An unsecured network doesn’t help an attacker gain your TOTP and password unless you’re using a website without HTTPS or that otherwise messes up by putting the credentials as query parameters.
The most an attacker might be able to view is the addresses of the sites you are connecting to.
> The most an attacker might be able to view is the addresses of the sites you are connecting to.
With TLS 1.2 or earlier the attacker can almost certainly discern the real DNS name of the site you're connecting to, in TLS 1.3 this is merely likely (and ECH might some day largely eliminate this risk) but not certain depending on how you connect.
In practice your client hates wasting bandwidth and so precise size measurements are also surprisingly effective. If six people who I'm snooping watch movies from the Fast & Furious franchise on a streaming service and one watches "The Imitation Game" I can tell them apart with more or less 100% reliability. If they all read Wikipedia, six looking at stuff about dinosaurs and one reading about the Senate Intelligence Committee report on CIA torture, I can tell again.
Clients (e.g. your web browser) could do more to hamper this, but they do almost nothing. For example, suppose I'm sending an encrypted HTTP request with some data in it, and it'll fit easily into 4 Ethernet packets. I could pad that last packet so it's always full, and have the decryption step remove that padding for free but clients don't bother, so a bad guy can measure how long my data is to within maybe 16 bytes.
Yes, you're correct. An unsecured network is not enough. A honeypot wifi that the attacker controls would work, though, because they could just perform a MITM attack and thus decrypt your TLS traffic.
They will be able to view the public certificate but will not be able to sign or decrypt anything because they do not have the corresponding private key, which is never sent over the wire.
HTTPS protects against MITM attacks.
When the owner of the domain originally obtained a certificate, the obtained signed attestation from a trusted provider that they were able to field requests to that domain. Those requests can come from anywhere and are not possible to MITM. This attestation pertains to a public key/private key pair.
Free time isn’t zero sum. An accountant and a plumber can create free time by trading services. If it would take a plumber five hours to file his taxes, he could instead fix the tax accountant’s sink in one hour in exchange for the tax accountant filing his taxes. Assuming the tax accountant can do so in one hour and would have taken five hours to fix his own sink, both profit by reclaiming four hours of time.
^ I don't think professional plumbers and accountants exchange services in kind for a living, last time I checked people use this thing called currency.
and this makes the zero sum, since the money plumber pays accountant, is the money he cannot spend on other things like groceries and vise versa.
It is not positive sum, in competitive market it is basically exchanging services, and each party has to agree on mutual value of services being exchanged otherwise no trade.
Accountant values his labor as 100/hr and plumber values his services as 100/hr and they simply exchanche services.
Because the price paid is somewhat less than the value derived. You might have been willing to pay him $110 and he might have been willing to walk away with $90. But regardless of whether you settle on a rate of $90 or $110 or split the difference at $100, a $20 positive sum is created.
You mention competitive markets, where surplus is reduced or almost eliminated. But most markets do not reach such a late stage level of optimization.
Maybe if you don't leave a paper trail. If you use a written medium to communicate failure, there is a good chance that will be exposed during discovery in a lawsuit, and now the plaintiffs can show that not only was there a problem, but that employees were aware of the problem and did not fix it.
The news article practically writes itself. "Despite repeated claims that all ice had been cleared, internal documents show multiple employees were aware that only 99% had been cleared. These emails show considerable concern about the remaining 1% of ice, but no further action was ever taken by the company to rectify the dangerous situation."
> Of course, without any treatment at all, the pain would also have gone away after a few days.
And if you struggle for years with chronic back problems and doctors don't really have an answer except to prescribe addictive painkillers and then you see a chiro and everything is cleared up in a couple days?
Telling me that's a coincidence is just gaslighting.
Sorry, I have no clue what confluence of political/cultural forces have led to the inability of science to figure out how/why this stuff works.
Scientific studies have shown that the placebo effect is very real. You may think that a placebo could never help with your back pain, but I see no reason why a random person on the internet should be immune to the placebo effect.
There's an imprecision here, but that doesn't break the proof. Note that from step 6 on, all it needs to show is "if P and Q are any members of G, then they have the same age". If P = Q, this is trivial, so we really only need to consider the P ≠ Q. This probably should have been stated, though.
Even a perfectly inelastic (vertical) demand curve still intersects the supply curve at some price.
In other words, even if I would pay infinite dollars for a widget, I would still purchase from the cheapest supplier.