GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
"So, I guess that I must be 'in the minority,'" for having never(!) "logged on to FaceBook," in all these many years?
Frankly, in my opinion, we are all "simply waiting for the other shoe to drop." And, when it does, "it will be far bigger than '9/11' ever was."
"Yes, Virginia,™" when faced with any technological cliff, we wasted no time flinging ourselves across it. "Merely(!) because that we could!"
Just as we paid no attention whatsoever to those "maintenance crews" who expected access to WTC #1, #2, and(!) #7, today we seem to perceive "no act of war(!) at all" with regard to any "recent Internet possibilities."
Quote:
Originally Posted by Puck, 'A Midsummer Night's Dream':
I seen VPN providers claim they don't log your activities, but we really can't know for sure. Any VPN can make claims like that to get your business. You need to have a strong gut feeling if their claims are valid.
As for free VPN's, don't put to much trust in them. There has to be a catch to the free service. VPNs are expensive to maintain to offer it completely free. They have to be compensated some how.
Last edited by PrideOfUsingLinux; 04-11-2017 at 08:37 PM.
I seen VPN providers claim they don't log your activities, but we really can't know for sure. Any VPN can make claims like that to get your business. You need to have a strong gut feeling if their claims are valid.
As for free VPN's, don't put to much trust in them. There has to be a catch to the free service. VPNs are expensive to maintain to offer it completely free. They have to be compensated some how.
I saw something in the news that a VPN provider was hauled in to court over the web history of one of it's clients and they said we don't keep those records the law dose
not require us to
forget who forget when
think it might have something to do with pizza gate ????????????????
I saw something in the news that a VPN provider was hauled in to court over the web history of one of it's clients and they said we don't keep those records the law dose
not require us to
forget who forget when
think it might have something to do with pizza gate ????????????????
Unless you're a fly on the wall, you don't really know if a VPN provider will log and or sell your history.
It's hard to fight the privacy battle, when they have already won the war. :/
Last edited by PrideOfUsingLinux; 04-11-2017 at 09:58 PM.
Right now, companies are IMHO rather infatuated with the amount of "information" they can get their hands on. There are not yet laws which call this "protected information," which is a pariah only in health-care where we do (in the USA) have the HIPAA Act:
Quote:
Originally Posted by Wikipedia:
The effective compliance date of the Privacy Rule was April 14, 2003, with a one-year extension for certain "small plans".
The HIPAA Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) held by "covered entities" (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.) By regulation, the Department of Health and Human Services extended the HIPAA privacy rule to independent contractors of covered entities who fit within the definition of "business associates". PHI is any information held by a covered entity that concerns health status, provision of health care, or payment for health care that can be linked to an individual. This is interpreted rather broadly and includes any part of an individual's medical record or payment history. Covered entities must disclose PHI to the individual within 30 days upon request. They also must disclose PHI when required to do so by law such as reporting suspected child abuse to state child welfare agencies.
Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person.
A covered entity may not disclose PHI (Protected Health Information) to facilitate treatment, payment, or health care operations without a patient's express written authorization. Any other disclosures of PHI (Protected Health Information) require the covered entity to obtain written authorization from the individual for the disclosure. However, when a covered entity discloses any PHI, it must make a reasonable effort to disclose only the minimum necessary information required to achieve its purpose.
The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI. It also requires covered entities to take reasonable steps to ensure the confidentiality of communications with individuals. For example, an individual can ask to be called at his or her work number instead of home or cell phone numbers.
The Privacy Rule requires covered entities to notify individuals of uses of their PHI. Covered entities must also keep track of disclosures of PHI and document privacy policies and procedures. They must appoint a Privacy Official and a contact person responsible for receiving complaints and train all members of their workforce in procedures regarding PHI.
An individual who believes that the Privacy Rule is not being upheld can file a complaint with the Department of Health and Human Services Office for Civil Rights (OCR). However, according to the Wall Street Journal, the OCR has a long backlog and ignores most complaints.
To date, this is the only significant Federal law (that I am aware of) which formally discusses "privacy." But, I think that the day is not too far off when the public (around the world) begins to demand and to receive protection for other forms of privacy, and most of all, accountability for how information may be used. For instance, there's no reason for a grocery store to demand personal information and to penalize you with a 30% hike in prices if you don't give it. Companies should not be allowed to read your e-mails and analyze them for content, even if they tender the messages and even if the messages are not encrypted. (They should be "protected speech.") The mere fact that it is technically possible to gather information does not mean that it should be gathered, much less disseminated, much less sold.
But it's going to take an Act of <Congress|Parliament> to make this happen. And that will only follow a determined public outcry that "what is happening right now is Not Okay With Us.™"
Last edited by sundialsvcs; 04-12-2017 at 08:51 AM.
Unless you're a fly on the wall, you don't really know if a VPN provider will log and or sell your history.
It's hard to fight the privacy battle, when they have already won the war. :/
it's not just VPNs it's your own O/S that may have a backdoor in it YES LINUX
don't forget a government contractor is an extension of the government
consider the source of systemd Red Hat a government contractor who will do anything if the price is right
now if congress will so blatantly sell us out and spy on us anyway they can why dose damn near every body assume that the government would not have one of there employees ( Red Hat ) install a backdoor in linux it would be so easy to hide a back door in something like systemd with out doing extreme things like building up an array of machine code then executing it IF nobody is looking for a backdoor then that's who will find the backdoor well the same person who is looking for it nobody
even things like mounting the system BIOS firmware didn't raise a red flag isn't anybody else asking why on earth would systemd bypass the kernel to access the BIOS every thing the BIOS can do has been replaced by a kernel function
the bottom line is
If you can't trust the government you can't trust it's contractors including RedHat
Personally, I wouldn't "finger" Red Hat, nor "systemd." This source-code is examined pretty closely.
