Re: Heartbleed

To: debian-user@lists.debian.org
Cc: jhasler@newsguy.com (John Hasler)
Subject: Re: Heartbleed
From: Joe <joe@jretrading.com>
Date: Thu, 17 Apr 2014 19:45:38 +0100
Message-id: <[🔎] 20140417194538.14eab087@jretrading.com>
In-reply-to: <[🔎] 87mwfk81ok.fsf@thumper.dhh.gt.org>
References: <[🔎] 1397328483.609.19.camel@archlinux> <[🔎] CAKmZw+ZDn6+PorcWZnc-bUXmyDjOPe1P+17erHE_sOGJwDX7fA@mail.gmail.com> <[🔎] 20140417101814.6a848736@bonifac.skk> <[🔎] 201404171014.49730.lisi.reisz@gmail.com> <[🔎] 87mwfk81ok.fsf@thumper.dhh.gt.org>

On Thu, 17 Apr 2014 09:34:35 -0500
John Hasler <jhasler@newsguy.com> wrote:

> Lisi writes:
> > I simply don't want the world and his uncle knowing every last
> > little thing about me.
> 
> I agree, but you have to realize that for most of us the world and his
> uncle are not interested in every little thing about us so it requires
> little effort to keep them from learning it.  I think that's what most
> people who say "I have no secrets" really mean, though they haven't
> thought it through that way.  I don't want a Webcam in my bathroom but
> I'm also quite confident that no one is about to attempt to put one
> there.  The door and the lack of outside windows suffices to secure
> the place.
> 
That was undoubtedly true once, when an industrial spy might have paid
a black hat for a specific and potentially valuable small quantity of
information that was expected to exist.

Today, not only governments but private companies vacuum up every bit
of data they can find, presumably just because they can. There is
almost certainly a certain amount of 'we don't know what to do with it
now, but we're sure it will come in handy one day'.

Look at Google, 'accidentally' harvesting private wifi information
while their StreetView cameras were doing a job totally unrelated to
wifi. There was no possible legitimate reason for doing that, nor any
reasonable expectation that something good but unanticipated might
result from it later. And wireless sniffing hardware and software
doesn't just fall into camera cars while they are parked overnight,
connect itself up and turn itself on.

> I do not approve of the spying activities of governments and I despise
> the criminals who seek to do things like identity theft, but when
> planning practical security measures you have to consider the threat
> model and the value of the data being protected.
> 
> Also consider that those who really do have serious secrets are not
> likely to brag about it.

Certainly the case, but it's no longer just 'serious' secrets that hold
an attraction. Just about any kind of information, held about large
enough sets of people, can be of some commercial use. The potential
problem is that a high concentration of low-grade secrets, not
belonging to the custodians and therefore not subject to any great
security measures, might be just as attractive to some people as a few
'serious' secrets. And there's always the neighbour, whose car you just
cut in front of to take the last parking space in the street, who has a
brother-in-law who 'works for the government'...

-- 
Joe

Reply to:

Follow-Ups:
- Re: Heartbleed
  - From: John Hasler <jhasler@newsguy.com>
- Re: Heartbleed
  - From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>

References:
- My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Re: Heartbleed
  - From: Brad Alexander <storm16@gmail.com>
- Re: Heartbleed
  - From: Slavko <linux@slavino.sk>
- Re: Heartbleed
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: Heartbleed
  - From: John Hasler <jhasler@newsguy.com>

Prev by Date: Re: Sun/Oracle Java
Next by Date: Re: Heartbleed
Previous by thread: Re: Heartbleed
Next by thread: Re: Heartbleed
Index(es):
- Date
- Thread