Home » Posts tagged "anti"

義大利政府的反貪組織用 Tor 的 Onion (Hidden Service) 接受檢舉

在「Italian Anti-Corruption Authority (ANAC) Adopts Onion Services」這邊看到,義大利政府因為法令要求必須保護告密者,而不只是在需要提供身份的階段才保護:

Many national laws (such as Italian Dlgs. 231/2001) require companies to adopt corporate governance structures and risk prevention systems, which can include allowing whistleblowing submissions. However, most whistleblowing laws only protect whistleblowers when their identity is disclosed, which can put the person reporting corruption at risk.

In 2016, the International Standards Organization (ISO) released a new model for organizations setting up and operating anti-bribery management systems, ISO 37001:2016. To meet ISO standards, organizations or companies implementing anti-corruption procedures must allow anonymous reporting, as explicitly indicated in point 8.9 of section C of ISO 37001:2016.

Furthermore, national laws (such as recent Italian 179/2017) require the adoption of IT systems for whistleblowing, leading to the practical integration and use of Tor for its technological anonymity features.

而義大利政府的系統選擇用 Tor 的 Onion (Hidden Service) 提供服務接受檢舉:

To comply with these standards, the Italian Anti-Corruption Authority (ANAC), an administrative watchdog, just launched their national online whistleblowing platform using onion services, giving whistleblowers who come forward a secure way to report illegal activity while protecting their identities.

這使用了 hidden service 的特性,讓伺服器端完全無法得知 client 的位置,對於使用有足夠保護的 browser 來說 (像是 Tor Browser),這可以完全讓 server 端無法得知身份,即使政府的伺服器都入侵也沒辦法知道告密者是誰。

這點頗先進的...

把 Google Chrome 預設的 JavaScript 關閉,開白名單...

就如同標題寫得,把 Google Chrome 的 JavaScript 關閉,然後開白名單,這樣的好處有不少:

  • 大幅增加載入的速度:即使用了 Ghostery,還是有不少 JavaScript 的程式被執行到。
  • 增加網站安全性:雖然 Google Chrome 的 sandbox 不算差,但完全不要跑 JavaScript 可以擋下很多安全性問題。
  • 對 anti-adblock 機制的抵抗力:意外的發現不少 anti-adblock 機制都是透過 JavaScript 偵測,而這個方法直接擋下來了。
  • 對 infinite-scrolling 機制的抵抗力:有不少新聞網站拉到最底端會自動讀取相關的新聞 (或是類似的機制),我其實很不喜歡這樣的機制... 直接省下來 XD

另外就是透過 Google Chrome 本身的同步機制,其實可以設一次所有機器都生效,不算太麻煩。沒意外的話應該會一直用下去...

Archives