Archive for July 24, 2019

Wednesday, July 24, 2019 [Tweets] [Favorites]

Lockdown 0.1.1

Juli Clover:

Lockdown, a new app launching today, is designed to be an open source firewall, letting users block any connection to any domain, including those that use ad tracking services and analytics platforms to monitor device usage.

Lockdown is free to download and use, and because it operates on device, it collects no user data. Lockdown uses Apple’s VPN setup to function, though it is not a VPN and will not obscure your own IP address.

This sounds great, although it looks like you have to manually enter the domains to block, and they are blocked globally and permanently. Whereas, Little Snitch on the Mac prompts you interactively, its blocks can be temporary, and you can have different settings for each app.

Note that the actual name of the app in the App Store is “Lockdown Apps”. That’s currently the fifth app in the list when I search for “Lockdown.”

The source is available here. Being able to compile it yourself—from code that anyone can inspect—makes it a bit more trustworthy than downloading the version from the App Store, which you can’t prove matches the published source.

Previously:

Attorney General William Barr on Encryption Policy

Bruce Schneier:

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

[…]

I think this is a major change in government position. Previously, the FBI, the Justice Department and so on had claimed that backdoors for law enforcement could be added without any loss of security. They maintained that technologists just need to figure out how: an approach we have derisively named “nerd harder.”

With this change, we can finally have a sensible policy conversation. Yes, adding a backdoor increases our collective security because it allows law enforcement to eavesdrop on the bad guys. But adding that backdoor also decreases our collective security because the bad guys can eavesdrop on everyone. This is exactly the policy debate we should be having not the fake one about whether or not we can have both security and surveillance.

That sounded encouraging. However, Barr also said (via Nick Heer):

We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption.

If he’s only conceding a theoretical—not material—difference, I’m not sure how much of a change this really is.

Previously:

Update (2019-08-15): See also: Bruce Schneier.

Google Open Sources robots.txt Parser

Google (via Hacker News):

We’re here to help: we open sourced the C++ library that our production systems use for parsing and matching rules in robots.txt files. This library has been around for 20 years and it contains pieces of code that were written in the 90’s. Since then, the library evolved; we learned a lot about how webmasters write robots.txt files and corner cases that we had to cover for, and added what we learned over the years also to the internet draft when it made sense.

We also included a testing tool in the open source package to help you test a few rules.

My sites have recently been hammered by bots—hundreds of thousands of hits for search engines and directories I’d never heard of—causing the server to run out of memory (I think due to the PHP-based vBulletin forum) and reboot. If you’ve seen this site go down for a couple minutes every now and then, I think that’s why.

The bots all claimed to follow the Robots Exclusion Protocol, but they were not respecting my requests to crawl more slowly and to avoid the forum. Eventually I figured out that the specification calls for lines to be separated by CR LF, but my robots.txt files were only using CR.

bhartzer:

Google has been very clear lately (via John Mueller) regarding getting pages indexed or removed from the index.

If you want to make sure a URL is not in their index then you have to ‘allow’ them to crawl the page in robots.txt and use a noindex meta tag on the page to stop indexing. Simply disallowing the page from being crawled in robots.txt will not keep it out of the index.

Previously: