Once again: Privacy promises from a company are worth nothing, because companies ...
#1
[Image: system-security-specialist-working-at-sy...32x120.jpg]

Global: In the last post, I recalled that the only thing that matter whether data collection is taking place is whether it's technically possible, and that if you carry an electronic sensor, you must assume it to be active. Here's why it doesn't matter one bit if the sensor was made with "good guys" with exemplary and outstanding Terms and Conditions.

If data collection is possible, it is happening, and it will be used against the person it was collected from. That’s a reality which is provable with mathematical precision: the probability for data being collected is nonzero, and the probability for it being used against its owner is also some nonzero probability. Since neither of these probabilities are falling over time, then they will take place, with mathematical certainty. Therefore, the only way to have data not used against you is to make sure it’s not possible to collect it in the first place.

I hear a lot of people looking at “good guy” companies, and how they are standing up for privacy, so you can trust them with certainty. This is good, but it is not enough: a company can not just get a new management, it is also completely at the mercy of the government it is operating under.

In effect, a company does not even have agency to promise to protect any collected data. A few case studies:

In the Terms of Service of Dropbox, it was first stated that the files are encrypted, and that Dropbox employees are incapable of accessing your data. At some point, Dropbox mentioned that they’re doing server-side deduplication to store space. This is a compression technique where similar segments of files are only stored once. When this was mentioned, bright minds immediately realized that deduplication cannot take place unless Dropbox can determine that the files are similar, in which case they cannot be encrypted when this process happens. After an uproar, Dropbox changed its terms of service from employees being “incapable” of accessing client data, to employees being “not permitted” to access client data — which is an enormous difference, because it means the data is accessible to somebody walking into Dropbox offices and, say, flashing a badge. “Not permitted” counts for absolutely nothing.

Another case in point is Amazon Alexa, which is listening into your living room (just like a lot of other devices do). Amazon had promised to never share anything it heard in your home, promising you privacy. This promise was only valid up until a District Attorney wanted those recordings as part of an ongoing investigation, at which point Amazon’s promises were completely null and void.

The only way to make sure that your privacy is kept intact is to not have your data collected in the first place. Companies, even when they promise you privacy, have no legal right to promise you anything — for the very next day, the government can walk into the company’s offices and carry that data out with it. Therefore, reading Privacy Policies or Terms of Service in hopes of finding good promises that your data will be kept safe are pointless, because no company can legally make such promises.

The one exception to governments getting away with this kind of behavior would be the story of Lavabit, where the founder chose to close the entire company overnight rather than comply with a nastygram from the NSA demanding the mail correspondence of Edward Snowden. But this is the exception to the rule. There is no scenario where a company keeps its promise and stays open, when a government says it wants the data in the custody of that company.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)
Reply
#2
True dat.

And in case it is not obvious it goes for ISP's, VPN providers, seedbox providers and proxy providers.

It also goes for torrent sites.

Though TPB has so far shown itself to be in the Lavabit mold and, in the worst case, knows relatively little about you. But it could know even less about you if you're careful with your own security.
Reply
#3
Anyone who thinks everyone on the internet isn't collecting info on you is a fool. You don't want data collected? Don't go on the internet.
Reply
#4
(Dec 09, 2017, 14:48 pm)Rick Wrote: [Image: system-security-specialist-working-at-sy...32x120.jpg]

Global: In the last post, I recalled that the only thing that matter whether data collection is taking place is whether it's technically possible, and that if you carry an electronic sensor, you must assume it to be active. Here's why it doesn't matter one bit if the sensor was made with "good guys" with exemplary and outstanding Terms and Conditions.

If data collection is possible, it is happening, and it will be used against the person it was collected from. That’s a reality which is provable with mathematical precision: the probability for data being collected is nonzero, and the probability for it being used against its owner is also some nonzero probability. Since neither of these probabilities are falling over time, then they will take place, with mathematical certainty. Therefore, the only way to have data not used against you is to make sure it’s not possible to collect it in the first place.

I hear a lot of people looking at “good guy” companies, and how they are standing up for privacy, so you can trust them with certainty. This is good, but it is not enough: a company can not just get a new management, it is also completely at the mercy of the government it is operating under.

In effect, a company does not even have agency to promise to protect any collected data. A few case studies:

In the Terms of Service of Dropbox, it was first stated that the files are encrypted, and that Dropbox employees are incapable of accessing your data. At some point, Dropbox mentioned that they’re doing server-side deduplication to store space. This is a compression technique where similar segments of files are only stored once. When this was mentioned, bright minds immediately realized that deduplication cannot take place unless Dropbox can determine that the files are similar, in which case they cannot be encrypted when this process happens. After an uproar, Dropbox changed its terms of service from employees being “incapable” of accessing client data, to employees being “not permitted” to access client data — which is an enormous difference, because it means the data is accessible to somebody walking into Dropbox offices and, say, flashing a badge. “Not permitted” counts for absolutely nothing.

Another case in point is Amazon Alexa, which is listening into your living room (just like a lot of other devices do). Amazon had promised to never share anything it heard in your home, promising you privacy. This promise was only valid up until a District Attorney wanted those recordings as part of an ongoing investigation, at which point Amazon’s promises were completely null and void.

The only way to make sure that your privacy is kept intact is to not have your data collected in the first place. Companies, even when they promise you privacy, have no legal right to promise you anything — for the very next day, the government can walk into the company’s offices and carry that data out with it. Therefore, reading Privacy Policies or Terms of Service in hopes of finding good promises that your data will be kept safe are pointless, because no company can legally make such promises.

The one exception to governments getting away with this kind of behavior would be the story of Lavabit, where the founder chose to close the entire company overnight rather than comply with a nastygram from the NSA demanding the mail correspondence of Edward Snowden. But this is the exception to the rule. There is no scenario where a company keeps its promise and stays open, when a government says it wants the data in the custody of that company.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Why not...?  Can't you have a fingerprint of an encrypted blob ? or the fact the encrypted and encrypted, fingerprints wound be different?
Besides, if you cannot the files "because" of the same reason we see privacy as, how  else can you verify ?

I cringe every time, when i see stuff like from EFF hinting an organization is set up to "help" you with privacy and defend your right.. (...and everyone else worldwide cannot take the time to do themselves, so they arn't too worried about it)

They would rather use organizations set up "specially" for this, again, as a "way out.."
You feel like protesting? make the entire country do it and i guarantee  changes will happen..

Just a few million users supporting EFF or here and there type supporting isn't gonna do anything drastic.

If you believe in something, you gotta do it yourself... But there is no point, if everyone isn't in the same boat.......

Instead, we have issues supporting "this" or "that" yet we want other organizations to act on our behalf because we either too tired, like wanna complain, or its to all too difficult.

I always say, actions speak louder than words, and its only words that people say on the internet, with no proof to back any of it up.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Privacy is Not Dead—It's Inevitable stormium 10 37,757 Jun 16, 2024, 11:10 am
Last Post: stts2
  Why The US Government Should Respect The Privacy Rights Of Non-Americans NIK 13 30,317 Jun 16, 2024, 04:12 am
Last Post: stts2
  If You're Pissed About Facebook's Privacy Abuses, You Should Be Four Times As ... Mike 16 33,125 Jun 16, 2024, 02:53 am
Last Post: stts2
  Top five most valuable tech companies in US have lost $4 trillion in value Resurgence 0 5,614 Nov 10, 2022, 14:00 pm
Last Post: Resurgence
  Baking damaged reel-to-reel tapes renders them playable again Resurgence 0 5,864 Nov 07, 2022, 12:13 pm
Last Post: Resurgence



Users browsing this thread: 2 Guest(s)