So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?
from the that-doesn't-seem-right dept
We recently wrote about the FBI’s server seizures in the hunt for LulzSec, noting the collateral damage that took down servers of a few different popular websites. One of the seized servers was a backup server for the very popular service Instapaper, which many people use to save web pages and other info. While Instapaper’s Marco Arment notes that the FBI did return the server relatively quickly, it’s possible that the FBI now has a copy of pretty much everyone’s Instapaper data, which could reveal a lot about some people.
Possibly most importantly, though, the FBI is now presumably in possession of a complete copy of the Instapaper database as it stood on Tuesday morning, including the complete list of users and any non-deleted bookmarks. (?Archived? bookmarks are not deleted. ?Deleted? bookmarks are hard-deleted out of the database immediately.)
Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe. But email addresses are stored in the clear, as is the saved content of each bookmark saved by the bookmarklet.
The server also contained a complete copy of the Instapaper website codebase, but not the codebase of the iOS app.
Linked Facebook, Twitter, or Tumblr accounts only store their respective OAuth keys. Linked Evernote accounts only store the Evernote email-in address. Linked Pinboard accounts, however, store plaintext usernames and encrypted passwords, and the encryption keys are present in the website source code on the server.
So the FBI now has illegal possession of nearly all of Instapaper?s data and a moderate portion of its codebase, and as far as I know, this is completely out of my control.
Marco is quite reasonably pissed off at the hosting company, DigitalOne, who never contacted him about this (before or after the raid, including up until the blog post, days later). Frankly, that’s unconscionable. For an ISP to simply not tell their customer that a server has been seized? Marco is also upset that DigitalOne didn’t do anything to stop the seizure. Now, on both of those accounts, it’s possible that DigitalOne’s hands were tied. There’s not much they can realistically do if the FBI shows up with a seizure warrant, even if it’s super broad. And we have seen the FBI use gag orders barring ISPs from talking about what was seized.
But, really, that just goes to show, yet again, the problems of such government seizures with no prior adversarial hearings. I recognize that they’re looking for evidence that might disappear, but the chance for serious collateral damage, including potentially serious privacy violations, seems pretty high. I’m not sure there’s anything he could do, but it certainly would make for an interesting lawsuit if either Marco or an Instapaper customer decided to sue the federal government over these seizures.
Filed Under: datacenter, fbi, privacy, seizures
Companies: instapaper
Comments on “So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?”
Frak that!
And we have seen the FBI use gag orders barring ISPs from talking about what was seized.
Ignore it.
Gorram it, we have to start exercising free speech if we expect to keep it.
Re: Frak that!
Check your window. There’s a van parked outside. Offer the two guys with headphones coffee.
Re: Re: Frak that!
Donuts
Re: Re: Frak that!
Not tees with FEED ME, I AMN A US GOVERNMENT EMPLOYEE on them?
Re: Re: Frak that!
This is restricted information, we will be seeing you soon to …”get a statement” from you. Bring a towel.
So don't use online storage!
Would never occur to me, as I came out of the dark days when the Personal Computer freed us from time-sharing on a centralized computer. Now everyone is hot to let a central system (euphemized as “the cloud”) store all their vital and personal data — FREE for the plucking by anyone, too. Drawbacks are obvious and particular gotchas seem to be discovered almost daily; I see no /point/ let alone advantages to it.
Encrypt Your Data People
It’s kinda sad about the fourth amendment. You have to assume that any data of yours, stored at any place not under your direct control, could fall into the hands of any security service, any law enforcement organization or any criminal, at any time. Your only defense is to use strong encryption at all times. Do not purchase any service which does not give you strong encryption as standard, with the key under your control.
Key security and management is your problem, which you need to solve locally. If you use the world’s least secure operating system, namely Windows, on any server or your management console, it is game over, you lose. Be careful. The only person looking after your interests is you. Never forget that.
Tell me
what is the difference between this action and lulsec’s?
Re: Tell me
The FBI used guns and “laws” (the threat of both immediate and delayed violence).
Lulsec used the security failings of others.
Re: Tell me
LulzSec didn’t physically remove property belonging to an innocent party
Mike, you need to be talking with Alex Jones. Half your articles are highly related to the police state and Nazi government control. How come no one reacts to such blatant disregard for the law? Oh right.. because they make up laws as they go. Land of the free, huh? More like land of the pwned.
So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?
I’ll go w/: Yes?
what did I win? hey, where are you going w/ my server?
Tell me
“what is the difference between this action and lulsec’s?”
I guess there isn’t much difference between the two. The FBI is no better than Lulz Security. That’s the moral of this story.
Lulz
The difference is Lulzsec is committing a federal crime each time they DDOS someone.
And if you are going to blame anyone, blame Lulzsec for this. And you can mark my words, things will just get far worse, all thanks to “Lulzsec”. We are going to lose most rights that we have now.
Re: Lulz
Wow, all other Time must be ashamed of themselves.
There is this funny little thing called the Second Amendment. I strongly advise you to use it before you lose it.
Re: Lulz
You can’t blame LulzSec for the actions of the over reaching FBI. Stop being ridiculous.
Re: Lulz
The the FBI is committing treason.. your point?
About encryption, I want to note that current encryption algorithms probably will last 10 to 20 years before they can be easily brute forced, so encryption only buys time in the case of static storage.
Re: Re:
HAHAHAHA.
haha.
ha.
Current encryption technology would require the entire universe acting as a computer with each atom as a transistor, for the entirety of time so far to crack only (on average) 10,000 256-bit encryptions.
I haven’t done that calc in a while, (it’s somewhere in the comments on a past story here), but I believe that calc also assumed the universe was solidly packed instead of mostly ’empty’. If that’s the case, then the real calc would be somewhere closer to 10^-18 256-bit encryptions could’ve been broken.
Anyways, I don’t think you mean ‘brute-force’, but I will allow the possibility that current algorithms might possibly be cracked in twenty years. I doubt it, but I won’t deny the possibility.
Re: Re: Re:
http://arstechnica.com/old/content/2007/05/researchers-307-digit-key-crack-endangers-1024-bit-rsa.ars
You was saying?
Re: Re: Re: Re:
A meaningless comparison. Key length is one of those obvious things – after all, it’s just a number and bigger is clearly better, right? – that leads people astray all the time. The thing to keep in mind is that what matters is not the *number of bits in the key*, it’s the number of possible distinct keys. If I told you “I use AES-256 for absolute security, but it’s easy for me to remember the key: I only choose keys between 1 and 1000” – well, that’s obviously not very secure: You can guess my key in at most 1000 tries!
For a system like AES, every possible 128 (or 192 or 256) bit combination is a valid key. The strength of the system (against a brute force attack!) can be read directly off the number of bits. No conceivable computer will ever be able to attack a 256-bit key, and personally I cannot imagine a situation where a 128-bit key could be brute-forced.
For a system like RSA, only very special combinations of bits correspond to valid keys. An AES key is just a bunch of bits, while an RSA key, as a number, has to be product of exactly two prime numbers in a particular range, with special properties to boot. Even then, there would be too many values to try in a pure brute force fashion- but because of the necessary mathematical properties of an RSA key, no one does that. Instead, they use more efficient techniques that rely on those mathematical properties. A 1024 bit RSA key requires about as much computational effort as an 80-bit AES-like key. That’s why the current recommendation is for at least 2048 bits (roughly the equivalent of 112 AES-like bits), though that’s considered pushing it a bit. To get to the equivalent of a 128-bit AES key, you need a 3072-bit RSA key; to match AES-256, you need a 15360-bit RSA key! Such keys actually get used today. In 2005, if you combine published estimates, experts were predicting that 1024-bit RSA should be phased out by 2010 (though high-value uses should move faster). OK, so half way through that period, *one* 1024-bit RSA key was broken … though in fact even that isn’t true. (Breaking an RSA key amounts to factoring a large number into its two constituent primes. What the link points to was a successful factorization of a very specially chosen number – 2^1039-1 – for which even better mathematical techniques are known. Even so, it took the equivalent of 100 years of computer time. An indication that it was time to move on from 1024-bit keys? Absolutely. A practical “break” for massive numbers of RSA keys? Not quite.
