
A comment worth thinking about.
80 publicly visible posts • joined 1 Aug 2015
So I might have missed it but I didn't spot mention of a password manager. I have well over 100 passwords, professional and personal. I don't trust clouds with my password vault so I keep on an encrypted computer. Of course there are encrypted backups too.
My organization requires password changes every 90 days. I'm fine with that; I just create another password using the password manager and I'm good. When there is no password change expectation I change them periodically anyway. A forum password won't be changed as often as a financial institution password but they all change eventually.
I feel the effort is worth it and not much of a bother given the benefit. If there is a breach at my bank, my hope is that I've changed it before it can be used by someone other than me.
I feel like a good password manager that works with your workflow is the easy answer to what, in my opinion, is just one of the more mundane but necessary parts of living in the digital age. I have strong passwords, changed with some frequency, and stored as safely as I can come up with.
or maybe not.
See Reg article "FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that" http://www.theregister.co.uk/2016/04/20/public_advocate_fbi_actions_are_unconstitutional_secret_court_nah_were_good/
What this article says to me is that regardless of Privacy Shield or any of the versions that follow, one or more department in the US government will do what it damn well pleases anyway. And that's something we've all known for a while.
@Zolko: Thanks! I have both on FireFox. The way the article was written - to my understanding - What Adobe had concocted was something new and therefore maybe not thwarted by current blockers. Glad to hear that the ones I already have should work.
@Shadow Systems: I should have said in my first post that I have a Mac - but then other not-as-tech-savvy like myself who are on Windows machines would not have had the benefit of your advice. A very sincere thank you for spending your time writing such a detailed post.
Obama and others say authorities have the right to break into someone's house and rifle through their drawers when a person is suspect of doing wrong.
Obama and others claim authorities have always had the right to do this. But doing so has always meant singling out specific suspects, putting in some work to insure you have something of a case, getting a warrant, and going after those specific suspects.
Installing backdoors allow authorities to rifle through everyone's digital drawers whether suspect or not. It effectively bypasses the entire process of going after only those who are suspect, the need for a warrant, and so on. And All Writs was not written with effectively putting the entire population under surveillance in mind.
So no, Obama, its not something authorities have always had the right to do and no, you or anyone else should not have the right to do it now.
I don't know if anyone else has posted this, but if a backdoor is forced on all phones then that backdoor will most likely be accessible remotely. The FBI wouldn't be satisfied with having to go after individual phones. And once the backdoor is compromised all of the phone related data, in the cloud or only on the phone, will be there for the taking.
On a different note, I watched the video of Obama. He goes on with the rhetoric about stopping terrorists and catching pedophiles - then says something about catching people who cheat on their taxes. After that he says that predictions of an Orwellian society are overblown.
The road we are traveling down looks very dark ahead.
I don't think people on this forum are average customers. And I don't think the people in Security who decide whether a device has access to their business are average customers either. I know of one such institution that prefers the iPhone precisely because of its "walled garden" and the fact that it will erase itself after 8 attempts.
There will always be a majority of people who don't care about security. And some of them are going to suffer for it. That doesn't mean that a the option shouldn't be available for those who do care.
For the record: I have an iPhone. I work at at a pediatric hospital. I want to be able to be in touch with my hospital 24x7 to provide the best support I can. And I want to protect those kids by having the best security possible for the hospital and that includes the devices that attach to it. I don't care who manufactures the device or what their motives are, profit or philanthropic, as long as they are secure and the more secure the better.
I use Tor anonymous browsing and fully unfilter-bubbled searches, Firefox for other browsing, and Safari for specific sites that disallow Tor or can't get past the Firefox safeguards below.
After reading some of the posts here (well, all of them) I took a look in my FireFox Add-Ons to see what I have there to block ads. I was surprised to see quite a collection of add-ons that I've collected over the years. Might be some overlap - need to prune: Click-per-pay element, Clickjacking Reveal, Disconnect, Facebook Disconnect, FlashOnOff (always off), Google Disconnect, HTTP Nowhere, HTTPS Everywhere, NoScript, PrivacyBadger, and ShareMeNot. I also run Cookie, which is set to remove any type of cookies, flash stuff, browser databases, and clear cache of all browsers.
All browsers are set to remove all browsing history, cookies, etc when they close and when browsing I frequently hit Cookie to clear everything out when going to more than one site during a browsing session.
I don't have an ad blocker (yet) on my desktop because I don't like sending my browser choices to an external site for filtering. If anyone has a suggestion for an ad blocker like 1Blocker (below) please let me know.
