Boing Boing 

New geeks welcome, thank you

At Forbes, Tara Tiger Brown's attack on "fake" geek girls —"Pretentious females who have labeled themselves as a “geek girl” figured out that guys will pay a lot of attention to them"—has gotten the response it deserves. Here's Leigh Alexander:

The author of the article takes great pains to establish her own authenticity and attack the authenticity of others, for... why again? Presumably she feels threatened, like her "geeky" pastimes should remain secret forts that everyone needs to know the password to get into. It's a weird, sad way for an adult to behave.

And here's Susana Polo:

Who are you to say that a stranger, someone you’re never likely to meet, is not genuinely interested in the thing they appear to be interested in? Who are you? I just… what? I’m rendered incoherent. ... [We] take it at face value. Why? Because we don’t actually have a reason not to. Because the alternative breeds a closed community of paranoid, elitist jerks who lash out at anyone new. The proper response to someone who says they like comics and has only read Scott Pilgrim is to recommend some more comics for them.

The blogtastic new Forbes, publishing exclusionary sneering from someone eager to establish their own credentials? You don't say. [via Metafilter]

Facebook passwords: many employers can snoop them, and don't need to ask

US senators are calling for action on employers' habit of demanding employees' Facebook passwords, but no one seems to notice that many companies configure their computers so that they can eavesdrop on your Facebook, bank, and webmail passwords, even when those passwords are "protected" by SSL. In my latest Guardian column, "Protecting your Facebook privacy at work isn't just about passwords," I talk about how our belief that property rights -- your employer's right to control the software load on the computer they bought for your use -- have come to trump privacy, human rights and basic decency.

Firms have legitimate (ish) reasons to install these certificates. Many firms treat the names of the machines on their internal networks as proprietary information (eg accounting.sydney.australia.company.com), but still want to use certificates to protect their users' connections to those machines. So rather than paying for certificates from one of the hundreds of certificate authorities trusted by default in our browsers – which would entail disclosing their servers' names – they use self-signed certificates to protect those connections.

But the presence of your employer's self-signed certificate in your computers' list of trusted certs means that your employer can (nearly) undetectably impersonate all the computers on the internet, tricking your browser into thinking that it has a secure connection to your bank, Facebook, or Gmail, all the while eavesdropping on your connection.

Many big firms use "lawful interception" appliances that monitor all employee communications, including logins to banks, health providers, family members, and other personal sites.

Protecting your Facebook privacy at work isn't just about passwords

Update: To everyone who says that your employer has the unlimited right to spy on your computer use because you're on company property, here's a paragraph from later in the piece:

Besides, there are plenty of contexts in which "company property" would not excuse this level of snooping. If you met your spouse on your lunchbreak to discuss a private medical matter in the break room or car park, you would probably expect that your employer wouldn't use a hidden microphone to listen in on the conversation – even though you were "on company property". Why should your employer get to snoop on your private webmail conversations with your spouse during your lunch-break?