The Idea Fountain
The Idea Fountain is a place where ideas are born! The The Idea Fountain rapidly SPEWS forth huge amounts of ideas!Saturday, April 15, 2006
The Difficulties With Encrypted Email
Also of great importance is the ability to digitally sign an encrypted message to assure not only the authenticity of the sender but that the message itself was not tampered with in transit. This Public Key encryption technique allows for non-repudiation- not being able to deny that the message did in fact come from its claimed source. Now of course, all signing and types of authentication techniques just mean that the person who sent the message had the keys to “look” like the real sender. This may be Biometric, physical, one time passcode generator, etc. The point being is that digital signatures give a MUCH better assurance that the message actually came from the claimed source but it is still not 100% guaranteed.
I will not go further into the cryptography explanation since there are SO many places that explain it better and much more thoroughly than I can. Use google or check out wikipedia for sources of encryption explanation.
Now down to the topic at hand… Encrypted email. Why hasn’t encrypted email really been used by the general public? There are numerous reasons that come to mind.
1) The general public my not be concerned with privacy issues beyond a certain point. The attitude, “well if you are not doing anything wrong in the first place” or “I would never send anything private over the internet anyway”, etc has gripped the general populace’s attitude for a very long time.
2) The complexity of encryption demands knowledge that is quite difficult to implement without a toolkit. Most email vendors have been busy with implantation of the used protocols to meet message transport standards, security vulnerabilities and general user features. Encryption has been low on the list of demands and that usually means that other requests are serviced first.
3) The lack of integration of encryption tools within email clients has left users not wanting to really spend the extra time and effort to exchange keys and encrypt/decrypt messages using an external application in conjunction with their e-mailers. This lack of integration and ease of use has put encryption out of grasp for most people.
4) Solutions such as PGP, require people to do key management (as simple as that may be) and that is somewhat undesirable to people. Other solutions such as S/MINE are equally as good except that the PKI infrastructure demands that a third party validate the integrity of the Certificate for the feeling of validity. This 3rd party has traditionally charged money for the Certificate or at the very least made it intrusive for people to obtain them. Can you imagine, they want MY NAME: FIRST AND LAST? Are you kidding me? One aspect of privacy is Anonymity… and they want my NAME??? That leaves only self signing Certificates or providers that don’t ask that information… which is none (not even CACert.org).
5) Expensive Encryption calculations make a heavy demand on a personal computers and email servers. Both are not very desirable.
6) When a user forgets their passphrase, all of his data stored on the server will become inaccessible forever to anyone.
What is changing that makes people wish to use encryption?
1) Ever since Identity Theft and Phishing attacks have left their mark very close to home, if not at home, for all of us. People are starting to be concerned that the government is beginning to use techniques that are too broad based and heavy handed in the name of protecting the public. The Government Dragnet may indeed snag, catch, entrap many innocent citizens or even worse that information can be used against citizens who challenge people in power. Also, people are have growing concerns about Heath Care/Insurance issues that certain personal information may preclude them from coverage.
2) Toolkits are now available to incorporate encryption engines into email clients and servers.
3) Integration of encryption tools within email is becoming more prevalent.
4) Some email providers such as CryptoMail, Hush Mail, and CryptoHeaven are offering Automatic storage of Keys for their members.
5) Advances in inexpensive processor technology and custom solutions such as SafeNet’s SafeXcel PCI cards are now available to make encryption a more obtainable reality.
6) By not using ONE encryption key to encrypt all your messages, you avoid this problem. A loss of one key only causes the partial loss of messages (those encrypted by the lost key).
With all these advancements, what’s still the hold up? Inertia. It takes some time for this technology to become understandable to the general public. Remember there was a time when only the techno savvy knew what gif, jpg, mp3, etc meant. Now people talk about codecs and the like as if it was second nature. With the injection of commodity hardware and appliances into the market place, people become more techno-savvy. As more of providers give easy to use encryption tools the more people will use them. Skype has proven this model and has taken the world by storm with an easy to use secure way of communication.
Now with ALL that said, there is STILL one major practical difficulty with the use of encrypted e-mail that prevents its acceptance universally. The fact that you can’t scan for viruses or spam until the email has been decrypted is a major deployment hurdle. To get though spam filters and virus checkers someone just needs to use your Public Key and send you a malicious package. This drawback puts the burden of checking for spam and for malicious payload completely on the email recipient, which is not a good thing.
Both of anti-spam and anti-virus scanning functions have qualities that scream for centralized management instead of the distributed individual workstation scanning approach. Most people don’t want to bother with, know about, or can afford all the tools needed for a safe network and computing environment. Anti-virus, Anti-Spam, Anti-spyware tools constantly need to be updated to be effective. There are free Virus Checkers such as AVG and free personal spam filters such as WndowWasher. But there is a deficiency of choices for Macintosh and Linux users. But again, the main point being is that end users need to install, maintain and learn how to use these tools for them to be effective. Part of the reason people are attracted to service providers such as AOL, EarthLink, etc. is that they give you some decent level of anti-spam, anti-virus, etc. facilities for free. If messages are encrypted that would decrease the chance of using those tools effectively or at all.
So how do you get around this difficult problem of not being able to scan encrypted payload? Well, scanning messages BEFORE they are encrypted and sent and then decrypted and scanned BEFORE they are delivered to the recipient is one solution. But that solution either requires tools installed on the emailing computers which need to be continuously upgraded and maintained OR the message encryption/decryption to be handled at the server. I am just going to discount the first solution since it is expensive and problematic for everyone concerned as mentioned above. The second proposition is interesting. If your email server keeps the keys for the Crypto and does all of the work for you, people will consider that not so secure. Your service provider could potentially snoop your email as well as anyone else that has access to the keys. This is where anonymity comes into play. If you can’t tie a “real name” to the email it does not really matter much. See “How do you make provider-based auto crypt and decrypt better?” for more ideas.
But the question is this… As a email user, do you care about the “privacy” of the majority of your messages more than the inconvenience of spam, viruses, and malware? Most messages are not really “worthy” of encryption and those that are, you should DEFINITELY use strong privately done encryption. BUT every message is worthy of obfuscation to deter the general hacker from snooping or seeing information if they break in to the email server (remember if you separate the keys from the messages it is MUCH harder to connect the two). This mentality is reminiscent of the driving force behind most security concepts… make it harder to get to you and the malicious people usually move on. Remember, when you and your buddy are attacked by a Bear… you don’t have to out run the bear, you just need to out run your buddy. Is this obfuscation technique worth the computational resources that it required to implement? Well, my personal feeling is that ANYTHING is better that unencrypted storage. The problem with EASE of use, is that people FORGET that this technique is not highly secure for highly sensitive content. Then when there is a compromise, the people are outraged- no surprise there.
Combine this technique with easy integrated encryption tools into the email tools and the email user has many options to draw on. Remember, the message content disclosure may only be of concern to the person on the “other end”. If Suzie and Jack are emailing each other, Suzie may not care if anyone at her ISP sees the messages, she just does not want her coworkers seeing it OR Jack may not care if anyone but his coworkers sees the mail. So Jack may just ask Suzie to (auto) encrypt messages to him so his circle of associates can’t see their correspondence. He doesn’t care if Heywood at Suzie’s ISP reads the message since it can never be connected to him BUT it can be connected to him if it is delivered to his job. How people feel about this truly just depends on the situation. All messages and traffic should be encrypted. It is more of a choice of what the content is and how much you don’t want anyone to see it.