An alternative to RSA is elliptic curve crypto (ECC), which has the same public-key properties but can use many more possible combinations of bits in a key, so can get by with dramatically shorter keys. In fact, to get the ECC equivalent of n-bit AES, you need 2n-bit ECC.
????????????????????????????????????????????????????????– Jerry
Re: Re: Re:2 Re:
There is another post that didn’t made it through the filter were I apologized for the use of “brute-force” to describe how people could undo the encryption.
Still in the 90’s I believe the most used encryption was still DES not AES.
If you get something with a DES or RSA one probably can decode it.
http://www.sciengines.com/copacobana/
Also even AES have some shortcomings like if people use passwords that are less than 32 characters in length rainbow tables could make it easy to find the correct one, in that case you are attacking the encryption by its sides and who knows how it was implemented there could be problems in the implementation even if the theory is flawless like the Debian/Ubuntu OpenSSL Random Number Generator Vulnerability
Now I read somewhere that even the government is considering use of ECC because they don’t see AES being secure for long, but that is from memory and I could be wrong.
Re: Re: Re:2 Re:
I also want to note that DES at one time was considered flawless and unbreakable until people found weakness in it.
Can anyone here guarantee that AES and ECC will endure the test of time?
Wikipedia also explain the problems in their page about brute-force.
http://en.wikipedia.org/wiki/Brute-force_attack
Re: Re: Re:
Hmmm…you got me there on the brute-force thing though, it is infeasible at the moment for current computers to do it, so you are correct, what I was thinking about was all those mathematical ways people could use to crack the encryption, my apologies.
Re: Re: Re:
Quantum technology will reduce those times by orders of magnitude, and quantum computers are just around the corner…
Re: Re: Re: Re:
I predict that workable quantum computers that can perform orders of magnitude faster than standard computers will be “10 years away” once we have workable fusion power generators that supply significant power to the world.
Does anyone have proof that the FBI copied all of the data? Does anyone know what was named as part of the warrant? Did that hacker dude in the UK admit to using instapaper to share ideas with others?
There is an incredibly lack of information here for anyone to be making claims against the FBI.
Re: Re:
What part of “it’s possible” or “potentially serious” you don’t understand son?
Re: Re: Re:
It’s possible. It’s also possible that monkeys will fly out of your butt. But since it isn’t likely, you don’t worry about it much. It is equally unlikely that the FBI copied content from servers that they don’t have a warrant for, once they have determined what the server is and what it is used for.
That of course would also depend if instapaper was used for less than honest purposes. At that point, yes, the FBI might have a copy of it all pending investigation by their experts.
Re: Re: Re: Re:
When did you see law enforcement passing on the opportunity to snoop on others?
When?
Is not only likely, but most certainly the agents copied everything before giving it back, even if it was to take a look at the contents later to find something they could use as leverage if those people sue.
What is unlikely is that they didn’t copy it.
Now I ask you again, what part of “It’s possible” you don’t understand?
The post didn’t accused the FBI of anything, but it was concerned about those possible and most probable scenarios and why there is no means to address those issues.
Re: Re: Re:2 Re:
Spot on Nicedoggy. Gov’t has become obsessed with data mining. It’s like a disease. It’s out of control. Why they even “mine” our physical bodies now (TSA).
Re: Re: Re:3 Re:
Don’t forget, if you’re a criminal, they keep your DNA for 50 years. This goes quite well in prying convictions on your family later on.
Re: Re: Re:4 Re:
yes and if you are a criminal they can keep your entire body for more than 50 years. In prison. You’re point is ?
Re: Re: Re:5 Re:
How do you not know about the FBI DNA collection? It’s very controversial how the FBI can have DNA to use against your family and possibly convict them of crimes. This has been discussed before, as I mentioned.
Re: Re: Re:5 Re:
This is about the statistical relation of the DNA matches
This is the brothers allele problem
Re: Re: Re: Re:
No, that’s not possible (nor probable). At most you will only get one monkey out of my butt. My abdomen and intestinal track are only so big, I’ll allow that a single monkey “might” be squeezed in there, but not multiple. Unless of course, you’re positing that an heretofore unknown species of pygmy monkeys is living up there. However,I believe(and I could be wrong) that you’re stretching the definition of the word possible at this point.
But thanks for playing…
Re: Re: Re:2 Re:
http://www.guzer.com/pictures/very-small-monkey.php
You could easily fit a few of these up your enormous keister
Re: Re: Re:3 Re:
fair enough, pygmy monkeys it is…
Re: Re: Re:2 Re:
unless they are “Sea Monkeys”…. (brine shrimp)!!
then you could have billions in you 😀
Re: Re: Re:
“So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?”
Where in this title does it say “its possible”?
Re: Re: Re: Re:
Where in this title does it say “its possible”
That would in the use of the word “can” rather than the word “did”.
Re: Re: Re: Re:
“?”
Re: Re:
“There is an incredibly lack of information here for anyone to be making claims against the FBI.”
That doesnt matter to the “followers of Mike”. You are supposed to just say Moo and follow the herd.
Like this: My rights are at stake here. The government is trying to do away with the constitution. We need more transparancy. The law enforcers shouldnt be allowed to do anything without getting permission from the supreme court first.
Re: Re: Re:
You apparently, and quite foolishly, appear to believe that Mike simply tells his readers what to think.
—>You don’t happen to work in the old-media Broadcast business do you?
There are many people who have opinions similar to Mike, and they choose to express themselves in the comment sections here. In case you haven’t noticed, they also express themselves in the comment sections of many major newspapers around the country. Mike’s ideas are not rare or unusual. Unfortunately editors around the country don’t seem to be paying much attention.
Everywhere I go, I hear people of all economic positions are talking about the government’s assault on civil liberties. The political parties had better watch out because this isn’t a liberal thing, and it’s not a conservative thing, it’s a fed-up American thing. It’s high time that both Repubs. and Dems. stopped telling us that meekly surrendering our liberty is the Patriotic thing to do.
Re: Re: Re: Re:
You said: “You apparently, and quite foolishly, appear to believe that Mike simply tells his readers what to think”
Me: You don’t think so? Re-read the site with an unbiased eye, and you will see plenty of attemptd to tell people what to think. Many of the posts in the last couple of weeks have involved trying to re-frame discussions, but trying to significantly expand defintions, to ignore basic court rulings, and generally to try to paint a picture that isn’t entirely realistic.
Much of it is done by parroting anti-copyright sites like Torrent Freak, which has some truly biased “reporting” on their site.
The rest is typically done by mocking reports that he doesn’t agree with, or carefully playing with quotes and reports to draw conclusions that are just not clearly supported by the data, or that have other way more plausible answers.
There are many people with a similar opinion as Mike. They ignore the laws unless they favour their cause, they always say “the judge got it right” when they block some action, and “the *AA’s paid off another judge” when the results aren’t in their favor.
It’s fun to watch them go, fun to watch them post comments here. It’s even funnier when you find one or two of them actually working in the mass media, and making their living from companies that use and apply copyright to their work.
Re: Re: Re:2 Re:
Of course if you were a blogger instead of an anonymous coward, your blog would be completely unbiased, state only facts but no opinions, never use any other websites for source info, not allow any dissenting comments, and not make any speculations based on previous experience. And it would be such a thrilling read…
Re: Re: Re:3 Re:
So it is ok for mike to be biased because he is a ‘blogger’, good one LOL…
Re: Re: Re:4 Re:
Of course it is, this is an opinion blog. Where on earth does it say he can’t be biased?
