Well, from what I understand, anything you share with Microsoft you give up privacy rights to. So anything your computer sends to them the Government can ask for without needing a warrant.
So.... When you use their full disk encryption and Microsoft "backs up" your key on their servers..... Yeah, after all that has come out about the NSA just try and argue that they aren't making copies of all those keys. If you can do that with a straight face then you have a bright future in politics.
Also lets not forget that the FBI can "neither confirm nor deny" listening in on amazon echos. So yeah, sure they are not listening in on Cortana.
This comment really makes me hope that someday soon people will get together for one of the most epic protests ever. I can just imagine a huge protest with few thousand people marching out in front of some government buildings before all bending over and mooning them.
I love how these people also so quickly overlook history. The way I look at it, the second amendment is there for pretty much one reason, to keep the government fearful of the population. The founding fathers had just fought a war against the most powerful nation in the world after all. Pretty sure the abuses of governments were at the front of their minds when writing these things.
Now you give the government the power to take weapons from anyone they want just because they feel like it... no due process or trial... well you just destroyed the point of the second amendment. Anyone who shows any resistance to those in power will end up on the list and guns taken. Then later maybe they will just use the list to round up these "terrorists".
That email certainly does make these guys look amazingly stupid. I can understand that if I had a system with highly confidential information on it, and it was under attack, first response might be to shutdown, but as soon as that shutdown command was sent I would be working on ways to block future attacks and not turn the server back on until my systems were secured better.
It is amazing anyone in an IT position would be stupid enough to go for the "We will just shut down and hope they go away" method.
As someone who has been excited about this tech for years before Rift even started on, I find this kind of thing so extremely frustrating. I have a head mounted display from the 90s. Used to play the original Unreal Tournament with it. I LOVED it back then but the draw back was horribly low resolution due to the LCD technology of the day. They couldn't make a high resolution screen that small.
Now take a moment and think about that. I had something like the Rift 20 years ago. This stuff is not at all "new" it is just that finally some companies are starting to build it for the mainstream.
What really makes me furious is that I have been waiting for these devices for around 20 years, and now these morons are trying to fuck it all up? Finally we are going to have somewhat affordable VR gear with actual VR software instead of poorly hacked games, and these morons are trying to kill the adoption of it with stupid DRM bickering and mistreating their most loyal fans?
I would first like to point out a few things stated by Yubico's engineer.
"We have both internal and external review of our code to ensure that it is secure." ....... "The bug was inherited from the upstream project which ykneo-openpgp is based on, and was NOT detected by any audit of the source code."
Ok... So they did audits on the code and DID NOT FIND THE BUG, but hold on, they are talking about the bug right? So where did they find out about it?
"It's important to remember that open source code is no guarantee that bugs/vulnerabilities will be detected as the bug you've linked to demonstrates quite well."
To me it sure sounds like having some open source helped, or maybe I am reading into this a bit too much?
Either way, The point of open source is not necessarily that everyone has to audit the code themselves. The point is that anyone CAN audit the code. This means you have a lot more than two small audit groups looking at it. It also makes it MUCH harder to hide a backdoor or anything of that nature. If you add bad code then your auditors that you are paying will ignore it, an independent security researcher auditing the code will not be so kind.
They kind of bring this upon themselves. I'm trying to remember what I was looking for, but a while back I tried looking something up and found what looked like a useful paper on the subject. I then found it had a $31 price tag for the one paper.
I can remember when the Echo first came out. Clearly remember hearing about the features and all it could do. For a second I was excited by the possibilities. Then reading on I get to the part talking about being able to pick up anything above a whisper from across the room even while music is playing, and all this is analyzed by your friendly Amazon.....
My mind shifted gears so fast it hurt. From "Dude this sounds awesome" to "NOPE NOPE NOPE".
"This fee helps defray costs associated with building and maintaining CenturyLink's High-Speed Internet broadband network, as well as the costs of expanding network capacity to support the continued increase in customers' average broadband consumption."
What I would then love to see is an independent audit of their books showing that every cent of that fee was used to pay for that and nothing else.
"The FBI is very good at keeping secrets, and the people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting them," he said.
Well yes.... I bet they are "good at protecting them", in the same way a gun store is good at protecting their products. That says NOTHING about how willing they are to SELL IT again. We already know that who ever it was didn't do this out of some "civic duty" or something like that because he says the exploit was bought. So I'm supposed to believe this mystery individual won't pad his pocket some more by selling to other interested parties?
The one thing that I keep seeing mentioned is that using the built in random function is not really random. This is indeed very true. The thing is, who is saying they actually wrote anything better? You assuming that almost $50k was used to make a more truly random system.
I for one would not be shocked is that app just uses the built in random number generator everyone is complaining about. I would love to see a study showing how well they did at really making this random.
This really makes me wonder about how companies would handle android phones, because someone could easily buy the phone and install a different ROM and lock the phone so the manufacture is not able to get in.
How would this be handled under this law? Would they be ok so long as they could bypass their official ROM? Or would they have to promise to be able to get into others too?
I at times have thought it would be nice to run an exit relay, not to hide any illegal activity but to generate "noise" on my line. It would make it harder for companies to build a profile of me if my IP was putting out lot of random activity.
Of course, this story is the exact reason I have not gone through with setting up an exit relay. I am not comfortable putting those I live with in danger of being shot.
Doesn't really matter if it is being done to the device or not if suddenly the device does not work. If I paid $300 for a device and suddenly it does not do what it is supposed to do I really don't care HOW you turned it into a paper weight, all that really matters is that now it is a paper weight.
Also, You can say they have done something to the device. They have locked it down so it uses their servers that they are now turning off. I'm not seeing anything saying they are offering people the source code to work around this. So it is likely the act of making a workaround so you still can use your device is illegal due to laws like DMCA.