I use 1Blocker on my phone because it sends me a list of ads to block and it doesn't send any info to an outside web site. Funny, I can't decide which ads to block on my phone so I just chose the "block all" button and haven't thought about it since.
Walked away from Google search a long time ago, after learning what filter bubbling was through a TED talk. Then walked away from Gmail and started using email aliases instead of my "real" address.
A couple of times a year I Google search myself and as time goes on see less and less "front page" references to my real name that actually refer to me. This seemed to accelerate as I discovered how to block cookies, ads, and the like.
I don't doubt there is still information about me on some Google boxcar. But the less I add to it the happier I am.
"Apple is fixing the method by which the FBI is trying to get them to hack their phone. By the end of the year 80% of all iOS devices will be running iOS 10 and be immune to this."
Question: Where did you get this? I'd like to read the article.
Thanks...
@Valarian: I often think of this one:
"And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance coercing your conformity and soliciting your submission. How did this happen? Who's to blame? Well certainly there are those more responsible than others, and they will be held accountable, but again truth be told, if you're looking for the guilty, you need only look into a mirror. I know why you did it. I know you were afraid. Who wouldn't be? War, terror, disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense."
@ Neil Barnes: "What are 'they' trying to find?"
IMO the short answer is, they (FBI and more) are trying to find out if they can force a US company to install a backdoor in its product. It has absolutely nothing to do with finding anything useful on the phone itself.
@AC and "The iPhone already has that facility..."
What you say may be true. And I have a very long alphanumeric passcode that would insure more than 8 tries. But then that means having to have an argument with customs and the delay it entails in crossing a US (or any other) border where the passcode might be requested.
Rather, I'd like to just wipe everything I consider sensitive on my way to the border with a single button. That way when access to the phone is requested I could honestly say, "Sure. I have nothing to hide," hand over the phone and the passcode and everyone is happy.
A side note: There is the possibility of malware being placed on the phone while in their possession. I already backup my phone regularly and always just before I travel. If my phone is accessed by the authorities when I get back home I would wipe the phone completely and restore from backup. That may not be a bulletproof solution but its the only one I can think of. Other suggestions are welcome.
One last thing: "I'd be careful with Silent Circle..." Please elaborate. I don't use SC (can't talk anyone into using it) but I follow their product development. I would ask that you include Signal Private Messenger in your comments since I do occasionally use Signal. Thanks.
I just saw a Silent Circle iPhone app feature update that allows wiping all conversation history. Its under SC Settings and labeled "Wipe Silent Phone" with the description "Clear application data and log out."
It would not take a lot to install the same feature on the iPhone. I already clear all cache and cookies after each browser session. Combine that with the ability to wipe all text history, phone history, and location history and I'd have just one button to push. I like that.
"Today's filing points out that the legal action wouldn't have been necessary if the FBI hadn't stupidly changed the shooter's iCloud password..."
Given the political and legal maneuvering of Comey et al, I would say the word "stupidly" could reasonably be replaced with "shrewdly".
May be as reputable for lack of bias as claimed in the article but I question whether it can really depict public sentiment after reading this article:
http://www.slate.com/articles/news_and_politics/politics/2012/05/survey_bias_how_can_we_trust_opinion_polls_when_so_few_people_respond_.html
where Pew itself said that only a 9% response rate to telephone opinion surveys.
@Peter R. 1: Some of your comments have merit but you've left out some important points. Apple products, the iPhone in particular, have generally become more secure and more private with each generation. This trend has accelerated since Cook became CEO. Also, Cook publicly stated that privacy was a goal quite a while back, not "...all of a sudden..." as you assert. Here are some links that support my comments:
http://www.theguardian.com/technology/2015/feb/13/apple-ceo-tim-cook-challenges-obama-privacy
http://www.theguardian.com/technology/2015/jun/03/apple-tim-cook-google-facebook-privacy
http://www.theguardian.com/technology/2015/feb/13/apple-ceo-tim-cook-challenges-obama-privacy
https://www.eff.org/who-has-your-back-government-data-requests-2015
https://www.eff.org/secure-messaging-scorecard
Recently read this article on The Intercept, basically about using longer passcodes to keep an iPhone secure:
https://theintercept.com/2016/02/18/passcodes-that-can-defeat-fbi-ios-backdoor/
Makes sense to me - but I'm not a super tech. Comments from more knowledgeable folks on this thread are most welcome!
Before laws are passed that hamstring US companies, back doors are required, secret deals are a given, and the whole damn thing is compromised. Whether or not US citizens or anyone else is put at risk is irrelevant. Whether or not US businesses are put at a disadvantage in the world economy is irrelevant too. Whether or not all the information gathered makes the US safer or not is also irrelevant. The US has an insatiable appetite for gathering every shred of information, regardless of its usefulness, and there is absolutely no laws domestic or foreign that will force it to do otherwise.
