Re: [OSM-talk] OpenStreetMap enhances user privacy
2014-02-13 13:37 GMT+01:00 Tom Hughes t...@compton.nu: On 13/02/14 04:40, JB wrote: Remote towards JOSM doesn't work anymore in https? Have you checked this? Well there's not a lot we can do about it - it works by loading a localhost URL in a hidden frame but that is active content so will be blocked by modern browsers if loading http from https. So unless JOSM were to accept https connections to the remote control there isn't much we can do. JOSM now accepts https connections on port 8112 [1] in addition of standard http requests on port 8111. Can you update OSM website accordingly? Thanks :) [1] https://josm.openstreetmap.de/changeset/6941/josm ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
Am 13/feb/2014 um 14:24 schrieb Pieren pier...@gmail.com: For those who think that SSL is protecting privacy: http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html obviously it depends against who you want to protect, against the NSA it is probably not possible to protect yourself, even more as our governments are collaborating with them... cheers, Martin ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
From: Pieren pier...@gmail.com For those who think that SSL is protecting privacy: http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html Yes, there are attacks against SSL/TLS. That's no reason to believe that it is useless at protecting your privacy. Using HTTPS sounds like a perfect low-hanging fruit to protect against the casual dragnet surveillance. I had a similar discussion on the german blog and frankly I don't get the everything is broken, let's just not bother and even badmouth it attitude some people have. If you want a bad analogy: Clothes protect your privacy even though there are microwave scanners, skirt-lifting perverts and some too-thin cloths. Cheers, Hannes signature.asc Description: PGP signature ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
On 13/02/14 04:40, JB wrote: Remote towards JOSM doesn't work anymore in https? Have you checked this? Well there's not a lot we can do about it - it works by loading a localhost URL in a hidden frame but that is active content so will be blocked by modern browsers if loading http from https. So unless JOSM were to accept https connections to the remote control there isn't much we can do. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
On Tue, Feb 11, 2014 at 3:02 PM, Richard Weait rich...@weait.com wrote: http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ Fantastic. Big THANK YOU to everyone involved getting OSM on SSL! ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
For those who think that SSL is protecting privacy: http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html Pieren ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
Remote towards JOSM doesn't work anymore in https? Have you checked this? JB. Le 11/02/2014 21:02, Richard Weait a écrit : http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
[OSM-talk] OpenStreetMap enhances user privacy
http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
2014-02-11 21:02 GMT+01:00 Richard Weait rich...@weait.com: http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ btw.: as far as I remember from earlier discussions regarding user privacy, OSMF is logging the IP addresses of users accessing the site. How long is this data stored? Which are the actions that trigger the logging (e.g. all, user registration, map browsing, editing, ...)? cheers, Martin ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
I notice that https://wiki pages contain some http: absolute URLs... Embedded slippy maps are not showing either... Where's the place to log these bugs (assuming it is not 'by design')? Colin On 2014-02-11 21:02, Richard Weait wrote: http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ [1] ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk [2] Links: -- [1] http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ [2] https://lists.openstreetmap.org/listinfo/talk ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
On 11 February 2014 20:32, Colin Smale colin.sm...@xs4all.nl wrote: I notice that https://wiki pages contain some http: absolute URLs... Embedded slippy maps are not showing either... Where's the place to log these bugs (assuming it is not 'by design')? If it is something simple easiest to report in #osm on http://irc.openstreetmap.org/ Otherwise https://trac.openstreetmap.org/newticket?component=wiki Regards Grant ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
Hi, Richard Weait schrieb: http://blog.openstreetmap.org/2014/02/11/osm-enhances-user-privacy/ great news, thank you very much! Btw, will forum.openstreetmap.org switch in future, too? And another question: Could you consider to favor cacert certificates over RapidSSL/GeoTrust? Thanks, Peda -- ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
On 11/02/14 21:04, Peter Barth wrote: And another question: Could you consider to favor cacert certificates over RapidSSL/GeoTrust? Why would we want to do that? It would cause virtually all our users to get certificate warnings when visiting the site. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
Hi, Tom Hughes schrieb: On 11/02/14 21:04, Peter Barth wrote: And another question: Could you consider to favor cacert certificates over RapidSSL/GeoTrust? Why would we want to do that? :) Imho the CA system is totaly broken. If you want any security you need pinning. Anyways, I'd always prefer a web-of-trust over a company and that's the first reason what Cacert is good for. Second, I don't like that an open project (or any person for that matter) has to pay much money to participate in the www. Cacert is free, the others aren't. It would cause virtually all our users to get certificate warnings when visiting the site. However, you might have a point with this one :/ I forgot about the other operating systems out there and I suppose MS doesn't include cacert's root certificate :( Anyways, sorry for the noise. But I'd still prefer cacert over any big expensive authority ;) Regards, Peda -- ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
On 11/02/14 21:56, Peter Barth wrote: However, you might have a point with this one :/ I forgot about the other operating systems out there and I suppose MS doesn't include cacert's root certificate :( Other operating systems doesn't really come into it - as far as I know there is no major browser that includes the cacert root certificate. Look I use cacert and I do have it installed, but the reality is that most people won't. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
Tom Hughes schrieb: Other operating systems doesn't really come into it - as far as I know there is no major browser that includes the cacert root certificate. At least chrom{e,ium} and konqueror use the system certificates. This works for me, but you're right, I had to import for firefox. Just for reference: http://wiki.cacert.org/InclusionStatus Look I use cacert and I do have it installed, but the reality is that most people won't. I'm afraid you're right. Stays the hope that some enthusiasts read these mails and use and promote cacert from now on .. and once inclusion get's better I'll be back!! ;) Regards, Peda -- ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk
Re: [OSM-talk] OpenStreetMap enhances user privacy
On 11/02/14 22:41, Peter Barth wrote: Tom Hughes schrieb: Other operating systems doesn't really come into it - as far as I know there is no major browser that includes the cacert root certificate. At least chrom{e,ium} and konqueror use the system certificates. This works for me, but you're right, I had to import for firefox. Well I didn't realise that any significant OS distros included it in their root set either, but I see from your link that Debian does. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk