Apple: Feel-good security in the next Safari?

From Apple’s Tiger Preview – Safari RSS page: Safari protects your personal information on shared or public Macs when surfing the Web. Go ahead and check your bank account and .Mac email at the library or shop for birthday presents on the family M…

From Apple’s Tiger Preview – Safari RSS page:

Safari protects your personal information on shared or public Macs when surfing the Web. Go ahead and check your bank account and .Mac email at the library or shop for birthday presents on the family Mac. Using Safari痴 new privacy feature, no information about where you visit on the Web, personal information you enter or pages you visit are saved or cached. It痴 as if you were never there.

Who guarantees that the Safari you see on that public computer hasn’t been changed? Who guarantees that there are no programs which sniff the keyboard, and the screen? Who guarantees that no hidden cameras are hidden in strategic places?Privacy features in some particular piece of software don’t mean that software is running in a trustworthy environment. Suggesting that users perform sensitive activities (such as banking) in untrusted environments, using untrusted computers, is terribly bad advice.

Read this.

Read these blogs: Michael Froomkins’ discourse.net; Goldstein Howe’s SCOTUS blog (this item in particular). … and this dissent: Stevens in Rumsfeld v. Padilla. Executive detention of subversive citizens, like detention of enemy soldiers to keep …

Read these blogs: Michael Froomkins’ discourse.net; Goldstein Howe’s SCOTUS blog (this item in particular)…. and this dissent: Stevens in Rumsfeld v. Padilla.

Executive detention of subversive citizens, like detention of enemy soldiers to keep them off the battlefield, may sometimes be justified to prevent persons from launching or becoming missiles of destruction. It may not, however, be justified by the naked interest in using unlawful procedures to extract information. Incommunicado detention for months on end is such a procedure. Whether the information so procured is more or less reliable than that acquired by more extreme forms of torture is of no conse-quence. For if this Nation is to remain true to the ideals symbolized by its flag, it must not wield the tools of tyrants even to resist an assault by the forces of tyranny.

WHOIS and SPAM

The 2003 CDT spam report is often cited as evidence that WHOIS data mining is not really responsible for any significant amount of spam. In early May, I changed the contact e-mail address displayed in the WHOIS records of most of my domain names t…

The 2003 CDT spam report is often cited as evidence that WHOIS data mining is not really responsible for any significant amount of spam.In early May, I changed the contact e-mail address displayed in the WHOIS records of most of my domain names to a fresh address that is not being spam-filtered. For six weeks, the address did not receive spam. I almost forgot about it. Now, I’m getting daily spam at that address.Seems like the CDT report’s findings are outdated.

TF3, Open Call

WHOIS Task Force 3 (accuracy) had its (first? only?) open conference call. The call was intended to extend the reach of the ongoing public comment process. It wasn’t too successful at that. I believe I hogged the line for the most part of the call…

WHOIS Task Force 3 (accuracy) had its (first? only?) open conference call. The call was intended to extend the reach of the ongoing public comment process. It wasn’t too successful at that.I believe I hogged the line for the most part of the call, going through the individual “best practices” proposed in TF3’s preliminary report. In a nutshell, the proposed recommendations either don’t make sense, are harmful, or moot.

New gTLDs, or not?

The most interesting part of today’s GNSO Council call begins 98:30 minutes into the MP3 recording, and takes about 17 minutes. It’s on the agenda under “any other business”: new gTLDs. My notes are below the break; if something sounds wrong to yo…

The most interesting part of today’s GNSO Council call begins 98:30 minutes into the MP3 recording, and takes about 17 minutes. It’s on the agenda under “any other business”: new gTLDs.My notes are below the break; if something sounds wrong to you, go listen to the MP3 recording.

FC2 on Thinkpad: New kernel, less problems.

