TRWTF: Everyday security



  • I'm not sure what is wrong with the world, or simply if I'm reading too much Internet today but:

    "Veracode found that 32 percent of web applications are still affected by SQL injection vulnerabilities."

    If that's not scary enough, you've got this:

    "You can log into just about half of the Internet with a default password"



  • I can't find the article, but I read somewhere that a (supposedly whitehat) cracking group launched a mass defacement during one DefCon and managed to hit well over one million sites, all of them bearing the same message about being vulnerable and easy to compromise - was around the time Attrition.org stopped mirroring defacements since it became too much effort.

    The mass defacement was supposed to shock companies into realising just how little they understood about security and how easy they could be cracked. Several tightened up their policies, but studies have still shown that organisations don't really believe they're vulnerable until a crack causes them to lose face/money/reputation/customers and only then will they consider doing something about it.  

    So, yeah... depressing reading. What should be the exception is rapidly becoming so normal place it fails to surprise.



  • The facts are scary no matter how to look at them, but the percent you cite seem directly pulled out of their author ass. How is defined "half of internet" ? Do they put the same weight to a car wash and a nuclear plant ? Is thoses "32%" made of 99% personal blog, or are they composed mainly of bank sites ? (and, yes, I looked to the whole articles,where they don't try to explain in any depth the physiology of the problem).

     I don't like FUD tactics, even used for good, and thoses articles smell extremely strongly of FUD. Security on the web may be pitiful, but I don't see the point of that kind of scaremongering. It's likely to be the fault of the journalist more than the security searcher, but still...



  • @TheLazyHase said:

    How is defined "half of internet" ?

    At this point? Painfully unfunny image macros..

    @TheLazyHase said:

    ...but I don't see the point of that kind of scaremongering.

    Clearly you've never held a job in a security-related field. Scaremongering is to the "security" industry as handing out packs of cigarettes to teens is to Phillip Morris.



  • I think the big, unspoken issue here is that a lot of that stuff doesn't really need to be secured anyway. The security "problems" identified are analogous to being able to pick the lock on your sister's diary, or to having a rusty trigger lock on your 80-feet-per-second BB gun. No one in his right mind cares. We make a big deal about health records in the USA... but even if HIPAA and all the associated security infrastructure went away, what would happen to most people? Hackers might find out that Medicare paid for your hemorrhoid surgery? That sucks for you, but you were spending my tax dollars there. If it were up to me , your butt surgery would have been a matter of public record all along.



  • @bridget99 said:

    We make a big deal about health records in the USA... but even if HIPAA and all the associated security infrastructure went away, what would happen to most people? Hackers might find out that Medicare paid for your hemorrhoid surgery? That sucks for you, but you were spending my tax dollars there. If it were up to me , your butt surgery would have been a matter of public record all along.

    But what if people were to find out that Medicaid declined to pay for my penis reduction surgery? The women would be beating down my door! It would be a living nightmare of trim!

    Seriously, though, I can't believe I'm agreeing with bridget, but I kind of do. I'm a big advocate of privacy but I'm also a big advocate of "suck it up, buttercup". People have become so paranoid about privacy it's ridiculous; we're supposed to make a Federal case because somebody found out you got a flu shot? Meanwhile, the surveillance state grows without restraint or oversight. I'm much more concerned about linking together CCTV networks and drones over domestic soil than I am about somebody finding out I'm addicted to clown pornography. And call me paranoid, but I do think some of the modern privacy hysteria is drummed up by people who would rather you be distracted from government surveillance.



  • @morbiuswilters said:

    @bridget99 said:
    We make a big deal about health records in the USA... but even if HIPAA and all the associated security infrastructure went away, what would happen to most people? Hackers might find out that Medicare paid for your hemorrhoid surgery? That sucks for you, but you were spending my tax dollars there. If it were up to me , your butt surgery would have been a matter of public record all along.

    But what if people were to find out that Medicaid declined to pay for my penis reduction surgery? The women would be beating down my door! It would be a living nightmare of trim!

    Seriously, though, I can't believe I'm agreeing with bridget, but I kind of do. I'm a big advocate of privacy but I'm also a big advocate of "suck it up, buttercup". People have become so paranoid about privacy it's ridiculous; we're supposed to make a Federal case because somebody found out you got a flu shot? Meanwhile, the surveillance state grows without restraint or oversight. I'm much more concerned about linking together CCTV networks and drones over domestic soil than I am about somebody finding out I'm addicted to clown pornography. And call me paranoid, but I do think some of the modern privacy hysteria is drummed up by people who would rather you be distracted from government surveillance.

    So just to recap:

    • OK to share: Phone logs, credit card details, social security numbers
    • NOT ok to share: Dental records, names of prescribed medicine, vaccination history


  • @Ben L. said:

    So just to recap:

    • OK to share: Phone logs, credit card details, social security numbers
    • NOT ok to share: Dental records, names of prescribed medicine, vaccination history

    You left two off the "OK to share" list: "level of trust in government officials" and "harvestable organs".



  • @Ben L. said:

    @morbiuswilters said:
    @bridget99 said:
    We make a big deal about health records in the USA... but even if HIPAA and all the associated security infrastructure went away, what would happen to most people? Hackers might find out that Medicare paid for your hemorrhoid surgery? That sucks for you, but you were spending my tax dollars there. If it were up to me , your butt surgery would have been a matter of public record all along.

    But what if people were to find out that Medicaid declined to pay for my penis reduction surgery? The women would be beating down my door! It would be a living nightmare of trim!

    Seriously, though, I can't believe I'm agreeing with bridget, but I kind of do. I'm a big advocate of privacy but I'm also a big advocate of "suck it up, buttercup". People have become so paranoid about privacy it's ridiculous; we're supposed to make a Federal case because somebody found out you got a flu shot? Meanwhile, the surveillance state grows without restraint or oversight. I'm much more concerned about linking together CCTV networks and drones over domestic soil than I am about somebody finding out I'm addicted to clown pornography. And call me paranoid, but I do think some of the modern privacy hysteria is drummed up by people who would rather you be distracted from government surveillance.

    So just to recap:

    • OK to share: Phone logs, credit card details, social security numbers
    • NOT ok to share: Dental records, names of prescribed medicine, vaccination history

    I'm not prepared to suggest any breakdown like that. I do think that 1) not every lock has to be bank vault quality, or even Ace hardware padlock quality and 2) privacy is neither a human right nor an absolute good.



  • @bridget99 said:

    ...privacy is neither a human right...

    I knew if I let bridget talk long enough there'd be something I disagree with. I do think privacy is a human right (when looked at as the right to be left alone, I'd say it's the most fundamental representation of all other rights) but that doesn't mean it's some absolute that can never be trammeled upon. I mean, sometimes your friends are going to say "Shut the fuck up, dude" (in your case probably more often than not) but if you started screaming about infringing your right to free speech you just look like a douchehole.

    @bridget99 said:

    ...absolute good.

    Is there even such a thing as an "absolute good"?



  • @morbiuswilters said:

    I mean, sometimes your friends are going to say "Shut the fuck up, dude" (in your case probably more often than not)

    Bridget has friends?

    @morbiuswilters said:

    Is there even such a thing as an "absolute good"?

    It's beer.



  • @bridget99 said:

    I think the big, unspoken issue here is that a
    lot of that stuff doesn't really need to be secured anyway. The
    security "problems" identified are analogous to being able to pick the
    lock on your sister's diary, or to having a rusty trigger lock on your
    80-feet-per-second BB gun.
    This is true, but for a large % of
    users, the key to your sister's diary is the same damn key for their
    bank details.

    Having 50+ accounts all over the web/workplace gets a
    lot easier with using common passwords and usernames. That's fine if
    they're low-priority tasks (Like, say, this forum). But I've seen people
    with the same password for everything.

    Want to steal a ton of
    money really easily? Host an image hosting site, make signing up really
    simple: email, username, password, and security question/answer.

    Between those four details, how many email accounts could be accessed, and then how many bank accounts? People need to be educated about this, but that doesn't seem to be happening.



  • @Adanine said:

    People need to be educated about this, but that doesn't seem to be happening.

    That's why intelligent companies are doing shit.



  • @Ben L. said:

    @Adanine said:
    People need to be educated about this, but that doesn't seem to be happening.

    That's why intelligent companies are doing shit.

    My favorite is this gadget. World of Warcraft has better security than the bank I keep tens of thousands of dollars in. That makes me feel good about the world.



  • @Adanine said:

    People need to be educated about this, but that doesn't seem to be happening.

    Here's the standard boilerplate I send out when I get spam from any of my contacts (after checking the headers to make sure it's not just a joejob):

    Hi, $CONTACT -

    I just received a piece of spam that apparently came from you, and the mail headers show that it really was sent from your $MAILSERVICE account and is not merely somebody using their own but spoofing the sender address. So it looks like some arsehole has guessed your $MAILSERVICE password and is now using your account for their own purposes.

