Reader Comments

Subscribe: RSS

View by: Time | Thread

• This comment has been flagged by the community. Click here to show it
  

  The Onion Router, 2 Jul 2015 @ 7:33pm

  
  

  No news is good news, eh? -- It's like the censoring here: if no one complains, must not be any!

  And the few times I do get through, you complain that I'm only complaining about being censored!

  [ reply to this | link to this | view in chronology ]

• This comment has been flagged by the community. Click here to show it
  

  Anonymous Coward, 2 Jul 2015 @ 11:29pm

  
  

  Re: No news is good news, eh? -- It's like the censoring here: if no one complains, must not be any!

  man what

  [ reply to this | link to this | view in chronology ]

• 

  PaulT (profile), 3 Jul 2015 @ 12:09am

  
  

  Re: No news is good news, eh? -- It's like the censoring here: if no one complains, must not be any!

  "And the few times I do get through, you complain that I'm only complaining about being censored!"
  
  No, we're complaining that you're never censored. Everyone else can read the rambling bollocks you post in every thread and then when everybody gets tired of your crap and asks for your messages top be hidden you complain falsely about being censored! Actually censoring you would be a fantastic boon to this site, but we never do that.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 5 Jul 2015 @ 10:15am

  
  

  Re: Re: No news is good news, eh? -- It's like the censoring here: if no one complains, must not be any!

  It would help if there was something that resembled being on topic in your post. Your post remains just off the front page because it brings less than nothing to the argument.
  
  What is funny is the tag "This comment has been flagged by the community. Click here to show it." acts like the super canary in the article. It shows both that something exists and that some people thought it was rubbish.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 2 Jul 2015 @ 9:43pm

  
  

  A better (tech) option

  Pardon the pedantry but if the government is likely to force a range of 0 - n then NULLs would be a much better warrant canary at this stage.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 2 Jul 2015 @ 9:48pm

  
  

  Re: A better (tech) option

  Except that the gov't would see right through that pedantic game and say that for their rules, zero and null are the same.

  [ reply to this | link to this | view in chronology ]

• 

  That One Guy (profile), 2 Jul 2015 @ 9:59pm

  
  

  Re: A better (tech) option

  Nah, setting it at 0 works fine, because if it changes at all, then that means they've received at least one order for a given category, even if they can only list the range as 0-999.
  
  The usual government trick won't work here, where a company can only give a range including 0, therefor making it impossible to tell if a company has received 0 orders or several, because they've already set the baseline, and any deviation will indicate a change.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 3 Jul 2015 @ 9:10am

  
  

  Re: Re: A better (tech) option

  ...except the government is likely to step in and say "you need to supply a range" at which point all those 0's change to ranges and a number of those items get grouped together. This still doesn't provide a warrant canary: it just proves that the government has stepped in and has meddled with the organization's right to report. Still something, but the only thing it really tells us is when the government takes notice of this project. Unless they require that the group keep all the values at 0, even when they're not (since it's not illegal to lie about such things).

  [ reply to this | link to this | view in chronology ]

• 

  Ninja (profile), 3 Jul 2015 @ 9:39am

  
  

  Re: Re: Re: A better (tech) option

  This still doesn't provide a warrant canary: it just proves that the government has stepped in and has meddled with the organization's right to report.
  
  Paradox warning! That's exactly what a canary is designed for.

  [ reply to this | link to this | view in chronology ]

• 

  Village Idiot (profile), 3 Jul 2015 @ 12:25pm

  
  

  Re: Re: Re: A better (tech) option

  I think the point is that the government cannot come to them and require a change without first having a "legal" reason to do so, as in a gag order. A gag order really cannot be ordered on the basis of "we will probably require they let us spy on their future user base." So by doing this before launch, the government has no grounds to issue any requirements of any kind.

  [ reply to this | link to this | view in chronology ]

• 

  Derek Kerton (profile), 3 Jul 2015 @ 11:40am

  
  

  Re: Re: A better (tech) option

  Yeah. The usual trick of requiring 0-999 basically gives the gov't 999 "free passes".

  [ reply to this | link to this | view in chronology ]

• 

  HoleTurth, 3 Jul 2015 @ 12:25am

  
  

  Perhaps you are failing to see the government's sincere effort to improve efficiency and save cost for companies here.
  
  To further ease compliance for companies, they should just go ahead and create a single bracket: "zero or more". This would eliminate all the excessive cost associated with unnecessary reporting and save companies a zillion dollars. Moreover, it would help achieve full transparency on the topic.

  [ reply to this | link to this | view in chronology ]

• 

  Bamboo Harvester (profile), 3 Jul 2015 @ 5:50am

  
  

  sdrawcaB

  I think you may be looking at this backwards. It seems very similar to "reports" I used to send around the company whenever a new database was requested, with a memo to inform me of any changes required before I cast it in stone. Add/drop fields, add/drop columns, etc.
  
