Weekly Edition
Return to the Security page
| |||||||||||||
Security quotes of the week
So, here's the question: have I broken the law by using NoScript? I've used
it for years, and it seems pretty ridiculous to claim that I now need to
specifically go and whitelist the NYTimes just because it wants to hit me
with an incredibly porous paywall. But, technically, I could see how an
argument could be made that merely using NoScript makes me a DMCA violator
by "circumventing" technical protection measures. Does this also mean that
NoScript -- an incredibly useful tool -- has suddenly become a
"circumvention device" overnight, because the NYTimes programmed an
incredibly stupid paywall in javascript?
-- Mike
Masnick
The best way for online social networking to become safer, more flexible,
and more innovative is to distribute the ability and authority to the
world's users and developers, whose various needs and imaginations can do
far more than what any single company could achieve.
-- Richard Esguerra(Log in to post comments)
Security quotes of the week Posted Mar 24, 2011 6:29 UTC (Thu) by engla (guest, #47454) [Link]
> What this really should highlight is the massive problem with
> automatically outlawing all "circumvention" and "circumvention devices."
Yes, sure, but in this case there is no circumvention device. Disabling Javascript is a standard feature in any browser since the dawn of the Web, and so it is part of standard usage.
Security quotes of the week Posted Mar 24, 2011 16:28 UTC (Thu) by iabervon (subscriber, #722) [Link]
Not true! Browsers only got the ability to disable Javascript after the language was invented in 1995. And many low-end mobile browsers today lack the ability to disable (or execute) Javascript.
Is federated really "safer"? Posted Mar 24, 2011 7:42 UTC (Thu) by blujay (guest, #39961) [Link]
If your federated social network server was operated by a malicious operator, he could feed your data to anyone he wanted.
Or if your friend's server operator was malicious, he could forge requests from your friend, get all your data, and give it to whomever he wanted.
Or if your friend's server operator was ignorant or lazy, his server could be compromised, and the attacker could forge requests from your friend...you get the idea.
Basically, anyone who runs a federated server has free access to the data of all of his users and all of his users' friends.
As it is now, assuming we're comparing federation to Facebook, an attacker would have to compromise Facebook, or a Facebook operator could access your data directly. I'd expect Facebook to have more people working on security than "myfreediaspora.com", or an average-sized federated server--they have a greater interest in maintaining security, as well. As for rogue employees, I presume they have some measures in place to help prevent that...
My point is not that either one is better, but that neither one should be considered securely private. The whole point of social networks is to share information with certain parties. If those parties or their proxies are compromised or malicious, all bets are off. Federation just spreads the risk around.
Having said that, federation could provide many other benefits unrelated to privacy or security, so I look forward to it. But I think it would benefit me more by giving me control over the UI than giving me a false sense of control over my data.
Is federated really "safer"? Posted Mar 25, 2011 19:26 UTC (Fri) by eli (guest, #11265) [Link]
When talking about federated systems, I want very fine-grained federation. I want to run the social server for my (extended) family -- I'm the most qualified of the members, and I have a real vested interest in protecting those using the system.
|
|||||||||||||