|
> I disagree entirely with this. The difference is clear -- data is not operational on its own, it requires something to operate on it. So in terms of trust, I only have to trust the software operating on the data -- and I have many choices of software to use to do that. Well, that's what I strongly disagree with. You either oversimplify it for practical purpose (which exactly what I wanted to point out making this statement) or are simply wrong on a fundamental level. Distinction between data and code is artificial. It really helps us when we programs, but hurts when we think about security issues and that mindset in a way is an exploit itself. If you look into security-related updates in any mature interpreted language, you'll see that 99% of them are related to data processing, not some restriction being forgotten. Think about good-old stack overflows errors, where your data suddenly becomes a code, or numerous exploits in simple text formats, xml parsers or PDF nightmare. Real security problems have very little to do with the fact that malicious data was carried by some executable code, they do just find without it. In fact, having so heavily-tested VM that there are, makes daily usage of average computer user much safer that it would be without it. > I don't live in the EU, and this is the exact sort of attack that I'm doing my best to protect myself against.
I didn't mean that new hysteria about being tracked by ads and browsers. It's a toothless issue, that poses no significant threat and we as community could entirely fix it in less than a year, I just don't think anybody's capable really cares. After all, if we can have some GDRP joke and that makes people feel better, why even bother? I was really pointing that your traffic is compromised at ISP level and if you were a person of any interest, analysis could be bought at black market, just as your SMS could be intercepted without you knowing. It's business. Oh, and don't let me start about hardware level, which we trust, but as it turns out, should not. |