if your viewpoint is doing a "good job"then what would you prefer?
Bad job by a bunch of idiots. Some of them get paid by the system, most are high calibre and can milk the teat of corporate inquisitions. They absolutely know their subject material, so it comes down to opinion....
or
Bad specs from a bunch of profiteering idiots?
Why would anyone who was ahead of the curve ever give this stuff away? The path for Bitcoin and all other cryptos actually lies far away from the 'internet money" crossover dilemnas we have today. Big blocks of silicon heating snowdrifts is already out of date
> the deluge of anti-FB, anti-Goog, anti-Twitter, etc articles. Maybe I'm viewing this too broadly, but I get an icky feeling of intentional furor construction.
Those companies are enabling the criminals. German law defines the users as criminals and it is this pre-internet law that is being upgraded and enforced, because profiting from enabling illegal activity is clearly wrong.
FB employs 1200 people to deal with this... why is that? It isn't their fault that the world has so many fucktards in it, but is their problem when they give a platform to their illegality
furor over the failings of the "city state" that FB are trying to establish. Good
Ok...I mean you see it that way and I don't really agree, but that is unrelated to my comment. Mine is a general comment about the flow of "news" concerning large web companies. It feels like this article was just the next one on the weekend assembly line. I'm not really a fan of manipulation even if I agree w/ the manipulators. Granted, my observations are my own based on the news cycles and my limited empirical evidence leaves my suspicions in the realm of conspiracy theory. Just a comment on the patterns I see.
Could you be a bit more specific about your criticism of the article. I found it interesting. I don't really see how it is anti-FB. It seems to describe the current situation by anecdotes instead of statistics/scientific analysis. I can understand some not liking that style (especially considering information per time), but it seems highly effective at describing issues to most people (probably the thing you call media narrative control). I've got no problem with that.
But your "There is nothing substantive here" is worrying me, since it probably means you'd like more that a somewhat mundane description of the situation without judgment. Did you expect a strong position, probably in favor of US free speech values? It to be a hit piece for or against NetzDG? Strong policy recommendations with big impacts? I don't want that! I like our current society and want marginal fixes for its countless little flaws. But responding to the current hot issue (lets say school shootings) with extremist positions (arm everyone vs take all guns away) seems highly unproductive in improving our lives.
"Slack groups work really well for me and a few of my groups of friends. Because we know they are exclusive, and won't spam us, we actually value them. When someone has a message for the entire group... "I got engaged / married / had a kid / new job / moving to Singapore..." whatever... it's just information, not someone trying to milk fake internet points from strangers."
Your use case for Slack is not what Slack exists for... their MO is to get business information
I used slack once then realised that it was just as bad, if not worse than facebook. It is worse because it lulls you into a false sense of security. Everything on Slack belongs to Slack. It is fundamentally more evil than FB because it pretends to be a 'confidential and secure' environment but the truth is they own every single byte you give them. Slack users are morons if they think that Slack has any agenda other than to parse data and exploit the connections. FB at least is "only social" whereas Slack gets company business data via the morons that use it.
Businesses use Slack because they are too lazy to deliver an in house alternative. I pity anyone who thinks Slack is any better than FB . Stand by for Slack being acquired by FB in the very near future so that FB can fill in another slice of the control pie they are trying to bake
Health insurance companies are going to love this. Expect to see a spinoff for-profit organization that monetizes the tests (charging the end user of course - probably via their insurance premium).
The fancy 'public healthcare' rhetoric coming from a UK research project is all well and good for now, but we all know that this will end up being a mandatory part of any health check for insurance purposes.
On a lighter note, the idea of all that leak data being (inevitably) leaked is amusing
>The fancy 'public healthcare' rhetoric coming from a UK research project is all well and good for now, but we all know that this will end up being a mandatory part of any health check for insurance purposes.
Why not? Why shouldn't people who take care of themselves get cheaper insurance?
"For ordinary users, the situation is truly hopeless. They are pwned by default if they buy into IoT."
when was it ever different? This is just a repeat of the "buy anti-virus" phase of Windows, which wasn't sufficiently hammered home that it basically failed. No doubt there will be some responsible IoT manufacturers that address the vulnerabilities, but IMO, not many, and the market isn't exactly demanding of 'secure amazon buttons' - in fact there will be devastation because the manufacturers won't give a flying fuck about security as they stamp out thousands of pieces a day with default passwords in their factories.
If ever there was a use case for ipv6 then I suggest this is it. Sadly we aren't going to get there in time to stop a new wave of botnets. Who do I blame for the failure to properly roll out ipv6?
> If ever there was a use case for ipv6 then I suggest this is it. Sadly we aren't going to get there in time to stop a new wave of botnets. Who do I blame for the failure to properly roll out ipv6?
I'm not sure I follow - what exactly about IPv6 improves the situation?
In the current IPv4 home network world, devices are all given private IPv4 addresses, and sit behind a NAT overloading gateway, and the only way those hosts can be directly addressed is if ports are specifically forwarded to those hosts, or if the gateway is running some service to automatically forward ports on demand (UPnP).
In IPv6, devices are all given globally routable addresses, and are hopefully sitting behind a gateway with stateful filtering, and the only way these hosts can be directly addressed is if the ports are specifically opened to those hosts, or if the gateway is running some service to automatically open ports on demand (If it doesn't exist already, it will soon enough).
IPv6 is a solution to a limited number space. Last I checked, it doesn't actually solve anything else. If I'm wrong, I would love to know how though, new emerging technologies often have elements of misinformation spreading, so if I'm guilty here, I definitely want to know how and why.
The average user is worried about their laptop. The idea of their laptop being hacked is worrisome because they keep personal information on it and it's a somewhat personal possession. So anti-virus get some play.
The average user doesn't care about their VCR. The average user won't set the time on their VCR much less set a password. In fact, I don't care about my VCR or my light bulbs or whatever dumb thing someone decides should have the capacity to be on the Internet (except I care enough not to knowing buy such things but in the future may unknowingly buy the stuff). If someone manufactures Trojans to put in people's homes and it causes other people problems, it shouldn't be my problem.
Average users have a VCR? How would it work if they don't set the time on it?
You bought (whatever) it (is) - so that becomes your problem. The average user falls for the marketing of "your app controls your fried chicken" bullshit and buys the IoT chicken frier. So you won't buy that frier. Good for you
The manufacturer might be in another country or bankrupt. You should go after the user and then he might go after the manufacturer or his insurance if he wants.
But on more realistic terms, my hope is that if this gets really bad, then a consortium of huge internet firms can start blacklisting bad IPs. If John-Random-Guy can't connect to google/facebook/akamai/etc then for sure he'll at least unplug the device
Where I live they make a copy of your ID when you buy a SIM. So you'll also need a fake ID. And then there will be a copy of your fake ID with a photo of you on file somewhere, which could lead to some issues if the authorities discover you used a fake ID.
I love using Signal and will continue to make modest donations, but I would really appreciate an improvement in audio call quality. I still use Silent Circle for calls because it is so tiring to talk when the bitrate is low.
> I still use Silent Circle for calls because it is so tiring to talk when the bitrate is low.
To be fair, that's a high bar. Our (SC) phone guys are masters at optimizing audio quality. I would be extremely surprised if any other app (encrypted or not) had significantly better audio quality than Silent Phone.
Having used all the encrypted call possibilities there are , you are, in my opinion, absolutely spot on. SC has exceptional clarity. WA isn't bad.
