[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automatic downloading of non-free software by stuff in main

On Thu, Dec 7, 2017 at 11:06 AM, Ian Jackson
<ijackson@chiark.greenend.org.uk> wrote:
> Paul R. Tagliamonte writes ("Re: Automatic downloading of non-free software by stuff in main"):
>> I claim if you can read this attribute, you can observe the rest of those
>> actions passively.
> So the secret police who have seized my computer, or my spouse who
> suspects me of looking at the "wrong" sort of websites (but doesn't
> want to risk installing spyware), or my employer who has suspended me
> because they to fire me unjustifiably and is now searching my
> computer, can easily get into their time machine and go back and make
> the computer tell them what I did last week ?
> No.

If the Secret Police has seized your computer, has physical access to
your machine and the decryption passphrase for your system, I don't
think there's any website that you visited that would be more
incriminating than the rest of the drive.

> (Your logic would argue that browser porn mode is basically
> pointless.)

In a word of network taps, and a world where if I had a program
running on your computer without you knowing, yes, it is actually
literally useless. All it does it avoid storing data into your profile
or sending data the browser has about you, kinda. Not even that well,
just mostly well enough. It's not a security or privacy measure.

It does not make you safe. It doesn't avoid a network tap. Your
browser will still send an SNI before you handshake, and the Server's
Certificate, and your Client Certificate before the handshake is done.

The URL where you got a file is not nearly as privacy violating as the
file itself to the secret police. If you can read the attr, you can
read the file.

The pros vastly outweighs the speculitive cons on this, it's literally
just a tag that's stored on the filesystem. If you can read the tag,
you can read the file. If you store porn that's readable by others,
it's not a shock that you go to porn websites. If you have an
overthrow the government file, it's not really that big of a deal
where you got it from. Chances are they'd be more interested in the

> Ian.
> --
> Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.
> If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
> a private address which bypasses my fierce spamfilter.


Reply to: