That's the internet fucked then?

[Sebastian Cobb]

Who says you won't be forced to accept marketing data?

https://www.theregister.co.uk/2017/01/05/adnauseam_expelled_from_chrome_web_store/

https://www.ft.com/video/6ca09df2-54b0-3518-a2ec-faeccd4aab06

This very much up in the air at the moment.

I was talking about giving up marketing data. The cloud is almost certainly harvesting browsing habits even if it's at the host level.

Those two links you've posted are about two different things though. One is about google protecting their interests in their own ecosystem - they are essentially an ad-broker foremost, and they're not that militant about it, ublock origin and adblock still exist. There's something to be said about the 'ad blockers' that are implemented in android though, most of them set themselves up as proxies running on localhost and pipe all traffic through that to implement the blocking (because you need root to edit the hosts file on andriod, which if you have it is the best way to implement it on phones and tablets, it has the added advantage of removing a load of in-app ads as well) I can see why I wouldn't want apps that capture all traffic in my app store (although I appreciate how inconsistent google are with nefarious apps).

The FT link you posted is about telco's blocking ads to save themselves the bandwith of serving them (and no doubt ransoming advertisers to let them through), I side with the EU on this, they should be acting as mere conduits and leaving it up to the user rather than doing it at the network level - slippery slope.

[Johnny Yesno]

I was talking about giving up marketing data. The cloud is almost certainly harvesting browsing habits even if it's at the host level.

Those two links you've posted are about two different things though. One is about google protecting their interests in their own ecosystem - they are essentially an ad-broker foremost, and they're not that militant about it, ublock origin and adblock still exist. There's something to be said about the 'ad blockers' that are implemented in android though, most of them set themselves up as proxies running on localhost and pipe all traffic through that to implement the blocking (because you need root to edit the hosts file on andriod, which if you have it is the best way to implement it on phones and tablets, it has the added advantage of removing a load of in-app ads as well) I can see why I wouldn't want apps that capture all traffic in my app store (although I appreciate how inconsistent google are with nefarious apps).

The FT link you posted is about telco's blocking ads to save themselves the bandwith of serving them (and no doubt ransoming advertisers to let them through), I side with the EU on this, they should be acting as mere conduits and leaving it up to the user rather than doing it at the network level - slippery slope.

Yes, all true. However, I was saying that the debate seems more about whether the collection of marketing data and the serving of ads should be blocked and not whether it is technically feasible. My point being that a government that sides with advertisers would have a reason to block VPNs. Or at least have a justification for checking why you are using one.

[Ambient Sheep]

http://www.cookdandbombd.co.uk/forums/index.php/topic,38499.msg2050190.html#msg2050190 ?

Yes, that one!  Thank you very much.  How did you find it?  My attempt of site:cookdandbombd.co.uk "Ambient Sheep" fidonet brought back ten results, none of which were that one.  (I did try a few others, based on words I could remember from the post, but had no luck with any of them.  Also tried suffixing "/forums/" onto the URL, as once suggested by NoSleep, but had no luck with that either.)


Fake EDIT: Oh, was it because I linked back to it from this post which Google DOES find?  (And, annoyingly, I did skim-read that page but missed the bloody link!  That's what happens when I post before my first coffee of the day.)

In any case, yes, an example of where searching this forum via Google doesn't actually always work; with those search terms, it should have done.  Adding the word "worldwide" to my search (which should have nailed it down to that post) brings back no results at all.  Google's not what it used to be.

[Ambient Sheep]

Anyway, yes... I'm no expert in mesh networks (hardly at all, in fact) but I suspect that any attempt to get anything like that up and running will soon be stamped on or subverted in a similar way to the above.

The best way to get round anything like this will, in my opinion, be some kind of steganographic solution: burying yer hardcore porn (or whatever) inside innocent looking traffic.  Of course, possession of such software^[1] would soon be deemed to be a terrorist act, not least because then yer actual terrorists would be using it too.

And this is the real danger in May's crazy schemes... by forcing people to develop advanced techniques to get their fix of rare music tracks or kinky porn, she's making their techniques far more readily available to the dimmer sort of terrorist (the smarter ones may already have them, of course).  Hopefully the folks in Cheltenham realise this and will be able to talk her out of it.  Then again, perhaps they misguidedly think that this is the best solution and it's them that's driving her...



    _{1.  It's interesting that after the initial hoo-hah about steganography, you hardly ever hear about it any more, let alone be able to get software that generates it.  Not that I've looked recently, but about 10-15 years ago I had a quick google out of idle curiosity to see if you could download any steg-generating stuff, and not a sausage...}

[Thursday]

Why does Milverton / 3D always, always , always defend the very worst type of people?

Is it his drug addiction? Autism? Is he being edgy? Or is he generally just a fucking tit?

I wish these types would at least try to balance things out by appearing to be reasonable now and then. Bring some nuance to the character, make people doubt that you are just here to troll.

[Zetetic]

The best way to get round anything like this will, in my opinion, be some kind of steganographic solution: burying yer hardcore porn (or whatever) inside innocent looking traffic.

Well, that's (very) broadly the idea of Tor bridges like obfs4 (which is in turn broadly what Sebastian was referring to above).

These aren't very scalable without being vulnerable as far as I can see - ultimately the bridge still has to respond to traffic treating it as a a bridge, as a bridge. You can make testing this more costly to China (or us).

