> But there is no magic: if you send little information, then little
information is received on the other side. If you add noise, the receiver can
exploit it even less.
You send your IP address. That's more than enough. You can't add noise to
that. Also it is technically stupid (inefficient) to deliberately create
noise and burden a system just because it is designed poorly.
> Too basic. Looking at what is communicated is relevant.
Well, basic or not - this is within my capabilities. Considering that nobody
seems to have done even that, I think it has certain value.
> If you consider that having the receiver know your Web browser is opened,
then yes.
I do, so yes. The word 'private' means not shared. If you are sharing - there
is no privacy.
> And you should be able to disable the service it provides to stop that
communication... but if that service is useful and cannot be achieved on your
own computer (it is not SaaSS), then it does require communication and you
may decide it is worth giving the information required to get the service.
Obviously certain services cannot be disabled, otherwise the background
chatter would happen. Also it is possible to make the blacklist for safe
browsing decentralized. But they didn't do it and there is not even a hint
that they will.
> It is physically impossible to request information from a third party
without communication...
I know that. But the question is that in this particular case we are sending
info to companies for which we know to be part of the PRISM and much more
than that. Considering that Big Brother created systems which modify even the
HTTP headers for the purpose of eavesdropping, saying that "they can gather
much more through G+ buttons than through this" may not be quite valid (and
still - we don't know, we never will).
In any case, technically it is possible to get information without loosing
privacy. Example: you turn on the radio and you listen to music. Nobody is
geolocating you, storing cookies on your radio receiver and all the rest of
it. I think it should be possible to create a privacy respecting network
based on this principle. I would be interested to discuss this further with
people who are more technically knowledgeable than me.
> You need not compromise on freedom. You should always stay in control of
your own life.
Control means regulation, i.e. conforming within rules, i.e. limitation.
Freedom means no limitations. So one doesn't get freedom through control.
It's a long topic.
> There is no physical impossibility here (whereas requesting information
without communication is impossible): every piece of software can be and
should be free software.
I would be interested to know your thoughts in the other thread I opened
yestrday:
https://trisquel.info/en/forum/freedom-security-technology-what-can-we-do
> And that has absolutely nothing to do with our conversation.
It has a lot to do because not only the details matter but also the big
picture which contains much more important details (otherwise we wouldn't be
here and the whole idea of FOSS wouldnt exist).
> "All kinds of useful features" is too general to state anything about them.
Did you expect me to enumerate each and every spyware? Please, I know you are
intelligent enough to understand what I mean.
> You can consider that price too high. Other users, most users I believe,
consider it is not.
Of course. But the issue here is not what I consider, I am not important. The
issue is that the whole system is designed in a way to encourage negligence
and loss of privacy.
> However, I let it enabled on my parents' computer (that I administrate).
Same here.
> I do not think (I may be wrong) anybody knows how to have a distributed
Safe Browsing system that would not significantly slow down page loading. Do
you know?
The first thing that comes to mind - torrents, mirrors (like we have for
FOSS). There are other means too perhaps. Example: encouraging ISPs to keep a
local mirror on the gateways, proxies. It is possible.
> You trust the community... freedom 3.
The problem is that trust implies faith which is not facts. And that can be
exploited. We can discuss that in the other thread where I raise that
question. Also the issue here is: the community (Mozilla etc) ignores the
facts just because they prefered to fight over the definition of words. This
is another example that F3 doesn't necessarily work.
> The four freedoms do not solve all problems but it is the best we have.
Yes. But it seems to me they are not enough any more. Much more is necessary
nowadays.
> Windows is proprietary software. Its users are denied the essential freedom
to know what it is actually doing. The worst should be assumed.
Google's servers are not less proprietary. Why don't you assume the same for
them?
> Your bug reports ...
You are critical and that is a good thing. But you don't show anything better
which makes the former insignificant. I have taken the time to test other
browsers too and shared the results in this thread. What actual tests have
you done yourself? Please share with us, so we can do them too. Prove me
wrong, I would be happy to see that sending my IP address periodically with
"noise" to Mozilla, Amazon or whoever is worth it.
