More computer weirdness

In article , Eric Stevens
wrote:

It's been implicitly made
legal by Congress and the FCC has been blocked from
acting alone in the future. This is their chance to
standardize spying... Yes, spying. When someone
watches what I do in a secretive way I call
that spying. You can call it what you like. I call
it spying specifically to highlight what it is. If it were
on the phone we'd call it wiretapping.

nope.

there is no wiretapping (outside of a court order).

Haw! Bull****.

no bull****.

phone companies do *not* know the *contents* of your calls (or even
with whom you spoke). they only know what number you called, when you
called and for how long. at the end of the month, they send you an
itemized list (or it's available online). it's called metadata and has
been legal to collect for something like 50 years (i don't remember the
specific case offhand).

Wiretapping does not have to be done by a telephone company.

nobody said it did.

the discussion is about the 'spying' that isps and phone companies
supposedly do.

In article , RJH wrote:


OOI, does an ISP know the site IP address of a site if using a VPN?

the isp only knows you use a vpn, not what travels through it.

on the other hand, the vpn provider knows, which may or may not be
better than your isp knowing.

which one do you trust more?

"RJH" wrote

| OOI, does an ISP know the site IP address of a site if using a VPN?
|

No. That's the reason for using a VPN. Also, one should
*never* ask nospam for information. Half of what
he said is false or partial. Much of it is nonsense resulting
from not understanding what I wrote. Know-it-alls never care
about accuracy. They only care about being the one who
knows.

With regular http and unencrypted email the ISP has
full access to every bit of data going by. You can
demonstrate that for yourself. Download the free program
Smart Sniffer.

http://www.nirsoft.net/utils/smsniff.html
(That's Windows. You appear to be on a Mac. There may
be something similar for you. I don't know.)

Everything goes through as plain text. The conversation
with the server at the other end is text-based. Webpages
are text-based. Attachments in email go through
as base-64 encoding. (Not for security. Just because
email format can only handle plain text.) You can read all
of that directly in the Smart Sniffer window. You can easily
decrypt base-64 with a simple function.

With https your ISP knows where you go but the
communication is encrypted. In theory they can't
access that. (Though https is full of holes. That reassuring
padlock in your browser means little if you really need
security.)

VPN is like logging into a private network for work.
You rent access to that private network. Once you log
in, your ISP will see you communicating only with
the VPN provider. Your actual traffic is going out the
other side. Since your communication is also encrypted,
what you do is private. Of course, the VPN will have
intimate knowledge, so that could be tricky.

Some info he
https://privacytoolsio.github.io/privacytools.io/

A comparison chart is he
https://thatoneprivacysite.net/simpl...parison-chart/

If you don't want to enable script you can download the
Excel sheet, open it in Libre Office, then export it as HTML
to get a reasonably convenient and readable version of
the chart.

....BUT.... There are wrinkles. Slshdot recently ran a story
about Verizon:

http://www.androidpolice.com/2017/03...oming-rollout/

https://yro.slashdot.org/story/17/03...hones#comments

They're putting spyware on their phones and there's
apparently little one can do about it. Most people
want to keep their phone turned on and want to
have GPS enabled. That means they're wearing a tracking
collar. Increasingly, people also want to email, shop,
etc on phones. But privacy is nearly impossible to
protect on phones. Even if you could control the spyware,
you probably wouldn't want to give up the functionality
that would involve.

Verizon did this a couple of years ago with "super cookies".
There was complaint and they supposedly stopped. That's
why the recent change is so important: These companies
increasingly depend on spying and now the gates have
been opened. Up until now, the EU has had privacy
protections while such issues are simply not covered in
the US. It's not legal for your phone company to wiretap
you while you call Sears to order a TV. But your ISP can
do that if you use your browser instead. And that's only
the transmission itself. With the use of plugins, script,
mime filters, or various other software, it's possible to
track your actions on webpages and even change what
you see. (I've written a mime filter for IE myself. It gets
the webpage before IE sees it and then sends whatever it
likes on to IE. I designed it as a way to filter select content
or tags from webpages, so that the user could chhose to
remove such things as script or iframes. Firefox extensions
have a similar power.)

So.... A VPN will be good on a computer *if* you can
manage to maintain security on that computer. Windows
10 won't let you completely stop calling home, so that
could be a tricky issue. Apple, also, has been gravely
disrespectful of customer privacy. You can't consider your
computer private unless you can block all outgoing
communication at will with a firewall and trust what's
already on your computer.
With phones there's probably very little you can do.
Just turning it on gives away your location. Maybe Verizon
and AT&T won't listen to your phone calls, but so what?
That's not what they want. Most people today on
computer phones are rarely talking.

