Oooh, now your sig places you with the Brave New World dept. Heh.
Perfect timing.
I'd love to de-Google, but as with Fakebook, that's where the party is.
Even worse is that Google's products are pretty good.
Speaking of FB, they keep hitting me with a security verification when I
go to my page to login. Fortunately my Firefox gives me its usual login
screen and easily bypasses that.
I'm sorry to hear that you're blind, but I'm also curious how you
navigate so well. I've never heard of a captcha solver, but now and then
I'll click the gimme-a-new-one button or the say-it-aloud button. And my
vision isn't good, but not blind. Can you see the captchas at all, or do
you navigate by text-to-speech and a braille keyboard?
On 3/23/2017 8:34 PM, Eric Oyen wrote:
> yes, they are. I even have a captcha solver tool here, but it's only
> effective 50% of the time. Google is, by far, the worst offender of
> the lot when it comes to this type of http interception and
> presentation scheme.
>
> -eric
> from the central office of the Technomage Guild, Brave new world Dept.
>
> On Mar 23, 2017, at 6:07 PM, Vara La Fey wrote:
>
>> Mmm hmm. But at least nobody will know that you're streaming the
>> footage of his arrival.
>>
>> Are these captcha-blockings you mention the same as when Google and
>> others intercept you when they detect that you're not trying to login
>> from the same IP as your previous logons? Back when I last used Tor
>> to actually login to an account, sites I used weren't doing that kind
>> of interception. I've merely browsed with Tor since.
>>
>> - Vara
>>
>>
>> On 3/23/2017 5:13 PM, Eric Oyen wrote:
>>> That is the other problem I have seen with TOR. Any slower and the
>>> second coming of christ will arrive sooner. :)
>>>
>>> -eric
>>> from the central office of the Technomage Guild, Editors choice dept.
>>>
>>> On Mar 23, 2017, at 4:02 PM, Vara La Fey wrote:
>>>
>>>> I'm all for education. I'm a trans-girl, and believe me, I would
>>>> like to educate people a little about us. But I wouldn't take it
>>>> upon myself to intrude on their time for a 3 Minute Love unless
>>>> they're trying to hurt someone.
>>>>
>>>> I don't want people semi-forcing content on me. And the desired
>>>> "campaign" is exactly that. It's sad that everyone here who
>>>> comments keeps asserting the "safety" benefits, without a care in
>>>> the world about the sheer intrusiveness and the obvious
>>>> socio-political abuses of systems like that becoming commonplace.
>>>> Which hopefully they won't.
>>>>
>>>> I don't need a VPN and have never set one up, but I don't doubt the
>>>> security of a VPN/Tor combination. And if you are really afraid of
>>>> snoops and spooks, encrypt all your text traffic with large PGP
>>>> keys. But I rarely use Tor because it's horribly slow, and PGP
>>>> because it's an extra few steps. But they are always there for
>>>> those special occasions. :-)
>>>>
>>>> - Vara
>>>>
>>>>
>>>> On 3/23/2017 3:16 PM, Eric Oyen wrote:
>>>>> well, if you don't want to deal with bad certs, redirected
>>>>> https,etc, you can either not use that router/service or get a VPN
>>>>> and secure all your traffic. And yes, I will not use paywall
>>>>> systems of any kind, they have no business knowing what my
>>>>> credentials are.
>>>>>
>>>>> Lastly, if I want real security, a combo of VPN and TOR cannot be
>>>>> beat. I use private internet access for the VPN and also have a
>>>>> TOR node setup here. the TOR node will not be connected until
>>>>> after the VPN comes up. why let my ISP know I am running a TOR
>>>>> node here at home? The only issue I have with this is that my
>>>>> search engine queries don't work right (mostly, I get blocked and
>>>>> asked to solve a captcha, which is not doable for the blind most
>>>>> times)
>>>>> Anyway, do what you must, but education should be the first item
>>>>> on the list when it comes to net security.
>>>>>
>>>>> -eric
>>>>> from the central office of the Technomage Guild, Security
>>>>> applications dept.
>>>>>
>>>>> On Mar 23, 2017, at 2:50 PM, Vara La Fey wrote:
>>>>>
>>>>>> First you were talking about open hotspots. Then you were talking
>>>>>> about https. Now you are talking about ssl.
>>>>>>
>>>>>> But all the while you're still just talking about monitoring and
>>>>>> restricting the activity of 3rd parties on 4th party systems. And
>>>>>> it seems really important to you for some reason.