> Not the additional *telemetry* settings, no.
You don't seem to understand that my complaint is about the _indirect_
telemetry (privacy breach) resulting from the background chattering. Also
that same guy who replied in
https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c16 that this is not
documented. He didn't provide any clear evidence what are these
communications for. In fact he said
"I'd like these to be documented better publically in the future, i'll check
what we can do."
which means that nobody (except Mozilla) really knows what is going on (even
they needed time to check). So excercising the freedom 1 is a next to
impossible effort which obviously nobody would waste time on. You see - this
is another example that the four freedoms are not enough. They may have been
in the 90s or in 00s but in an age of mass surveillence - they are not.
> Do you understand they are separate components? No telemetry data is sent
to Google.
Telemetry means remote measuring. Measuring means getting the value of a
physical quantity and comparing it to a standard value.
In the bug report I mention _indirect_ telemetry which is the process of: the
program sending user's IP address + other data (we don't know what) for
unknown/undocumented purpose. It still is telemetry because it provides a
measure (identifiable, detectable, comparable data). Mozilla may not call it
'telemetry' according to their limited definition but in actuality it is
exactly that. In that sense - they are playing with words in order to avoid
the physical fact. So it is not me who uses the word wrongly but them. They
give new meaning to the words and argue over them just for the sake of
argumentation. But no argumentation can abolish the facts.
> It is useful to know how a program is used, what was its state when it
crashed, etc. to improve it.
Do KDE programs measure you all the time? I haven't noticed that. I have
noticed though that when they crash there is a specific button which you
press "Send data report". Does that make those programs worse? The field of
"improvement" is an open door to exploting the user. Watch this:
https://media.ccc.de/v/34c3-9077-humans_as_software_extensions#webm
> ... the system would be more respectful of your privacy.
Which implies that there are levels of privacy respect. I reject to agree to
that. It either respects privacy or not. "I respect your privacy and I won't
take snapshots but I will know that you are currently in your bedroom" is
just meaningless.
> It is physically impossible to do request information from a third party
without communicating.
Turn on your radio.
> Also, poor design never implies a loss of freedom. Imperfection is not the
same as oppression:
https://www.gnu.org/philosophy/imperfection-isnt-oppression.html
The word intelligence means to read between the lines. If everything we say
is just aimed to conform to the words of someone else we deny the possibility
of looking at things (not at words) and discussing them intelligently,
without any bias. Freedom is not conformity. It is something much bigger than
F0-4. I have deep respect for what RMS says and does but that doesn't mean
one should stop there.
This article is from 2014. Since then a lot has happened in the world and
cleverly playing with words against actual issues does not resolve the issue.
One of the biggest issues we face (and RMS will agree to that) is mass
surveillence. Today we have a system in which not only imperfections are used
as backdoors but even more - we see how that system deliberately creates
imperfections to infect the computers at hardware level which even the
perfect FOSS cannot fix. So again - we must look at facts, not at articles.
Still:
"You can urge the program's developers to turn their attention to the missing
feature when they have time for more work."
I have already done that, to my capacity.
> I have only read documentation on the matter.
So it is theoretical, a non-fact. I have read many articles about how good
this or that browser is. None of the authors have ever done any detailed
testing. Also Mozilla's programmer clearly said that what I raised is not
documented publicly.
> I could take a look at the source code though.
Do it, then we can talk. Show us lines of code which prove that my test is
wrong and that Mozilla, Amazon, Google etc don't receive our IP addresses and
other info. Mozilla's programmer didn't show that.
> That alone makes it improbable that Mozilla would be lying when describing
Firefox's implementation: its reputation is at stake.
The bigger and more powerful an entity becomes the less important the factor
of reputation. When the entity has gained power at another level what others
say has very little influence. Unless you think that the organizations who
spy on the whole world care about their reputation.
> Do you have any evidence to ground your accusations?
Have you even looked at the logs attached to the bug report? They show it.
