A more appropriate example in this case would be a tracking device on your car. If law enforcement don't have a reason to suspect you of being involved in a criminal activity, do they have the ability to put a tracking device on your car? No, no they do not. That is the crux of the matter.
To use the example of a bank behind your home - if law enforcement have an image of you on the bank's security cameras walking by the bank in the direction of your home, that's really all they know. They can't then go to your home/apartment complex/hotel/whatever and demand any security camera footage, because they have no other evidence that you were participating in the crime. That's an unconstitutional fishing expedition, and still gets rubber-stamped by the courts all too often.
The basics of it are, if law enforcement is unable to explain how and why they need your information specifically, then it should be denied them by default under the Constitution's prohibitions against unwarranted searches, and the right to privacy of your person and effects. Instead, law enforcement is going "we need info on anyone that could have possibly been in this area, and we'll decide what's important from there." It's literally the reverse of what is supposed to happen.
Don't forget about our lovely property taxes, which are among the highest in the nation (3rd highest, according to tax-rates.org/taxtables/property-tax-by-state)
The funniest thing about living here is watching all the "conservative" Texans get all frothy-mouthed and "Don't California my Texas!!!" about taxes....without realizing that TX overall taxes aren't really that far off from CA already; they're just paid via a different means. It's also why my property taxes go up by the absolute maximum amount allowed by law, every. single. year.
It's in Texas, against something "conservatives" have stated is Public Enemy #1.5 (right behind anything from "Commiefornia"). You expected any kind of different result?
The TX SC already knew exactly what result they wanted - which is to punish FB for being so...sooo..."liberal," and they will make up anything they needed to do it.
The POTUS deemed his intelligence to be a national security threat, and didn't even attempt to understand it at first. It took Ryan Wilson's character taking action, which the POTUS' character deemed illegal and then threw him into a modern Gladiatorial ring to die. It took actual, indisputable proof of the plants growing again (in the form of the love interest illegally taking a video camera to show the plants growing) before anyone listened to him.
Too bad our Dunning-Kruger example wouldn't even admit he was wrong if it happened right in front of him. If someone on Fox News told him the Sun would rise in the west, he would spin everything showing it demonstrably rising in the east as "fake news" and a "witch hunt" to "make him look bad," and ~30% of the US would believe him.
Yes, that's right. We've surpassed the stupidity present in a movie that was supposed to be a satirical commentary on how anti-intellectual the US has become.
FTFY. They don't bother to read it at all most of the time. Just like legislators using the direct copy from whatever lobbying group paid them to sponsor their bill.
One report claiming that voter fraud is a minimal problem, doesn't make it so. Like any claim, where is the independent verification?
How about like every single study done on voter fraud, ever? This is inclusive of studies funding by both Dems and Repubs, even independent 3rd parties as well. No study, ever, has found any evidence of even small scale voter fraud, let alone at a level that could sway national elections.
Ignorance of the sheer amount of work that has already been done can be easily rectified by spending even a few minutes Googling and learning. Not that would would expect someone like you to do so, but that information is completely available, much of it for free.
I live in Texas. Paxton and Abbott will do nothing that could possibly threaten their chances of being reelected, Covid be damned! Abbott isn't up for election this year, so he'll stuff his nose so far up Dear Leader's crack that he can smell the hamburders on the way down.
As I say often, TX is doing well despite Abbott, just as it was despite Gov Goodhair before he decided that TX wasn't enough.
For a hacker to get to that in-memory return data, that means your machine is already compromised. If your machine is compromised, nothing is safe - and they likely have full access to your entire financial life, as well as other aspects. If you're working about data in-memory for this kind of attack vector as a private citizen, you've already lost the plot. If a malicious actor has this much access, you're done.
All of the filing companies, as well as the IRS, use the standard SSL approach, which uses public-key cryptography to negotiate the handshake, and which uses one private key that decrypts anything encrypted with the public key. That's the way PKI works. The data itself is then encrypted using TLS 1.2, provided you use a major player that keeps it's servers up to date. That means AES 256 for the actual crypto, SHA-512 for the hash algorithm, and ECC DHE for the key exchange. This all means that your data is reasonably indistinguishable from background randomness for anyone without state-actor level computing power to throw at it. That is one of the keys of modern cryptography - ensuring that the underlying data can't be decrypted easily through brute-force methods such as letter frequency, or pattern matching analysis. Brute-forcing the key is far more common (mostly through rainbow tables and dictionary attacks against weak/poorly generated keys) than trying to directly decrypt the data.
