There are two ways of handling security vulnerabilities.
One is to try and find them before the “bad guys” do, then fix them.
The other is to do nothing and just hope the “bad guys” don’t find them (or have already found them and are already exploiting them)
saltnotsugar@lemmy.world
on 06 Mar 14:55
nextcollapse
My front door’s lock is broken. My strategy is to hope for the best.
HeyThisIsntTheYMCA@lemmy.world
on 06 Mar 22:44
collapse
i see you’ve met my SIL. everyone (but my wife and i) teases her husband for being jumpy, but their front door lock does not lock properly. I WONDER WHY HE’S JUMPY
TheOneCurly@feddit.online
on 07 Mar 12:50
collapse
There’s a third option. Find them and horde them as “weapons” but then sometimes get hacked and leak them all.
DebatableRaccoon@lemmy.ca
on 06 Mar 14:27
nextcollapse
The fact that governments are so hellbent on having backdoors to encrypted communications should be telling…
Its because they would rather be reactive rather than active. They would rather the ones be on an individual improve themselves with little to no outside assistance, then be punished if they dont. Not as a lesson to that individual, but to others.
Shockingly, it doesn’t really work very well.
DebatableRaccoon@lemmy.ca
on 06 Mar 20:57
collapse
Considering I remember the news hitting that the anti-terrorism task force knew about the Manchester attack at the Ariana Grande concert in advance and did nothing about it, that tracks.
chonglibloodsport@lemmy.world
on 06 Mar 23:30
collapse
DebatableRaccoon@lemmy.ca
on 07 Mar 07:20
collapse
Won’t catch me arguing.
Quacksalber@sh.itjust.works
on 06 Mar 14:50
nextcollapse
I get the feeling that privacy advocates like the German CCC or the EFF in the US need to get ahead of this chat control and age verification bullshit by implementing a privacy-first age verification system prototype. Something where you can identify yourself as adult that is both trustworthy and anonymous.
Because if they don’t, palantir will implement your age verification and harvest all your data.
Petter1@discuss.tchncs.de
on 06 Mar 15:38
nextcollapse
Or, like, add a feature to a browser where parents can force an “I am a Child” header in Calls…
Quacksalber@sh.itjust.works
on 06 Mar 16:17
collapse
That’d work too, although I’d implement it the other way around. Define a new http header that indicates what type of content the site you’re visiting is hosting and handle the content blocking client-side based on those headers.
Petter1@discuss.tchncs.de
on 07 Mar 15:29
collapse
👌🏻very elegant
TheLeadenSea@sh.itjust.works
on 06 Mar 17:24
nextcollapse
The point is that the internet shouldn’t be censored though, we shouldn’t be giving corporations or governments the keys to censor the internet based on any protected characteristics (one of which is age), even if it’s done in a ‘private’ manner. What comes next? Sexuality/gender verification? You can only view porn if you’re the opposite gender? Race verification?
raspberriesareyummy@lemmy.world
on 06 Mar 18:19
collapse
You mean like buying anonymous tokens in a supermarket that have an 18+ sales rule on them and you have to show your ID as when you buy booze?
It’s not like it isn’t trivial. It’s just that out government fucks want totalitarian control. Fuck them all with a rusty rebar.
That’s why I hate the “give the government a master key” metaphor for weakening encryption. You aren’t making a master key, you’re making every lock worse. The “master key” is just knowing how to exploit the giant flaw you’ve now created in every lock, and if that knowledge escapes every lock is now worthless.
Knocking “shave and a haircut” now opens every door, let’s hope nobody else figures that out! I know! we’ll lock that information inside this “shave and a haircut” safe!
zener_diode@feddit.org
on 06 Mar 16:08
nextcollapse
One thing I don’t like about the “master key” metaphor:
I do lockpicking as a hobby. And locks built for a master key are easier to pick, because you can open them with two keys. It seems kinda obvious when you think about it. (You gotta be careful when picking mastered locks though, the master wafers can fall into the keyway and permanently destroy the lock.)
Its like the old bank deposit zipper bags with the lock, turns out ( because its soft fabric ) you can just push the fabric through the zipper and balloon out the sides that have passed through the zip/lock, and dump out the contents.
DerisionConsulting@lemmy.ca
on 06 Mar 17:09
nextcollapse
The thumbnail almost looks like a new MTG card frame.
Just like laws and policies, you need to look at how bad things would be if it was used by bad actors, not just how it would work in a magic land where everyone is rational, moral, and just.
DarkDarkHouse@lemmy.sdf.org
on 07 Mar 07:37
collapse
Now I need a Klug alter
TheObviousSolution@lemmy.ca
on 06 Mar 18:23
nextcollapse
The US is a century of building softpower to be able to respond with “but you can trust us more than anyone else” that has been toppled by the current regime in less than a year. It’s the whole reason Edward Snowden was a big deal, now he wouldn’t even appear in the obituary section of a newspaper.