Would any other country really be able to resist the temptation to do the same if they had the ability to do so as the US does right now? I doubt it. But that doesn't make the US right in doing it.
What a shame. All that creativity, all that computing power, all that potential for doing good in the world, set aside to be the equivalent of a neighborhood bully.
Working for me too. Each browser has its pros and cons; there's no one size fits all. I use three browsers: Tor, Firefox (with lots of privacy add ons), and Safari. Which one I use depends on what I'm doing. I consider it leveraging the strengths of each browser rather than pushing it to do something its not good at.
@JamesPond: There are many other options. Try a search on "email service comparison" to see some choices. You can add words like private, free, secure, client to narrow your search. I did the same and moved from a free service to a paid one to take advantage of some special features important to me.
NOTE: This is not a rant for or against gmail or any other email service. Simply a response to your saying "...what other choices are there?"
"With an online order, you can order it before you even arrive and have it ready for you when you walk in the door. "
Not criticizing your logic, but if I really want a beverage that quickly I can have it before I walk OUT the door AND use cash! All I have to do it open the refrigerator...
"A guarantee from liars is but a walking shadow, a poor player,
That struts and frets his hour upon the stage,
And then is heard no more. It is a tale
Told by an idiot, full of sound and fury,
Signifying nothing.”
(with apologies to WS; this was just the first thing that came to mind)
@ZSn: No geek here, but I was able to setup up PGP on a Mac's Apple Mail client using GPG Tools in very little time. Click to sign, click to encrypt or not... its ridiculously easy to use. Technical support was great too.
For me its actually a lot harder for me to find other people within my circle of friends who will send PGP encrypted email back and forth. So I don't encrypt anything but I like signing my email. I guess that's better than nothing.
The field may never be considered sexy or hot but please don't extend it to the people who are in it.
Sorry to disappoint, but 3 of my female colleagues are among the hottest women I've ever met. Smart, successful, great to work with and easy on the eye. And before you ask: too late they're all happily married and no, I will not tell you where I work.
Its true that the agencies can't deal with all the traffic now. But what they are most likely banking on is that computers will get more powerful, analytics more precise, to the point that all that data will be easier to utilize later on. I would think that some politicians are thinking the same thing. When looked at that way surveillance hasn't even started yet. We're merely in the data collection stage.
@JimmyPage: Thanks for the upvote. I can't speak to the difference between LastPass and 1Password. Any knowledge of other password managers I have is dated; I started using 1Password a couple of years ago and have been satisfied since. When I hear someone dissatisfied with their password manager I suggest taking a look at 1Password because I'm happy with it and maybe that person would be too.
Also, unlike some of the people I've seen posting here, I'm not super technical. So I can't promote my choice based on 1Password's technical superiority over any other password manager. What drew me to 1Password was the fact that its AgileBits' flagship product, my experience with customer service has been well above average. AgileBits is continually improving 1Password in ways I approve of. Within days of Heartbleed OpenSSL AgileBits had implemented an upgrade to warn of sites that had not yet patched. When I communicate with product support I receive answers I understand and in a timely manner. In the 1Password forums I see the same help for others in addition to those with more technical background being pleased with the answers they receive as well. For someone like me these are features that sell a person on a product.
In spite of all that, again, I'm not super technical. I don't try to sell 1Password. I just suggest that when people are looking to select a password manager that they take a look at 1Password too.
FWIW I use 1Password by AgileBits. Not open source, so if that's a deal breaker read no further. It also isn't free but I think its worth every penny.
Lots of nice features, easy to use. Allows select cloud syncing but also my preference, which is syncing via wifi.
Active forum, constant CPI, responsive support. Spent a lot of time emailing their support with questions, always received great answers and sometimes a warm reception for a recommended change. If you're still searching for a replacement to FastPass, consider taking a look at AgileBits and 1Password.
Disclaimer: None. I have no affiliation with AgileBits except being a very satisfied customer.
Ditto except for sniffing other browsers. I have no complaints with Firefox. I don't get the reminders that others are remarked about, but I do get all the add ons I want including NoScript, Disconnect, Privacy Badger, and HTTP Nowhere. Speed is not an issue for me either with all the ad and tracking stuff blocked.
In the greater picture of things the back door encryption debate is just a straw man that directs attention from the real debate. Both sides know that weakening encryption won't result in better security. So why keep debating it?
What about the real issue? In my opinion the real debate, which politicians choose not to partake in, is how to reign in the mass surveillance that continues unabated.