Boingboing bbs discouraging privacy?

Hey, serious question, want access to the canary::wharf API?

Isn’t that basically the “42” of system adminstration?

Yeah, I did a faceplant.gif, but it was northcutt, so I couldn’t be obvious.

Not unless someone already wrote a discourse plugin for it? I’m to busy with my day job and BB 3.0 to do that up.

Thanks though

Perhaps that would be a good use of my time.

I bet @codinghorror would love you forever.

My comment was a refence to our other discussion about the DHS laptop ban. There is, I think, a certain amount of irony in the idea that we should be blocking whole swaths of users from posting out of fear of spam, while railing against requiring people to check their laptops as luggage as a protection against bombing. Not trying to threadjack here, just ultimately supporting @dfaris’s original point which is that our security measures should not be so extreme as to block innocent users who are only seeking anonymity.

The laptop risk reaches to an astounding dozens of miscreants. Which makes the ban ridiculous. Network bans reach millions of jagoffs. Which makes the bans a bit more reasonable.

Not perfect, but the correct direction.

Sorry, completely different scale. 100 spam bots for every legitimate user. Every day.

@OtherMichael and I apologise

This is oddly poignant context for a thread where the proposed solution was “just use a VPN.”

Yes. I’m one who suggested that in the other thread. I still think it’s a good way to prevent your ISP (or that guy over there in the corner of the coffee house with a packet sniffer) from spying on you, but there are practical failings that make it a less than optimal solution, apparently. I guess, maybe, the better answer is to set up your VPN client to connect to your own server on the net, like your own webserver, or something like that. But I realize, not everyone has one of those.

I tend to prefer, as an answer, sensible policies about consumer rights over their ISPs in law. All security and privacy systems ultimately rely on some level of trust and interdependence, and there are zero technologies that don’t. We can either enforce trust or we can have a broken system (e.g. policing in America.) There’s not really many other options. Technology only gets you part of the way there.

Well, dream on. With all its pitfalls, you can implement a technical solution unilaterally. You don’t need to waste time trying to convince truculent and idiotic politician to do anything. It’s not dependant on the sway of uninterested voters who pick some random guy, prone to dismantle every protection put in place in the last 50 years, just because they want to see a little chaos.

I would rather rely on something I can accomplish myself, even if it may not be perfect, than anything a bunch of aholes at the capitol try to come up with.

No. You can’t. Not unless you’re cutting your own silicon wafers. There is a baseline level below which it is not possible to enact a technical solution unilaterally without a lot of independent wealth. That statement is objectively not true. Technology relies on bottom-up interdependence to the point where making your mouse speak to fifty different computers has gotten piss-easy. There are billions of pages of technical documentation you will never read, that is being read on your behalf to implement the solution that you think you created alone.

You can roll your own on a lot of things, but at some point you have to trust someone hasn’t pre-licked all your rolling papers.

But if your adversary is your ISP, I.e. your first hop for transit, you’ve already lost. The level of sophistication to bypass their controls in a sound, technical manner are a damn tall order.

Consumer grade vpns excel at obfuscation and rerouting traffic. But there are so many edge cases, I would never recommend one for the sake of privacy.

Fuck, there are VPN providers who have been explicitly set up to spy on users traffic. And this isn’t some wild speculation on my part. To repeat, this is not speculation.

Can you cite some authoritative source to back this up, please?

Me. I run services that do exactly that.

Eta

The terms of service are clear. Just like every other provider.

This is an excellent solution - but as you point out, most folks don’t have the option to implement this.

I know this is gonna sound jargony, and out of the realm of most peoples know how or time, but: ssh port forwarding connection specifically to a vps in Germany. It has to be Germany. Then gre or ipsec tunnel with PFS back to a burner in the us. Then route traffic to your destination over TLS. It is a form of “tromboning”.

Make sure your DNS resolution is done from the burner, and not from the German host. Otherwise you are in a world of pain if there is a timing attack.

Or even better, pull a zaphod beeblebrox and relax