Comments on: Turn over user info, FreeDominion.ca ordered

By: Get Your Ex Back

Get Your Ex Back — Thu, 09 Apr 2009 13:26:51 +0000

If you ever want to read a reader’s feedback , I rate this article for 4/5. Decent info, but I just have to go to that damn yahoo to find the missed parts. Thank you, anyway!

By: GreedHed

GreedHed — Sun, 29 Mar 2009 13:49:58 +0000

I guess it’s too much to hope people would risk jail time, but it would be nice if in such cases people handed over the hard drive to the judge after it had been slagged with a welding torch. “Here ya go, Judge”!!

By: thenonconfromer

thenonconfromer — Fri, 27 Mar 2009 15:05:34 +0000

It is still up to the courts or the Human Rights commissions firstly to confirm, to define what is actually libelous, slanderous, a hate email message..
and someone’s else’s statement and opinions on the subject does not count. But to be on the safe side if you want to avoid court costs, ligation,
if you are unsure if what you write is libel, slanderous, prosecutable better not post it on the net. Wrongfully accusing someone of posting a hate message
or accuisng them of being a racist clearly can be challenged in courts as a hate message itself and prosecutable.

By: Reader's Write

Reader's Write — Thu, 26 Mar 2009 00:40:27 +0000

Many sites are using “secure login”, for example your webmail provider or your social networking site. However, there is a catch. Your username and password is submitted securely over HTTPS, but the form was loaded with a regular insecure HTTP. This gives an opportunity to man in the middle attacks where the attacker ALTERS the form before sending it to your browser. For example, the attacker may cause the form to send the password to the attacker’s site, or to send it insecurely over HTTP to the original site. In both cases, the information you submit will be intercepted by the attacker.

The only way to counter this attack is NOT TO USE forms that arrived over insecure HTTP. You have to TYPE the HTTPS site instead of the HTTP site so that the form gets loaded over HTTPS.

For example, go to https://www.facebook.com/ to log in to Facebook.

After you log in, it will revert to the unencrypted HTTP, but at least you know that the login form that came from Facebook was not altered in any way and your password was not sent to

Gmail supports it too (also change it in the Gmail Account Settings once you are logged in).

Not all sites allow to load the login form over HTTPS, and this is very unfortunate. For example, there is a bank that does not provide a dedicated secure URL and redirects you to HTTP site after you type the HTTPS version of bank’s home page.

By: Reader's Write

Reader's Write — Thu, 26 Mar 2009 00:38:46 +0000

If you are posting links to web forums or blog comments, consider posting the HTTPS versions instead of HTTP version so that the ISPs can’t sniff which page was visited by those who clicked on the link and systems that censor users from visiting specific URLs cannot censor yours. For example,

https://secure.wikileaks.org/wiki/Police_raid_home_of_Wikileaks.de_domain_owner_over_censorship_lists

Another benefit is that the target site does not get to know where the visitor came from. If instead of Google result page you post Scroogle HTTPS results page and the users click links on that result page, the target sites don’t know that the visitor came from Scroogle or Google and don’t know what they were looking for.

By: Reader's Write

Reader's Write — Thu, 26 Mar 2009 00:37:50 +0000

As for the USERS, here are some tips for you

* Read EFF’s Surveillance Self-Defense site https://ssd.eff.org/ (USA, but many things relevant to Canada and other countries)
* Evaluate your risk
* Use Tor with Privoxy so that the DNS lookups are done through Tor too
* Prefer the forums that do not require registration / do not collect data
* If a forum does require registration, do not give your e-mail. Instead, give them a disposable e-mail address from a service that does not require you to provide your e-mail address (e.g. mailinator, spam dot la)
* And treat governments for what they really are: are skilled and well funded adversaries who tap their resources from you in form of taxes and other shit so that they can screw you as many times as they want. C-61, IPRED, Section 92A and Internet censorship initiative in Australia are the most recent examples.

“Donât believe them. Donât fear them. Donât ask anything of them.” â Alexander Solzhenitsyn

By: Reader's Write

Reader's Write — Thu, 26 Mar 2009 00:36:40 +0000

The most important quote from the original site is:

”
This ruling means a number of things. Most importantly it means that anyone can gain access to a Canadian forum owner’s confidential records on its members simply by filing a lawsuit (that could later be dropped) against the forum operator. No forum operater in Canada, and no Canadian blogger who allows the public to post on his blog, can now safely keep any information at all about a website’s members. We highly recommend that Canadian forum operators and bloggers expunge all such records from their files and stop collecting any information that could endanger the anonymity of their posters.
”

In short, sites MAY NOT KEEP records if they TRULY WANT to protect the anonymity of their posters. Anything else is asking for a subpoena to come.

By: Devil's Advocate

Devil's Advocate — Wed, 25 Mar 2009 14:31:56 +0000

“..with the court all-too-eager to dismiss the privacy considerations associated with mandated disclosure by not engaging in an analysis as to whether the evidentiary standard was met.”

Too many judges are demonstrating this kind of thinking lately, as they help move us closer and closer to a police state.