You are right to be skeptical of what's being used, and thankfully this is pretty easy to check (just click on the little lock icon, then view the certificate, and look at the details - it'll tell you all the above)...but you do need to educate yourself a bit on how these various technologies work together. So long as the keys are not compromised, or there is no hidden vulnerabilities in the underlying SSL technologies (which are typically found and patched very rapidly when they do happen) your data is about as safe as we can make it currently.
It's the American Way(tm), the Free Market(tm) is doing it's job. It would be SOCIALISM(tm) to have the IRS compile the data they already have and just have the taxpayer verify it! You don't want SOCIALISM(tm) to win do you? Why, that would be as bad as SHARIA LAW(tm)!
It's interesting that I should read this now, since some of my friends and I were having a discussion on our current "justice" system.
I'm of the mind that we need a sea change in how we think of prisons and prison sentences. We think too hard about it being punishment, when we should be thinking of it as a means to keep someone from harming society while we learn how to integrate him/her back in to society.
I work in infosec, as support for a global antivirus product. Part of our feature set is web filtering, including blocking known malicious sites. I can't tell you the number of times I've had to send a given site to our URL team for manual verification and unblocking, but it probably averages out to at least once a day, if not more. Most of the triggering for malicious sites is handled by automation, since the flood of data coming in from various sources (anonymized data from users (opt-in, of course), honeypots, web spiders, etc) is simply too large for every site flagged as malicious to be manually checked in any kind of timely fashion.
As a company that's responsible for our end user's security, we tend to take the more conservative stance that if our automation platforms have a reasonably high confidence that some kind of malicious activity is going on at a given URL (eg, click-jacking, malicious ads, drive-by downloads, etc) the URL will be marked as malicious as soon as it crosses the confidence thresholds. If a customer reports that it's a false positive, and there is no actual malicious behavior (eg, someone had multiple tabs open and one of them had bad behavior, all open tabs would likely be tagged in the confidence algorithms since determining the actual source becomes quite difficult at that point) then it will be manually checked and removed from the malicious DB if it's clean.
Sorry for the vagueness, but proprietary info and all that. That's likely the cause of both TorrentFreak being tagged as malicious, and the 4chan images referenced by the AC above. An algorithm picked up some suspicious behavior on a TorrentFreak or 4chan URL (which is completely believable on either site - either by ads or other means) and it was auto-flagged as malicious. This likely isn't something that a person that Steam/Valve set, but much more likely to be a algorithm or semi-AI decision made without human intervention.
So even easier method. Print it out, black out the redacted portions, scan to PDF, send 2nd PDF. No chance of metadata leakage, and no chance of the redacted data being "unredacted." Job done.
Sounds like they are using some variant of a data leakage protection (DLP) product for the censoring. One of the key features with most DLP products is that you can set thresholds for what triggers the rule. Eg, I want to block anything with the words "TechDirt" "Censorship" "Moody" and "China" but only if it has all 4 of those words in it. Simple to do with a DLP policy. Alternately, I could have a list of keywords, and have it trigger the policy once it hits a certain count.
These systems are fairly robust, but they aren't without their flaws. Also, the system will only be as good as the policy makers can target their policies.
Never heard of the Crusades then? The Spanish Inquisition? The complete and total elimination of the Greco/Roman religion? How about the Salem witch hunts? Those happened here in the grand old USofA and not that long ago, historically speaking. If not, I would suggest you educate yourself...Christianity's history is littered with violence, conquest, terrorism, greed, etc. etc...
Religious fundamentalists (of ANY religion) are the problem, not the religion itself. But go on, keep believing that Islam is the problem without having even trying to think for yourself. All you do is prove the old adage "better to keep your mouth closed and have everyone think your a fool, than to open it and prove them correct."
Actually, they wouldn't have to admit anything. Most low-level government jobs are "at-will," meaning they could fire her because she didn't wear the right color contacts that day...
Oh, that whole "rape" charge? No, that was merely coincidental, we were in the process of laying her off as her position has been made redundant...
Back in my day, we didn't even have the tag, and that's the way we liked in! No siree, none of this fancy-schmancy "hypertext markup," or "flash-enabled" doohickeys, or WYSIWYG editors. Just simple, straight text, transferred at 300 baud! Gods how I miss those blinking lights and the musical notes of modems handshaking...
Now get off my lawn, ya damn hippies! And take your tag with ya!
Extending the patent life for pharmaceuticals has also had a disincentive effect on creating cures for diseases rather than simply treating the symptoms. Seriously, do you ever expect to see a cure for cancer or any other long-term debilitating medical condition? Until the pharmaceutical industry is no longer motivated simply by profit margins and on-going revenue, it will never happen.
A more appropriate example in this case would be a tracking device on your car. If law enforcement don't have a reason to suspect you of being involved in a criminal activity, do they have the ability to put a tracking device on your car? No, no they do not. That is the crux of the matter. To use the example of a bank behind your home - if law enforcement have an image of you on the bank's security cameras walking by the bank in the direction of your home, that's really all they know. They can't then go to your home/apartment complex/hotel/whatever and demand any security camera footage, because they have no other evidence that you were participating in the crime. That's an unconstitutional fishing expedition, and still gets rubber-stamped by the courts all too often. The basics of it are, if law enforcement is unable to explain how and why they need your information specifically, then it should be denied them by default under the Constitution's prohibitions against unwarranted searches, and the right to privacy of your person and effects. Instead, law enforcement is going "we need info on anyone that could have possibly been in this area, and we'll decide what's important from there." It's literally the reverse of what is supposed to happen.
Re: Re: Re: Re:
Don't forget about our lovely property taxes, which are among the highest in the nation (3rd highest, according to tax-rates.org/taxtables/property-tax-by-state) The funniest thing about living here is watching all the "conservative" Texans get all frothy-mouthed and "Don't California my Texas!!!" about taxes....without realizing that TX overall taxes aren't really that far off from CA already; they're just paid via a different means. It's also why my property taxes go up by the absolute maximum amount allowed by law, every. single. year.
Re: 'The law and legal precedent is super clear, but I dunno...'
It's in Texas, against something "conservatives" have stated is Public Enemy #1.5 (right behind anything from "Commiefornia"). You expected any kind of different result? The TX SC already knew exactly what result they wanted - which is to punish FB for being so...sooo..."liberal," and they will make up anything they needed to do it.
Re: Re: The Dunning–Kruger effect
The POTUS deemed his intelligence to be a national security threat, and didn't even attempt to understand it at first. It took Ryan Wilson's character taking action, which the POTUS' character deemed illegal and then threw him into a modern Gladiatorial ring to die. It took actual, indisputable proof of the plants growing again (in the form of the love interest illegally taking a video camera to show the plants growing) before anyone listened to him. Too bad our Dunning-Kruger example wouldn't even admit he was wrong if it happened right in front of him. If someone on Fox News told him the Sun would rise in the west, he would spin everything showing it demonstrably rising in the east as "fake news" and a "witch hunt" to "make him look bad," and ~30% of the US would believe him. Yes, that's right. We've surpassed the stupidity present in a movie that was supposed to be a satirical commentary on how anti-intellectual the US has become.
Re: Re: Re: copypasta
Re:
Re: Re:
I live in Texas. Paxton and Abbott will do nothing that could possibly threaten their chances of being reelected, Covid be damned! Abbott isn't up for election this year, so he'll stuff his nose so far up Dear Leader's crack that he can smell the hamburders on the way down. As I say often, TX is doing well despite Abbott, just as it was despite Gov Goodhair before he decided that TX wasn't enough.
Re: Re: Re: Gotta say...
For a hacker to get to that in-memory return data, that means your machine is already compromised. If your machine is compromised, nothing is safe - and they likely have full access to your entire financial life, as well as other aspects. If you're working about data in-memory for this kind of attack vector as a private citizen, you've already lost the plot. If a malicious actor has this much access, you're done. All of the filing companies, as well as the IRS, use the standard SSL approach, which uses public-key cryptography to negotiate the handshake, and which uses one private key that decrypts anything encrypted with the public key. That's the way PKI works. The data itself is then encrypted using TLS 1.2, provided you use a major player that keeps it's servers up to date. That means AES 256 for the actual crypto, SHA-512 for the hash algorithm, and ECC DHE for the key exchange. This all means that your data is reasonably indistinguishable from background randomness for anyone without state-actor level computing power to throw at it. That is one of the keys of modern cryptography - ensuring that the underlying data can't be decrypted easily through brute-force methods such as letter frequency, or pattern matching analysis. Brute-forcing the key is far more common (mostly through rainbow tables and dictionary attacks against weak/poorly generated keys) than trying to directly decrypt the data. You are right to be skeptical of what's being used, and thankfully this is pretty easy to check (just click on the little lock icon, then view the certificate, and look at the details - it'll tell you all the above)...but you do need to educate yourself a bit on how these various technologies work together. So long as the keys are not compromised, or there is no hidden vulnerabilities in the underlying SSL technologies (which are typically found and patched very rapidly when they do happen) your data is about as safe as we can make it currently.
Re: Re: Glad to be Dutch...
It's the American Way(tm), the Free Market(tm) is doing it's job. It would be SOCIALISM(tm) to have the IRS compile the data they already have and just have the taxpayer verify it! You don't want SOCIALISM(tm) to win do you? Why, that would be as bad as SHARIA LAW(tm)!