All this talk about encryption and decryption problems with email payload validation and the related techniques… but I really think that the more focused solution that answers the question of sender validity is of greater importance. In otherwords, “Did the message REALLY come from the claimed source?” By focusing on Sender Validation techniques, other problems are reduced automatically. Sender Validation techniques such as Digital Signatures are REALLY important. The problems of phishing and spam are greatly reduced when you can trust that the people you know won’t intentionally send you spam (hmmmmm, well that’s another problem saved for later). Well at least you can be assured that the spoofers and the people you don’t know won’t be able to send you spam and harass you. This still does not address the virus problem created by “intelligent” email clients that blast messages away using the address book. Anti-virus tools and Web Client e-mailers take care of that issue. Message signing by Domain Holders (DomainKeys or Sender ID) and use of Sender Policy Framework (SPF) is a good start but that doesn’t stop people within a Domain from spamming but it does stop them from spoofing the message headers of people outside the spammer’s domain, which is VERY important. All Sender Validation techniques should be implemented so people have the best protection.
Another proposed solution to stop spam is White Listing. Unfortunately White Listing can be circumvented via spoofing. But coupling White Listing and Sender Validation together makes an almost UNBREAKABLE duo. Joining this duo with educating email recipients to NEVER give out their personal information is the real solution to spam and phishing problems. There is a problem with White Listing and that is the problem that people you know who are not on your White List have a difficult time contacting you in the first place. For “first contact” scenarios, some challenge/response techniques have been proposed such as Ham passwords. Unfortunately, only those who despise spam really ever implement techniques like this.
In summary, the difficulties with encrypted email are related to the inability to validate the potential malicious payload of messages. There are potential centralized solutions that depend on a person’s willingness to consider that their content is “protected well enough” for privacy concerns weighed against the concern of virus and spam threats. Through the use of Sender Validation techniques such as Domain Signing, Personal Digital Signatures and White Listing, reduction of the problems (spam, etc.) that face the majority of people is accomplished. For organizations with anti-malware tools installed on all systems, the malware check after the decryption phase, is an acceptable solution but for normal home users this approach is not viable. Until free tools are available on all platforms and integrated into all clients, the problem of after-the-fact malicious payload checking will plague the general populace.
As a side bar…
The problem with closed services such as CryptoMail, Hush Mail, CryptoHeaven may be a focus of another Blog entry soon. My biggest complaint is their inability of ensuring SOME level of encryption automatically even if one of the people sending OR receiving mail is NOT on the same encrypted mail network. It is true that Hushmail Express allows an Email Portal solution for people not in your email network… but it is far from optimal. Cryptomail has no solution to this problem- even if there are 2 unrelated Cryptomail networks, they don’t exchange keys with each other. I have to research CryptoHeaven further… there is little published about it on their website.
As a another side bar…
How do you make provider-based auto crypt and decrypt better?
Separate the Keys from the messages. Separate systems would require multiple system compromise. Separate the Keys from the Identity of the Key Holder and that increase the privacy of the recipient by creating anonymity. If the message IS compromised, the email recipient is better protected since the thief must have the Keys and even if they have those, they may not be able to associate the message to a specific person (that of course strongly depends on the message content.)
[Idea Fountain]
Devise a way to separate the storage of encrypted messages and the encryptions keys that are used to encrypt and decrypt them to prevent people who don't know your passphase to associate the two and thereby compromising the security of the messages and the anonymity of the recipient.
[Idea Fountain]
Devise a way to over come the White List “First Contact” Problem.
[Idea Fountain]
Devise a way to store the Public and Private Keys on a server so that they are available anywhere that connectivity is available and all the emailer needs to do is to remember their passphrase. CryptoMail and Hushmail have techniques using a java client as their emailer client.
More on this topic later…
Sunday, April 09, 2006
The Problems With Email
For some, email is a critical tool that has become an essential part of everyday communication. Like a cell phone, those who have one, find it very difficult to live without one. Could your business survive without a phone system? Unlikely. Could it function without web presence or without email? Possibly. But both of those technologies can potentially contribute so much recognition and revenue that it is unlikely that your business would choose not to implement them. There is no doubt small businesses such as gift shops or shoe repair shops might not gain much from either technology- some owners don't even wish to expand their business since they are already overwhelmed. Many businesses are not in that comfortable position and welcome all the solicitation they can get in order to make ends meet.