>>>>>>
>>>>>> Please, waste time and effort and money patenting your /spyware
>>>>>> /chaperone system that monitors web activity with the intent of
>>>>>> /creating consequences /for activity which you - or your intended
>>>>>> customer - opines is "invalid". I doubt very many people will buy
>>>>>> into it because there is no upside for them. Even when they alter
>>>>>> it to fit their own agenda, they just anger their customers who
>>>>>> can click OK for EULAs and enter logins, but cannot bypass your 3
>>>>>> Minute Hate.
>>>>>>
>>>>>> If it can detect an "invalid" certificate, then by changing a
>>>>>> couple code lines (if even), it can detect anything else about an
>>>>>> attempted site visit. Of course this ability is ancient now, but
>>>>>> less evil implementations of it merely censor by blocking, which
>>>>>> is bad enough. Yours is "educational" - and it's interesting that
>>>>>> /you /put the quotes around that word yourself - for the purpose
>>>>>> of taking up other people's time with propaganda.
>>>>>>
>>>>>> If it became common, it would become a mandatory advertising
>>>>>> medium anytime anyone clicked on a competitor's site, or a site
>>>>>> with bad reviews for your customer. If it became law, it would
>>>>>> become a mandatory propaganda delivery system anytime anyone
>>>>>> clicked on a site containing any kind of dissenting viewpoint.
>>>>>>
>>>>>> Are you hoping to create one of those conditions? If so, which?
>>>>>>
>>>>>> Because this sure looks like more than just wanting to manipulate
>>>>>> lesser people into a system designed to reinforce your wishful
>>>>>> feelings of superiority. There has to be a more compelling reason
>>>>>> that you're this overly concerned about what 3rd parties do on
>>>>>> 4th party systems.
>>>>>>
>>>>>> Which, btw, brings up the fact that your system is not equivalent
>>>>>> to EULAs or logins or pay systems, because the connection
>>>>>> provider has the right to set conditions for using their
>>>>>> connection. Your spyware idea is to harass people who are using
>>>>>> /other people's/ connections.
>>>>>>
>>>>>> I'm not an expert on web connection technology per se, but it
>>>>>> seems that Tor would nicely wire around all SSL issues after the
>>>>>> initial connection to the now-restricted hotspot. You certainly
>>>>>> make a great case for using it, even if just on general
>>>>>> principle. So what would you do about that?
>>>>>>
>>>>>> I don't think your grandmother wants you monitoring her activity.
>>>>>> I don't think /anyone /wants you monitoring their activity. But
>>>>>> you seem to want to do it anyway. And no one but me is saying boo
>>>>>> to you. :-(
>>>>>>
>>>>>> As to the trivia: I personally have never had trouble from
>>>>>> visiting a site with an "invalid certificate" of any kind,
>>>>>> because that stuff simply isn't 100% maintained. Obviously I am
>>>>>> careful where I go and what I click and download anyway. I do not
>>>>>> so easily ignore "known malware site" warnings, and if in doubt
>>>>>> about a site I reflexively check the web address.
>>>>>> MyBank.Phishing.com <http://MyBank.Phishing.com/> and
>>>>>> Phishing.com/MyBank <http://Phishing.com/MyBank> do not get
>>>>>> clicks from me. But that's all beside the point.
>>>>>>
>>>>>>
>>>>>> On 3/20/2017 9:57 PM, Brien Dieterle wrote:
>>>>>>> On Mar 20, 2017 3:36 PM, "Vara La Fey" <varalafey@gmail.com
>>>>>>> <mailto:varalafey@gmail.com>> wrote:
>>>>>>>
>>>>>>> OMG!!
>>>>>>>
>>>>>>> First of all, you'd be mis-educating them if telling them
>>>>>>> that certificate "validity" has any real meaning. (But now
>>>>>>> you're talking about http.)
>>>>>>>
>>>>>>> I mean validity as in trusted roots that have been shipped with
>>>>>>> your OS or browser. Surely you don't mean these are
>>>>>>> meaningless. AFAIK they are very reliable as long as you never
>>>>>>> accept bogus certs. If you accept bogus certs "all the time", I
>>>>>>> really hope you know what you're doing. Pretty much any
>>>>>>> important site should have working SSL.
>>>>>>>
>>>>>>> There is a reason why all the browsers freak out when you get a
>>>>>>> bad cert, but users still click "add exception". My captive
>>>>>>> education portal would give real consequence to this with the 3
>>>>>>> minute power point slideshow and mandatory quiz. I wonder if
>>>>>>> this is already patented. . .