Can you talk more about "our guys" in respect to the fact that the CIA and NSA use the Blackphone? Should I, as a casual business person, be wondering that the handsets you supply to them are in some way compromised? I know that both the NSA and the CIA are interested in my phone conversations, which is why I ironically bought a Blackphone (for when I assume they are listening) and others which make their life harder (but I do accept that I do this more for the kicks of making them work for their intel)
tl:dr - is SC actually secure given that the company has been short on cash for a while and that the CIA and NSA equip their agents with the same phones. I don't mind talking because I have nothing to hide, but backdoor code is usually the case if you are selling 10k phone units to US LE.
As far as I know (and I'm not really very high up in the hierarchy, nor do I know much about the Blackphone hardware), the NSA and CIA are buying them because they are secure. I heard they had a list of phones/apps they are allowed to use internally, and SC was pretty much the only app that made the list at the time.
Keep in mind that "an organization using a secure app" and "an organization wanting to spy on people" are pretty independent goals. I haven't poked around in the client source too much (although I have implemented some stuff for the Android client), but:
1) Nothing in the client seemed out of place.
2) I've seen every line of code running on the web backend and there's nothing untoward going on.
3) Given the culture, I think many of the high-level people would quit before they compromised the product. Especially Phil, who has been sued by the US government for exporting strong cryptography before.
I have to agree. Privacy is a right. It's not often you run into a free alternative that offer sync capabilities across all platforms and devices. You also have a way to restrict or remove access from unknown fingerprints. The only downside I see about Wire is that the option to "submit crash reports and usage data" is enabled by default but that's just an Advanced options visit away from disabling. Give Wire a try and give their white papers covering how they approach [1] privacy and [2] security a read.
I'm a web developer, so I don't really know much, but I know it has to do with our SIP guys losing their minds if the echo canceller is a bit too aggressive on a specific device. They're just very detailed-oriented and want things to be perfect. I swear, one of them is a bat, he can tell I switched phones just because the mic sounds different.
I'd guess both SC and WhatsApp use opus, whereas Signal at the moment is using speex. There is an issue open at github, but it does not seem to be a priority.
I haven't read very much about it, but there seems to be concerns about opus leaking data about the call. I don't know how, but from android5.0 there is an opus encoder included that supports CBR mode.
I've never noticed a quality issue... because I've never had a call connect at all (to be fair, it's been a while since I accidentally clicked the "call" button and checked, since I've long given up on trying to use it deliberately).
Agreed. WhatsApp calls are near flawless when connections are good, I'm sure WS can reach audio quality parity.
I often get disconnected on Signal after 20 minutes or so on a voice call, but I suspect that's due to the other end being behind a VPN with awful latency.
Did FB/WA clarify that they use the OW audio encryption algos, or did they just put the OW 'trophy' on the wall without the actual implementation?
WhatsApp is, I agree, very good quality for what it is, but I would never trust it or FB with anything but social/personal calls. Social Media platforms are for other people to hand over their lives to. Let them subsidize my detachment from their usage, and I thank them for it. I'm sure there will come a day where you can't use WA without a FB account, at which point it is dead to me and my social contacts will be the first to know about it via WA.
"WhatsApp calls are also end-to-end encrypted When a WhatsApp user initiates a call:
1 The initiator builds an encrypted session with the recipient (as outlined in Section Initiating Session Setup), if one does not already exist
2 The initiator generates a random 32-byte SRTp master secret
3 The initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTp master secret
4 If the responder answers the call, a SRTp encrypted call ensues"
From wikipedia:
"Signal voice calls are encrypted with SRTP and the ZRTP key-agreement protocol, which was developed by Phil Zimmermann.[1][57]"
So from where I'm reading they seem to be doing more or less the same thing when it comes to encrypting voice calls.
SRTP and ZRTP is only for negotiating what to use. You can still use different codecs. I'd guess Wire, WA and SC use opus (since it is by far the best), while signal is still using speex.
ZRTP makes negotiation possible, so a roll-out of opus should be possible without breaking older clients.
Unless this is some non-standard variant, ZRTP only negotiates a key exchange for use when encrypting the audio packets (the 'S' in 'SRTP'). Neither of those protocols has anything to do with codec selection, which is done via a SDP sent over SIP, or some other signaling protocol.