Re: Convictions rather than fair adjudications
It's interesting that I should read this now, since some of my friends and I were having a discussion on our current "justice" system. I'm of the mind that we need a sea change in how we think of prisons and prison sentences. We think too hard about it being punishment, when we should be thinking of it as a means to keep someone from harming society while we learn how to integrate him/her back in to society.
Likely a filtering false positive
I work in infosec, as support for a global antivirus product. Part of our feature set is web filtering, including blocking known malicious sites. I can't tell you the number of times I've had to send a given site to our URL team for manual verification and unblocking, but it probably averages out to at least once a day, if not more. Most of the triggering for malicious sites is handled by automation, since the flood of data coming in from various sources (anonymized data from users (opt-in, of course), honeypots, web spiders, etc) is simply too large for every site flagged as malicious to be manually checked in any kind of timely fashion.
As a company that's responsible for our end user's security, we tend to take the more conservative stance that if our automation platforms have a reasonably high confidence that some kind of malicious activity is going on at a given URL (eg, click-jacking, malicious ads, drive-by downloads, etc) the URL will be marked as malicious as soon as it crosses the confidence thresholds. If a customer reports that it's a false positive, and there is no actual malicious behavior (eg, someone had multiple tabs open and one of them had bad behavior, all open tabs would likely be tagged in the confidence algorithms since determining the actual source becomes quite difficult at that point) then it will be manually checked and removed from the malicious DB if it's clean.
Sorry for the vagueness, but proprietary info and all that. That's likely the cause of both TorrentFreak being tagged as malicious, and the 4chan images referenced by the AC above. An algorithm picked up some suspicious behavior on a TorrentFreak or 4chan URL (which is completely believable on either site - either by ads or other means) and it was auto-flagged as malicious. This likely isn't something that a person that Steam/Valve set, but much more likely to be a algorithm or semi-AI decision made without human intervention.
Re: Re: Re: Technically stupid
So even easier method. Print it out, black out the redacted portions, scan to PDF, send 2nd PDF. No chance of metadata leakage, and no chance of the redacted data being "unredacted." Job done.
Re: ZOMBIE! 8 comments in 3 years, 28 month gap since 2016.
Just logged in to poke the Zombie troll.
Data classification
Sounds like they are using some variant of a data leakage protection (DLP) product for the censoring. One of the key features with most DLP products is that you can set thresholds for what triggers the rule. Eg, I want to block anything with the words "TechDirt" "Censorship" "Moody" and "China" but only if it has all 4 of those words in it. Simple to do with a DLP policy. Alternately, I could have a list of keywords, and have it trigger the policy once it hits a certain count.
These systems are fairly robust, but they aren't without their flaws. Also, the system will only be as good as the policy makers can target their policies.
Re: Re: Re: Re: Re:
I think "bigot" would work here...
Re:
Never heard of the Crusades then? The Spanish Inquisition? The complete and total elimination of the Greco/Roman religion? How about the Salem witch hunts? Those happened here in the grand old USofA and not that long ago, historically speaking. If not, I would suggest you educate yourself...Christianity's history is littered with violence, conquest, terrorism, greed, etc. etc...
Religious fundamentalists (of ANY religion) are the problem, not the religion itself. But go on, keep believing that Islam is the problem without having even trying to think for yourself. All you do is prove the old adage "better to keep your mouth closed and have everyone think your a fool, than to open it and prove them correct."
Re: Re: Re: Re: Anybody see the bottom...
Actually, they wouldn't have to admit anything. Most low-level government jobs are "at-will," meaning they could fire her because she didn't wear the right color contacts that day...
Oh, that whole "rape" charge? No, that was merely coincidental, we were in the process of laying her off as her position has been made redundant...
Re: Re: I Wonder If We?re Showing Our Age ...
Stupid WSYISYG...that should be "<blink> tag"
Re: I Wonder If We?re Showing Our Age ...
Back in my day, we didn't even have the tag, and that's the way we liked in! No siree, none of this fancy-schmancy "hypertext markup," or "flash-enabled" doohickeys, or WYSIWYG editors. Just simple, straight text, transferred at 300 baud! Gods how I miss those blinking lights and the musical notes of modems handshaking...
Now get off my lawn, ya damn hippies! And take your tag with ya!
Re: Patent Myths
Extending the patent life for pharmaceuticals has also had a disincentive effect on creating cures for diseases rather than simply treating the symptoms. Seriously, do you ever expect to see a cure for cancer or any other long-term debilitating medical condition? Until the pharmaceutical industry is no longer motivated simply by profit margins and on-going revenue, it will never happen.