There’s a new kernel for Fedora Core 2, and it seems to take care of the IRDA problems I had previously. No more kernel re-building to move the serial driver into a module: Just make sure you do setserial /dev/ttyS1 uart none before attempting to …

There’s a new kernel for Fedora Core 2, and it seems to take care of the IRDA problems I had previously.No more kernel re-building to move the serial driver into a module: Just make sure you do

setserial /dev/ttyS1 uart none

before attempting to load the FIR driver, and everything should work fine.With the new kernel, the only remaining driver that needs to be taken care of separately is the one for the built-in Centrino Wi-Fi.

When Wi-Fi won’t work well…

… then you are probably using a commercial hot-spot, or maybe someone has tried to provide some “security.” The last couple of days gave me a chance to experience a variety of Wi-Fi setups. Besides the generally working open conference network a…

… then you are probably using a commercial hot-spot, or maybe someone has tried to provide some “security.”

Media_httplogdoesnote_gjeeq

The last couple of days gave me a chance to experience a variety of Wi-Fi setups. Besides the generally working open conference network at WOS (hidden behind a NAT box, of course), there were the insecure, but cumbersome security mechanisms at TU-Berlin (ultimately circumvented for many people in the room by setting up a laptop as a router between an ad-hoc open network and the official Internet access), and airport Wi-Fi at CGN and TXL.CGN is in T-Mobile’s hands. The design of the payment process looked reasonable, at least as long as you are a T-Com or T-Mobile subscriber. Random 404 errors and wrong host names in SSL certificates (hotspot.t-mobile.net vs. hot-spot.t-mobile.net) pointed towards a rather unprofessional implementation, though.(The Vodafone setup in MUC about which I ranted in March had a more cumbersome billing design, but was implemented better.)TXL (where the photo was taken this morning) is more open to a number of wireless providers. Access points are shared between providers; users are then supposed to pick providers from some web page. When trying to go further than that, I got inconsistent and irreproducible behavior, including 404 messages, transparent proxies complaining, and timeouts. The “wlan-zone” was useless for me.Open and free Wi-Fi should be a convenience at airports — spending the waiting time attempting to debug a network is not a productive activity at all.

WOS: Ross Anderson on DRM and Competition.

Ross Anderson speaks on DRM and Competition. Economics of software: Value of a software company is accumulated switching cost of users — if switching 100 seats to OpenOffice costs less than 50,000 ???, you don’t pay 500 ??? per seat for Microsoft Off…

Ross Anderson speaks on DRM and Competition.Economics of software: Value of a software company is accumulated switching cost of users — if switching 100 seats to OpenOffice costs less than 50,000 、, you don’t pay 500 、 per seat for Microsoft Office. If it costs more, Microsoft charges more. What happens with new document/right management technologies Microsoft is about to supply, enabled by trustworthy computing? Need permission from senders to convert files to other technology. Switching costs explode.Use TC to lock in users by locking up their data. Software startups to have lower probability ofsuccess. Software industry much less dynamic, much more like “normal” industry. Small number of big players, big entry costs, less jobs.Playstation model: Subsidize hardware from software sales. TC computers cheaper. Later, maybe PC free, “Office plan” for monthly rent. Effect on free software when commercial software comes with free hardware? Internal Market? Talking services now, not products!TC has nasty effects on competition policy. Twist anti-circumvention into anti-competitive tools. Need digital rights directive — not just about consumers, but about markets. Not just about music, about everything — because everything contains software in the near future.

WOS, last day: Pre-shared keys + XAUTH, again.

I’m at WOS 3 in Berlin, now sitting in the Copyrights in Europe workshop at the Technical University’s main building. After the main conference network behaved interestingly yesterday, people are now struggling with the TU’s WLAN security setup. I…

Media_httplogdoesnote_doepj

I’m at WOS 3 in Berlin, now sitting in the Copyrights in Europe workshop at the Technical University’s main building. After the main conference network behaved interestingly yesterday, people are now struggling with the TU’s WLAN security setup. IPSEC with pre-shared keys and XAUTH over unencrypted WLAN, of course.User names and passwords are distributed on tiny paper strips. Keys and software are distributed on CD-ROMs that can’t be mounted properly by many people here. The key information, though, has now made it to one of the blackboards, after it was unscrambled.