So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?

from the that-doesn't-seem-right dept

We recently wrote about the FBI's server seizures in the hunt for LulzSec, noting the collateral damage that took down servers of a few different popular websites. One of the seized servers was a backup server for the very popular service Instapaper, which many people use to save web pages and other info. While Instapaper's Marco Arment notes that the FBI did return the server relatively quickly, it's possible that the FBI now has a copy of pretty much everyone's Instapaper data, which could reveal a lot about some people.
Possibly most importantly, though, the FBI is now presumably in possession of a complete copy of the Instapaper database as it stood on Tuesday morning, including the complete list of users and any non-deleted bookmarks. (“Archived” bookmarks are not deleted. “Deleted” bookmarks are hard-deleted out of the database immediately.)

Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe. But email addresses are stored in the clear, as is the saved content of each bookmark saved by the bookmarklet.

The server also contained a complete copy of the Instapaper website codebase, but not the codebase of the iOS app.

Linked Facebook, Twitter, or Tumblr accounts only store their respective OAuth keys. Linked Evernote accounts only store the Evernote email-in address. Linked Pinboard accounts, however, store plaintext usernames and encrypted passwords, and the encryption keys are present in the website source code on the server.

So the FBI now has illegal possession of nearly all of Instapaper’s data and a moderate portion of its codebase, and as far as I know, this is completely out of my control.
Marco is quite reasonably pissed off at the hosting company, DigitalOne, who never contacted him about this (before or after the raid, including up until the blog post, days later). Frankly, that's unconscionable. For an ISP to simply not tell their customer that a server has been seized? Marco is also upset that DigitalOne didn't do anything to stop the seizure. Now, on both of those accounts, it's possible that DigitalOne's hands were tied. There's not much they can realistically do if the FBI shows up with a seizure warrant, even if it's super broad. And we have seen the FBI use gag orders barring ISPs from talking about what was seized.

But, really, that just goes to show, yet again, the problems of such government seizures with no prior adversarial hearings. I recognize that they're looking for evidence that might disappear, but the chance for serious collateral damage, including potentially serious privacy violations, seems pretty high. I'm not sure there's anything he could do, but it certainly would make for an interesting lawsuit if either Marco or an Instapaper customer decided to sue the federal government over these seizures.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    ChurchHatesTucker (profile), Jun 24th, 2011 @ 6:53pm

    Frak that!

    And we have seen the FBI use gag orders barring ISPs from talking about what was seized.

    Ignore it.

    Gorram it, we have to start exercising free speech if we expect to keep it.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    out_of_the_blue, Jun 24th, 2011 @ 6:57pm

    So don't use online storage!

    Would never occur to me, as I came out of the dark days when the Personal Computer freed us from time-sharing on a centralized computer. Now everyone is hot to let a central system (euphemized as "the cloud") store all their vital and personal data -- FREE for the plucking by anyone, too. Drawbacks are obvious and particular gotchas seem to be discovered almost daily; I see no /point/ let alone advantages to it.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 6:58pm

    Encrypt Your Data People

    It's kinda sad about the fourth amendment. You have to assume that any data of yours, stored at any place not under your direct control, could fall into the hands of any security service, any law enforcement organization or any criminal, at any time. Your only defense is to use strong encryption at all times. Do not purchase any service which does not give you strong encryption as standard, with the key under your control.

    Key security and management is your problem, which you need to solve locally. If you use the world's least secure operating system, namely Windows, on any server or your management console, it is game over, you lose. Be careful. The only person looking after your interests is you. Never forget that.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    mrdarkrai (profile), Jun 24th, 2011 @ 7:52pm

    Tell me

    what is the difference between this action and lulsec's?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    teka, Jun 24th, 2011 @ 7:58pm

    Re: Tell me

    The FBI used guns and "laws" (the threat of both immediate and delayed violence).

    Lulsec used the security failings of others.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 8:41pm

    Re: Frak that!

    Check your window. There's a van parked outside. Offer the two guys with headphones coffee.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 8:42pm

    Re: Re: Frak that!

    Donuts

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 8:59pm

    Mike, you need to be talking with Alex Jones. Half your articles are highly related to the police state and Nazi government control. How come no one reacts to such blatant disregard for the law? Oh right.. because they make up laws as they go. Land of the free, huh? More like land of the pwned.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    molecule (profile), Jun 24th, 2011 @ 9:01pm

    So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?

    I'll go w/: Yes?

    what did I win? hey, where are you going w/ my server?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Peter, Jun 24th, 2011 @ 9:33pm

    Re: Tell me

    "what is the difference between this action and lulsec's?"

    I guess there isn't much difference between the two. The FBI is no better than Lulz Security. That's the moral of this story.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Tim, Jun 24th, 2011 @ 10:27pm

    Lulz

    The difference is Lulzsec is committing a federal crime each time they DDOS someone.

