LinkLocker

As you've doubtless heard by now, Amazon announced yesterday that it is bringing to market a new Echo device called "Look." As you might have gathered given the name, this in-home "assistant" comes with an Internet-connected camera (oh, goody!):

With Echo Look, you can take full-length photos of your daily look using just your voice. The built-in LED lighting and depth-sensing camera let you blur the background to make your outfits pop, giving you clean, shareable photos. Get a live view in the Echo ...

In a bit of epic trolling, Bloomberg's editorial board published a piece¹ this week praising Trump and Congress for their efforts to continue permitting ISP's to sell your personal browsing data for a profit. The specious arguments drip with willful stupidity from the first sentence, and the piece just gets more dumb as it goes on:

On one issue, at least, President Donald Trump has united the country: More than 70 percent of the public -- across political parties -- oppose a bill he ...

In the wake of Congress' recent vote to reverse FCC rules that would require ISP's to obtain customers' permission before selling their browsing histories to marketers, concerned consumers have been searching for some way to prevent their providers from having a complete record of their browsing habits. VPN services seem to be the most often recommended solution, but as security researcher Brian Krebs explains, finding a trustworthy VPN is key—otherwise you might just be handing your browsing history to yet another third party ...

The U.S. Senate voted yesterday to roll back FCC protections enacted this past October which would prevent your broadband ISP from selling your browsing history to advertisers. This news may have slipped through the cracks in all the hubbub over the health care bill, but it's a troubling vote in its own right and it deserves your attention if you are concerned about privacy.

As I've discussed before, this site uses an SSL certificate from Let's Encrypt. Overall I believe they are doing the world a great service by offering certificates for free, but some recent events may be demonstrating a grave problem with their approach—and maybe even with the broader approach taken by implementations of SSL in general. To wit, the recent talk of 14,000 fake-PayPal phishing sites using valid SSL certificates from Let's Encrypt has brought to the forefront what is to my mind one of the potentially fatal flaws in the way we handle encrypted traffic over the Web: the fact that encryption and trust have somehow gotten lumped together as a single monolithic thing in the eyes of most consumers. If a site has a green lock, it's "safe," and that's all there is to it. Unfortunately, that's just not a great way to look at the Web.