    You should immediately log onto $MAILSERVICE and change your password, preferably to something long and inscrutably random. You should then comb through all your old mails looking for things that might be of use to identity thieves (credit card numbers, passwords and so forth) and if you find any you should get those changed as well. Check this promptly in case your intruder has decided to make it impossible by stealing and then deleting all your old mails; $MAILSERVICE can get them back for you if this happens but you typically need to tell them about it within 48 hours.

    Mail account compromises are a complete pain in the arse. The most common cause is weak and/or shared passwords, and the fix for that is embracing the goodness that is KeePass as described here:

    Condolences,
    $MYNAME



  • @Ben L. said:

    That's why intelligent companies are doing shit.

    Your link to "Wish-It-Was Two-Factor" is absolutely spot on here. I supposed there might be some tiny proportion of Steam users for which a Steam account compromise would not be accompanied by a mail account compromise, but I would be very surprised to learn that there are enough of those to make this new "security" measure worth the development effort.

    Valve has amazingly good developers churning out all these amazingly good games, and then they do pointy haired shit like this. So WTF, Valve? Did you let Marketing get its hands on the levers of management power again?



  • @flabdablet said:

    @Ben L. said:
    That's why intelligent companies are doing shit.

    Your link to "Wish-It-Was Two-Factor" is absolutely spot on here. I supposed there might be some tiny proportion of Steam users for which a Steam account compromise would not be accompanied by a mail account compromise, but I would be very surprised to learn that there are enough of those to make this new "security" measure worth the development effort.

    Valve has amazingly good developers churning out all these amazingly good games, and then they do pointy haired shit like this. So WTF, Valve? Did you let Marketing get its hands on the levers of management power again?

    In order to steal my Steam account, you would need two passwords and my phone. Or you would need to steal my computer. Physical objects are generally pretty secure.



  • @blakeyrat said:

    My favorite is this gadget.

    My bank sold me something like that for five bucks. It's a Good Thing.

    Later, I found out that forgetting that my car keys are in the pocket of my board shorts now costs $5. Popping the battery out of a wet security token and doing the bag-of-rice dance doesn't work; they need to stay alive continuously to retain their clock time and private hash key.



  • @Ben L. said:

    In order to steal my Steam account, you would need two passwords and my phone. Or you would need to steal my computer. Physical objects are generally pretty secure.

    Quite right. So given that they can already do two-factor auth, why would they bother fucking around with this verified-mail-account shit? I'm sure it would confuse more doofuses than it protects.



  • @Adanine said:

    Want to steal a ton of
    money
    spend the rest of your life on the run from law enforcement really easily? Host an image hosting site, make signing up really
    simple: email, username, password, and security question/answer.

    Between those four details, how many email accounts could be accessed, and then how many bank accounts?

    FTFY. Admittedly, stealing the money is pretty easy, but try holding on to it.



  • @Ben L. said:

    @Adanine said:
    People need to be educated about this, but that doesn't seem to be happening.

    That's why intelligent companies are doing shit.
    Some
    companies are implementing procedures, but people still don't know why.
    There have been articles explaining this that are publically available,
    but my point was that information on "hacker" scares and high priority
    systems being compromised gets around a lot more quickly and thoroughly
    then security information to prevent much more basic/common things
    happening to you. The other thing is that this is not a new problem.
    I've had tens of accounts over the internet for atleast five years, and
    many other people have had more for longer.

    [quote
    user="morbiuswilters"]FTFY. Admittedly, stealing the money is pretty
    easy, but try holding on to it.

    								    [/quote]No one would argue against that, but that's still 
    

    unrelated to the point. Finding the door to the bank's vault open would
    also be an easy way to make money, but you're going to run into issues
    on the way out. Doesn't mean the bank shouldn't keep that door closed.

    Edit: Just read the above article for Wish-It-Was Two-Factor. Star Wars: The Old Republic had that same damn setup. Pissed me off to no end. Didn't actually know that Google had an authenticator anywho, so yay for learning.



  • @Adanine said:

    Finding the door to the bank's vault open would
    also be an easy way to make money, but you're going to run into issues
    on the way out. Doesn't mean the bank shouldn't keep that door closed.

    Eh, it's not their money. It's not anybody's. Maybe the thieves will actually spend it, thus stimulating the economy. In fact, I think I smell the FOMC's next plan..