    And if you are going to blame anyone, blame Lulzsec for this. And you can mark my words, things will just get far worse, all thanks to "Lulzsec". We are going to lose most rights that we have now.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Nicedoggy, Jun 24th, 2011 @ 10:59pm

    About encryption, I want to note that current encryption algorithms probably will last 10 to 20 years before they can be easily brute forced, so encryption only buys time in the case of static storage.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 11:02pm

    Does anyone have proof that the FBI copied all of the data? Does anyone know what was named as part of the warrant? Did that hacker dude in the UK admit to using instapaper to share ideas with others?

    There is an incredibly lack of information here for anyone to be making claims against the FBI.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Nicedoggy, Jun 24th, 2011 @ 11:04pm

    About encryption, I want to note that current encryption algorithms probably will last 10 to 20 years before they can be easily brute forced, so encryption only buys time in the case of static storage, so please don't store criminal activity in files that could be open 20 years later and have no statute of limitations :)

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Nicedoggy, Jun 24th, 2011 @ 11:06pm

    Re:

    What part of "it's possible" or "potentially serious" you don't understand son?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Caliburn, Jun 24th, 2011 @ 11:08pm

    I'd sue.

    I'd happily take the stress of it and sue the FBI into the dark ages. By the time I was finished with them, they'd stop this crap.

    SUE THE FUCKERS! SET A PRECEDENT!

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 11:44pm

    Re: Re:

    It's possible. It's also possible that monkeys will fly out of your butt. But since it isn't likely, you don't worry about it much. It is equally unlikely that the FBI copied content from servers that they don't have a warrant for, once they have determined what the server is and what it is used for.

    That of course would also depend if instapaper was used for less than honest purposes. At that point, yes, the FBI might have a copy of it all pending investigation by their experts.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jun 24th, 2011 @ 11:57pm

    Re: Encryption

    Encryption actually does not have to be very good and it defeats the security services. Get yourself an encryption key which is several thousand bits long and truly random, then the dear old XOR the plaintext with the key, over and over, will work just fine. Back that up with prior data compression and a spot of running it through AES and the codebreakers are SOL. They could be up for $trillions to have any hope of brute forcing it. Not going to happen.

    Remember how hissy various pollies got about not being able to read Blackberry messages? Have you noticed the slow progress on cleaning up botnets? The botmasters are protecting themselves with encryption. It's working just fine for those guys, and they have plenty of very determined opposition.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Nicedoggy, Jun 25th, 2011 @ 12:01am

    Re: Re: Re:

    When did you see law enforcement passing on the opportunity to snoop on others?

    When?

    Is not only likely, but most certainly the agents copied everything before giving it back, even if it was to take a look at the contents later to find something they could use as leverage if those people sue.

    What is unlikely is that they didn't copy it.

    Now I ask you again, what part of "It's possible" you don't understand?

    The post didn't accused the FBI of anything, but it was concerned about those possible and most probable scenarios and why there is no means to address those issues.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Viln (profile), Jun 25th, 2011 @ 12:02am

    I'm with Marco...

    I'm rather shocked that the on-site technicians at this data-center allowed the FBI to take a dozen boxes when the warrant clearly stated (presumably) one or two. I don't mean attempting to physically prevent them or civil disobedience... it's unthinkable that the FBI would send a team of officers to seize servers and not include at least one technician with the ability to determine which ones were which, so when a company very strongly protests you touching things not mentioned in your warrant and offers every means of assistance in locating and extracting the correct items and you ignore it and take the rack anyway... you create wiggle room for a lawsuit where otherwise no judge in today's Patriot Opera world would bother to squeeze. The companies involved in hosting and storing these servers were put in a tough situation and I sympathize, but it smells like somebody rolled way too easily and these companies deserve an exodus of subscribers. If enough of a stink is made now, the next time you can be sure someone along the chain of command will say "be precise, don't make me deal with another two weeks of internet and press frenzy".

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    The eejit (profile), Jun 25th, 2011 @ 12:03am

    Re: Re: Frak that!

    Not tees with FEED ME, I AMN A US GOVERNMENT EMPLOYEE on them?

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    The eejit (profile), Jun 25th, 2011 @ 12:05am

    Re: Lulz

    Wow, all other Time must be ashamed of themselves.

    There is this funny little thing called the Second Amendment. I strongly advise you to use it before you lose it.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    A Guy, Jun 25th, 2011 @ 12:07am

    I would hope that the FBI did not copy a server they have no warrant for. On the other hand, the company shouldn't be in a position that they have to take the FBI's word for it. Take them to court. Make them swear under oath that no copy of the server was made. It may take time, but it shouldn't be too hard to find the truth out in a relatively cheap way if the company is concerned. If they want to get it out of the way quickly and cheaply, your data is probably safe. If they cite "ongoing investigations" or "national security" in court filings, your data is now in the possession of the FBI and they are probably already analyzing it.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Nicedoggy, Jun 25th, 2011 @ 12:11am

    Re: Re: Encryption

    Have you a text encrypted in 1990?
    I bet any computer today can brute force that baby in seconds.

    Since computers double processing power every year or so, even those thousand bit long encryption keys will not be that secure in 20 years.

    Not to mention unknown vulnerabilities that could be uncovered in the future.

    So unless you have encrypted content that can re-encrypt itself every year with the latest encryption and patch itself against vulnerabilities or use some type of death algorithim that depends on pieces from others places that go away with time rendering completely useless sooner or later people will be able to open that file.

    I like to think of static encrypted files as time-capsules.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    Jay (profile), Jun 25th, 2011 @ 12:12am

    Re: I'd sue.

    There's actually already a precedent. It's just that people see the NSL letter and forget to sue the FBI on reaching so far.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    ScytheNoire, Jun 25th, 2011 @ 12:42am

    Welcome to Corporatocracy

    The Constitution only applies when it protects Corporations or the American Government (which is a corporation itself).

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    FBI Agent 201, Jun 25th, 2011 @ 12:47am

    Re: Re: Frak that!

    This is restricted information, we will be seeing you soon to ..."get a statement" from you. Bring a towel.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    darryl, Jun 25th, 2011 @ 1:05am

    SHA-1 (salted) hashes - Trivial to crack with GP/GPU (Graphics processors)

    "Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe."

    Yes, 'relatively safe' means at least 10 seconds or less to crack. Probably sub 1 second....

    Post 1002 on TD..

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    darryl, Jun 25th, 2011 @ 1:10am

    Bye Bye Cloud Computing

    Once again, it failed in the 50's it will fail again in 2011.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    darryl, Jun 25th, 2011 @ 1:16am

    Answer to your question --- easy...

    So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?

    Judging by the rest of the comments you made after that question, and by you posing that question in the first place.

    I feel you are seeking an answer for something you lack understanding in, so for you I will make it simple.


    apparently


    capable of being easily perceived or understood; plain or clear; obvious:

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Martin, Jun 25th, 2011 @ 2:18am

    Lessons learnt?

    Has Marco Arment learnt any leasons?

    SHA-1? No encryption of user data? Come on!

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 3:28am

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    Jeni (profile), Jun 25th, 2011 @ 4:20am

    Re: Lulz

    You can't blame LulzSec for the actions of the over reaching FBI. Stop being ridiculous.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Jeni (profile), Jun 25th, 2011 @ 4:23am

    Re: Re: Re: Re:

    Spot on Nicedoggy. Gov't has become obsessed with data mining. It's like a disease. It's out of control. Why they even "mine" our physical bodies now (TSA).

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    Jeni (profile), Jun 25th, 2011 @ 4:25am

    Re: I'd sue.

    What I was thinking (minus the F bomb).

    Edmund Burke said "all that is necessary for the triumph of evil is that good men do nothing".

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    darryl, Jun 25th, 2011 @ 4:47am

    its as simple as "good" and "evil" !!!! LOL

    Darryl Says

    "all that is necessary for good to triumph is that evil men do nothing"

    (or "a good man doing nothing in the face of evil, is evil, and therefore no longer Good").

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    The Devil's Coachman (profile), Jun 25th, 2011 @ 5:04am

    I guarantee the FBI copied every last bit on everything.

    Not only that, but they will undoubtedly use the copied data to expand their scope of investigation far beyond what the original warrant permitted (if there actually was a valid warrant at all). This is the type of "collateral damage" that we can expect from their nefarious activities, and what's more, they probably won't find anything about their purported perp - Lulzsec.

    This is what they do, and with impunity. The ISP is at fault for failure to notify its clients, and the use of "gag orders" and other such nonsense is something one would expect in a fascist, totalitarian state. Sorry folks, but the US populace is screwed, totally, and forever. Your government thanks you, and expects your continued "cooperation". Now bend over, and "cooperate"!

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Jeni (profile), Jun 25th, 2011 @ 5:06am

    Re: its as simple as "good" and "evil" !!!! LOL

    That makes no sense, Darryl.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    freak (profile), Jun 25th, 2011 @ 5:12am

    Re:

    HAHAHAHA.

    haha.

    ha.


    Current encryption technology would require the entire universe acting as a computer with each atom as a transistor, for the entirety of time so far to crack only (on average) 10,000 256-bit encryptions.
    I haven't done that calc in a while, (it's somewhere in the comments on a past story here), but I believe that calc also assumed the universe was solidly packed instead of mostly 'empty'. If that's the case, then the real calc would be somewhere closer to 10^-18 256-bit encryptions could've been broken.


    Anyways, I don't think you mean 'brute-force', but I will allow the possibility that current algorithms might possibly be cracked in twenty years. I doubt it, but I won't deny the possibility.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Nicedoggy, Jun 25th, 2011 @ 5:36am

    Re: Re:

    Hmmm...you got me there on the brute-force thing though, it is infeasible at the moment for current computers to do it, so you are correct, what I was thinking about was all those mathematical ways people could use to crack the encryption, my apologies.

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    Michael Lockyear (profile), Jun 25th, 2011 @ 6:31am

    The FBI will no doubt go unpunished for what is in essence theft.

    Ironically it is this sort of unpunished behavior that gave rise to groups like wikileaks, anonymous, lulsec in the first place.

