[Discuss] Mr Robot

Edward Ned Harvey (blu) blu at nedharvey.com
Wed Sep 2 16:08:55 EDT 2015


> From: Dan Ritter [mailto:dsr at randomstring.org]
> 
> For most people in most places,  blindly clicking "yup" on the
> terms of service is exactly what they should do.
> 
> 99% will not get into legal trouble.

Actually, that's not the point - By accepting the ToS and granting permission for their employees to access whatever, you both open the door for their bad employees to illegally use your stuff, and you waive your legal right to privacy so it becomes legal for the NSA to indiscriminately harvest it all without any warrant or probable cause.

And that includes your password. No right to privacy on your password because you voluntarily used it to login to their service, which means you sent it to them.

All of the above is solved, if passwords and encryption keys are never exposed. Unfortunately, for example, the Dropbox terms of service https://www.dropbox.com/terms says you grant them access to your stuff because it "enables us to offer the Services." The reality is, they don't need access to your stuff in order to do file sync.

I certainly know Synctuary does file sync without any access to the files, passwords, or encryption keys.

Third Party Doctrine: This is what sank Lavabit.
People who voluntarily give information to third parties have "no reasonable expectation of privacy."
https://en.wikipedia.org/wiki/Third-party_doctrine

AT&T employees stole and sold customers' private information
http://arstechnica.com/tech-policy/2015/04/att-fined-25-million-after-call-center-employees-stole-customers-data/

Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1
http://motherboard.vice.com/read/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1




More information about the Discuss mailing list