Posts by lars.r 9 publicly visible posts • joined 19 Aug 2014
The internet already consume colossal amounts of energy. Adding encryption where it is not needed, does not help. We can argue about what is needed in terms of encryption and the threat models will clearly vary a great deal, but all-HTTPS-all-the-time is not a zero-cost option.
as to the no reason not to encrypt argument - I'd beg to differ. Encryption costs money, which will have come some from somewhere. With the pervasive advertising/profiling/re-selling of user data business model that will in all likely hood mean the even further dissemination of the user’s data and a corresponding tightening of their/our filter-bubble.
Back in January I left a gig as a subcontractor for IBM at a major UK government institution. The biggest institution of all in fact. I have still not been paid for January and part of 2016.
Clearly IBM is going to pot. Which is a shame since they used to, and to some considerable extent still do, have quite good products. But terrible middle management, or higher, will ruin any organization. Still, not paying you bills.
IBM. Drain. Circling. Etc.
I’d have to concur. High houses prices are on balance not good for anyone other than those providing the construction input (equipment, land, materials etc). The people building the damns things will do about the same either way. And given the volume factor, the builders are probably better off with lower prices.
As for the residents I’d say that lower is better. A high price simply means that it is expensive to live there, and the higher the price the higher the opportunity costs. Something which is mostly neglected from consideration. If the value of your house goes up 10% a year it means that you pay 10% more every year to live there. You are just able to easily ignore it since you don’t get a bill in the mail every month. But you pay just a surely. So, so much for the economics.
The main reason to live in an expensive property (as opposed to a merely large, or conveniently located one) and accept the high and growing opportunity costs of ever rising property prices is simply snobbery – keeping out the riff-raff. This is a significant boon to many, probably most people and something that they are willing to pay for. There is also the show-off factor: The phrase “conscious consumption” was coined over a century ago. Though I wonder what the attitude would be it the true financial costs was made plain.
If I’m understanding the hack correctly.
The traffic analysis is based on the pattern of services the user accesses online: Doing this thing on this server and that thing on that server. Supplemented with headers and timestamps you get a pretty full picture. Sufficient to identity the user regardless of his sitting behind an encrypted tunnel to a proxy server.
Padding the traffic with gibberish will no doubt help. But even if you add noise there is still signal. You really did post to twitter and read that bbc news article, even if the “padding” adds a bunch of other stuff, like some online version of the “babble box”.
What about a hypothetical service that amalgamates the other service? And not just acting as a proxy for them either. It really acts like them as far as the user is concerned. He types in www.hyptectical.org/bbcnew/article.html and he sees the same article as if he had gone straight to www.bbcnews.co.uk/article.html. for static content the functionality could be much like a caching proxy. But for more dynamic stuff the hypothetical service would have application logic and act like the service the user is requesting when he requests it, and the same for others.
The user submits a request over https containing what the server should do – the logic. It does it and returns the answer/data/whatever. Morphing to fit the requirements the user requests.
NSA would then lose the information of a pattern of visiting sites. That still leaves timestamps of visiting this morphic site but if would not be known that took place there.
Adding the babble box functionality and padding headers to fixed length as mentioned above, this could be quite secure.
This is all speculation of course, but I’m thinking there are avenues worthy of pursuit here.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