     

    reply to this | link to this | view in thread ]

  42.  
    icon
    Jay (profile), Jun 25th, 2011 @ 6:33am

    Re: Re: Re: Re: Re:

    Don't forget, if you're a criminal, they keep your DNA for 50 years. This goes quite well in prying convictions on your family later on.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 6:35am

    Re:

    "There is an incredibly lack of information here for anyone to be making claims against the FBI."

    That doesnt matter to the "followers of Mike". You are supposed to just say Moo and follow the herd.

    Like this: My rights are at stake here. The government is trying to do away with the constitution. We need more transparancy. The law enforcers shouldnt be allowed to do anything without getting permission from the supreme court first.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 6:39am

    Re: Re: Re:

    No, that's not possible (nor probable). At most you will only get one monkey out of my butt. My abdomen and intestinal track are only so big, I'll allow that a single monkey "might" be squeezed in there, but not multiple. Unless of course, you're positing that an heretofore unknown species of pygmy monkeys is living up there. However,I believe(and I could be wrong) that you're stretching the definition of the word possible at this point.

    But thanks for playing...

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 6:40am

    Re: Re:

    "So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?"

    Where in this title does it say "its possible"?

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 6:58am

    Re: Re: Re: Re:

    http://www.guzer.com/pictures/very-small-monkey.php

    You could easily fit a few of these up your enormous keister

     

    reply to this | link to this | view in thread ]

  47.  
    icon
    leichter (profile), Jun 25th, 2011 @ 7:13am

    Re: Re: Re:

    A meaningless comparison. Key length is one of those obvious things - after all, it's just a number and bigger is clearly better, right? - that leads people astray all the time. The thing to keep in mind is that what matters is not the *number of bits in the key*, it's the number of possible distinct keys. If I told you "I use AES-256 for absolute security, but it's easy for me to remember the key: I only choose keys between 1 and 1000" - well, that's obviously not very secure: You can guess my key in at most 1000 tries!

    For a system like AES, every possible 128 (or 192 or 256) bit combination is a valid key. The strength of the system (against a brute force attack!) can be read directly off the number of bits. No conceivable computer will ever be able to attack a 256-bit key, and personally I cannot imagine a situation where a 128-bit key could be brute-forced.

    For a system like RSA, only very special combinations of bits correspond to valid keys. An AES key is just a bunch of bits, while an RSA key, as a number, has to be product of exactly two prime numbers in a particular range, with special properties to boot. Even then, there would be too many values to try in a pure brute force fashion- but because of the necessary mathematical properties of an RSA key, no one does that. Instead, they use more efficient techniques that rely on those mathematical properties. A 1024 bit RSA key requires about as much computational effort as an 80-bit AES-like key. That's why the current recommendation is for at least 2048 bits (roughly the equivalent of 112 AES-like bits), though that's considered pushing it a bit. To get to the equivalent of a 128-bit AES key, you need a 3072-bit RSA key; to match AES-256, you need a 15360-bit RSA key! Such keys actually get used today. In 2005, if you combine published estimates, experts were predicting that 1024-bit RSA should be phased out by 2010 (though high-value uses should move faster). OK, so half way through that period, *one* 1024-bit RSA key was broken ... though in fact even that isn't true. (Breaking an RSA key amounts to factoring a large number into its two constituent primes. What the link points to was a successful factorization of a very specially chosen number - 2^1039-1 - for which even better mathematical techniques are known. Even so, it took the equivalent of 100 years of computer time. An indication that it was time to move on from 1024-bit keys? Absolutely. A practical "break" for massive numbers of RSA keys? Not quite.

    An alternative to RSA is elliptic curve crypto (ECC), which has the same public-key properties but can use many more possible combinations of bits in a key, so can get by with dramatically shorter keys. In fact, to get the ECC equivalent of n-bit AES, you need 2n-bit ECC.



                                                            -- Jerry

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 7:45am

    Re: Re: Re: Re: Re:

    fair enough, pygmy monkeys it is...

     

    reply to this | link to this | view in thread ]

  49.  
    icon
    Gene Cavanaugh (profile), Jun 25th, 2011 @ 9:52am

    FBI seizures

    I am a veteran, and I was quite willing to give my life for my country, which I admired deeply.
    However, this sounds more like the gestapo under Hitler than American. I am not sure I would be willing to serve, and certainly not willing to "give up my life", for a country that allows such things.
    I can only hope the American people (with the help of the blogs - certainly no help from the news media!) will someday come to their senses, and take steps to stop this sort of thing.

     

    reply to this | link to this | view in thread ]

  50.  
    icon
    Almost Anonymous (profile), Jun 25th, 2011 @ 10:01am

    Re: Re:

    Quantum technology will reduce those times by orders of magnitude, and quantum computers are just around the corner...

     

    reply to this | link to this | view in thread ]

  51.  
    icon
    Thomas (profile), Jun 25th, 2011 @ 10:09am

    The FBI will..

    definitely look at their copy of the database to search for "terrorists", but will probably just go ahead and see what they can find. I'm sure they won't have a problem breaking the encryption. The spooks don't really pay attention to constitutional protection any more; they now feel that "hunting for terrorists" justifies anything they want to do. Maybe we should just refer to all the federal spooks as the American Gestapo.