Certain approaches would be much more easily resolved by requiring regulation for ISPs (AWS, etc.) intending to serve encrypted traffic at volume to UK residents. This hasn't been a possibility for China, for various reasons (but they'll simply force the issue for specific services by blocking them if they're hosted outside the country) but might prove much more viable for us, depending on the direction of the US and how much of a fuss the EU would make over something that imposed only a minor cost on service providers and only really affected UK residents.

(And, even if the active detection doesn't work well, this surely solves the traitorous 'approved actor' problem for the British state?)

[Ambient Sheep]

Well, that's (very) broadly the idea of Tor bridges likes obfs4 (which is in turn broadly what Sebastian was referring to above).

Ah ok.  Told you (although you won't have seen it when you replied, as it was a later edit) that I hadn't looked recently!  I just can't be arsed with all that, life's complicated enough.

Isn't one hypothesis that Tor's totally compromised anyway?  Apparently if you control at least half of the exit nodes then you know exactly what's going on, and given how relatively few exit nodes there are, I can't see it being beyond the wit of the NSA to set up a few thousand of them...

[Zetetic]

Controlling many exit-nodes wouldn't compromise Tor, as far as I know. You'd need to control a great deal of the network as a whole to reliably link source to destination points I think. (Particularly given hidden services these days.)

At this point, I suppose we'd be getting into the question of whether what you're doing is interesting enough for the NSA to reveal their hand - even if they have the technical capability, they probably wouldn't deploy it en masse at this point.

[Zetetic]

(And, yep, found it via the link in another post. Barry might be able to shed some light on the Google-indexing issues we see these days.)

[Sebastian Cobb]

Anyway, yes... I'm no expert in mesh networks (hardly at all, in fact) but I suspect that any attempt to get anything like that up and running will soon be stamped on or subverted in a similar way to the above.

The best way to get round anything like this will, in my opinion, be some kind of steganographic solution: burying yer hardcore porn (or whatever) inside innocent looking traffic.  Of course, possession of such software would soon be deemed to be a terrorist act, not least because then yer actual terrorists would be using it too.

And this is the real danger in May's crazy schemes... by forcing people to develop advanced techniques to get their fix of rare music tracks or kinky porn, she's making their techniques far more readily available to the dimmer sort of terrorist (the smarter ones may already have them, of course).  Hopefully the folks in Cheltenham realise this and will be able to talk her out of it.  Then again, perhaps they misguidedly think that this is the best solution and it's them that's driving her...

The cat's out of the bag unfortunately. GCHQ used to be massively against things like going in too hard on torrenters because they feared people would develop unsnoopable means, then Snowden let the cat out of the bag and it turns out they were doing everything that people who got dismissed* as  'paranoid fantasists' said they were; this caused a shift in public opinion and industries and people took means to stop it which has meant GCHQ to launch a war on unbreakable encryption (I don't suppose there are many Sun readers on here but they regularly run multi-page state-sanctioned adverts for key escrow by showing how terrorists use services like whatsapp and telegram and how uncompliant they are in a way that suggests anyone who would want privacy is by definition up to no good).

I don't think this is about catching terrorists though, it's limitations are too obvious (ignoring the workarounds, it doesn't seem to work seeing as the paris attacks etc used SMS) it's more about profiling everyone (the snowden leaks show they were aiming to do this) - the big data ethos is essentially 'capture everything you can and make sense of it later' this rings just as true to identifying subversives as it does to data scientists in tesco (people who can allegedly predict a pregnant woman's due date to the nearest fortnight).

Steganography is a strange one, it has basically no exposure and for all we know all those massively popular dank memes on reddit have child porn or instructions to isis cells buried in them.

The war on encryption is hilarious as well, given any open channel can be secured with a one time pad, it's just a ballache.

*by the exact same wankers who now snort at any other creeping authoritarianism by saying "who cares, they've been doing it for ages" they're fucking pricks.

[Sebastian Cobb]

Ah ok.  Told you (although you won't have seen it when you replied, as it was a later edit) that I hadn't looked recently!  I just can't be arsed with all that, life's complicated enough.

Isn't one hypothesis that Tor's totally compromised anyway?  Apparently if you control at least half of the exit nodes then you know exactly what's going on, and given how relatively few exit nodes there are, I can't see it being beyond the wit of the NSA to set up a few thousand of them...

Exit nodes are only an issue if you're going to the plain web though aren't they. Proper nefarious stuff will be hosted within the tor network.

[Paul Calf]

Exit nodes are only an issue if you're going to the plain web though aren't they. Proper nefariously private stuff will be hosted within the tor network.

EDIT: Fuck's sake, I knew what you meant. Sorry. I was just being a bell end.

[touchingcloth]

Surely the easiest way for a state to attack Tor and the like would be to replace installer downloads with silently compromised versions that look and behave convincingly as though they were the real thing?

[Sebastian Cobb]

Surely the easiest way for a state to attack Tor and the like would be to replace installer downloads with silently compromised versions that look and behave convincingly as though they were the real thing?

Bro do you even sfv?


(Me neither)

[Twed]

Surely the easiest way for a state to attack Tor and the like would be to replace installer downloads with silently compromised versions that look and behave convincingly as though they were the real thing?

That's what hashes and GPG signatures are for!

I don't think the attack described above where fake nodes compromise the majority of the network (a Sybil attack) needs for them to be exit nodes. I think it's just regular Tor nodes, and apparently it's how they took down Silk Road.

[machotrouts]

2019: The only photo approved for wanking purposes.

Phwoar, would love to see what they've blurred out there

[Stoneage Dinosaurs]

Phwoar, would love to see what they've blurred out there

There's plenty of uncensored pics in the "what do you look like" thread

[Black_Bart]

You could try seeing it as no platforming.