Chakravanti@monero.town
on 06 Mar 21:43
nextcollapse
You apparently didn’t see the NSA-CIA snitch in the TV show kill himself when the Newsroom passed printing the story that “Snowden” actually did say exactly the fucking same shit the next year.
Yup. TV Show. One year prior to Snowden. Said the same that Snowden said. Yup. Newsroom. Season 3. I just watched Pleasantville again too. Welcome to Arrakis!
WhiskyTangoFoxtrot@lemmy.world
on 06 Mar 23:20
collapse
threaded - newest
There are two ways of handling security vulnerabilities.
One is to try and find them before the “bad guys” do, then fix them. The other is to do nothing and just hope the “bad guys” don’t find them (or have already found them and are already exploiting them)
My front door’s lock is broken. My strategy is to hope for the best.
i see you’ve met my SIL. everyone (but my wife and i) teases her husband for being jumpy, but their front door lock does not lock properly. I WONDER WHY HE’S JUMPY
There’s a third option. Find them and horde them as “weapons” but then sometimes get hacked and leak them all.
The fact that governments are so hellbent on having backdoors to encrypted communications should be telling…
Its because they would rather be reactive rather than active. They would rather the ones be on an individual improve themselves with little to no outside assistance, then be punished if they dont. Not as a lesson to that individual, but to others.
Shockingly, it doesn’t really work very well.
Considering I remember the news hitting that the anti-terrorism task force knew about the Manchester attack at the Ariana Grande concert in advance and did nothing about it, that tracks.
That’s because they’re the baddies!
<img alt="" src="https://lemmy.world/pictrs/image/0c33b8f6-9338-44c5-b2c5-e277512edc78.jpeg">
Won’t catch me arguing.
I get the feeling that privacy advocates like the German CCC or the EFF in the US need to get ahead of this chat control and age verification bullshit by implementing a privacy-first age verification system prototype. Something where you can identify yourself as adult that is both trustworthy and anonymous.
Because if they don’t, palantir will implement your age verification and harvest all your data.
Or, like, add a feature to a browser where parents can force an “I am a Child” header in Calls…
That’d work too, although I’d implement it the other way around. Define a new http header that indicates what type of content the site you’re visiting is hosting and handle the content blocking client-side based on those headers.
👌🏻very elegant
The point is that the internet shouldn’t be censored though, we shouldn’t be giving corporations or governments the keys to censor the internet based on any protected characteristics (one of which is age), even if it’s done in a ‘private’ manner. What comes next? Sexuality/gender verification? You can only view porn if you’re the opposite gender? Race verification?
You mean like buying anonymous tokens in a supermarket that have an 18+ sales rule on them and you have to show your ID as when you buy booze? It’s not like it isn’t trivial. It’s just that out government fucks want totalitarian control. Fuck them all with a rusty rebar.
That’s why I hate the “give the government a master key” metaphor for weakening encryption. You aren’t making a master key, you’re making every lock worse. The “master key” is just knowing how to exploit the giant flaw you’ve now created in every lock, and if that knowledge escapes every lock is now worthless.
Knocking “shave and a haircut” now opens every door, let’s hope nobody else figures that out! I know! we’ll lock that information inside this “shave and a haircut” safe!
One thing I don’t like about the “master key” metaphor: I do lockpicking as a hobby. And locks built for a master key are easier to pick, because you can open them with two keys. It seems kinda obvious when you think about it. (You gotta be careful when picking mastered locks though, the master wafers can fall into the keyway and permanently destroy the lock.)
TSA luggage keys are a good counter example.
In theory, only you and airport security can open your case. In practice, you can pick them up off eBay for next to nothing.
Its like the old bank deposit zipper bags with the lock, turns out ( because its soft fabric ) you can just push the fabric through the zipper and balloon out the sides that have passed through the zip/lock, and dump out the contents.
The thumbnail almost looks like a new MTG card frame.
Just like laws and policies, you need to look at how bad things would be if it was used by bad actors, not just how it would work in a magic land where everyone is rational, moral, and just.
Now I need a Klug alter
The US is a century of building softpower to be able to respond with “but you can trust us more than anyone else” that has been toppled by the current regime in less than a year. It’s the whole reason Edward Snowden was a big deal, now he wouldn’t even appear in the obituary section of a newspaper.
You apparently didn’t see the NSA-CIA snitch in the TV show kill himself when the Newsroom passed printing the story that “Snowden” actually did say exactly the fucking same shit the next year.
Yup. TV Show. One year prior to Snowden. Said the same that Snowden said. Yup. Newsroom. Season 3. I just watched Pleasantville again too. Welcome to Arrakis!
It’s been toppling since George W. Bush.
Reagan
Ehhh it means you can warn people about it before bad people use it for bad things