Lisa Westveld’s Techdirt Profile

lisa

About Lisa Westveld

My friends call me Lisa. My enemies can refer to me as the Dutch Ice Princess from Hell. Fortunately, I have no enemies. :-)
Yeah, Dutch, female, young, intelligent and I have a girlfriend, which makes me a Le..ia. and proud of it!

http://www.linkedin.com/pub/lisa-xanthe-westveld/48/a57/472



Lisa Westveld’s Comments comment rss

  • Jul 28th, 2015 @ 6:43am

    (untitled comment)

    So? Now what? Will they have to pay it all back now? To whom would they have to pay it all back anyways?
    I think they'll just pay a big fine and be done with it. The CEO and other directors should just end up in jail in my opinion and this company should be forced to close its doors because of this fraudulent actions but it probably just ends with a large, tax-deductible fine. Big deal...

  • Jul 27th, 2015 @ 7:58am

    Re:

    Actually, back in the time when the whole area was called the USSR, a lot of people were forced to move to other locations in the whole USSR. Especially the Russian citizens were moved to all of these "foreign" location, turning them into an invasive, legal aliens.
    Then the USSR fell apart, those Russians just stayed where they were, demanding they would become basically dual-citizens. A large population of the Ukraine and especially the Krim las a lot of Russian people.
    There are also plenty of Ukrainian people in Russia, though. The forced migrations worked in two ways and was meant to make everyone equal to one another.
    But now Russian and Ukrainian Nationalists are calling for a forced separation. And that's basically what started the whole conflict.
    Yeap, Putin is Evil, but Putin isn't Russia!

  • Jul 27th, 2015 @ 5:05am

    Re: Re:

    Rhe Russian Intelligence or the American Intelligence? They both seem to lack the Intelligence... :)

  • Jul 27th, 2015 @ 4:28am

    (untitled comment)

    But what if the USA did create those weapons and misspelled it on purpose so everyone would think they're fake while they're really the real deal?
    And what if Russians are claiming these typo's were done on purpose by the USA because of the above logic, while it's not true?
    And what if the USA is claiming the Russians are lying when the Russians claim that the USA delivered these weapons including this typo to make it seem they did not send them?
    And what if the Russians... Oh, well... You get my line of thinking by now. The truth? We'll never know it...

  • May 18th, 2015 @ 10:47am

    Re: Re: Re: Re: Re: Re: Troublesome certificates...

    They might risk it if they can somehow get away with it and if risking it would increase their profits. In the end, Verizon just wants to make profits so if listening in on HTTPS traffic provides additional revenue, they will certainly look at the risks involved.
    If they risk compromising their root CA then they could just make use of a different root CA by someone else. Or they will limit it to specific areas, countries or perhaps even their free WiFi, if they offer that somewhere.
    Revoking a root CA isn't something Google or Mozilla will do that easily, since Verizon is big and powerful. The legal consequences might result in just a warning from Google and Mozilla and Verizon will reverse their changes.
    Providers in other countries might even have it easier. The Iranian or Chinese government could force all computer users to install a government-issued certificate that they can use to listen in on all traffic. The providers would then route all traffic through this system and the people might complain, but can't do much about it. That's the power of a monopoly.

  • May 18th, 2015 @ 5:03am

    Re: Re: And held for "moderation"

    He meant the other Brian... :)

  • May 17th, 2015 @ 10:42am

    Re: Re: Re: Re: Troublesome certificates...

    As a CA, Verizon can create it's own certificate and use it to sign a specific domain like Google or TechDirt. The certificate would appear to be legitimate for the browser since it is signed by an official CA and mentions the right domain. The fact that Verizon created it on the fly doesn't really matter since it will look quite official. (Including any details found in the original public certificate!)
    To check it, you would need to check the certification path, which would differ from the original certificate. Without access to the original certificate to compare, you can't know if you have the real certificate or a proxy version created by your provider.
    But if your browser or App has the original certificate included in the executable, it should be able to validate the certificate with whatever the site provides.
    Which only works as long as your browser or app gets updated when the certificate changes...

  • May 17th, 2015 @ 8:20am

    Re: Re: Re: Re: Troublesome certificates...

    Actually, some ISP have more or less made this happen already, but mostly to provide a better user experience for mobile phones. They would intercept all HTTP and HTTPS traffic and they would cache all large images on those sites to replace them with smaller versions for customers using their mobile phone to browse. This would reduce the amount of traffic but with HTTPS, they would have to become an in-between proxy and sign the traffic between proxy and user with their own certificate.
    ISPs have played with this option, noticed it "broke" the Internet and stopped doing it again. Nowadays, this is still possible as a special proxy so your mobile bandwidth is reduced.
    Since your provider is a trusted CA they could easily create their own certificates to use for this proxy and thus still capture all HTTPS traffic. Law Enforcement actually has the same option! And to protect yourself against it, you will have to check each certificate carefully before continuing browsing the specific webpage. That is, if you're really paranoid.
    There are additional securities, though. The Chrome browser knows the public certificates for Google and other popular sites so it can validate against those. And it should be possible to have browser extensions that can do the same checks for you. It is also a good reminder for App builders to include their public key inside the app so they don't need to ask for it from the web service. There are plenty of ways to detect these attacks and if Verizon would do something like this, like here on TechDirt.
    It is more secure than regular HTTP. But still, every security measure can fail and has weaknesses that can be exploited by parties willing to do so. With more and more sites moving towards HTTPS, it becomes more interesting to e.g. hack those certificates and recalculate the private key for all those public keys that are out there. It requires a lot of processing powers but it is not impossible. It is why we continuously have to find new and better encryption methods, simply because the old ones become too weak at some point in time.

  • May 16th, 2015 @ 12:06pm

    Re: Re: Troublesome certificates...

    Verizon does not need the private key since they can use their own private key to encrypt everything again. The only way that you'll notice this is when you check that public key that you've received. To prevent this, you would have to disable any Verizon certificate that's on your own system so the browser will warn you. Basically, Verizon would use a proxy server and as administrator they can tell you that the proxy certificate is the valid one.
    You try to connect to a HTTPS site through the proxy. The proxy detects this and Connects to the HTTPS server by itself, thus receiving the public key that it needs for the communication between proxy and site. And Verizon would use its own certificate to sign the connection between user and proxy. And as a result, your browser will think it has a valid public key, which is true. The Verizon certificate is probably already in your store. But if you check the certificate, you'll see it's the wrong one!
    There is a solution, though, which I think is done by Google. In Chrome a few public keys are stored in the browser executable instead of retrieved over the Internet. Thus, the Chrome browser will know if it is talking to the true Google server or not over a secure connection. If the certificate it receives differs from the one it already stored, alarmbells will go off.
    And then the user clicks them away because users are generally not that smart...

  • May 16th, 2015 @ 2:32am

    Troublesome certificates...

    Sure, HTTPS is better but it requires certificates to be linked to your domain. As a result, hosting multiple domains becomes more troublesome since every domain needs its own certificate. It becomes even more troublesome when you also need SSL for your subdomains.
    It adds a lot of maintenance for the webmaster who hosts multiple domains. You need to renew the certificates and you need to know what SSL is and how to use it. And how to debug any SSL-related problems. It is generally a huge pain in the donkey. (Well, other word for donkey, that is.) And you have to consider if it really makes customers happy.
    Client-side, same problem. When you create an app for the iPad and/or Android then using SSL requires a little more coding action. A little more knowledge that most seem to be missing.
    The biggest problem is that the lack of knowledge about HTTPS and SSL will increase the vulnerability of specific systems, not decrease them. Certificates get lost or fall into the wrong hands. And it still doesn't protect you that well against a man-in-the-middle attack. Verizon could easily just intercept the HTTPS traffic, decrypt it and re-encrypt it with their own SSL certificate you your browser would not know about the "attack". Actually, they can encrypt it and just send a copy of the unencrypted data to the user, so they will analyze the content that the user was looking for. It makes tracking a bit harder but they still know whatever person at address xxx.xxx.xxx.xxx finds interesting.
    So, I think HTTPS just gives a fake sense of security. And Verizon including their own headers in the HTTP traffic should be a criminal offense. They're violating Net Neutrality.

  • Apr 20th, 2015 @ 3:50pm

    Re: Re:

    I'm not taking it seriously. :-) But my head gets confused by all the styling issues in the code, so it doesn't compile in my head.
    Besides, it would not be a big problem to make the other strings to link to some page, thus making them the same style. :-)

  • Apr 20th, 2015 @ 2:19pm

    (untitled comment)

    They fixed it. :-)
    Semicolons are optional in Python. Either your style is to always use them or never use them, not some mix-and-match. :-)
    The preferred style is to not use them.

    Also, you're not supposed to underline some of the strings. Either use underline for all string constants or no string constants. This doesn't read properly. :)

  • Apr 20th, 2015 @ 1:06pm

    (untitled comment)

    You're missing some semi-colons so it doesn't compute. Sorry. :-)

  • Oct 15th, 2014 @ 7:26am

    Anyone can make requests...

    Anyone can make such requests. And it's up to the hoster to decide if the content needs to be removed or not. Most hosters have restrictions in their policies that would ban certain content and would remove it anyways, no matter who reported it.
    Leaseweb, a company named in the article has these : General conditions (PDF). Article 12 is about the reasons for suspension of the site/account. And 12.1a is the rule that tells you why Leaseweb will immediately obey once they receive a request. They just blindly obey. They also have an "Acceptable Use Policy" and they might define a Jihad site to be unacceptable.
    More hosting companies have similar rules. My own host also has strict rules about the content I host. Even more strict than leaseweb since my host explicitly tells me what content is not allowed. (Basically anything hateful or racist is banned.)

  • Oct 15th, 2014 @ 7:12am

    Not the cops...

    These are not the cops making those requests. The Dutch article mentions "opsporingsinstanties" which Google translates to law enforcement. It doesn't completely cover the meaning, though. There are other government agencies in the Netherlands that have their own inspectors that could do similar things. Our tax office, for example, has similar powers.
    For the Internet we have the "Nationaal Coördinator Terrorismebestrijding en Veiligheid" a.k.a. NCTV (National Coordinator for Counterterrorism and Security) who are not police officers. They're just government employees who seek out possible threats against the Netherlands or our allies.
    The NCTV is just warning companies that their sites have some content that they might not want to support and thus take down. Those companies should then check out the content before deleting it from their servers but unfortunately most of them don't want to spend time to check it out and delete it immediately.
    But basically, the hosting companies themselves are supposed to check if the complaint is justified or not. The NCTV just notifies them that the content might be unwelcome.

  • Oct 15th, 2014 @ 5:19am

    Yes and no...

    Since I'm Dutch and also live in the Netherlands, I know that providers aren't forced to remove this content. They are just notified about it ang generally decide for themselves that they don't want to host Jihad messages. Hosting Providers are allowed to block certain content on their servers, especially when they suspect it would attract hackers and other hostiles towards their servers.
    Hosters generally have no time to judge the content of sites they host so they rely on external sources to warn them. Basically, these providers have clauses in their policies that don't allow these kinds of sites. (Hate-speech, supporting terrorism.) But the site ownerd then start complaining so the hosters refer to those orders as a valid excuse.

  • Sep 18th, 2014 @ 12:04pm

    (untitled comment)

    I think the court is correct in this case. Section 230 just doesn't apply because it has nothing to do with the case. MM is just as responsible for these rapes as your average phone directory so they don't even need the protection of section 230. The rapists could have preyed upon their victims with any means they would find. You can't hold a car factory responsible for these rapes simply because the models were kidnapped in a car. Or hold a gun manufacturer responsible because they made the gun used in these crimes. Those can do fine without the protection of section 230.
    So why would MM even need that protection? It has no fault in this all.

  • Aug 22nd, 2014 @ 1:59pm

    Re: Re:

    Actually, the Internet has no borders. The companies might be located in the USA but its customers are all over the World. And the bigger companies are actually located in multiple areas.
    It is ridiculous for e.g. Facebook to close discussions about Cannabis between Dutch citizens because drugs happen to be illegal in the USA. Frack that! It is legal in the Netherlands so we have the right to talk about it and it should just stay online!
    Which adds the complication of multiple laws deciding what is and what isn't legal to talk about. For the Internet, there should be just one law, and that should NOT be the First Amendment. It should look like it, but has to be much more open to really Free speech.

  • Aug 22nd, 2014 @ 1:54pm

    Re: Re:

    Problem with the First Amendment is that it should discourage censorship, yet there are many ways that lawmakers and companies manage to get around this.
    The freedom of religion, for example, is laughable considering that many non-Christians in the USA seem to have less freedom since some morons explain it as "Freedom in choosing as how to worship the Christian God". It's also complicated when people who worship a Spaghetti-monster as their god have trouble to get a public image of their religion in a public area without being ridiculed. Or how many oats in the USA contain references to the Christian God or other religious references. For example, the oath of citizenship ens with "so help me God" which is such a huge insult for those who don't believe in one. Or who have a different religious view.

    But we're talking about free speech, not free religion. I wonder if communists noticed much of this freedom about 50 years ago. Or the Native American People when they start mentioning what happened to their ancestors. Or even the protesters in Ferguson at this moment!
    You can even wonder if America really has a free press, considering that many of them seem to support the current government and they tend to stay away from certain sensitive topics, to prevent them from becoming public knowledge.
    What's the value of freedom anyways if your choices of expression are still limited? Some people might have some very interesting news stories to tell but no one can hear it because the major newspapers are unwilling to report it. Or worse, they twist around the whole story.
    Don't be fooled! Even in the USA you don't have complete freedom of speech. There are certain topics people don't really want to consider. For example, legalizing Gay marriages or certain drugs tends to be so sensitive that certain media will not allow it within their systems. The same with discussions about pornography, legalizing prostitution or even having comments on the US laws. All those things are often frowned upon and often banned from most media, which limits people in their freedom to make a public discussion about those topics.
    This freedom is just relative. For a true Freedom of Speech, the Internet would have to allow those topics just as much as generic topics about flower arrangements or cars. The USA still has a few limits on this, not by law but by those people in Power who control what can and cannot be the next news item...

  • Aug 22nd, 2014 @ 8:04am

    (untitled comment)

    Applying the "First Amendment" on the Internet would be worse. The First Amendment is a law from the United States of America, and although other countries might have similar laws, they might not want to follow US laws.
    The name for it is completely wrong and will upset a lot of Americans, enforcing their ideas that the USA is trying to gain more control over the Internet, while they actually want less influence.
    Besides, the Internet is asking for new, International laws. It doesn't need old, restricted laws from one specific area of this planet. So, the First Amendment is hereby downvoted as Internet-law.
    Sorry if I hurt your feelings, but please keep in mind that the majority of people on this World are NOT Americans...

More comments from Lisa Westveld >>