DannyB 's Techdirt Comments

Latest Comments (5934) comment rss

  • On the post: House Oversight Committee Calls For Stingray Device Legislation

    DannyB ( profile ), 22 Dec, 2016 @ 02:05pm

    Re: Re: Re: Re: Where's the FCC?

    I get it now. With the right power tripping donut eater, it may not be an exaggeration.

  • On the post: House Oversight Committee Calls For Stingray Device Legislation

    DannyB ( profile ), 22 Dec, 2016 @ 01:54pm

    Re: Re: Where's the FCC?

    Asking what you are under arrest for should not constitute resisting arrest.

  • On the post: Publishing Lobbyists Suck Up To Trump With Lies About Copyright, Ask Him To Kill DMCA Safe Harbors

    DannyB ( profile ), 22 Dec, 2016 @ 12:06pm

    Re:

    WRONG (sssssnnnniiiifffffffff)

  • On the post: Publishing Lobbyists Suck Up To Trump With Lies About Copyright, Ask Him To Kill DMCA Safe Harbors

    DannyB ( profile ), 22 Dec, 2016 @ 12:03pm

    Re:

    How about Tech Industry lobbyists suck up to Trump and ask him to kill Copyright.

    Killing Technology or killing Copyright. Which one would be better for the advancement of our society, improving our lives and just plain doing away with a bunch of parasites?

  • On the post: Ridiculous German Court Ruling Means Linking Online Is Now A Liability

    DannyB ( profile ), 22 Dec, 2016 @ 06:26am

    Re: Re: Re: Linking is merely giving directions

    Why do you believe this would not be infringing?

    We're talking about people who are responsible for Hollywood Accounting and Payola, and claims that piracy is costing $74 TRILLION dollars, etc and similar insanity. (eg, greater than the entire world GDP combined.)

    Maybe linking to a page that links to an infringement should also be an infringement. That is 1 hop away. What about 2 hops away? What about the six degrees of Kevin Bacon on the internet? Maybe it should just be infringement to link to anything on the internet that could recursively link to anything infringing. This would instantly eliminate search engines.

  • On the post: House Oversight Committee Calls For Stingray Device Legislation

    DannyB ( profile ), 22 Dec, 2016 @ 01:50pm

    Hypothesis about Stingray secrecy

    Given how this article points out that Stingrays are everywhere, even for sale on foreign web sites, I would say that may validate my hypothesis (reproduced below). Basically, the secret hack has escaped. The vulnerability in the design of the cellular networks cannot be easily, cheaply nor quickly fixed.

    Hypothesis about Stingray secrecy

    (previously posted to TD)

    Law enforcement is extremely secretive about Stingray. Why? Their suppliers even require them to sign agreements with extreme conditions. Why?

    1. The wireless network standards were designed when we were still using Windows 3.1.

    2. The designers may have considered security, in some sense, but not in a way that can withstand 21st century attacks. The security may be in large part due to obscurity.

    3. Stingray is not authorized by the mobile network operators who have not given Stingray any SIMs (subscriber identity module) or other cryptographic keys necessary to access the network. Those network operators have exclusive rights to spectrum which Stingray is subverting.

    4. Stingray works by compromising the security of the network. Effectively a genuine hack or intrusion into the network.

    5. There may be no effective fix short of redesigning the network.

    6. If the mechanism of the hack were generally known, mass chaos could ensue.

    7. The network operators are strongly against this but powerless to do anything about it, other than potentially litigate.

    8. The secrecy of Stingray is largely due to several factors such as:

    A. If the mechanism of the attack became generally known, there could be vast numbers of unauthorized "stingrays" compromising everyone's privacy -- including (OMG!) rich and powerful people!

    B. It would be possible for a network of distributed "stingray" clones to disrupt mobile network service by tricking nearby phones to connect to fake networks. What if this were deliberately done during an emergency?

    C. The creators / operators of genuine(tm) Stingray devices don't want to be exposed to the potential of litigation for actionable things that Stingray may be doing as part of its operation. Including disrupting networks, stolen proprietary or trade secret information, having compromised individuals into divulging network secrets, keys, etc.

    This hypothesis would explain observed evidence about why those who built Stingray want desperately to keep it secret. Please consider. The secrecy is so important, that it leads to:

    1. Dismissing or disposing of prosecutions rather than reveal any information about Stingray.

    2. Binding agencies and organizations using Stringray to high levels of secrecy, including keeping THE VERY EXISTENCE of Stingray a secret.