>>>>>>>
>>>>>>>
>>>>>>> Second, why do you think you have any right to put speed
>>>>>>> bumps in the way of people who are doing nothing to you?
>>>>>>>
>>>>>>> Plenty of businesses do this already for captive portals and
>>>>>>> forcing users to log in, pay, or accept an EULA. They are
>>>>>>> already tampering with your SSL connection in order to redirect
>>>>>>> you to the portal. I'm just suggesting to use this technology
>>>>>>> for "educational" purposes.
>>>>>>>
>>>>>>>
>>>>>>> Third, if your grandmother needs internet "safety"
>>>>>>> education, just educate her, or refuse to keep fixing the
>>>>>>> problems she encounters in her ignorance - if she really is
>>>>>>> all that ignorant. I hope you wouldn't install a browser
>>>>>>> re-direct without her consent, because then you'd be just
>>>>>>> any other malware propagator with just any other
>>>>>>> self-righteous rationalization.
>>>>>>>
>>>>>>> Well, I'm lazy. I'd much rather have an ongoing passive
>>>>>>> education program for anyone that uses that router. Maybe only
>>>>>>> 1 in 1000 requests trigger the "test", or once a month per mac
>>>>>>> address maybe. If grandma fails the test I can get an email so
>>>>>>> I can call her up and gently chastise her. "Grandmaaaa, did you
>>>>>>> accept a bogus SSL certificate again? Hmmm?"
>>>>>>>
>>>>>>> As far as consent goes, I'm only talking about routers you own
>>>>>>> or have permission to modify. That should go without saying.
>>>>>>>
>>>>>>>
>>>>>>> Fourth, if /you /need educational "speed bumps" on /your
>>>>>>> /router, /you /are free to have them. One of the great
>>>>>>> things about freedom - from government or from meddling
>>>>>>> busybodies - is that /you /get to be free too.
>>>>>>>
>>>>>>> My post is in the context of businesses or individuals that
>>>>>>> provide Internet to the public. Presumably businesses and
>>>>>>> individuals have the freedom to do this kind of SSL
>>>>>>> interception, since they've already been doing it for years
>>>>>>> without any repercussions. Personally I'm disturbed that
>>>>>>> businesses will try to get me to accept their SSL cert for their
>>>>>>> Wi-Fi portal, but I know the technology leaves little choice.
>>>>>>> One trick is to ignore the cert and try again with a non SSL
>>>>>>> address.
>>>>>>>
>>>>>>> It is pretty ironic that the first thing these captive portals
>>>>>>> ask users to do is blindly accept a bogus SSL cert. It is
>>>>>>> really just a sad state of affairs that we are literally
>>>>>>> training people to accept bad SSL certificates.
>>>>>>>
>>>>>>> For years my Firefox has had an option to "always use
>>>>>>> HTTPS", and I'm sure all other modern browsers do as well.
>>>>>>> Plus, Mozilla.org <http://Mozilla.org/> has a free plugin -
>>>>>>> I think it's from EFF.org <http://EFF.org/> - called "HTTPS
>>>>>>> Everywhere". It's all very easy to use, and will be almost
>>>>>>> entirely transparent to Grandma.
>>>>>>>
>>>>>>> This won't do anything to protect you/grandma from bogus ssl
>>>>>>> certs. Imagine connecting to a bad AP at Starbucks that is
>>>>>>> proxying all your SSL connections. Your only defense is trusted
>>>>>>> roots and knowing not to accept bogus SSL certs. If only we had
>>>>>>> a captive router-based SSL education program... ;)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 3/20/2017 3:14 PM, Brien Dieterle wrote:
>>>>>>>> A system like I described would just be an "educational
>>>>>>>> tool" to encourage people to use HTTPS (properly). It
>>>>>>>> wouldn't stop you from accepting bogus certificates-- just
>>>>>>>> a speed bump. Now that I've thought about it I'd really
>>>>>>>> like to install something like this on my grandparent's
>>>>>>>> router. . . heck, my own router. . .
>>>>>>>>
>>>>>>>> On Mon, Mar 20, 2017 at 2:50 PM, Vara La Fey
>>>>>>>> <varalafey@gmail.com <mailto:varalafey@gmail.com>> wrote:
>>>>>>>>
>>>>>>>> Oh HELL no!! What kind of hall-monitor nanny mentality
>>>>>>>> do you want people to adopt??