  • Discourse touched me in a no-no place

    @blakeyrat said:

    My favorite is this gadget.
    Fine if you only have one account that needs a SecureID clone, but not so good when you have more than one, and each account requires a separate piece of hardware because you cannot link a physical authenticator to more than one account. Better is this. Of which there are a few implementations. And which is a darn sight cheaper for both users and providers.



  • @flabdablet said:

    Valve has amazingly good developers churning out all these amazingly good games, and then they do pointy haired shit like this. So WTF, Valve?
     

    Being able to design and author a game isn't quite the same as being able to design and author an authentication mechanism.

    Unless it is... and the developers don't want to make the security too hard for fear that people will give up attempting to crack it playing.



  • @TheLazyHase said:

    How is defined "half of internet" ?
    Amusing videos of cats, by and large.

     



  • @PJH said:

    Fine if you only have one account that needs a SecureID clone, but not so good when you have more than one,

    If you have more than one World of Warcraft account then GOOD NEWS! You don't need an authenticator because you never leave your basement or talk to another human being! So you're 100% secure as you cry into your big bowl of Cheetos and hit "accept" to another dungeon group request.



  • @blakeyrat said:

    @PJH said:
    Fine if you only have one account that needs a SecureID clone, but not so good when you have more than one,

    If you have more than one World of Warcraft account then GOOD NEWS! You don't need an authenticator because you never leave your basement or talk to another human being! So you're 100% secure as you cry into your big bowl of Cheetos and hit "accept" to another dungeon group request.

    I can never figure out if blakey is really as stupid as he tries to appear. It seems more and more likely as time goes on.


  • Discourse touched me in a no-no place

    @blakeyrat said:

    @PJH said:
    Fine if you only have one account that needs a SecureID clone, but not so good when you have more than one,

    If you have more than one World of Warcraft account then...

    Stop being/pretending to be a fucking idiot. You are[1] well aware that institutions like banks, AOL and some workplaces use those authenticators.





    [1] Or should be. If you're not, you're spending far too much time in your mommy's basement.



  • Who said otherwise? I just said my bank didn't have one.

    Do you guys read English at all? Should I try Esperanto?



  • @blakeyrat said:

    Who said otherwise? I just said my bank didn't have one.

    Do you guys read English at all? Should I try Esperanto?

    Who said you said your bank had one? Who said any such account had to be a bank (seemed to be obvious given that a non-bank with one was mentioned)? Why a duck?

    You're not using a markov generator are you? It's kinda hard to tell.



  • @PJH said:

    Stop being/pretending to be a fucking idiot.
     

    You weren't talking about multiple WoW accounts? That wasn't clear from your post.



  • @dhromed said:

    You weren't talking about multiple WoW accounts? That wasn't clear from your post.

    Oh geez. Now I get why PJH and Boomzilla were calling me stupid-- I thought it was just because they didn't get the joke (or it hit too close to home.)

    I re-read PJH's post twice, his reply, Boomzilla, and it wasn't until I saw this post that I realized PJH *wasn't* (apparently) talking about having more than one World of Warcraft account.

    You know, guys, if you had spent one sentence explaining the miscommunication instead of just calling me stupid, you might have gotten a reply more to your liking.



  • @PJH said:

    …not so good when you have more than one… Better is this.

    Better still is a text message to my mobile phone. It is one authenticator I can use for any number of sites.

    Now if only my bank would get with the times…



  • @havokk said:

    @PJH said:
    …not so good when you have more than one… Better is this.

    Better still is a text messagephone call to my mobile phone. It is one authenticator I can use for any number of sites.

    Now if only my bank would get with the times…

    My phone company (not naming names, but it rhymes with ate tea and tea) charges for incoming text messages. $0.10 each. No charge for phone calls though.

    Which one costs the phone company more money? Transmitting several minutes of audio or 6 characters?



  • @Ben L. said:

    @havokk said:
    @PJH said:
    …not so good when you have more than one… Better is this.

    Better still is a text messagephone call to my mobile phone. It is one authenticator I can use for any number of sites.

    Now if only my bank would get with the times…

    My phone company (not naming names, but it rhymes with ate tea and tea) charges for incoming text messages. $0.10 each. No charge for phone calls though.

    Which one costs the phone company more money? Transmitting several minutes of audio or 6 characters?

     

    Which one do people do more of by volume? Which one is used more by immature phone users with no concept of money? Which one is more gougable?

     It has nothing to do with what they should charge. It's all about what what they can charge.