    3. Outright Brazen Perjury a.k.a. Parallel Construction, which is a euphemism for conspiracy to lie to the court and the defense, concealing discoverable information.

    The behavior of those behind Stingray fits this hypothesis. They want to use it "for truth, justice and the corporate way", but are desperately fearful of the secret hack escaping.

  • On the post: Top US Surveillance Lawyer Argues That New Technology Makes The 4th Amendment Outdated

    DannyB ( profile ), 22 Dec, 2016 @ 11:58am

    4th Amendment doesn't protect from computer searches?

    "Computerized scanning of communications in the same way that your email service provider scans looking for viruses - that should not be considered a search requiring a warrant for Fourth Amendment purposes," said Litt.

    Dear Mr. Litt,

    If the police send an autonomous robot to break down your door and search your home, that is not a violation of your 4th amendment rights. After all, it is a computerized search. Like searching your emails or scanning for viruses, it is much more efficient than manually searching your home. With an army of robots, searching of homes can be routinely done on a large scale. Because this is qualitatively different than abuses of your constitutional rights when done by humans, it should not be considered a violation of your rights. More importantly, in your own words, it should not require a warrant for Fourth Amendment purposes.

    Sincerely,

  • On the post: European Information Security Advisory Says Mandating Encryption Backdoors Will Just Make Everything Worse

    DannyB ( profile ), 21 Dec, 2016 @ 08:10am

    Re:

    Security is always the justification for creating a police state.

    Police work is easy in a police state.

  • On the post: European Court Of Justice Rules Against UK's Mass Surveillance Program

    DannyB ( profile ), 21 Dec, 2016 @ 12:38pm

    Spying eyes in the sky

    question in the UK about why their politicians are granting the government powers to snoop on every member of the public at a level that goes way beyond what is considered appropriate.

    Doesn't the UK already have big brother cameras spying on everyone, everywhere beyond what most would consider appropriate?

  • On the post: Remaining FCC Commissioners Promise To Gut Net Neutrality 'As Soon As Possible'

    DannyB ( profile ), 21 Dec, 2016 @ 09:13am

    Forget Net Neutrality

    Dear FCC,

    I do not seem to be getting enough spam robocalls. As a concerned citizen I want to urge you to take measures to improve this situation.

    Please help me FCC, you're my only hope.

    Sincerely,

  • On the post: European Information Security Advisory Says Mandating Encryption Backdoors Will Just Make Everything Worse

    DannyB ( profile ), 21 Dec, 2016 @ 06:21am

    A few nits

    Page 16.

    Conclusion 1.
    "While their [law enforcement] aims are legitimate, . . . ."

    [Citation Needed]
    One should no longer assume that the aims of law enforcement are legitimate. That ship has long since sailed.


    Conclusion 3.
    "given that criminals can develop their own encryption technologies"

    Criminals don't need to develop their own encryption technologies. There are already several good algorithms, well known, published in textbooks, and that do not have a back door and are unlikely to have a trap door.


    Conclusion 4.
    "New technologies which generate once off encryption keys between end users are now being deployed. These keys are not stored centrally by the operator. These types of technologies make lawful interception in a timely manner very difficult. There is every reason to believe that more technology advances will emerge that will continue to erode the possibility of identifying or ecrypting electronic communications."

    Oh, hey! I've got one! Let me try!
    Carry two devices. A regular phone with a mobile plan, just like most people. This provides network access either via WiFi or cellular. A second device, which has no SIM, and is always in Airplane mode, is used to run the communications app which does the encryption. They bad guys [eg, NSA, etc] might hack your phone, but it is only being used to pass already encrypted communications from the other device which has the app you use to communicate, and little else.

  • On the post: James Clapper's Office To Finally Reveal NSA's 'Incidental Collection' Numbers

    DannyB ( profile ), 20 Dec, 2016 @ 09:56am

    Re:

    Wouldn't it be easier for the NSA to produce a list or a count of Americans who were NOT spied on?

  • On the post: Ridiculous German Court Ruling Means Linking Online Is Now A Liability

    DannyB ( profile ), 20 Dec, 2016 @ 06:21am

    Re: Abolish Copyright

    As I've said before: copyright inevitably and always leads to censorship.

  • On the post: Ridiculous German Court Ruling Means Linking Online Is Now A Liability

    DannyB ( profile ), 20 Dec, 2016 @ 06:20am

    Re: Re: from the German people.

    I read Google News every day.