>>>>>>>>
>>>>>>>> I accept "bogus" certificates all the time because the
>>>>>>>> whole idea of certificates is crap in the first place -
>>>>>>>> they are NOT maintained - and years ago I got tired of
>>>>>>>> that procedure warning me about "invalid" certificates
>>>>>>>> for sites that were perfectly valid.
>>>>>>>>
>>>>>>>> I've never had a problem. Of course I'm also careful
>>>>>>>> where I go, certificate or not.
>>>>>>>>
>>>>>>>> - Vara
>>>>>>>>
>>>>>>>>
>>>>>>>> On 3/20/2017 2:12 PM, Brien Dieterle wrote:
>>>>>>>>> Maybe every commercial router should do SSL
>>>>>>>>> interception by default. If a user accepts a bogus
>>>>>>>>> certificate they are taken to a page that thoroughly
>>>>>>>>> scolds them and informs them about the huge mistake
>>>>>>>>> they made, forces them to read a few slides and take a
>>>>>>>>> quiz on network safety before allowing them on the
>>>>>>>>> Internet. Maybe do the same for non-ssl HTTP traffic,
>>>>>>>>> etc.. .
>>>>>>>>>
>>>>>>>>> On Mon, Mar 20, 2017 at 1:55 PM, Matt Graham
>>>>>>>>> <mhgraham@crow202.org <mailto:mhgraham@crow202.org>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> On Mon, Mar 20, 2017 at 12:29 PM, Victor
>>>>>>>>> Odhner <vodhner@cox.net
>>>>>>>>> <mailto:vodhner@cox.net>> wrote:
>>>>>>>>>
>>>>>>>>> I’m really annoyed that so many companies
>>>>>>>>> offer open WIFI when it would be
>>>>>>>>> so easy to secure those hot spots.
>>>>>>>>> Restaurants, hotels, and the waiting
>>>>>>>>> rooms of auto dealerships are almost 100%
>>>>>>>>> open.
>>>>>>>>>
>>>>>>>>> [snip]
>>>>>>>>> On 2017-03-20 13:20, Stephen Partington wrote:
>>>>>>>>>
>>>>>>>>> This is usually done as a means to be easy for
>>>>>>>>> their customers.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Pretty much this. Convenience is more valuable
>>>>>>>>> than security in most people's minds.
>>>>>>>>>
>>>>>>>>> they’d be happy to do the right thing if
>>>>>>>>> we could explain it to the right people.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I'm not sure this would happen. Setting up
>>>>>>>>> passwords and then distributing those passwords
>>>>>>>>> has a non-zero cost and offers zero visible
>>>>>>>>> benefits for most of the people who are using the
>>>>>>>>> wireless networks.[0] And as another poster said,
>>>>>>>>> what about football/baseball stadiums?
>>>>>>>>> Distributing passwords to tens of thousands of
>>>>>>>>> people is sort of difficult. "Just watching the
>>>>>>>>> game" is not an option; people want to FaceTweet
>>>>>>>>> pictures of themselves at the game.
>>>>>>>>>
>>>>>>>>> OTOH, the last time I looked at the access points
>>>>>>>>> visible from my living room, almost all of them
>>>>>>>>> had some sort of access control enabled. Maybe
>>>>>>>>> there's a social convention forming that "my
>>>>>>>>> access point" ~= "my back yard" and "open access
>>>>>>>>> point" ~= "a public park"?
>>>>>>>>>
>>>>>>>>> [0] Having a more educated user population would
>>>>>>>>> make the benefits more visible, but it's very
>>>>>>>>> difficult to make people care about these things.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Crow202 Blog: http://crow202.org/wordpress
>>>>>>>>> There is no Darkness in Eternity
>>>>>>>>> But only Light too dim for us to see.
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>> PLUG-discuss@lists.phxlinux.org
>>>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org>
>>>>>>>>> To subscribe, unsubscribe, or to change your mail
>>>>>>>>> settings:
>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org>
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list -
>>>>>>>> PLUG-discuss@lists.phxlinux.org
>>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe,
>>>>>>>> unsubscribe, or to change your mail settings:
>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org>
>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe,
>>>>>>> unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>> --------------------------------------------------- PLUG-discuss
>>>>>> mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe,
>>>>>> unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> --------------------------------------------------- PLUG-discuss
>>>> mailing list - PLUG-discuss@lists.phxlinux.org
>>>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe,
>>>> or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> --------------------------------------------------- PLUG-discuss
>> mailing list - PLUG-discuss@lists.phxlinux.org
>> <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe,
>> or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)