    If your phone company charges you to receive SMS, you should tell them to fuck off at your earliest convenience. 

     



  • @Ben L. said:

    My phone company (not naming names, but it rhymes with ate tea and tea) charges for incoming text messages. $0.10 each.

    Holy balls. I remember when SMS was brand new (at least to me) in 2001 or 2002 and my cell company was like "Check out this cool new thing, only $0.10 per-message!" and I was like "Yeah-fucking-right."

    Today I just have an unlimited number of SMS/MMS from Verizon. I think I average around 5-10k per-month (most of those are automated system messages, though.) $0.10 per-message would kill me. OTOH, 10 cents today is worth a hell of a lot less than 10 cents a decade ago, so I guess the "real" price has dropped some.



  • I just re-checked my contract. It's not $0.10.

    It's $0.20.

    That's a total of $0.40 if I want to send 1 or more letters to a family member, but $0 if I want to sing out-of-tune for a few hours.



  • @Ben L. said:

    I just re-checked my contract. It's not $0.10.

    It's $0.20.

    That's a total of $0.40 if I want to send 1 or more letters to a family member, but $0 if I want to sing out-of-tune for a few hours.

    Why would you send a letter via SMS? Seriously, though, I've heard of some awful phone plans, but unlimited talk and 20 cent texts? What the shit?



  • @morbiuswilters said:

    @Ben L. said:
    I just re-checked my contract. It's not $0.10.

    It's $0.20.

    That's a total of $0.40 if I want to send 1 or more letters to a family member, but $0 if I want to sing out-of-tune for a few hours.

    Why would you send a letter via SMS? Seriously, though, I've heard of some awful phone plans, but unlimited talk and 20 cent texts? What the shit?

    Here, I'll send a letter over Comunity Server

    m


  • Discourse touched me in a no-no place

    @Ben L. said:

    Which one costs earns the phone company more money? Transmitting several minutes of audio or 6 characters?
    Having FTFY, do you see why they're doing it? It has bugger all to do with cost, since SMS is built upon spare bandwith that would (or, at least used to) otherwise go wasted.



  • @morbiuswilters said:

    @bridget99 said:
    ...privacy is neither a human right...

    I knew if I let bridget talk long enough there'd be something I disagree with. I do think privacy is a human right (when looked at as the right to be left alone, I'd say it's the most fundamental representation of all other rights) but that doesn't mean it's some absolute that can never be trammeled upon. I mean, sometimes your friends are going to say "Shut the fuck up, dude" (in your case probably more often than not) but if you started screaming about infringing your right to free speech you just look like a douchehole.

    @bridget99 said:

    ...absolute good.

    Is there even such a thing as an "absolute good"?

    I've never understood how anyone could mistake privacy for a right. Privacy is something that must be purchased, often at great cost. We enter the world naked and spend our first couple of years having our diapers changed (hardly private). Even after we learn to use the potty, we've got no privacy in the homes of our parents. At 18, the lucky get assigned a dorm room or a studio apartment. By 25-30, the employable (about 10% of the population) will finally have enough money to buy a little bit of real privacy. So how is privacy a right? If it were a right, even a peniless bum could have it.



    And I don't know if there is such a thing as an absolute good. I was talking about people mistaking privacy for an absolute good. If you say there's never, ever any such thing, that doesn't really undermine my argument. People do mistake things for absolute goods. A lot of people seem to think that sobriety is an absolute good, but I still want Morphine if my leg has to be amputated.



  • @bridget99 said:

    I've never understood how anyone could mistake privacy for a right. Privacy is something that must be purchased, often at great cost. We enter the world naked and spend our first couple of years having our diapers changed (hardly private). Even after we learn to use the potty, we've got no privacy in the homes of our parents. At 18, the lucky get assigned a dorm room or a studio apartment. By 25-30, the employable (about 10% of the population) will finally have enough money to buy a little bit of real privacy. So how is privacy a right? If it were a right, even a peniless bum could have it.

    I don't think you understand what a right is. A right is more aspiration than reality. By your reasoning there are no rights since at any point in history somebody may not have been able to enjoy that right.

    @bridget99 said:

    A lot of people seem to think that sobriety is an absolute good...

    Bastards.



  • @morbiuswilters said:

    @bridget99 said:
    I've never understood how anyone could mistake privacy for a right. Privacy is something that must be purchased, often at great cost. We enter the world naked and spend our first couple of years having our diapers changed (hardly private). Even after we learn to use the potty, we've got no privacy in the homes of our parents. At 18, the lucky get assigned a dorm room or a studio apartment. By 25-30, the employable (about 10% of the population) will finally have enough money to buy a little bit of real privacy. So how is privacy a right? If it were a right, even a peniless bum could have it.

    I don't think you understand what a right is. A right is more aspiration than reality. By your reasoning there are no rights since at any point in history somebody may not have been able to enjoy that right.

    @bridget99 said:

    A lot of people seem to think that sobriety is an absolute good...

    Bastards.

    I think you don't understand what a "right" is. If you have a right to something, you own it. I have a right to the "pursuit of happiness" (according to Thomas Jefferson, and I think most people agree). I do not have a right to "hapiness." If a right were really just an aspiration, we wouldn't have needed that "pursuit of" qualifier. think it's the same with privacy. Unless you really fuck up bad, you get to pursue happiness, and to pursue privacy (in a free society). But you're not guaranteed either one (bad court decisions notwithstanding), nor could you be, given the laws of physics and economics.



  • @bridget99 said:

    @morbiuswilters said:
    @bridget99 said:
    I've never understood how anyone could mistake privacy for a right. Privacy is something that must be purchased, often at great cost. We enter the world naked and spend our first couple of years having our diapers changed (hardly private). Even after we learn to use the potty, we've got no privacy in the homes of our parents. At 18, the lucky get assigned a dorm room or a studio apartment. By 25-30, the employable (about 10% of the population) will finally have enough money to buy a little bit of real privacy. So how is privacy a right? If it were a right, even a peniless bum could have it.

    I don't think you understand what a right is. A right is more aspiration than reality. By your reasoning there are no rights since at any point in history somebody may not have been able to enjoy that right.

    @bridget99 said:

    A lot of people seem to think that sobriety is an absolute good...

    Bastards.

    I think you don't understand what a "right" is. If you have a right to something, you own it. I have a right to the "pursuit of happiness" (according to Thomas Jefferson, and I think most people agree). I do not have a right to "hapiness." If a right were really just an aspiration, we wouldn't have needed that "pursuit of" qualifier. think it's the same with privacy. Unless you really fuck up bad, you get to pursue happiness, and to pursue privacy (in a free society). But you're not guaranteed either one (bad court decisions notwithstanding), nor could you be, given the laws of physics and economics.

    You have a right to remain silent. You own remain silent.



  • @bridget99 said:

    I think you don't understand what a "right" is. If you have a right to something, you own it. I have a right to the "pursuit of happiness" (according to Thomas Jefferson, and I think most people agree). I do not have a right to "hapiness." If a right were really just an aspiration, we wouldn't have needed that "pursuit of" qualifier. think it's the same with privacy. Unless you really fuck up bad, you get to pursue happiness, and to pursue privacy (in a free society). But you're not guaranteed either one (bad court decisions notwithstanding), nor could you be, given the laws of physics and economics.

    Your logic is really faulty here. You say if I have a right to something, I own it, but ownership itself is a right, and not one that's even considered absolute (I may own a piece of land, but laws restrict what I can do with that land and governments make first claim to the title, so I usually must pay taxes to them for the right to use it.) You seem to be making the assumption that for negative rights to be a rights, there can be no positive action by others to secure those negative rights. By your reasoning, I have the right to life, but it would be a mistake for any government to conclude that this means murder should be a crime.

    And as for privacy, according to you I am free to pursue it, but I must contend with a government that has vast resources and a desire to undermine my privacy. But if a right is indeed something I can pursue but it is permissible for a government to extort resources from me and then use those resources to eradicate my ability to pursue that right, then the whole concept is meaningless. You might as well say Jews in 1930s Germany* had the right to life, assuming the Nazi's didn't pry the gold teeth out of their heads and use that money to build gas chambers to suffocate them in.

    In other words, to you a right has no abstract meaning outside of what you can manage to grab for yourself. But we already have words to describe that; a right means something else, it is itself an intellectual concept rooted in the idea that sentient beings should be free from coercion by other sentient beings. As a legal concept it is a solid benchmark of liberty we can point to; a line that says "you may use coercion up to this point, but no further".



  • @morbiuswilters said:

    Your logic is really faulty here. You say if I have a right to something, I own it, but ownership itself is a right, and not one that's even considered absolute.

    "Own" was an imperfect word choice. But the fact that the two words are, depending on context, nearly synonymous doesn't really detract from what I was saying. I would tend to think the opposite.