     

    reply to this | link to this | view in thread ]

  52.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 10:36am

    Re: Re: Re: Encryption

    im pretty sure public key cryptography has not changed that much since the 90's... as I recall, the pgp cypher that Assange wrote is still damn near impossible to crack... 20 years later.

    can someone correct me if this is wrong?

     

    reply to this | link to this | view in thread ]

  53.  
    icon
    velox (profile), Jun 25th, 2011 @ 10:52am

    Re: Tell me

    LulzSec didn't physically remove property belonging to an innocent party

     

    reply to this | link to this | view in thread ]

  54.  
    icon
    velox (profile), Jun 25th, 2011 @ 11:33am

    Re: Re:

    '..."followers of Mike". You are supposed to just say Moo and follow the herd. '

    You apparently, and quite foolishly, appear to believe that Mike simply tells his readers what to think.
    --->You don't happen to work in the old-media Broadcast business do you?

    There are many people who have opinions similar to Mike, and they choose to express themselves in the comment sections here. In case you haven't noticed, they also express themselves in the comment sections of many major newspapers around the country. Mike's ideas are not rare or unusual. Unfortunately editors around the country don't seem to be paying much attention.
    Everywhere I go, I hear people of all economic positions are talking about the government's assault on civil liberties. The political parties had better watch out because this isn't a liberal thing, and it's not a conservative thing, it's a fed-up American thing. It's high time that both Repubs. and Dems. stopped telling us that meekly surrendering our liberty is the Patriotic thing to do.

     

    reply to this | link to this | view in thread ]

  55.  
    identicon
    Anonymous Coward, Jun 25th, 2011 @ 1:26pm

    Re: Re: Re:

    You said: "You apparently, and quite foolishly, appear to believe that Mike simply tells his readers what to think"

    Me: You don't think so? Re-read the site with an unbiased eye, and you will see plenty of attemptd to tell people what to think. Many of the posts in the last couple of weeks have involved trying to re-frame discussions, but trying to significantly expand defintions, to ignore basic court rulings, and generally to try to paint a picture that isn't entirely realistic.

    Much of it is done by parroting anti-copyright sites like Torrent Freak, which has some truly biased "reporting" on their site.

    The rest is typically done by mocking reports that he doesn't agree with, or carefully playing with quotes and reports to draw conclusions that are just not clearly supported by the data, or that have other way more plausible answers.

    There are many people with a similar opinion as Mike. They ignore the laws unless they favour their cause, they always say "the judge got it right" when they block some action, and "the *AA's paid off another judge" when the results aren't in their favor.

    It's fun to watch them go, fun to watch them post comments here. It's even funnier when you find one or two of them actually working in the mass media, and making their living from companies that use and apply copyright to their work.

     

    reply to this | link to this | view in thread ]

  56.  
    identicon
    Urza9814, Jun 25th, 2011 @ 2:10pm

    Sue 'em.

    I hate to say this, but if the FBI does in fact have this data, maybe they should learn from the MAFIAA. Sue the FBI for copyright infringement. They had no warrant or right to copy or even possess that data.

     

    reply to this | link to this | view in thread ]

  57.  
    identicon
    JMT, Jun 25th, 2011 @ 2:40pm

    Re: Re: Re: Re:

    Of course if you were a blogger instead of an anonymous coward, your blog would be completely unbiased, state only facts but no opinions, never use any other websites for source info, not allow any dissenting comments, and not make any speculations based on previous experience. And it would be such a thrilling read...

     

    reply to this | link to this | view in thread ]

  58.  
    icon
    velox (profile), Jun 25th, 2011 @ 2:42pm

    Re: Re: Re: Re:

    ... parroting anti-copyright sites like Torrent Freak...
    I wouldn't know if you are correct about this or not. I've never read Torrent Freak in my life.

    I happen to think it more interesting (and alarming) to watch the media apologists here blithely promote any new proposal which makes copyright more onerous and rigid regardless of what the consequences are for civil liberties in this country.

    Constitution...schmonstitution seems to be the attitude.
    The perfect case in point is Mr. Dark Gray Snowflake above in this thread.

    If you happen to know anything about the circumstances which brought our country into existence, and if you know anything about the circumstances through which other countries who have had freedom lost theirs, you just can't help but be concerned by the 'damn the consequences' attitudes displayed by media company defenders here. The restrictions of freedom that are being proposed may have consequences that could extend far beyond the sphere of the media in years to come. Remember the proposals being made aren't just theoretical. They involve laws and establish precedents that would give government the legal right to do things which it has never had either the right nor the technical capability to do in the past.

     

    reply to this | link to this | view in thread ]

  59.  
    identicon
    Wolfy, Jun 25th, 2011 @ 2:51pm

    I wonder if anyone is providing a hosting solution where if someone tries to seize a server, a relay could be tripped (say, by the receptionist) turning a huge electromagnet built around the hard drives, wiping them where they sit. The selling point being you may lose your data, but no-one else is, by damn, going to get it.

