Mmm hmm. But at least nobody will know that you're streaming the footage
interception. I've merely browsed with Tor since.
> That is the other problem I have seen with TOR. Any slower and the
> second coming of christ will arrive sooner. :)
>
> -eric
> from the central office of the Technomage Guild, Editors choice dept.
>
> On Mar 23, 2017, at 4:02 PM, Vara La Fey wrote:
>
>> I'm all for education. I'm a trans-girl, and believe me, I would like
>> to educate people a little about us. But I wouldn't take it upon
>> myself to intrude on their time for a 3 Minute Love unless they're
>> trying to hurt someone.
>>
>> I don't want people semi-forcing content on me. And the desired
>> "campaign" is exactly that. It's sad that everyone here who comments
>> keeps asserting the "safety" benefits, without a care in the world
>> about the sheer intrusiveness and the obvious socio-political abuses
>> of systems like that becoming commonplace. Which hopefully they won't.
>>
>> I don't need a VPN and have never set one up, but I don't doubt the
>> security of a VPN/Tor combination. And if you are really afraid of
>> snoops and spooks, encrypt all your text traffic with large PGP keys.
>> But I rarely use Tor because it's horribly slow, and PGP because it's
>> an extra few steps. But they are always there for those special
>> occasions. :-)
>>
>> - Vara
>>
>>
>> On 3/23/2017 3:16 PM, Eric Oyen wrote:
>>> well, if you don't want to deal with bad certs, redirected
>>> https,etc, you can either not use that router/service or get a VPN
>>> and secure all your traffic. And yes, I will not use paywall systems
>>> of any kind, they have no business knowing what my credentials are.
>>>
>>> Lastly, if I want real security, a combo of VPN and TOR cannot be
>>> beat. I use private internet access for the VPN and also have a TOR
>>> node setup here. the TOR node will not be connected until after the
>>> VPN comes up. why let my ISP know I am running a TOR node here at
>>> home? The only issue I have with this is that my search engine
>>> queries don't work right (mostly, I get blocked and asked to solve a
>>> captcha, which is not doable for the blind most times)
>>> Anyway, do what you must, but education should be the first item on
>>> the list when it comes to net security.
>>>
>>> -eric
>>> from the central office of the Technomage Guild, Security
>>> applications dept.
>>>
>>> On Mar 23, 2017, at 2:50 PM, Vara La Fey wrote:
>>>
>>>> First you were talking about open hotspots. Then you were talking
>>>> about https. Now you are talking about ssl.
>>>>
>>>> But all the while you're still just talking about monitoring and
>>>> restricting the activity of 3rd parties on 4th party systems. And
>>>> it seems really important to you for some reason.
>>>>
>>>> Please, waste time and effort and money patenting your /spyware
>>>> /chaperone system that monitors web activity with the intent of
>>>> /creating consequences /for activity which you - or your intended
>>>> customer - opines is "invalid". I doubt very many people will buy
>>>> into it because there is no upside for them. Even when they alter
>>>> it to fit their own agenda, they just anger their customers who can
>>>> click OK for EULAs and enter logins, but cannot bypass your 3
>>>> Minute Hate.
>>>>
>>>> If it can detect an "invalid" certificate, then by changing a
>>>> couple code lines (if even), it can detect anything else about an
>>>> attempted site visit. Of course this ability is ancient now, but
>>>> less evil implementations of it merely censor by blocking, which is
>>>> bad enough. Yours is "educational" - and it's interesting that /you
>>>> /put the quotes around that word yourself - for the purpose of
>>>> taking up other people's time with propaganda.
>>>>
>>>> If it became common, it would become a mandatory advertising medium
>>>> anytime anyone clicked on a competitor's site, or a site with bad
>>>> reviews for your customer. If it became law, it would become a
>>>> mandatory propaganda delivery system anytime anyone clicked on a
>>>> site containing any kind of dissenting viewpoint.
>>>>
>>>> Are you hoping to create one of those conditions? If so, which?
>>>>
>>>> Because this sure looks like more than just wanting to manipulate
>>>> lesser people into a system designed to reinforce your wishful
>>>> feelings of superiority. There has to be a more compelling reason
>>>> that you're this overly concerned about what 3rd parties do on 4th
>>>> party systems.
>>>>
>>>> Which, btw, brings up the fact that your system is not equivalent
>>>> to EULAs or logins or pay systems, because the connection provider
>>>> has the right to set conditions for using their connection. Your
>>>> spyware idea is to harass people who are using /other people's/
>>>> connections.
>>>>
>>>> I'm not an expert on web connection technology per se, but it seems
>>>> that Tor would nicely wire around all SSL issues after the initial
>>>> connection to the now-restricted hotspot. You certainly make a
>>>> great case for using it, even if just on general principle. So what
>>>> would you do about that?
>>>>
>>>> I don't think your grandmother wants you monitoring her activity. I
>>>> don't think /anyone /wants you monitoring their activity. But you
>>>> seem to want to do it anyway. And no one but me is saying boo to
>>>> you. :-(
>>>>
>>>> As to the trivia: I personally have never had trouble from visiting
>>>> a site with an "invalid certificate" of any kind, because that
>>>> stuff simply isn't 100% maintained. Obviously I am careful where I
>>>> go and what I click and download anyway. I do not so easily ignore
>>>> "known malware site" warnings, and if in doubt about a site I
>>>> reflexively check the web address. MyBank.Phishing.com
>>>> <http://MyBank.Phishing.com/> and Phishing.com/MyBank
>>>> <http://Phishing.com/MyBank> do not get clicks from me. But that's
>>>> all beside the point.
>>>>
>>>>
>>>> On 3/20/2017 9:57 PM, Brien Dieterle wrote:
>>>>> On Mar 20, 2017 3:36 PM, "Vara La Fey" <varalafey@gmail.com
>>>>> <mailto:varalafey@gmail.com>> wrote:
>>>>>
>>>>> OMG!!
>>>>>
>>>>> First of all, you'd be mis-educating them if telling them that
>>>>> certificate "validity" has any real meaning. (But now you're
>>>>> talking about http.)
>>>>>
>>>>> I mean validity as in trusted roots that have been shipped with
>>>>> your OS or browser. Surely you don't mean these are meaningless.
>>>>> AFAIK they are very reliable as long as you never accept bogus
>>>>> certs. If you accept bogus certs "all the time", I really hope
>>>>> you know what you're doing. Pretty much any important site should
>>>>> have working SSL.
>>>>>
>>>>> There is a reason why all the browsers freak out when you get a
>>>>> bad cert, but users still click "add exception". My captive
>>>>> education portal would give real consequence to this with the 3
>>>>> minute power point slideshow and mandatory quiz. I wonder if this
>>>>> is already patented. . .
>>>>>
>>>>>
>>>>> Second, why do you think you have any right to put speed bumps
>>>>> in the way of people who are doing nothing to you?
>>>>>
>>>>> Plenty of businesses do this already for captive portals and
>>>>> forcing users to log in, pay, or accept an EULA. They are already
>>>>> tampering with your SSL connection in order to redirect you to the
>>>>> portal. I'm just suggesting to use this technology for
>>>>> "educational" purposes.
>>>>>
>>>>>
>>>>> Third, if your grandmother needs internet "safety" education,
>>>>> just educate her, or refuse to keep fixing the problems she
>>>>> encounters in her ignorance - if she really is all that
>>>>> ignorant. I hope you wouldn't install a browser re-direct
>>>>> without her consent, because then you'd be just any other
>>>>> malware propagator with just any other self-righteous
>>>>> rationalization.
>>>>>
>>>>> Well, I'm lazy. I'd much rather have an ongoing passive education
>>>>> program for anyone that uses that router. Maybe only 1 in 1000
>>>>> requests trigger the "test", or once a month per mac address
>>>>> maybe. If grandma fails the test I can get an email so I can call
>>>>> her up and gently chastise her. "Grandmaaaa, did you accept a
>>>>> bogus SSL certificate again? Hmmm?"
>>>>>
>>>>> As far as consent goes, I'm only talking about routers you own or
>>>>> have permission to modify. That should go without saying.
>>>>>
>>>>>
>>>>> Fourth, if /you /need educational "speed bumps" on /your
>>>>> /router, /you /are free to have them. One of the great things
>>>>> about freedom - from government or from meddling busybodies -
>>>>> is that /you /get to be free too.
>>>>>
>>>>> My post is in the context of businesses or individuals that
>>>>> provide Internet to the public. Presumably businesses and
>>>>> individuals have the freedom to do this kind of SSL interception,
>>>>> since they've already been doing it for years without any
>>>>> repercussions. Personally I'm disturbed that businesses will try
>>>>> to get me to accept their SSL cert for their Wi-Fi portal, but I
>>>>> know the technology leaves little choice. One trick is to ignore
>>>>> the cert and try again with a non SSL address.
>>>>>
>>>>> It is pretty ironic that the first thing these captive portals ask
>>>>> users to do is blindly accept a bogus SSL cert. It is really just
>>>>> a sad state of affairs that we are literally training people to
>>>>> accept bad SSL certificates.
>>>>>
>>>>> For years my Firefox has had an option to "always use HTTPS",
>>>>> and I'm sure all other modern browsers do as well. Plus,
>>>>> Mozilla.org <http://Mozilla.org/> has a free plugin - I think
>>>>> it's from EFF.org <http://EFF.org/> - called "HTTPS
>>>>> Everywhere". It's all very easy to use, and will be almost
>>>>> entirely transparent to Grandma.
