Wait
"... Stuxnet was able to physically destroy uranium subterfuges, ..."
I thought it was the Stuxnet subterfuge that destroyed the uranium centrifuges. Have I misunderstood what happened?
This week there were Hacked Home Hubs, buggered BBC Bits, and PortSmash privilege punch-ups. But that wasn't all that happened – here's a weekend roundup just for you. Huawei helped China with hacks, says Australia So it turns out all those governments weren't just being paranoid when they barred Huawei from working on …
"we recommend that you keep JavaScript on while signing into your Google Account so we can better protect you."
No No No you bunch of hypocrites. Turning off javascript is what I do to protect myself - especially FROM YOU!
Google's active Captcha-style login ("click through a bunch of images that show a storefront", etc) is ubiquitous on the web. On many sites now it is impossible to log in without enabling much of Google's javascript. We are forced to let Google track our movements wherever we go, even to harvest our login details should it so desire. Even outfits like Dropbox will just go "oh, well, we use Google's captcha system now, so we don't care about our users or our security ownership any more."
Sick, sick, sick.
> Google's active Captcha-style login ("click through a bunch of images
> that show a storefront", etc) is ubiquitous on the web.
One particularly crazy example is Ordnance Survey. In order to download their OpenData free maps data you have to do a Google Street View “click on the storefronts” test, i.e. you have to help their competitor to improve their product.
Another annoying one is the Pensions Regulator. Businesses are legally required to supply them with information about automatic pension enrollment, and this has to be done online, and it requires that you enable Google Javascript and complete a street view captcha.
The thing that really struck me is the association of 0.1% with the word 'tiny'. Design-by-telemetry will make 'advanced technology' a big fucking joke, and we'll be wondering why we gave up the simple life of cattle, spears, a warm fire--no stupid decency laws requiring us to bow down to Gucci and the likes--and periodic wars when the good life increased our numbers excessively (where we can die a soldiers death instead of being subjected to mental examination because we haven't elbow room to enjoy the fruits of nature), before the year 2030.
Dear Google,
Normal developers are happy with 1 user of their software. You are willing to turn your back on--at a guess--close to a million users who think Javascript is a piece of (I'd say codswallop but I'd feel compelled to look that up first) whatever is left over after the vultures (hi El Reg, no offence) and hyenas have had to look for other prey.
Sincerely,
Someone who needs a better alias
we can better protect you
I have cookie persistence disabled which means I get regular warnings from Google that I'm logging in from an unknown device. And now this. They could do with some sort of "I'm not mad enough to store anything of value on a Google server" setting for those of us who don't really care about their "protection", but do find their throw-away services of temporary use from time to time. Sorry, I could do with it, it's clearly of no interest to Google to help me protect myself.
The Google mindset; "If we don't see it, it doesn't exist."
Actually no, Google. The reason you see so few visitors running NoScript is that so many of us privacy-savvy netizens USE DUCKDUCKGO and only turn to Google as a last resort.
Exercise for the Google staffer: and why do we use DuckDuckGo? All together now; "BECAUSE WE DON'T NEED TO ENABLE JAVASCRIPT".
and if I _DO_ use google, it's with javascript TURNED OFF. I don't need their SLURP or TRACKING, either.
Whatever clueless DIM BULB up at Google headquarters *FELT* that the world *MUST* bow to their demands, and enable scripting _JUST_ for _THEM_, deserves the backlash. And that includes *ANYTHING* that uses 'google metrics' or any OTHER such CRAP.
If for some reason I _MUST_ use a web site that has this *GOOGLE* *SCRIPT* *SLURPY/TRACKY* *CRAP* in it [after sending a nasty complaint letter] I _ONLY_ do so in a browser that _ERASES_ _ALL_ _HISTORY_ _AND_ _COOKIES_ _AND_ _OFFLINE_ _DATA_ after I close the window.
'googleanalytics' - who needs that again?
"'googleanalytics' - who needs that again?"
Google and their customers who want to sling ads at users.
True, but there are other more reasonable use cases. e.g. for someone who has built a website using AHRC funding, they really like to know how many people visit the website, from where etc. Same with local authorities justifying spend on websites - how many people actually visit them? Even businesses justifying costs to bean counters need numbers. It's not just ad-slinging.