Of course you can live personally live without a phone, a web page or email, but would you want to? That really depends on your experience with the technology. Do you like receiving unsolicited phone calls? Very few people, if anyone, does. But there is a whole industry that was born doing just that- telemarketing. As soon as there was a postal service... there was mass mailing and junk mail (equivalent to spam). As soon as there was a phone system there was unsolicited and prank phone calls (equivalent to spam). As soon as there was email the same phenomenons occurred... but for some reason people have been affected by the abuse much more. Part of this is because it is not very costly to send electronic spam and another reason is the laws governing the electronic age are not keeping up with the rapid changes. Would you send money to someone if they sent you a piece of snail mail requesting money? Would you give out your credit card number or pin number to someone who sent you mail or telephoned you such a request? I should think not at the very least I hope you would have reservations about doing such. What is it about email that people lose their sense of judgment and fall victim to phishing scams?
This brings to light a very important aspect about unsolicited email, or spam as it is called. Not only is spam email annoying to get, it is very costly. Spam causes many problems for the whole email ecosystem. Email providers (ISP's, work, etc.) must take measures to deal with unsolicited email. They must buy more disk space, get more bandwidth, install faster computers, install and maintain anti-spam and anti-virus tools, deal with downtime caused by email viruses, deal with decreased worker productivity, the list goes on. Billions of dollars are spent combating these issues. It is difficult enough to deal with the fact that “trusted” people send virus riddled spam when they unknowingly are infected with viruses. New industries have been born to deal with these problems.
We have noted two major problems facing email systems- spam and phishing. There are others to mention as well: privacy issues; the fact that email is considered a trusted path into your organization, home, your computer, your life; no way to track who has given out your email address to others; email is not a simple concept anymore- you need filters and checkers and anti-exploitation education etc.; can be costly to you if your network, system, or private information is compromised; a single place at which to be located (you think that usually is a good thing).
To address these issues, many approaches have been suggested and implemented. For spam, there are filters based on rule sets and statistical heuristics. For viruses and Trojan horses there are anti virus tools that scan for finger prints or signatures left by the viruses. Phishing messages may be considered spam and can be dealt with as such, but truly, education is one of the only ways to stop phishing expeditions, the other is not to receive them at all.
One major problem with spam and malware (viruses, worms, and Trojan horses) is that they are continuing to be changed and modified to get around the current utilized defenses. This no doubt indicates a strong offensive posture by people against our information infrastructure. 90,000+ known viruses for Windows machines alone? Spammers are continuing to evolve their methods to get around filters by creating messages that score well with the statistical trackers or by misspelling words just enough to make them still readable or by creating in-line picture emails of the spam. It is obvious that we are being worked against. One must continue to update your virus definitions and update your spam filters. Some people even resort to changing their email addresses and abandoning their mailboxes- a total space waster for email providers. Let's face it- we are up against information terrorists who try to harass, extort, and damage our lives using the tools that we enjoy using, such as the phone, email, our web browser, etc.
How do we reduce the negative effects of spam, phishing, malware, the problem of a single place at which to be located, privacy issues, tracking who has or has given out your email address, the trusted path problem, the problem of complexity, the problem of expense and the issues of cost and inconvenience if you or your computer equipment is compromised.
Summary of Email Problems and Solutions
Spam and Phishing email and malware. What you don't get wont hurt you.
Single point of contact. You would think that the old tactical concept of make only one way in and guard it as best as you can. But keep in mind the old adage- don't keep all your eggs in one basket. The single point of contact soon becomes a single point of compromise. This point also has many privacy concerns that are related to it. If you can still collect email in one location but not have a single email address, you can eliminate the single point of compromise.
