BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Reusing Passwords on Different Sites Should be OK
- Subject: [Discuss] Reusing Passwords on Different Sites Should be OK
- From: me at mattgillen.net (Matthew Gillen)
- Date: Sat, 19 Sep 2015 13:38:29 -0400
- In-reply-to: <BLUPR04MB36957C9A0DCCE2465A1C8DCDC590@BLUPR04MB369.namprd04.prod.outlook.com>
- References: <BLUPR04MB3699329CB5E010185E50399DC5A0@BLUPR04MB369.namprd04.prod.outlook.com> <55FC1B5B.9030900@riseup.net> <BLUPR04MB36957C9A0DCCE2465A1C8DCDC590@BLUPR04MB369.namprd04.prod.outlook.com>
On 9/18/2015 12:09 PM, Edward Ned Harvey (blu) wrote: >> From: Discuss [mailto:discuss-bounces+blu=nedharvey.com at blu.org] On >> Behalf Of Chris Markiewicz >> >> This is such a bizarre interpretation of "Third-party". A password >> should be considered a secret between two parties: client and server. >> But again, conceded that this is a problem. > > I get what you're saying - You're not saying that I'm trying to twist third party doctrine into something it's not. You're saying third party doctrine is itself a bizarre interpretation, that contradicts what a rational person would expect to be held private. > > And you're right. The case example to demonstrate this is lavabit. He created that whole business for the explicit purpose of providing privacy and security. That's the premise on which he gained all his users, and yet, when the feds came after him, they told him his users had no reasonable expectation of privacy. As usual when talking about the law I got quickly over my head. Even so, this was an interesting article that talks about how there is growing recognition of the ridiculousness of the third-party doctrine in modern technology. http://www.theatlantic.com/technology/archive/2013/12/what-you-need-to-know-about-the-third-party-doctrine/282721/ What was particularly interesting was that the third-party doctrine has been re-interpreted by the Supreme Court to catch up with technology at least once before: In 1928 the court ruled that warrentless wiretapping was ok, since they didn't have to enter the person's property. In 1967, the court re-interpreted the law as protecting people, not places, which all of the sudden make warrentless wiretaps a 4th amendment violation. So while it may be true that we're in a strange place right now where the interpretation of the law hasn't caught up with technology and culture, but I wouldn't count on it being like that forever. ------ Also, just wanted to point out that all this talk of privacy laws is ONLY applicable to putting limits on what the /state/ can do to access your data without your permission. There are basically no laws protecting you from the businesses you deal with or their employees. It is really just professional reputation that motivates these companies to keep your data private. To wit: https://nakedsecurity.sophos.com/2015/03/03/facebook-explains-when-and-why-it-peeps-at-your-account/
- References:
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: effigies at riseup.net (Chris Markiewicz)
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Reusing Passwords on Different Sites Should be OK
- Prev by Date: [Discuss] java keytool x.509 error
- Next by Date: [Discuss] some people help too much
- Previous by thread: [Discuss] Reusing Passwords on Different Sites Should be OK
- Next by thread: [Discuss] java keytool x.509 error
- Index(es):