Re: Re: Re:2 Re:
I wouldn’t know if you are correct about this or not. I’ve never read Torrent Freak in my life.
I happen to think it more interesting (and alarming) to watch the media apologists here blithely promote any new proposal which makes copyright more onerous and rigid regardless of what the consequences are for civil liberties in this country.
Constitution…schmonstitution seems to be the attitude.
The perfect case in point is Mr. Dark Gray Snowflake above in this thread.
If you happen to know anything about the circumstances which brought our country into existence, and if you know anything about the circumstances through which other countries who have had freedom lost theirs, you just can’t help but be concerned by the ‘damn the consequences’ attitudes displayed by media company defenders here. The restrictions of freedom that are being proposed may have consequences that could extend far beyond the sphere of the media in years to come. Remember the proposals being made aren’t just theoretical. They involve laws and establish precedents that would give government the legal right to do things which it has never had either the right nor the technical capability to do in the past.
Re: Re: Re:2 Re:
You really should try including some links to support your arguments.
Re: Re: Re:2 Re:
we’ll said sir, but it wont change a thing for Mike, he is quiet happy stuck in his own little rut, with his merry band of die hard followers/worshipers.
Typical is their TAM comments “The Anti-Mike” which has to mean they to consider Mike to be some form of God or dieaty for there to be possible an “anti-Mike”.
Sure if Mike is your Christ, and you feel that people who do not follow the church of Mike would be considered TAM (THE ANTI-MIKE) or the Anti-Christ.
I am glad all your Mike followers have such faith in this surmons, and preaching at you.
Re: Re: Re:3 Re:
Ok, daft darryl logic #235358979.
‘Anti’ simply means ‘against’. Yes there is a construction “anti-Christ” meaning “opposed to Christ”. However, using “Anti-Mike” to mean “against Mike” (on everything and everything, without logic) does not somehow mean we are expanding Mike to god-like proportions. No-one here feels any need to deify Mike – if anything, it’s the trolls who seem to feel the need to turn him into a baddie of Satanic proportions!
Honestly darryl, try and stay in the shade more 😉
Re: Re: Re:3 Re:
Uh, newsflash darryl – we call TAM “The Anti-Mike” because HE created an account called that about a year ago. He even used a colour-inverted photo of Mike for his avatar.
I think he’s the one with religious delusions, not us.
Re: Re: Re:4 Re:
In fact, said account still exists:
http://www.techdirt.com/profile.php?u=tam
Re: Re:
There is an incredibly lack of information here for anyone to be making claims against the FBI.
Apart from all their previous such behaviour in the past, you mean?
Re: Re:
Does anyone have proof that the FBI did not copy all of the data on the seized server?
I am sure that they made a full forensic clone of the hard drives on that server and are going through that data right now.
About encryption, I want to note that current encryption algorithms probably will last 10 to 20 years before they can be easily brute forced, so encryption only buys time in the case of static storage, so please don’t store criminal activity in files that could be open 20 years later and have no statute of limitations 🙂
Re: Encryption
Encryption actually does not have to be very good and it defeats the security services. Get yourself an encryption key which is several thousand bits long and truly random, then the dear old XOR the plaintext with the key, over and over, will work just fine. Back that up with prior data compression and a spot of running it through AES and the codebreakers are SOL. They could be up for $trillions to have any hope of brute forcing it. Not going to happen.
Remember how hissy various pollies got about not being able to read Blackberry messages? Have you noticed the slow progress on cleaning up botnets? The botmasters are protecting themselves with encryption. It’s working just fine for those guys, and they have plenty of very determined opposition.
Re: Re: Encryption
Have you a text encrypted in 1990?
I bet any computer today can brute force that baby in seconds.
Since computers double processing power every year or so, even those thousand bit long encryption keys will not be that secure in 20 years.
Not to mention unknown vulnerabilities that could be uncovered in the future.