Privacy issues. Many people associate their identity to their email address. This is not necessarily a bad thing because you need to communicate to your bank, your business partners etc. But with a single point for notification together with "the weight" of your emailbox, it makes you tend to want to keep your email address and not change it even when it is compromised. You correctly feel that the contents of your emailbox are very hard to abandon. And when you wish to sever relations or communications with a contact, things can become difficult. Even if a person can't contact you since you block them, they can still spread your email address around and cause great volumes of email to reach you or they can slander you or impersonate you etc. Email must have a level of anonymity to it in order to address privacy issues.
Tracking who has or has given out your email address. The privacy issue can very easily lead to this weakness in email. How do you know who has your email address? Can you even remember half of the people you have given your email address out to? The answer is most people have no idea for both questions. Why is this an issue? Well it relates to lowering your profile on the Internet. The more people that know your address the more people will try to send messages to you. If you knew a company was selling your information, would you continue to do business with them? A businesses privacy policy can say anything it wants. Unless there is a legal challenge against a company for violating a Privacy Policy they could continue to sell your information. If there is no hard punishment to them, what do they really have to lose? The company can pack it up and start a new one and do it all over again. If you can track who uses your email you can choose to not communicate with them.
The trusted path problem. In order to get information into your organization, you need to let information in. Sounds reasonable. This problem is multifaceted and therefore traditionally requires a dual-pronged approach to address. First, it must be determined what is valid, non-harmful information. Second, the path and email addresses should not be “trusted”. To solve this harmful information issue, anti-virus scanners are put in place to check attachments. This requires updates by the email administrators and teams of researchers to keep this information up to date (paid for by maintenance costs). To solve the trust issue requires sender validation techniques. This could be done a multitude of ways but Digital Signatures are the most reliable way but at an expense. One issue with Digital Signatures that is subtle is that if you automatically sign the messages without a manual pin number requirement, a virus can automatically sign the messages. The pin entry requirement, prevents a virus from sending out scores of emails as a valid sender since it does not know the pin. Of course, a virus could perhaps Snoop for such a pin perhaps. The second way to solve this issue is to NOT have the email residing “within' your organization. For a business or government agency, this option has too many drawbacks to even be considered seriously, but for as a personal email solution, it seems quite appropriate. If you can provide a way to give effective Sender Validation and Validate the attachment payload, you can allow the message into your organization, with caution.
The problem of complexity. If a system is too complex to use, most people won't bother using it. This problem is only solved by efficient Interface and operation Design and email user education.
The problem of expense. If a system is too expense, it is unattainable. Those that have a system in place, the continued cost increases makes the email system become a burden to use and maintain. A recommendation may be to use Open Source/Free solutions. There are many options out there, such as AMaViS, AVG, Spam-Assassin, etc. For individuals, there are a slew of email providers out there but none of them solve all the problems outlined in this paper.
The issues of cost and inconvenience if you or your computer equipment is compromised. The only true solutions to this problem are: make sure your systems don't get compromised (very hard thing to do), try to prevent the spread of compromise when it does happen (anti-virus software helps tremendously), and have good backups of your data and a plan in place for rapid recovery. All of these concepts are beyond the scope of this blog entry.
What is the Best Approach?
One of the best defenses is not to be there. You must increase your defensive posture by lowering your profile, shielding yourself, reducing your visibility and keeping the target moving. It is much harder to hit a small moving camouflaged target. That is what needs to be done in the email world.
[Idea Fountain]
Devise an elegant way to collect and manage email in one location but not have a single email address, you can eliminate the single point of compromise.
Saturday, April 08, 2006
Privacy, Information, and Harassment
Out of the computer and Internet has been born and grown some great industries and technologies. Unfortunately, there has been born, grown and distilled some very nasty and ugly ones as well. It is bad enough there are people that do things that are known to be illegal but there are others who split hairs and do things that are borderline illegal or “should be illegal”. This leads to those people taking advantage or exploiting the fact that it takes time to overload the human patience factor and then add to that the time it takes to get the slow legal process into motion to address these new problems. How many times have you heard it said, “The legal system is trying to keep up with the fast moving internet issues and problems.”? Unfortunately, the irritation factor and bad stories of true exploitation, leads to nonsensical, confusing, and irregular enforcement set of laws as well as people WILLINGLY giving up their liberties and freedoms with the bad attitude driven justification of, “Well I’d rather not have this __freedom, liberty, right, benefit, etc.___ than to go through ___exploitation, harassment, terrorism, etc.___.”