    The notion of civil rights is a relatively new one, and the scope of the word "right" has probably grown over time. In the original sense of the word, an example of a "right" might be a franchise: the right to sell beer at the Kingdome, for example. And you can most definitely own that right, or lease it from its owner, etcetera.

    @morbiuswilters said:

    You seem to be making the assumption that for negative rights to be a rights, there can be no positive action by others to secure those negative rights. By your reasoning, I have the right to life, but it would be a mistake for any government to conclude that this means murder should be a crime.

    Are you saying that "privacy" is a negative right because it's the right to be free from something? I think it goes a bit beyond that. It almost becomes an entitlement. What if "privacy" to you equates to 3-4 acres of land? I know people from the country who get nervous if they have to live on a suburban lot and who be very uncomfortable if they had to live in an apartment complex.



    That's about privacy; what they don't like is that the general public sees and hears them. It's unavoidable, and we all experience it to varying degrees... but it's ridiculous to expect government help with or to posit a "right" to any particular level of comfort. We can pass HIPAA and enforce it at the point of a gun; but if you live in some apartment complex in the city, and you have to have radical butthole surgery, people are going to notice. They'll see you leaving, and then en route to the Proctologists office, and then later buying a "water wing" to sit on because you're just some apartment person who can't afford a real orthotic. Then, at work, people will see you sitting on your ersatz orthotic, which will probably have Dora the Explorer on it, or something equally humiliating... rights to privacy notwithstanding.



    And you act as if the "right to life" were some kind of absolute that no sane philosophy would ever deny... but I suspect that this phrase was in fact original with Jefferson, and I feel certain that it was considered a radical idea at the time. I agree with the spirit of it, but, as phrased, it is not reasonable. It should be phrased as a "right to live out one's natural life," and then we all could agree on it.
    @morbiuswilters said:

    And as for privacy, according to you I am free to pursue it, but I must contend with a government that has vast resources and a desire to undermine my privacy. But if a right is indeed something I can pursue but it is permissible for a government to extort resources from me and then use those resources to eradicate my ability to pursue that right, then the whole concept is meaningless. You might as well say Jews in 1930s Germany* had the right to life, assuming the Nazi's didn't pry the gold teeth out of their heads and use that money to build gas chambers to suffocate them in.

    I don't get it... you want the government to acknowledge and legislate around some supposed right-to-privacy so that the government won't snoop on you? I think there's a layer of indirection there that's unnecessary. The sort of program and agency that would spy on people should just never get funded in the first place. I've always thought that, when we started engaging in espionage just like other countries, it cheapened the ideals upon which the USA was founded. The political problem here is that there's a slippery slope up which a lot of people just won't climb. They want the CIA to exist to spy on third world dictators but not on them. So they posit some sort of legislative or philosophical conceit that tries to constrain the activities of their own spies, and they hope that will keep their own secrets safe. It won't.



    And here's the biggest problem I have with a "right to privacy." If we could all do the things we like to do, or think are right, in the light of day, we would have to learn to be more tolerant. If you knew your co-workers were a bunch of furries and crack addicts, you'd be more tolerant of furries and crack addicts... as you should be. Building walls (and "rights" to walls) doesn't address the core issue of intolerance, and the lack of a shared morality outside of the right to hide from each other.



  • @bridget99 said:

    The notion of civil rights is a relatively new one, and the scope of the word "right" has probably grown over time.

    If by "relatively new" you mean "within the last 350 years", then I suppose so.

    @bridget99 said:

    Are you saying that "privacy" is a negative right because it's the right to be free from something?

    Yes. That is the definition of a negative right.

    @bridget99 said:

    What if "privacy" to you equates to 3-4 acres of land? I know people from the country who get nervous if they have to live on a suburban lot and who be very uncomfortable if they had to live in an apartment complex.

    That would be a positive right, better known as an entitlement. But calling positive rights rights just muddies the water. They should just be entitlements. For example, you have a right to life (i.e. to be free of attempts by other humans to end your life) but you that doesn't guarantee you aren't going to starve to death. You have the entitlement of food stamps, which provides a means to avoid starvation.

    @bridget99 said:

    And you act as if the "right to life" were some kind of absolute that no sane philosophy would ever deny... but I suspect that this phrase was in fact original with Jefferson, and I feel certain that it was considered a radical idea at the time.

    It was considered somewhat radical, but it did not originate with Jefferson; he lifted it from Locke, although its roots are deeper still.

    @bridget99 said:

    I agree with the spirit of it, but, as phrased, it is not reasonable. It should be phrased as a "right to live out one's natural life," and then we all could agree on it.

    Jefferson's conception of rights was actually a lot more complex than most people realize, but I think that once again the waters have been muddied by a century-and-a-half of progressivism which has sought to cloak entitlements in the language of rights. By "right to life" he did not mean that the Treasury should be exhausted keeping you on life support, but merely that you should be free from murder--whether initiated by government or private individual--unless due process were to result in you losing the right to your life.

    @bridget99 said:

    The sort of program and agency that would spy on people should just never get funded in the first place.

    And yet it does. Laws that explicitly prevent domestic spying make it much harder to get it in the back door through other means. Merely saying "Oh, the government should never do this in the first place" is not enough; governments are sneaky and require constant vigilance to keep them within the privileges granted to them by the governed.

    @bridget99 said:

    I've always thought that, when we started engaging in espionage just like other countries, it cheapened the ideals upon which the USA was founded.

    I would disagree with that. This country has engaged in espionage since its founding. Espionage on foreign entities is very different than espionage at home. There's a clear separation between "foreign" and "domestic", conceptually, morally and legally. We kill and imprison enemies without trial, but that standard should not be applied to domestic criminals.

    @bridget99 said:

    If we could all do the things we like to do, or think are right, in the light of day, we would have to learn to be more tolerant. If you knew your co-workers were a bunch of furries and crack addicts, you'd be more tolerant of furries and crack addicts... as you should be. Building walls (and "rights" to walls) doesn't address the core issue of intolerance, and the lack of a shared morality outside of the right to hide from each other.

    I would say this is very, very wrong. For one, I do not think people should be more tolerant of furries or crackheads. For two, the privacy afforded by the Internet has led to an explosion of the former. Lack of privacy tends to lead to tighter social controls on behavior. The most strictly-regimented societies are those that recognize the least a right to privacy.



  • @bridget99 said:

    And here's the biggest problem I have with a "right to privacy." If we could all do the things we like to do, or think are right, in the light of day, we would have to learn to be more tolerant. If you knew your co-workers were a bunch of furries and crack addicts, you'd be more tolerant of furries and crack addicts... as you should be. Building walls (and "rights" to walls) doesn't address the core issue of intolerance, and the lack of a shared morality outside of the right to hide from each other.

    It's more than hiding and intolerance. Human societies have used privacy for all kinds of important social purposes. We let someone know we trust them intimately by being OK with them seeing us naked. We let people know they are in our "circle" by letting them in on things that we keep private. Not just illegal stuff or bad stuff, but random stuff that's controlled for the sole purpose of defining an inner circle.

    Without privacy, people lose the ability to form complex social relationships and become more like cattle than people.



  • @Jaime said:

    It's more than hiding and intolerance. Human societies have used privacy for all kinds of important social purposes. We let someone know we trust them intimately by being OK with them seeing us naked. We let people know they are in our "circle" by letting them in on things that we keep private. Not just illegal stuff or bad stuff, but random stuff that's controlled for the sole purpose of defining an inner circle.

    Without privacy, people lose the ability to form complex social relationships and become more like cattle than people.

    Bullshit. There was no privacy, or expectation of it, for the first 99% of humanity's development.



  • Can privacy even be a right?

    I used to work in an electronic
    store that would sell (Among other things) prepaid Mobile Phones.
    Whenever someone purchased a prepaid SIM, by law we needed to take down
    their name and address [Edit: And check ID], 'cause you know, they could be terrorists.

    Most customers were fine, some customers were curious as to why, and some went batshit and left the store.

    I
    think privacy is too loosely defined overall for there to be a right
    for it. Relies too much on how both the Observed and the Observer
    personally react in an infinite range of scenarios. It could be turned
    into a legal weapon similar to how that Woman acted in Bridget's other
    thread. Imagine Jane glancing at Bob's house, while Bob was outside
    getting the mail in his underwear. Now Bob feel's that Jane violated his
    right to Privacy. The other extreme fails aswell, where no real acts
    against privacy are defended because there's no legal agreement for the
    Observer to not observe the Observed in most cases (And if there was,
    then that's not a Privacy Right issue, but a Legal issue).

    Not to
    mention, if someone goes batshit crazy over every "Threat to his
    security", never wants to be identified at all and constantly prevents
    any piece of information about him being in the hands of anyone else... I
    kinda want my Government to track that guy. That's more my policy on it
    then anything, though.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.