     

    reply to this | link to this | view in thread ]

  60.  
    icon
    Griff (profile), Jun 25th, 2011 @ 3:06pm

    Re: Re: Re:

    Where in this title does it say "its possible"

    That would in the use of the word "can" rather than the word "did".

     

    reply to this | link to this | view in thread ]

  61.  
    icon
    Griff (profile), Jun 25th, 2011 @ 3:13pm

    Re: Re: Re: Re: Encryption

    Wasn't that Phil Zimmerman ?
    What part did Assange play, I can find no references for that.

     

    reply to this | link to this | view in thread ]

  62.  
    identicon
    Nicedoggy, Jun 25th, 2011 @ 3:58pm

    Re: Re: Re: Re: Encryption

    As freak on, Jun 25th, 2011 @ 5:12am, brute-force in the traditional sense will be impossible, but that encryption can be broken today by other means as pointed out in this article from 2007:
    http://arstechnica.com/old/content/2007/05/researchers-307-digit-key-crack-endangers-1024-bit -rsa.ar s

    As to the changes in how they were cryptographed you are correct it didn't change that much, some bugs were found that I read about it and people started using longer keys, in the 90 the best people were commonly using I believe was 124 bit encryption, today we can have supercomputers in our homes that can achieve the necessary raw power to factor those numbers so I don't believe they are secure anymore, if people are really interested they would be able to open the file, also most people don't use really secure passwords so rainbow tables are an option that can open a file in minutes given a large enough table.

     

    reply to this | link to this | view in thread ]

  63.  
    identicon
    Nicedoggy, Jun 25th, 2011 @ 4:33pm

    Re: Re: Re: Re:

    There is another post that didn't made it through the filter were I apologized for the use of "brute-force" to describe how people could undo the encryption.

    Still in the 90's I believe the most used encryption was still DES not AES.

    If you get something with a DES or RSA one probably can decode it.
    http://www.sciengines.com/copacobana/

    Also even AES have some shortcomings like if people use passwords that are less than 32 characters in length rainbow tables could make it easy to find the correct one, in that case you are attacking the encryption by its sides and who knows how it was implemented there could be problems in the implementation even if the theory is flawless like the Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

    Now I read somewhere that even the government is considering use of ECC because they don't see AES being secure for long, but that is from memory and I could be wrong.

     

    reply to this | link to this | view in thread ]

  64.  
    identicon
    Nicedoggy, Jun 25th, 2011 @ 4:55pm

    Re: Re: Re: Re:

    I also want to note that DES at one time was considered flawless and unbreakable until people found weakness in it.

    Can anyone here guarantee that AES and ECC will endure the test of time?

    Wikipedia also explain the problems in their page about brute-force.

    http://en.wikipedia.org/wiki/Brute-force_attack

     

    reply to this | link to this | view in thread ]

  65.  
    identicon
    darryl, Jun 25th, 2011 @ 6:52pm

    Re: Re: its as simple as "good" and "evil" !!!! LOL

    no, it maks no sense TOO YOU !!!

    there is a difference.

     

    reply to this | link to this | view in thread ]

  66.  
    identicon
    darryl, Jun 25th, 2011 @ 6:58pm

    Re: Re: its as simple as "good" and "evil" !!!! LOL

    I will try to make it clearer for you :)

    say a "good man" is walking on the street, and he sees a crime being committed against someone.

    if that good man "does nothing" he is allowing evil to trimph.

    A good man doing nothing in the face of evil is therefore not a good man, but is in fact evil.

    So then a "good man" would NEVER DO NOTHING in the face of evil!

    So to say 'for evil to prevail good men do nothing' is incorrect. because the act of 'doing nothing' means in this situation they are in fact NOT 'good men' and if the choice is either Good or evil. and they are no 'good' therefore they must be evil.


    once again, that is fine, but please if it does not make sense to you, state it does not make sense to you.

    But it certainly does make sense to at least some people.

     

    reply to this | link to this | view in thread ]

  67.  
    identicon
    darryl, Jun 25th, 2011 @ 7:05pm

    Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.

    I would hope that the FBI did not copy a server they have no warrant for.

    NO they would not have done that (copy a server) they would have simply taken a complete image of the entire contents of the hard drives. No biggie, they get their server back.

    and according to Mike, you cannot 'steal' data, therefore FBI did NOTHING that Mike should be able to disagree with,,,, Right Mike ???

     

    reply to this | link to this | view in thread ]

  68.  
    identicon
    darryl, Jun 25th, 2011 @ 7:08pm

    Re: Welcome to Corporatocracy

    considering the constitution was written by some of the biggest industry and corporate leaders in the US at the time, you expect anything less ?

     

    reply to this | link to this | view in thread ]

  69.  
    identicon
    darryl, Jun 25th, 2011 @ 7:19pm

    Re: Re: Re: Re:

    unless they are "Sea Monkeys".... (brine shrimp)!!

    then you could have billions in you :D

     

    reply to this | link to this | view in thread ]

  70.  
    identicon
    Albert, Jun 25th, 2011 @ 8:10pm

    Re: Re: Re: Re:

    You really should try including some links to support your arguments.