For example, online commerce is a huge economic phenomenon that has shown its tremendous benefit to the world. But out of online commerce has come rampant information selling or disclosure of private information. The harvesting of personal information and associating it to demographic profiling has become an industry unto itself. Add to that the government’s desire to put all your information into a centralized database, give us National ID’s by which all transactions can be tracked. Then add to that the “self/non” regulated Credit Bureau, the “Freedom of Information Act” (a good thing), the “electronification” of “matters of public record”, and well, there you have it… no anonymity and no privacy.
How many times have you heard someone say in that grating whiny voice, “Well, if you’re not doing anything wrong, you shouldn’t worry about it.”? Uh huh… right. Why should my private information be collected, cataloged, sold and used against me? Why should people’s medical records be harvested by the Insurance industry? Do you think that it is fair that a person with a medical ailment to be victimized? You might try and coldly justify in that same whiny voice, “Well it’s there fault to begin with… if they didn’t _________...”. Didn’t what? Be born? Get sick? Get hit by a car? Have an accident? What? Tell me there has never been a person who has been ravaged by an ailment that wasn’t denied a medical claim or has been discontinued from their insurance. You can be buried with a mountain a legal and administrative paperwork from just such incidents!! Do you think that you won’t be exploited, denied, prejudiced against, etc.? If you said no, are you kidding me?
Think about this… if you happen to look like someone else and you are targeted by a facial recognition engine and a law enforcement agency stops you, questions you, and possibly ARRESTS you based solely on that information, then what? At the VERY LEAST you are out a bunch of time and effort to prove your innocence. You did nothing wrong… you just happened to look like someone or at least some heuristic algorithm thought you did. You didn’t do anything wrong- but now you’re worrying. Just say you are wrongly accused by facial recognition and issues of identity theft… and they law enforcement agency is 100% in the wrong, what do you do? (By the way, this actually happened to a close friend of mine.) SUE THE GOVERNMENT? First of all, that may take forever! Second who are you really suing? TAX PAYERS! That’s just as bad as Credit Card Fraudulence causing you, a good credit holder, to pay higher interest rates! Unfortunately, suing is really is the responsible thing to do since it will draw attention to this sort of problem and hopefully there will be some action taken to prevent this problem from occurring again. If you are worried about tax payer’s money being taken for YOUR benefit, don’t sue for personal damages just for legal cost- that at least reduces the out of tax payer’s pocket cost.
So the next time you hear someone whine that phrase, “Well, if you’re not doing anything wrong…” slap them with all these little ditties. There are a whole deal more of examples about people not doing anything wrong and being victimized.
Forget the fact that it is REQUIRED the “good” guys NEED LAWS TO PREVENT THEM FROM EXPLOITING YOU, there are bad people out there and you know it.
Protecting your information from Information Exploitation
There are many websites and information packets about techniques used to protect your privacy and your information as well as many detailing how to protect against identity theft, so I won’t cover that here- at least right now.
Back to information collecting… Once information is made readily available, then it lends itself to be exploited and misused. There IS NO QUESTION ABOUT THIS POINT. That statement is 100% true! There is nothing you can do to change the fact that your information is out there and you WILL be exploited… by the “good guys” as well as the “bad” guys. There is no doubt that we need to pass laws or take action to dissuade exploitation from happening and to punish those who exploit you. But I have always been an advocate of preventative measures- Stop the Madness! (as Susan Powder says!) Stop the problem before it gets out of hand. Nip the problem in the bud. A stitch in time saves nine. If you educate yourself about the potential problems and risks that can affect you, take measures to protect yourself, reduce your exposure, and quickly take actions when there are problems, you can reduce the effects problems have on you. Be Proactive, not Reactive! Assume an aggressive posture against problems.