>>>>>
>>>>> This won't do anything to protect you/grandma from bogus ssl
>>>>> certs. Imagine connecting to a bad AP at Starbucks that is
>>>>> proxying all your SSL connections. Your only defense is trusted
>>>>> roots and knowing not to accept bogus SSL certs. If only we had a
>>>>> captive router-based SSL education program... ;)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 3/20/2017 3:14 PM, Brien Dieterle wrote:
>>>>>> A system like I described would just be an "educational tool"
>>>>>> to encourage people to use HTTPS (properly). It wouldn't
>>>>>> stop you from accepting bogus certificates-- just a speed
>>>>>> bump. Now that I've thought about it I'd really like to
>>>>>> install something like this on my grandparent's router. . .
>>>>>> heck, my own router. . .
>>>>>>
>>>>>> On Mon, Mar 20, 2017 at 2:50 PM, Vara La Fey
>>>>>> <varalafey@gmail.com <mailto:varalafey@gmail.com>> wrote:
>>>>>>
>>>>>> Oh HELL no!! What kind of hall-monitor nanny mentality do
>>>>>> you want people to adopt??
>>>>>>
>>>>>> I accept "bogus" certificates all the time because the
>>>>>> whole idea of certificates is crap in the first place -
>>>>>> they are NOT maintained - and years ago I got tired of
>>>>>> that procedure warning me about "invalid" certificates
>>>>>> for sites that were perfectly valid.
>>>>>>
>>>>>> I've never had a problem. Of course I'm also careful
>>>>>> where I go, certificate or not.
>>>>>>
>>>>>> - Vara
>>>>>>
>>>>>>
>>>>>> On 3/20/2017 2:12 PM, Brien Dieterle wrote:
>>>>>>> Maybe every commercial router should do SSL interception
>>>>>>> by default. If a user accepts a bogus certificate they
>>>>>>> are taken to a page that thoroughly scolds them and
>>>>>>> informs them about the huge mistake they made, forces
>>>>>>> them to read a few slides and take a quiz on network
>>>>>>> safety before allowing them on the Internet. Maybe do
>>>>>>> the same for non-ssl HTTP traffic, etc.. .
>>>>>>>
>>>>>>> On Mon, Mar 20, 2017 at 1:55 PM, Matt Graham
>>>>>>> <mhgraham@crow202.org <mailto:mhgraham@crow202.org>> wrote:
>>>>>>>
>>>>>>> On Mon, Mar 20, 2017 at 12:29 PM, Victor Odhner
>>>>>>> <vodhner@cox.net <mailto:vodhner@cox.net>> wrote:
>>>>>>>
>>>>>>> I’m really annoyed that so many companies
>>>>>>> offer open WIFI when it would be
>>>>>>> so easy to secure those hot spots.
>>>>>>> Restaurants, hotels, and the waiting
>>>>>>> rooms of auto dealerships are almost 100% open.
>>>>>>>
>>>>>>> [snip]
>>>>>>> On 2017-03-20 13:20, Stephen Partington wrote:
>>>>>>>
>>>>>>> This is usually done as a means to be easy for
>>>>>>> their customers.
>>>>>>>
>>>>>>>
>>>>>>> Pretty much this. Convenience is more valuable than
>>>>>>> security in most people's minds.
>>>>>>>
>>>>>>> they’d be happy to do the right thing if we
>>>>>>> could explain it to the right people.
>>>>>>>
>>>>>>>
>>>>>>> I'm not sure this would happen. Setting up passwords
>>>>>>> and then distributing those passwords has a non-zero
>>>>>>> cost and offers zero visible benefits for most of
>>>>>>> the people who are using the wireless networks.[0]
>>>>>>> And as another poster said, what about
>>>>>>> football/baseball stadiums? Distributing passwords
>>>>>>> to tens of thousands of people is sort of difficult.
>>>>>>> "Just watching the game" is not an option; people
>>>>>>> want to FaceTweet pictures of themselves at the game.
>>>>>>>
>>>>>>> OTOH, the last time I looked at the access points
>>>>>>> visible from my living room, almost all of them had
>>>>>>> some sort of access control enabled. Maybe there's a
>>>>>>> social convention forming that "my access point" ~=
>>>>>>> "my back yard" and "open access point" ~= "a public
>>>>>>> park"?
>>>>>>>
>>>>>>> [0] Having a more educated user population would
>>>>>>> make the benefits more visible, but it's very
>>>>>>> difficult to make people care about these things.
>>>>>>>
>>>>>>> --
>>>>>>> Crow202 Blog: http://crow202.org/wordpress
>>>>>>> There is no Darkness in Eternity
>>>>>>> But only Light too dim for us to see.
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list -
>>>>>>> PLUG-discuss@lists.phxlinux.org
>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org>
>>>>>>> To subscribe, unsubscribe, or to change your mail
>>>>>>> settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org>
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list -
>>>>>> PLUG-discuss@lists.phxlinux.org
>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe,
>>>>>> unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org>
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe,
>>>>> unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> --------------------------------------------------- PLUG-discuss
>>>> mailing list - PLUG-discuss@lists.phxlinux.org
>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe,
>>>> or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> --------------------------------------------------- PLUG-discuss
>> mailing list - PLUG-discuss@lists.phxlinux.org
>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe,
>> or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)