So unless you have encrypted content that can re-encrypt itself every year with the latest encryption and patch itself against vulnerabilities or use some type of death algorithim that depends on pieces from others places that go away with time rendering completely useless sooner or later people will be able to open that file.
I like to think of static encrypted files as time-capsules.
Re: Re: Re: Encryption
im pretty sure public key cryptography has not changed that much since the 90’s… as I recall, the pgp cypher that Assange wrote is still damn near impossible to crack… 20 years later.
can someone correct me if this is wrong?
Re: Re: Re:2 Encryption
Wasn’t that Phil Zimmerman ?
What part did Assange play, I can find no references for that.
Re: Re: Re:2 Encryption
As freak on, Jun 25th, 2011 @ 5:12am, brute-force in the traditional sense will be impossible, but that encryption can be broken today by other means as pointed out in this article from 2007:
http://arstechnica.com/old/content/2007/05/researchers-307-digit-key-crack-endangers-1024-bit-rsa.ar s
As to the changes in how they were cryptographed you are correct it didn’t change that much, some bugs were found that I read about it and people started using longer keys, in the 90 the best people were commonly using I believe was 124 bit encryption, today we can have supercomputers in our homes that can achieve the necessary raw power to factor those numbers so I don’t believe they are secure anymore, if people are really interested they would be able to open the file, also most people don’t use really secure passwords so rainbow tables are an option that can open a file in minutes given a large enough table.
I'd sue.
I’d happily take the stress of it and sue the FBI into the dark ages. By the time I was finished with them, they’d stop this crap.
SUE THE FUCKERS! SET A PRECEDENT!
Re: I'd sue.
There’s actually already a precedent. It’s just that people see the NSL letter and forget to sue the FBI on reaching so far.
Re: I'd sue.
What I was thinking (minus the F bomb).
Edmund Burke said “all that is necessary for the triumph of evil is that good men do nothing”.
I'm with Marco...
I’m rather shocked that the on-site technicians at this data-center allowed the FBI to take a dozen boxes when the warrant clearly stated (presumably) one or two. I don’t mean attempting to physically prevent them or civil disobedience… it’s unthinkable that the FBI would send a team of officers to seize servers and not include at least one technician with the ability to determine which ones were which, so when a company very strongly protests you touching things not mentioned in your warrant and offers every means of assistance in locating and extracting the correct items and you ignore it and take the rack anyway… you create wiggle room for a lawsuit where otherwise no judge in today’s Patriot Opera world would bother to squeeze. The companies involved in hosting and storing these servers were put in a tough situation and I sympathize, but it smells like somebody rolled way too easily and these companies deserve an exodus of subscribers. If enough of a stink is made now, the next time you can be sure someone along the chain of command will say “be precise, don’t make me deal with another two weeks of internet and press frenzy”.
I would hope that the FBI did not copy a server they have no warrant for. On the other hand, the company shouldn’t be in a position that they have to take the FBI’s word for it. Take them to court. Make them swear under oath that no copy of the server was made. It may take time, but it shouldn’t be too hard to find the truth out in a relatively cheap way if the company is concerned. If they want to get it out of the way quickly and cheaply, your data is probably safe. If they cite “ongoing investigations” or “national security” in court filings, your data is now in the possession of the FBI and they are probably already analyzing it.
Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.
I would hope that the FBI did not copy a server they have no warrant for.
NO they would not have done that (copy a server) they would have simply taken a complete image of the entire contents of the hard drives. No biggie, they get their server back.
and according to Mike, you cannot ‘steal’ data, therefore FBI did NOTHING that Mike should be able to disagree with,,,, Right Mike ???
Re: Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.
Dumb Daryl is dumb.
Re: Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.
You have GOT to be kidding.
This is people’s personal data we’re talking about, not a movie or song that’s out there for the purpose of public viewing/listening.
Re: Re: But mike says you cannot 'steal' data, and that copying it is ok, because you dont take away from the original.
Well, technically it wasn’t ‘stolent’ – but it was quit possibly illegally accessed – i.e. ‘hacked’ 😉 Not to mention the copyright issues…
… shouldn’t ICE be taking down the FBI website in 3…2…1…? 😉
Welcome to Corporatocracy
The Constitution only applies when it protects Corporations or the American Government (which is a corporation itself).
Re: Welcome to Corporatocracy
considering the constitution was written by some of the biggest industry and corporate leaders in the US at the time, you expect anything less ?
SHA-1 (salted) hashes - Trivial to crack with GP/GPU (Graphics processors)
“Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe.”
Yes, ‘relatively safe’ means at least 10 seconds or less to crack. Probably sub 1 second….
Post 1002 on TD..
Bye Bye Cloud Computing
Once again, it failed in the 50’s it will fail again in 2011.
Re: Bye Bye Cloud Computing
Bye Bye Cloud Computing
Once again, it failed in the 50’s it will fail again in 2011.
Lolwut?
My guess is that a stab at “cloud computing” in the 50’s would have failed mainly because there were only about 6 “computers” at the time and they filled warehouse sized rooms with their vacuum tubes. Just sayin’.
Answer to your question --- easy...
So The FBI Can Just Take A Copy Of All Instapaper User Data With No Recourse?
Judging by the rest of the comments you made after that question, and by you posing that question in the first place.
I feel you are seeking an answer for something you lack understanding in, so for you I will make it simple.
apparently
capable of being easily perceived or understood; plain or clear; obvious:
Lessons learnt?
Has Marco Arment learnt any leasons?
SHA-1? No encryption of user data? Come on!
http://blog.instapaper.com/post/6854208028
its as simple as "good" and "evil" !!!! LOL
Darryl Says
“all that is necessary for good to triumph is that evil men do nothing”
(or “a good man doing nothing in the face of evil, is evil, and therefore no longer Good”).
Re: its as simple as "good" and "evil" !!!! LOL
That makes no sense, Darryl.
Re: Re: its as simple as "good" and "evil" !!!! LOL
no, it maks no sense TOO YOU !!!
there is a difference.
Re: Re: its as simple as "good" and "evil" !!!! LOL
I will try to make it clearer for you 🙂
say a “good man” is walking on the street, and he sees a crime being committed against someone.
if that good man “does nothing” he is allowing evil to trimph.
A good man doing nothing in the face of evil is therefore not a good man, but is in fact evil.
So then a “good man” would NEVER DO NOTHING in the face of evil!
So to say ‘for evil to prevail good men do nothing’ is incorrect. because the act of ‘doing nothing’ means in this situation they are in fact NOT ‘good men’ and if the choice is either Good or evil. and they are no ‘good’ therefore they must be evil.
once again, that is fine, but please if it does not make sense to you, state it does not make sense to you.
But it certainly does make sense to at least some people.
Re: Re: Re: its as simple as "good" and "evil" !!!! LOL
But darryl, the inherent nature of a good person means they could not stand by and allow someone to be harmed, or not help someone they see in need, etc. if there was anything within their power they could do to help. Their conscious would not allow them to simple “do nothing”.
I guess true goodness is even more rare than I thought, if that’s too much for people to grasp.
Re: Re: Re: its as simple as "good" and "evil" !!!! LOL
That bit made sense, but your reframing of the original quote didn’t. I don’t think ‘good’ happenings simply the lack of ‘evil’ acting. “All cats are grey in the dark” does not mean “All things that are grey in the dark are cats”. Basic logical fallacy.
I guarantee the FBI copied every last bit on everything.
Not only that, but they will undoubtedly use the copied data to expand their scope of investigation far beyond what the original warrant permitted (if there actually was a valid warrant at all). This is the type of “collateral damage” that we can expect from their nefarious activities, and what’s more, they probably won’t find anything about their purported perp – Lulzsec.
This is what they do, and with impunity. The ISP is at fault for failure to notify its clients, and the use of “gag orders” and other such nonsense is something one would expect in a fascist, totalitarian state. Sorry folks, but the US populace is screwed, totally, and forever. Your government thanks you, and expects your continued “cooperation”. Now bend over, and “cooperate”!