    Then when I get home, I print out a copy of the day's news to use as bird cage liner.

  • On the post: Ridiculous German Court Ruling Means Linking Online Is Now A Liability

    DannyB ( profile ), 20 Dec, 2016 @ 06:16am

    Re: Re: Re: They are fighting for their culture

    By banning linking, you force people to read the same words in dead tree format instead of online.

    Words printed in dead tree format have a superior magical quality of making you more literate.

    It is not just old people reading trash rags. There are also younger people looking for important news like: "Space Aliens Ate My Baby!" and the like.

  • On the post: James Clapper's Office To Finally Reveal NSA's 'Incidental Collection' Numbers

    DannyB ( profile ), 20 Dec, 2016 @ 09:53am

    Parallel Construction

    Parallel Construction is a euphemism for: conspiracy of prosecutors and law enforcement to commit perjury by lying to the court and the defense about what their evidence actually is.

    Here is a handy translation guide for government speak:
    https://www.techdirt.com/articles/20161129/17411236152/key-congressional-staffers-who-helped-rein-surveillance-overreach-1970s-ask-obama-to-pardon-snowden.shtml#c95

  • On the post: Ridiculous German Court Ruling Means Linking Online Is Now A Liability

    DannyB ( profile ), 19 Dec, 2016 @ 01:00pm

    Re: They are fighting for their culture

    The literacy rate of a nation is largely a reflection of its education system.

    If a newspaper wants to publish or not publish its content online is the newspaper owner's own choice. Whether you, or whether I agree with the owner's choice doesn't really matter.

    If online newspapers undermine dead tree newspapers, then that's progress. The telegraph undermined the pony express. The telephone undermined the telegraph. The automobile undermined the horse and buggy. Things change.

    Fake News is unrelated whether news is online or in dead tree format. Every country probably has had for decades, tabloid news in dead tree format that is loaded with fake news. The real question is how gullible are people? The real lesson is determine what news sources you trust -- no matter what format they are published in.

  • On the post: Ridiculous German Court Ruling Means Linking Online Is Now A Liability

    DannyB ( profile ), 19 Dec, 2016 @ 11:07am

    Linking is merely giving directions

    Telling someone that the Taco Johns is two blocks north and to the right is like linking.

    Telling someone that the Crack House is two blocks south and to the left is also like linking.

    Why should the first example above be okay (presumably it is okay?), but the second example would be a crime? Maybe someone would make the 2nd statement in order to aid you in avoiding the crack house.

  • On the post: Photographers And Filmmakers Call For Encryption To Be Built Into Cameras As Standard

    DannyB ( profile ), 15 Dec, 2016 @ 06:24am

    Re:

    When visiting a repressive regime, the camera should encrypt the images using a one way key. The only copy of the decryption key is back home and inaccessible to the NSA, FBI, CIA, etc.

  • On the post: The FCC Suggests Some Wishy Washy, Highly Unlikely Solutions To The Poorly-Secured Internet Of Things

    DannyB ( profile ), 14 Dec, 2016 @ 07:14am

    Make the device manufacturer financially liable for damage

    Unlike most of my posts, this one is serious and not intended as sarcasm or parody.

    Put the financial liability for damage caused by hacked devices upon the manufacturers of the device. Yes, seriously.

    Let me head off several replies before anyone even replies. I'm NOT suggesting any sort of government certification or licensing or registration of devices. Just simply that if your device is hacked, the hacking results in financial damage, then the manufacturer has liability for the damages caused.

    Simply don't ship devices that are hackable. Impossible!, you say? If that is true, then don't make any IoT devices. If it is impossible to prevent them from being used for massive damage, then why should you be making and selling them at all? That's like saying it is impossible to make a toaster that won't burn your house down. If true, then why should you be making or selling any toasters.

    If it is possible to secure the devices, then do so. You might start looking at a lot of basic things like:
    * highly limit what internet ports your device uses
    * no default passwords
    * no back doors
    * use digitally signed software updates to ensure they are from the manufacturer
    * no insecure protocols
    * minimize exposed functionality to minimize attack surface

    And other ideas to lock down your device. Steps like this substantially reduce the odds that your device will be hacked, and that you will incur liability from damages caused.

    The problem that this fixes is that now device makers have a financial incentive to secure and lock down their devices. It isn't impossible. Yes, it may cost some additional time and engineering in the design.

    But just as I expect a toaster to not burn my house down, I expect IoT devices to not be instantly and trivially hackable.

Next >>