  And all the fields were filled with a single character - usually a zero, just to keep the formatting correct.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 3 Jul 2015 @ 6:33am

  
  

  And that's how you do it. It would be nice if more companies offered such detailed transparency reports/warrant canaries.

  [ reply to this | link to this | view in chronology ]

• 

  ValueBlue, 3 Jul 2015 @ 8:28am

  
  

  https

  "which will offer free HTTPS security certificates, making it much easier to encrypt the web. "
  
  What i am wondering if this is good or not. When everyone uses https will this lead to less secure https? Since it is worth more to make breaks? Like there were no viruses for mac...??
  
  Greets,
  Rob Veld
  ValueBlue

  [ reply to this | link to this | view in chronology ]

• 

  Dave, 3 Jul 2015 @ 8:30am

  
  

  Re: https

  Thats a really good question.
  I am not sure about this, but this is worth studying.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 3 Jul 2015 @ 9:31am

  
  

  Re: Re: https

  Trust me; it's been studied in-depth already.
  
  TLS has a number of roles to play in network communications:
  1) encrypt data to protect it from sniffing in-transit
  2) authenticate data to verify it came from whom you expect
  3) sign data so you know you got only the data you were expecting
  
  Now here's how it breaks:
  1) man-in-the-middle servers that sign with an alternate certificate. This can be done on the client (SuperFish), at the network edge (many gateway prodcuts), or anywhere upstream that has access to a trusted certificate on the client.
  2) Yeah, this is broken at a number of levels, relating to item 1 -- there are many entities out there that can fake or phish the sender identity. Web of Trust helps a bit here, but the traditional methods (whitelist/blacklist) tend to fail, as the blacklists are improperly implemented in most places. How do you trust authenticity when most major governments have access to root certs?
  3) This is actually still pretty safe; TLS itself has withstood most cracking attempts, and as a result, you're likely to have received exactly what the sender sent. The only issue here is that you have no way to 100% verify that the sender was who you thought it was, unless you got the signing certificate directly from them via a separate channel, and know that nobody else has access to their root certificate.
  
  Aside from all this, verts generally work by exclusivity; the fewer organizations who have certificates, the more secure they are. If you remove the barriers to entry so that anyone can get a certificate, then that means that while a cert may be valid, it becomes more difficult to figure out if the person who owns the certificate is trustworthy in the first place.
  
  If certificates are free, than you can rest assured that some botnet is going to have all its nodes registering bogus certificates that it can rotate through, giving the CNs all sorts of names, from "Bankof America" to "Aqqle" to "Trusted Update Pty, LLC". Then you'll have tons of signed malware coming down an encrypted pipe with a "verified" host at the other end. And you'll have all your personal data going up another pipe, similarly encrypted.
  
  This doesn't make certificates bad, but they're not the panacea that many would believe -- they really only protect against casual sniffing and verify the data being transmitted between two (rightly) trusted points.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 3 Jul 2015 @ 10:03am

  
  

  Re: Re: Re: https

  they really only protect against casual sniffing

  
  And it is the casual sniffing of governments that these certificates are primarily aimed at. If use of encrypt everything means that the Governments of the world cannot keep up with the decrypting of Internet traffic in real time, then most people's privacy improves. I do not ask that the system is perfect, just strong enough to force governments to target who they spy on.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 3 Jul 2015 @ 9:35am

  
  

  relevant precedent case law?

  What is the precedent case law that establishes that the government can't make a company lie in such a situation?
  
  Warrant canaries seam like a speculatory concept at best to me, maybe there's something I haven't heard of yet though.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 5 Jul 2015 @ 10:20am

  
  

  Re: relevant precedent case law?

  Perhaps a company that was ordered to lie would do it badly on purpose. If this text changes in anyway it is an indication that prevarication is going on. So when the 0s become zeros you know some one has intervened.

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 3 Jul 2015 @ 4:42pm

  
  

  @13
  That's a very succint explanation. Well done.
  
  I was just reading this earlier- should be of interest to any one who would like to make conscious choices about who they trust. somewhat complex stuff unfortuantly.
  https://blogs.fsfe.org/jens.lechtenboerger/2014/03/10/certificate-pinning-with-gnutls-i n-the-mess-of-ssltls/

  [ reply to this | link to this | view in chronology ]

• 

  Anonymous Coward, 6 Jul 2015 @ 11:18am

  
  

  Even if they are later required to do ranges, can they not just do a wink and a nod such as:
  0-249 = 0
  1-250 = 1
  2-251 = 2
  etc..
  
  Would that run afoul of anything?

  [ reply to this | link to this | view in chronology ]

Add Your Comment