Nevertheless, right now we live in a "surveillance state" the likes of which George Orwell could not have dreamed of. In spite of Apple's famous (Macintosh introduction) ad, in which Apple promised that "1984 won't be like 1984," thirty-three years later we see that it is actually muchworse, and there's no doubt that the Macintosh is every bit as much an instrument of "surveillance" as any of the other toys we use – our cars, our phones, our thermostats, even our refrigerators.
So far, in the United States we have passed almost no laws regarding privacy, relying only on executive policies handed down by bureaucrats in various departments. No one, anywhere, is minding the store. No one, anywhere, is clearly thinking this thing through. No one seems to find anything (desperately ...) wrong with allowing personally identifiable information – of any and of every(!) sort – to be covertly collected (just because we can), and then used absolutely anywhere and perhaps sold to anyone. "There's just so goddamned much money to be made ..."
But we will one day rue these days, and curse ourselves for our collective stupidity, ignorance, and hubris.
Personally, I wouldn't "finger" Red Hat, nor "systemd." This source-code is examined pretty closely.
.
You may not finger Red Hat but I do why there a government contractor part of the problem not part of the solution
Who is looking at the systemd source code and what are they looking for ?
they would have to be backdoor hunting to find it even then IT could still be hidden
check out http://www.ioccc.org/ then ask your self what could these guys hide in 10 million lines of code just one line of programming nonsense here and there ... ... adds up to a wide open Swiss cheese program (full of holes)
just because something is open source doesn't mean there is nothing hidden in it
all it means is if there is something hidden it has to be well hidden
dudes I even found a 10 line bash script that installs a backdoor on the system using holes in systemd is that close enough to having a backdoor in systemd to raise
an alarm about the security of systemd
I'm sure posting a link to that script would get me banned from this forum
Sorry guys I can't post it
Seriously, yes there have been security vulnerabilities discovered – including the not-exactly-secret one you refer to – and I would argue that, "anytime you think there aren't security holes all the time in the software that you use, you're not looking hard enough." We all rely on "white hat" people who make it their business to constantly look for vulnerabilities and to patch them.
Speculation about "government contractors" who are conspiring to do bad things and to cover them up is just that – speculation. We need systems that we can use.
- - - -
The basic problem in the US today is that we do not yet have an "[Internet or otherwise ...] Privacy Law." An administrative ruling by the FCC, etc., is not the same as an Act of Congress.
Last edited by sundialsvcs; 04-12-2017 at 06:28 PM.
it's not just VPNs it's your own O/S that may have a backdoor in it YES LINUX
don't forget a government contractor is an extension of the government
consider the source of systemd Red Hat a government contractor who will do anything if the price is right
now if congress will so blatantly sell us out and spy on us anyway they can why dose damn near every body assume that the government would not have one of there employees ( Red Hat ) install a backdoor in linux it would be so easy to hide a back door in something like systemd with out doing extreme things like building up an array of machine code then executing it IF nobody is looking for a backdoor then that's who will find the backdoor well the same person who is looking for it nobody
even things like mounting the system BIOS firmware didn't raise a red flag isn't anybody else asking why on earth would systemd bypass the kernel to access the BIOS every thing the BIOS can do has been replaced by a kernel function
the bottom line is
If you can't trust the government you can't trust it's contractors including RedHat
That's way I don't use commercial enterprise distros like redhat/SUSE or others like them.
As for systemd, I'm not to familiar with it. I still use an init based distro. BTW, outside of systemd, I thought it was SELinux that we were supposed to be worried about of a potential backdoor as the NSA has contributed to the project.
Not to mention, hardware can have backdoors too. I remember reading about the NSA putting backdoor code on hard drive's firmware that were shipped to Europe. I'm not sure if it was done for here too, I don't remember all the specifics.
Lastly, I wouldn't be surprise if all mobile phones have a secret backdoor as well.
Last edited by PrideOfUsingLinux; 04-13-2017 at 12:34 AM.
There are back doors in the microcode of Intel processors.
You'd better just assume that information can be prized from you without your knowledge or consent.
In the meantime: put your e-mail in encrypted envelopes. Yes, they can be steamed open. But still, the envelope is there. Likewise, use VPN in coffee shops, and don't allow your computer to share anything.
Even though there is, and no doubt always will be, very clever back-door eavesdroppers, I submit that most of what you should be looking out for is simply crimes of opportunity. The pizza-burglar twists the knob, and the door is open and the alarm is off. Gigabytes of e-mail traffic are passing through my server, and none of it is encrypted, and there are no laws which say I can't analyze it and sell the data. (Yet.)
A good friend of mine kept an expensive guitar in a cardboard case secured with the flimsiest lock available. It was, he said, "to keep the honest people out."
Good point.
If you take even the slightest effort to make your communications "less than trivially available," and if you are not the target of some criminal investigation because you are not engaging in a crime, then why would the 'perps' waste their time with you when there's so much "easy pickin's?"
Last edited by sundialsvcs; 04-13-2017 at 09:25 AM.
FCC Chairman Ajit Pai made it very clear that he plans on rolling back the FCC's net neutrality laws, and is set to unveil his official plans as early as May or June. He's given telecom trade associations some details about his new plan, and it's incredibly shady to say the least. Pai plans to kill net neutrality by undercutting it in two ways: (1) giving the FTC the authority to enforce net neutrality laws (they won't), and (2) undoing its reclassification as a Title II utility. In short, he's giving Americans something very different than what he's selling it as in an Orwellian manner. In this segment we discuss how you can take action to put pressure on the FCC ahead of his upcoming announcement.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.