ISPs won't allow you to subnet your own network. Mind you, this is a thing that creeps me out... in bad old ipv4 you were free to subnet your own network to your heart's content. In ipv6, if you want your subnetworks to be Internet routable, the ISP has to explicitly assign you a prefix you can work with. This is, you need their PERMISSION to subnet your network. Or you start using local address spaces (sucks) or you start hacking NAT in (in which case, why did you migrate to ipv6?)
I think it is good that we have ipv6 so get rid of ugly LS-NATs users are already suffering, but I am REALLY pessimistic.