Just imagine, no more than 10 years ago, the term “Privacy Policy” was not well known or even common in use! Now it is common place to see companies have a printed or internet page dedicated to their privacy policy. MOST people always thought that their information was private when you gave it to a company, at the very least they thought, the companies approach would be OPT-IN process to any sort of information disclosure policy.
Information selling is nothing new. Granted, there has been “junk mail” (“snail mail’s” Spam equivalent) for a long time, so people knew their name address were being sold. Then there are the unsolicited calls on the telephone…the Spam equivalent for phones. There had to be a law created to PREVENT solicitors from harassing you on the phone and you have to, surprisingly enough, OPT-IN to not be harassed! How strange is that! Now almost every website you go to there is some sort of “Privacy Policy” to check out. It becomes too much to read and keep track of… information overload!
If there isn’t already an organization that does this, there should be- An organization that collects and rates privacy policies. Website certifications (such as a cool logo) and a central area for looking up company websites and their ratings. [IDEA FOUNTAIN]
There are companies that profit in SELLING VERY PRIVATE (at least you think it is private!) information. Your credit information, your cell phone bills, your legal information, everywhere you lived worked etc! And these companies begin operation and continue to until they are forced to shut down. But by that time, the damage to people lives is done!
There is no doubt that new technologies and techniques need to be developed to address privacy issues. But remember that motto, Be Proactive, Not Reactive? Use it! I am a big fan of the word mantra. From wikipedia, ‘The Sanskrit word mantra consists of the root man- "to think" (also in manas "mind") and the suffix -tra meaning, tool, hence a literal translation would be "instrument of thought".’ [http://en.wikipedia.org/wiki/Mantra]
A “thinking tool” or an “instrument of thought”… I really like that!!! We must create new tools and techniques to allow the recapture of our personal information and to protect ourselves against unscrupulous people. More importantly, we must change they way we do business, the people with whom we do business, and take a long hard look at ethics, we must take a different approach to issues.
While it is a generally a good idea to be intolerant of intolerance, you should ALWAYS stand up and fight for your rights. Being intolerant of people who exploit others is NOT a bad thing. Should you change because the world is changing and there are people who are out there who want to hurt you? Yes, of course. How much is up to you. There are many people who still don’t even lock their house when the leave… is that a good idea? I personally don’t think so- why take an unnecessary risk especially when it takes nothing to avoid the problem? How long does it take to lock your house? Should you get a security system and take things further… that depends on the situation- your particular situation, which you may know better than anyone. Again it is up to you. Should you change because there are bad people? You should definitely take measures to protect yourself, your rights and your liberties against ANYONE who wishes to take them from you, FOR ANY REASON!
[IDEA FOUNTAIN]
[IDEA FOUNTAIN]
The Idea Fountain
The Idea Fountain is a place that where ideas are born!
It is said that "Necessity is the Mother of Invention." Well let's face it, there are so many problems in the world that we will never run out of the need to solve problems. We must create Idea Fountains to create places to solve problems. Not having a place to solve problems is like not having a workshop in which to create, it is like not having a canvas to paint on or a paper to write on (or Blog to post to!) But a workshop without tools is not very useful. A Canvas without paint and a brush to create with is just a blank space that takes up space. Without a medium to communicate and the tools to create, solving problems is much more difficult. In this Blog, issues will be presented and ideas born. People's comments will be used to further discussion and hopefully even dedicated websites will be set up to take the idea born here though to completion.
Solving Problems
At the very least, solving problems takes: Identification of a Problem, A forum to explain the issues with a problem, Ideas to be generated to address and solve the problem, A forum and open attitude to insure that the solutions actually work, don't create new problems or make the problem worse, and much dedication to staying on course no matter how hard the problem is to solve.
Credits
Thank You Google for blogspot. Many thanks to my parents, for without them I would not be possible.