>Whatever clueless DIM BULB up at Google headquarters *FELT* that the world *MUST* bow to their demands, and enable scripting _JUST_ for _THEM_, deserves the backlash.
Oh but they were not clueless. Rather they learned from FB that the vast majority simply do not care and that is where most of the money is. So they will continue earning billions.
For my part I installed Vivaldi and use Duckduck go which also happens to be the default search engine in Vivaldi.
Sadly, Google is probably now big enough that they can (mostly) tell the world to bow to their demands nowadays.
(Which is of course why I don't use any Google services if I can possibly avoid it, but with some friends who have GMail accounts and Android phones, and all those annoying half-baked web developers who like to stuff their websites with Google Analprobe, and scripts and fonts needlessly hosted by Google (rather than hosting their own), it is almost impossible to stay clear of this plague...)
Yes indeed. Tell your browser to delete ALL cookies when you close it. Then close it NOW.
Ok, back again after opening it? That wasn't too bad, was it. And now all those connections are with NEW cookies, so less tracking. Of course, you could have rebooted your router so you got a different IP address. That just helps to make the analytics that little bit more complex.
None of this is foolproof. But you can remain the 0.1%[1] who are doing something extra to protect themselves.
[1] 0.1% of a very BIG number is still a BIG number.
I was wondering what all the fuss was about. My browser doesn't have JS enabled, Google Analytics is blocked by my HOSTS file, & I'm not getting any whining from Google about logging in to Gmail. Then I read elsewhere it's specific to SmartPhone visitors & it made more sense.
Dear Google. I refuse to allow JS on my browser because it's a security hole large enough to do doughnuts through with something small like the Milkyway Galaxy. Your CAPTCHKA system is in violation of the ADA/international disability regulations, & stops me from accessing my account, but if I turn JS off then suddenly I can get in just fine without the artificial & illegal hurdle. So please tell me again how you're trying to make my experience more secure, the other one has bells on!
Google ate my gmail account recently. I was told that they "could not verify" that I was the "owner of the account". Basically, I had that account since 2005 and very rarely logged in using the web interface. This last time I tried to set it up using MS Outlook. Apparently Google really hates it when they can't get all the info they want.
I'm now, temporarily, on Zoho. I will have my very own domain with its very own email shortly.
And I use DuckDuckGo and usually have JavaScript turned off. Bite me, Google.
"Stuxnet was able to physically destroy uranium subterfuges"
Some typos—or perhaps quasi-Freudian slips—are things of beauty. Who doesn't now want to read "The Centrifuge Subterfuge", a gripping thriller about Israeli intelligence? If, that is, it hasn't already hit the waves as Big Bang episode title ...
... anyway, to the writer of this article: whatever was going on in your head, cherish it forever.
(I also eagerly await the post-impeachment tome by the WaPo team, "The Trump Dump".)
/coat
'Tequila', eh? So you're saying that the Trumpanzee is correct to blame the Mexicans for, well, everything?
Vlad disapproves, too. You should be drinking vodka. Russian-made vodka, of course, so that the Shirtless One can get his rake-off... ah, 'taxes and duties', that is.
This post has been deleted by its author
"a Down Under government source in reporting that on at least one occasion Huawei was pressed by the Chinese government to provide access to a foreign network."
Isn't that the sort of thing recent Aussie legislation is trying to make sure the Aussie government can do? You know, the legislation that world+dog is saying is a really bad idea.
At the risk of stating the bleedin' obvious, apart from the obvious stuff like the ethnic cleansing of hte UIghers - there are concentration camps right now, on this planet, and your phone (and mine)was made in the same country - the thing is that Australia's our ally and China is a hostile foreign superpower.
Is it really that big a stretch to find spying by the one to be a bad thing, and the other to be a good thing?
"Another annoying one is the Pensions Regulator. Businesses are legally required to supply them with information about automatic pension enrollment, and this has to be done online, and it requires that you enable Google Javascript and complete a street view captcha."
Well on the bright side, at least I don't have to install Adobe crapware to do my tax returns any more...
>> it is a free service
>Then you are the product.