"nospam" wrote

| ATT might
| have been looking at the handwriting on the wall from the FCC, and
| decided to drop the plan. Now, it appears that handwriting may be
erased.
|
| i think at least part of it was because it didn't turn out to be as
| profitable as they thought it would.

That's possible. Charging $30+-/month to not be
spied on is nothing more than a cynical joke. They
can't possibly be making that much from ads with
each customer. So they were basically saying,
"Screw you. You don't want us spying? OK. Let's
see.... Cough up...oh....let's say.... $360 a year
[ha, ha] and we'll stop."

On 2017-04-04 14:26:02 +0000, "Mayayana" said:

"RJH" wrote

| OOI, does an ISP know the site IP address of a site if using a VPN?
|

No. That's the reason for using a VPN.

The VPN I currently use is ZenMate. It costs me about $60/year and is
functional on my desktop as a system VPN, a Chrome plugin, and a mobile
device VPN. In addition to the improved level of security when needed
(I don't use the VPN for everything) It is useful for obscuring
location when accessing geo-blocked streaming such as being able to
view BBC iPlayer streams.
https://zenmate.com

--
Regards,

Savageduck

In article , Mayayana
wrote:


| OOI, does an ISP know the site IP address of a site if using a VPN?
|

No. That's the reason for using a VPN. Also, one should
*never* ask nospam for information. Half of what
he said is false or partial. Much of it is nonsense resulting
from not understanding what I wrote. Know-it-alls never care
about accuracy. They only care about being the one who
knows.

nothing but insults. if you think what i wrote is wrong, then explain
specifically what's wrong and why.

otherwise, you're just spewing, which is what you normally do.

With regular http and unencrypted email the ISP has
full access to every bit of data going by. You can
demonstrate that for yourself. Download the free program
Smart Sniffer.

he didn't ask about mail. he asked about vpn.

with mail, every hop along the way can see the contents, not just your
isp, even if it goes through a vpn. however, they don't bother since
it's not worth the trouble.

http://www.nirsoft.net/utils/smsniff.html
(That's Windows. You appear to be on a Mac. There may
be something similar for you. I don't know.)

right, you *don't* know, you just think you do.

macs have tcpflow built in, so no additional software is required,
however, it's a command line tool and not that easy to use. it's quite
powerful though.

as for that app, it's a toy. try wireshark:
https://www.wireshark.org/

Everything goes through as plain text. The conversation
with the server at the other end is text-based. Webpages
are text-based. Attachments in email go through
as base-64 encoding. (Not for security. Just because
email format can only handle plain text.) You can read all
of that directly in the Smart Sniffer window. You can easily
decrypt base-64 with a simple function.

email can be encrypted. https already is.

With https your ISP knows where you go but the
communication is encrypted. In theory they can't
access that. (Though https is full of holes. That reassuring
padlock in your browser means little if you really need
security.)

https is not 'full of holes', but even if it was, an isp isn't going to
bother cracking https for every customer.

all your isp knows is *which* sites you connect to, not what you did
there.

VPN is like logging into a private network

not only like that, but that's exactly what it is.

for work.

it often is *required* for work when connecting remotely.

You rent access to that private network. Once you log
in, your ISP will see you communicating only with
the VPN provider. Your actual traffic is going out the
other side. Since your communication is also encrypted,
what you do is private. Of course, the VPN will have
intimate knowledge,

that much is true, and what i said, without any of the paranoid babble.

so that could be tricky.

nothing tricky about it. very simple, actually.

Some info he
https://privacytoolsio.github.io/privacytools.io/

A comparison chart is he
https://thatoneprivacysite.net/simpl...parison-chart/

If you don't want to enable script you can download the
Excel sheet, open it in Libre Office, then export it as HTML
to get a reasonably convenient and readable version of
the chart.

excel is readable and convenient. useful too.

....BUT.... There are wrinkles. Slshdot recently ran a story
about Verizon:

http://www.androidpolice.com/2017/03...-get-useless-a
ppflash-search-tool-upcoming-rollout/

https://yro.slashdot.org/story/17/03...-appflash-spyw
are-on-android-phones#comments

slashdot for a cite? hah.

They're putting spyware on their phones and there's
apparently little one can do about it. Most people
want to keep their phone turned on and want to
have GPS enabled. That means they're wearing a tracking
collar. Increasingly, people also want to email, shop,
etc on phones. But privacy is nearly impossible to
protect on phones. Even if you could control the spyware,
you probably wouldn't want to give up the functionality
that would involve.

you might want to read the link you cited:
...The test is on a single phone * LG K20 V * and you have to opt-in
to use the app. Or, you can easily disable the app.

or just use an iphone, which unlike android, carriers *can't* add crap
like that.

Verizon did this a couple of years ago with "super cookies".
There was complaint and they supposedly stopped.

which is why their claim they won't sell data is amusing.

That's
why the recent change is so important: These companies
increasingly depend on spying and now the gates have
been opened.

the gates have always been open.

they were going to be closed but now they won't.

Up until now, the EU has had privacy
protections while such issues are simply not covered in
the US. It's not legal for your phone company to wiretap
you while you call Sears to order a TV. But your ISP can
do that if you use your browser instead.

no they can't.

your isp will know you connected to sears but that's it.

they don't know whether you bought something, and if so, what you
bought.

contrast that to your credit card provider, who will know you bought
something from sears and almost certainly get a list of the items.

sears will also sell your info too.

if you want to be anonymous, drive to sears and pay cash. except you'll
be on surveillance video so even that isn't completely private.

And that's only
the transmission itself. With the use of plugins, script,
mime filters, or various other software, it's possible to
track your actions on webpages and even change what
you see. (I've written a mime filter for IE myself. It gets
the webpage before IE sees it and then sends whatever it
likes on to IE. I designed it as a way to filter select content
or tags from webpages, so that the user could chhose to
remove such things as script or iframes. Firefox extensions
have a similar power.)

those are user-installed, so you can't blame an isp for that.

plugins are also not necessarily bad. that's how ad-blockers work,
blocking the very thing you rail against.

So.... A VPN will be good on a computer *if* you can
manage to maintain security on that computer. Windows
10 won't let you completely stop calling home, so that
could be a tricky issue.

everything except anonymous telemetry can be disabled and that wouldn't
affect a vpn anyway.

Apple, also, has been gravely
disrespectful of customer privacy.

absolutely false.

you haven't a clue.

apple is the *most* respectful of personal privacy, going so far as to
implement differential privacy in order to protect it.

apple also flat out refused to implement a back door for the fbi, who
ended up suing apple and thoroughly embarrassed themselves when they
realized they were about to get their asses handed to them and setting
a precedent opposite to what they wanted.

the fbi suddenly 'found' a solution, which means that their bogus claim
they 'tried everything and only apple could unlock it' (which was given
under oath) was a lie.

You can't consider your
computer private unless you can block all outgoing
communication at will with a firewall and trust what's
already on your computer.

blocking all outgoing communication???

might as well just unplug it from the network which is cheaper and
easier than setting up a firewall.

almost nothing will work, but if that's what you want.

With phones there's probably very little you can do.
Just turning it on gives away your location.

turn off location services.

the cell carrier will still know your location, otherwise the phone
won't work, but apps and websites won't know.

some apps might not work without location, such as a gps navigation
app, but it's up to the user to decide.

or just turn on airplane mode, which turns off all radios, including
cellular. not even the phone carrier will know where you are. of course
that means that you can't do much, but again, if that's what you want.

smartphones also support vpn, which takes the carrier out of the loop.

Maybe Verizon
and AT&T won't listen to your phone calls, but so what?
That's not what they want. Most people today on
computer phones are rarely talking.

so what indeed.

as it turns out, what you wrote initially was almost correct. i've
fixed it for you:
No. That's the reason for using a VPN. Also, one should
*never* ask Mayanana for information. Half of what
he said is false or partial. Much of it is nonsense resulting
from not understanding what others wrote. Know-it-alls never care
about accuracy. They only care about being the one who
knows.

In article , Mayayana
wrote:


| ATT might
| have been looking at the handwriting on the wall from the FCC, and
| decided to drop the plan. Now, it appears that handwriting may be
| erased.
|
| i think at least part of it was because it didn't turn out to be as
| profitable as they thought it would.

That's possible. Charging $30+-/month to not be
spied on is nothing more than a cynical joke. They
can't possibly be making that much from ads with
each customer.

although there's clearly some profit in that pricing, you'd be
surprised what a user is worth.

So they were basically saying,
"Screw you. You don't want us spying? OK. Let's
see.... Cough up...oh....let's say.... $360 a year
[ha, ha] and we'll stop."

the price was too high so few people bothered, especially since it can
be done for free.

"Savageduck" wrote

| The VPN I currently use is ZenMate. It costs me about $60/year and is
| functional on my desktop as a system VPN, a Chrome plugin, and a mobile
| device VPN.

Clever. I didn't know there were versions for phones.

"nospam" wrote

| That's possible. Charging $30+-/month to not be
| spied on is nothing more than a cynical joke. They
| can't possibly be making that much from ads with
| each customer.
|
| although there's clearly some profit in that pricing, you'd be
| surprised what a user is worth.
|

I would be surprised if it's very much:

https://www.theatlantic.com/business...ennies/272708/

In article , Mayayana
wrote:


| The VPN I currently use is ZenMate. It costs me about $60/year and is
| functional on my desktop as a system VPN, a Chrome plugin, and a mobile
| device VPN.

Clever. I didn't know there were versions for phones.

there's a lot you don't know.