     

    reply to this | link to this | view in thread ]

  71.  
    identicon
    darryl, Jun 25th, 2011 @ 9:07pm

    They have your hashes, they have your password and all your data.

     

    reply to this | link to this | view in thread ]

  72.  
    icon
    techflaws.org (profile), Jun 25th, 2011 @ 10:13pm

    Re:

    There is an incredibly lack of information here for anyone to be making claims against the FBI.

    Apart from all their previous such behaviour in the past, you mean?

     

    reply to this | link to this | view in thread ]

  73.  
    icon
    techflaws.org (profile), Jun 25th, 2011 @ 10:17pm

    Re: Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.

    Dumb Daryl is dumb.

     

    reply to this | link to this | view in thread ]

  74.  
    identicon
    darryl, Jun 25th, 2011 @ 11:11pm

    Re: Re: Re: Re:

    we'll said sir, but it wont change a thing for Mike, he is quiet happy stuck in his own little rut, with his merry band of die hard followers/worshipers.

    Typical is their TAM comments "The Anti-Mike" which has to mean they to consider Mike to be some form of God or dieaty for there to be possible an "anti-Mike".

    Sure if Mike is your Christ, and you feel that people who do not follow the church of Mike would be considered TAM (THE ANTI-MIKE) or the Anti-Christ.

    I am glad all your Mike followers have such faith in this surmons, and preaching at you.

     

    reply to this | link to this | view in thread ]

  75.  
    identicon
    darryl, Jun 26th, 2011 @ 1:21am

    Re: Re: Re: Re: Re:

    So it is ok for mike to be biased because he is a 'blogger', good one LOL...

     

    reply to this | link to this | view in thread ]

  76.  
    identicon
    darryl, Jun 26th, 2011 @ 1:24am

    Re: Re: Re: Re: Re: Re:

    yes and if you are a criminal they can keep your entire body for more than 50 years. In prison. You're point is ?

     

    reply to this | link to this | view in thread ]

  77.  
    identicon
    darryl, Jun 26th, 2011 @ 1:33am

    FBI does not need the passwords anyway !

    It's all a pointless argument anyway about password security, that security is only to stop any other user of the service from accessing someone elses data.

    It does not stop someone with system admin rights to view all the data files that are on the server in PLAIN TEXT !.

    So they dont even have to crack the passwords to access the information that people are storing on their servers.

     

    reply to this | link to this | view in thread ]

  78.  
    identicon
    Nicedoggy, Jun 26th, 2011 @ 1:36am

    Re: They have your hashes, they have your password and all your data.

    Quote:
    Is an IT manager really going to manage to get the CFO to log in using “fR4; $sYu 29 @QwmQz” without the combination ending up on a Post-it note in his wallet?


    I have been thinking about that for a while and the best way to keep it secure and non-static that I could think of was Paper Keys.

    One could get new encryption keys to everyone just by printing them and distributing those or uploading to their trusted cellphones(not recommended though) or a dedicated device that is designed to hold the keys.

    One can print those in stickers that can be put on keychain, the thing is that it requires the machine to have a camera.

    RFID could be used for the same purpose but they leak through the walls and can be grabbed on the streets.

    Now using paper-keys along with a password that would be a 2 layer protection instead of the one we have today, any attacker would have to have the password and the digital key that can be updated several times per week or day, and if people get really paranoid they could use another layer maybe biometrics, but for casual users you could create really big passwords and store them in 2D barcodes like QR-Code and use those to sign in to services, the advantage is that the size of the password and its composition will no longer mater, the bad is that if you loose that piece of paper you are screwed.

    Password change can be automated and probably would reduce the number of weak passwords on a real environment.

    Maybe people should start making e-ink keychains like USB thumbdrives on one end you have your USB connection that goes on the computer and gets uploaded with the keys and in the other end when you push the button it pops out a little e-ink tongue that displays the key with the name of the key so people can use another bottom to cycle through 10 or more keys.

    It would even work with third party websites for those who already use a e-wallet that stores their passwords it could authenticate against the password from the paperkey and every time you login to a service it changes the password automatically.

    And of course passwords could be generated to be 256 characters long using symbols, now that would take a long time to brute force.

     

    reply to this | link to this | view in thread ]

  79.  
    identicon
    darryl, Jun 26th, 2011 @ 1:37am

    Re: The FBI will..

    and u think terrosists use the word "terrorists" so much that a simple word search for that word would root out all known terrorists ?

    or that no other person or group would ever use that word ?

    Oh no, I just did, so am I a terrorist now ?

     

    reply to this | link to this | view in thread ]

  80.  
    icon
    btrussell (profile), Jun 26th, 2011 @ 3:13am

    Re: Re: Re:

    "?"

     

    reply to this | link to this | view in thread ]

  81.  
    icon
    Jeni (profile), Jun 26th, 2011 @ 4:55am

    Re: Re: Re: its as simple as "good" and "evil" !!!! LOL

    But darryl, the inherent nature of a good person means they could not stand by and allow someone to be harmed, or not help someone they see in need, etc. if there was anything within their power they could do to help. Their conscious would not allow them to simple "do nothing".

    I guess true goodness is even more rare than I thought, if that's too much for people to grasp.

     

    reply to this | link to this | view in thread ]

  82.  
    icon
    Jeni (profile), Jun 26th, 2011 @ 4:57am

    Re: Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.

    You have GOT to be kidding.

    This is people's personal data we're talking about, not a movie or song that's out there for the purpose of public viewing/listening.

     

    reply to this | link to this | view in thread ]

  83.  
    icon
    Jay (profile), Jun 26th, 2011 @ 6:27am

    Re: Re: Re: Re: Re: Re: Re:

    How do you not know about the FBI DNA collection? It's very controversial how the FBI can have DNA to use against your family and possibly convict them of crimes. This has been discussed before, as I mentioned.

     

    reply to this | link to this | view in thread ]

  84.  
    identicon
    Bengie, Jun 26th, 2011 @ 10:46am

    Re: Lulz

    The the FBI is committing treason.. your point?

     

    reply to this | link to this | view in thread ]

  85.  
    identicon
    JMT, Jun 26th, 2011 @ 2:07pm

    Re: Re: Re: Re: Re: Re:

    Of course it is, this is an opinion blog. Where on earth does it say he can't be biased?

     

    reply to this | link to this | view in thread ]

  86.  
    identicon
    Anonymous Coward, Jun 26th, 2011 @ 4:17pm

    Re:

    Does anyone have proof that the FBI did not copy all of the data on the seized server?

    I am sure that they made a full forensic clone of the hard drives on that server and are going through that data right now.

     

    reply to this | link to this | view in thread ]

  87.  
    icon
    Niall (profile), Jun 27th, 2011 @ 4:15am

    Re: Re: Re: Re: Re:

    Ok, daft darryl logic #235358979.

    'Anti' simply means 'against'. Yes there is a construction "anti-Christ" meaning "opposed to Christ". However, using "Anti-Mike" to mean "against Mike" (on everything and everything, without logic) does not somehow mean we are expanding Mike to god-like proportions. No-one here feels any need to deify Mike - if anything, it's the trolls who seem to feel the need to turn him into a baddie of Satanic proportions!

    Honestly darryl, try and stay in the shade more ;)

     

    reply to this | link to this | view in thread ]

  88.  
    icon
    Niall (profile), Jun 27th, 2011 @ 4:45am

    Re: Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.

    Well, technically it wasn't 'stolent' - but it was quit possibly illegally accessed - i.e. 'hacked' ;) Not to mention the copyright issues...

    ... shouldn't ICE be taking down the FBI website in 3...2...1...? ;)

     

    reply to this | link to this | view in thread ]

  89.  
    icon
    Niall (profile), Jun 27th, 2011 @ 4:48am

    Re: Re: Re: its as simple as "good" and "evil" !!!! LOL

    That bit made sense, but your reframing of the original quote didn't. I don't think 'good' happenings simply the lack of 'evil' acting. "All cats are grey in the dark" does not mean "All things that are grey in the dark are cats". Basic logical fallacy.

     

    reply to this | link to this | view in thread ]

  90.  
    icon
    Niall (profile), Jun 27th, 2011 @ 6:24am

    Re: Re: The FBI will..

    He said 'hunting for (information on) "terrorists"', not 'hunting for the *word* "terrorists"'!

    Do you EVER have anything positive to say about any non-troll/shill posts?
    Do you even *read* other people's posts?

     

    reply to this | link to this | view in thread ]

  91.  
    icon
    Marcus Carab (profile), Jun 27th, 2011 @ 7:05am

    Re: Re: Re: Re: Re:

    Uh, newsflash darryl - we call TAM "The Anti-Mike" because HE created an account called that about a year ago. He even used a colour-inverted photo of Mike for his avatar.

    I think he's the one with religious delusions, not us.

     

    reply to this | link to this | view in thread ]

  92.  
    icon
    Marcus Carab (profile), Jun 27th, 2011 @ 7:06am

    Re: Re: Re: Re: Re: Re:

    In fact, said account still exists:
    http://www.techdirt.com/profile.php?u=tam

     

    reply to this | link to this | view in thread ]

  93.  
    icon
    Gwiz (profile), Jun 27th, 2011 @ 8:19am

    Re: Bye Bye Cloud Computing

    Bye Bye Cloud Computing

    Once again, it failed in the 50's it will fail again in 2011.


    Lolwut?

    My guess is that a stab at "cloud computing" in the 50's would have failed mainly because there were only about 6 "computers" at the time and they filled warehouse sized rooms with their vacuum tubes. Just sayin'.

     

    reply to this | link to this | view in thread ]

  94.  
    icon
    Josh in CharlotteNC (profile), Jun 27th, 2011 @ 11:52am

    Re: Re: Re:

    I predict that workable quantum computers that can perform orders of magnitude faster than standard computers will be "10 years away" once we have workable fusion power generators that supply significant power to the world.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This