It is clear that none of the 9+ down voters even tried checking out 1337.no as it is free. I use this and also nyx.net, both of which are run on a volunteer basis by people who believe in freedom, including standing up to heavy handed governments. The infamous "garden ornament" case that sent Secret Service crashing down the doors at Nyx should be proof enough. Nyx was started by a university professor who declared that Internet access should be a human right and then proceeded to assemble Sun servers and dial up modems to follow up on that. Today they have a volunteering lawyer on board to make sure the government is keeping the correct distance.
So yes, cautiousness is all well and good but actually checking out the truth is also worthwhile.
>>> it is a free service
>>>
>> Then you are the product.
>>
>I t is clear that none of the 9+ down voters even tried checking out 1337.no as it is free
I seem, so a wealthy philanthropist funds the servers, the software, the network transit, the admins to look after it --- and all because he loves us, and wants us to send a lot of email.
Yeah. right.
Or, you know, you can spin up a VPS and throw some simple IMAP / SMTP software on it. I've been doing this for a while, I built an IMAP server running OpenBSD with Dovecot installed on top. Cost me a whole $8 a month of a pair of machines running on opposite ends of the earth (Oslo and Auckland and using two different providers) syncing their mail with each other. Certificates are provided via Let's Encrypt (There is a client included into OpenBSD's base along with an SMTP daemon that supports encryption and authentication).
For the $60 a year it costs me for the machines and the domain name, I get peace of mind that at my mail is safely hidden from advertisers. Plus I get as many email addresses as I want and use whatever the hell protocols I feel like using.
Probably a couple of orders of magnitude more. I just wonder how log he took to find and access so many - at work. Who knows, maybe he also asked to work overtime, because he was really busy with a research about some deep, mysterious caves, and wobbling hills under the "thrusts of an earthquake"... maybe he also presented the results to his supervisor, which immediately asked for a copy... really, nobody found him before?
This post has been deleted by its author
Lennart and company won't be happy until Linux is saddled with its own version of Patch Tuesday featuring Systemd security fixes. It won't suffice to turn off security-plagued services if Systemd has insinuated itself onto your systems. I'm already using Slackware on several systems and considering switching others to that or to Devuan to avoid this fiasco.
This post has been deleted by its author
Is it just me, or is this particularly depressing? The claim by google that the web is safer with JavaScript on than with it off, sounds like something RHH would tweet. And aside from a few snide remarks in the comments, nothing going the other way. What could it be? A recipe for using google in a VM? Starting fresh every time like a library or cafe computer?
Here's another instance of behavioural engineering, if you like. Facebook now hides more of the comments on a thread. "View 2 more replies ", "More ...". Sometimes you have to click dozens of times to read an entire thread. Before, it was PgDn. They want to keep us clicking, automatically, the first step towards unfortunate results, and I wasn't thinking of RSIs.
In the title, it is Douglas Adams's Marvin, though perhaps Limeliters's Marvin would be a better thought.
>Wait a mo! Didn't the FBI. Recommend that Java script should be
>disabled some years back!?
Yep. Just like everyone used to recommend that you keep the family computer in the living room.
I still do ... while everyone else's kids carry internet connected computers in their pockets. Funny what people get acclimated to.
A report from The Australian (paywalled) cites a Down Under government source in reporting that on at least one occasion Huawei was pressed by the Chinese government to provide access to a foreign network.Just the place for a Snark! I have said it twice:
That alone should encourage the crew.
Just the place for a Snark! I have said it thrice:
What I tell you three times is true.
Henri
"Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off," Google offers.
"This might make sense if you are reading static content"
Static content like search results or email, for example? I suppose maps might need some clever stuff going on somewhere, but I can't think of anything else Google provides that isn't entirely static content with no use for Javascript. Maybe advertising and tracking would need it, but they said they're doing this to protect their users, not to make it even easier to steal everyone's data. Right?
It's interesting that the user visited 9000 prawn sites and only got infected once. I remember an article a while back that suggested that said sea-food purveyors tended to be some of the safest and malware free, as they are really, really keen to encourage visitors to come frequently (I could probably express that better), and if they get an electronically transmitted disease every time they call they will visit a different emporium next time.