Sorry. I should just shut up about things I don't know much about. I thought the rtp part did negotiation, since they specify a "payload type" field and remembered the zrtp config in jitsi where you can specify codecs, and jumped to conclusions.
The payload type field ends up just letting you do stuff like send RTP events (like DTMF tones) over RTP by sending a different payload type that the other end can interpret in a different way than as being part of your main audio stream. Either way tho, all the payload types that you should expect to see over the channel should be negotiated beforehand, using another protocol.
But no worries... there are a ton of moving parts in these protocols, and even though I've been working with them for a while, I still tend to forget details here and there, too.
If they seem to be doing something that is "more or less" the same then my radar is triggered for them not actually declaring they are delivering totally encrypted (ie no backdoor tomfoolery) voice calls.
Over the past year, we've been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.
that's interesting. I'm running a 2 year old Xperia Z3 and it never occurred to me that my CPU might be the issue, but SC seems to handle audio quality just fine
Your statement is lacking in a few ways, so to correct you in simple terms...
a database contains data that can be deleted and/or overwritten. Other than examining changelogs and reverting changes according to 'external requirements', a database is a non-auditable pot of changeable information. A blockchain cannot be re-written without a "hard fork" of the network that makes it exist. It is that simple. Consequently,you can also easily audit a blockchain or any part (wallet) of it. To audit a database is not impossible, but auditing a ledger is entirely simpler.
Banking people throw "blockchain" around as a buzzword without necessarily understanding the total difference in the way they operate compared to databases. The fact that the blockchain is a ledger is best demonstrated to them by the notion that a printed bank statement is a 'de facto' ledger of the transactions on a single account. Banks have always told customers that keeping printed (usually monthly) statements is how a permanent record is kept of your transactions. This is because they routinely wipe system transactions to avoid the storage and security costs of keeping a copy of the data. I have bank statements on paper going back to my very first bank account and transaction. They take up a great deal of physical space, but they do represent a permanent and uncontestable history of my finances. They are my personal paperblockchain. If only banks had been willing to keep everyone's transaction data in perpetuity then I wouldn't have boxes of paper in my attic. But that would be hugely impractical and costly. Blockchains for every account are feasible, but not on the horizon given the state of current cryptography and the huge data costs.
Banks trying to get into blockchain tech are only looking at high level intra-bank functionality, which would be well served by a new system, especially given that they don't trust each other but have historically agreed that they should, and pragmatism has cemented the system. A new system is absolutely needed.
rebranding is hardly the point. Blockchains exist as something entirely novel and challenging to legacy database structures. The folders you refer to - do you mean cryptocurrency wallets? The wallets where people can be their own bank? They are just blockchain 1.0 btw.
iTunes is actually SoundJamMP under the hood. That app was (if memory serves) released 16 years ago and subsequently bought by Apple. AFAIK the core of iTunes is still unchanged from then and all Apple have done is simply bloat the UI and bolt on additional functionality (eg AAC playback, videos and iCloud etc) without ever re-examining the underlying engine.
SoundJam was great for me in 2001 playing mp3s and as most of the tone of this thread seems to confirm, everything else since then has simply given users extra grief to cope with when wishing to play a simple music file in a simple manner.
I've stuck at OSX 10.6.8 and iTunes 10.6.1 (which is still 239MB of bloat) rather than upgrade. That's where I'm staying as Apple only ever seem to make stuff worse these days.
Bad job by a bunch of idiots. Some of them get paid by the system, most are high calibre and can milk the teat of corporate inquisitions. They absolutely know their subject material, so it comes down to opinion....
or
Bad specs from a bunch of profiteering idiots?
Why would anyone who was ahead of the curve ever give this stuff away? The path for Bitcoin and all other cryptos actually lies far away from the 'internet money" crossover dilemnas we have today. Big blocks of silicon heating snowdrifts is already out of date