The FBI will no doubt go unpunished for what is in essence theft.
Ironically it is this sort of unpunished behavior that gave rise to groups like wikileaks, anonymous, lulsec in the first place.
FBI seizures
I am a veteran, and I was quite willing to give my life for my country, which I admired deeply.
However, this sounds more like the gestapo under Hitler than American. I am not sure I would be willing to serve, and certainly not willing to “give up my life”, for a country that allows such things.
I can only hope the American people (with the help of the blogs – certainly no help from the news media!) will someday come to their senses, and take steps to stop this sort of thing.
The FBI will..
definitely look at their copy of the database to search for “terrorists”, but will probably just go ahead and see what they can find. I’m sure they won’t have a problem breaking the encryption. The spooks don’t really pay attention to constitutional protection any more; they now feel that “hunting for terrorists” justifies anything they want to do. Maybe we should just refer to all the federal spooks as the American Gestapo.
Re: The FBI will..
and u think terrosists use the word “terrorists” so much that a simple word search for that word would root out all known terrorists ?
or that no other person or group would ever use that word ?
Oh no, I just did, so am I a terrorist now ?
Re: Re: The FBI will..
He said ‘hunting for (information on) “terrorists”‘, not ‘hunting for the *word* “terrorists”‘!
Do you EVER have anything positive to say about any non-troll/shill posts?
Do you even *read* other people’s posts?
Sue 'em.
I hate to say this, but if the FBI does in fact have this data, maybe they should learn from the MAFIAA. Sue the FBI for copyright infringement. They had no warrant or right to copy or even possess that data.
I wonder if anyone is providing a hosting solution where if someone tries to seize a server, a relay could be tripped (say, by the receptionist) turning a huge electromagnet built around the hard drives, wiping them where they sit. The selling point being you may lose your data, but no-one else is, by damn, going to get it.
They have your hashes, they have your password and all your data.
http://www.pcpro.co.uk/blogs/2011/06/01/how-a-cheap-graphics-card-could-crack-your-password-in-under-a-second/
How a cheap graphics card could crack your password in under a second
Re: They have your hashes, they have your password and all your data.
Quote:
I have been thinking about that for a while and the best way to keep it secure and non-static that I could think of was Paper Keys.
One could get new encryption keys to everyone just by printing them and distributing those or uploading to their trusted cellphones(not recommended though) or a dedicated device that is designed to hold the keys.
One can print those in stickers that can be put on keychain, the thing is that it requires the machine to have a camera.
RFID could be used for the same purpose but they leak through the walls and can be grabbed on the streets.
Now using paper-keys along with a password that would be a 2 layer protection instead of the one we have today, any attacker would have to have the password and the digital key that can be updated several times per week or day, and if people get really paranoid they could use another layer maybe biometrics, but for casual users you could create really big passwords and store them in 2D barcodes like QR-Code and use those to sign in to services, the advantage is that the size of the password and its composition will no longer mater, the bad is that if you loose that piece of paper you are screwed.
Password change can be automated and probably would reduce the number of weak passwords on a real environment.
Maybe people should start making e-ink keychains like USB thumbdrives on one end you have your USB connection that goes on the computer and gets uploaded with the keys and in the other end when you push the button it pops out a little e-ink tongue that displays the key with the name of the key so people can use another bottom to cycle through 10 or more keys.
It would even work with third party websites for those who already use a e-wallet that stores their passwords it could authenticate against the password from the paperkey and every time you login to a service it changes the password automatically.
And of course passwords could be generated to be 256 characters long using symbols, now that would take a long time to brute force.
FBI does not need the passwords anyway !
It’s all a pointless argument anyway about password security, that security is only to stop any other user of the service from accessing someone elses data.
It does not stop someone with system admin rights to view all the data files that are on the server in PLAIN TEXT !.
So they dont even have to crack the passwords to access the information that people are storing on their servers.