cross-posted from: https://lemm.ee/post/56769139
cross-posted from: https://sopuli.xyz/post/23170564
The only thing that can stop a bad guy with access to my private phone data is a good guy with access to my private phone data. /s
Fuck me, that’s good
I’m stealing that
In the same vein, with my family I’ve been using the analogy of “Imagine that all law enforcement had a key to your home, and they could enter at any time and look through your things, but you wouldn’t even know it if they did, or if they took photos or recorded videos of your place to take with them. Their argument is that the only way to keep you and your stuff safe from the bad guys is for the good guys to have access. But because the good guys now have access, it’s also easier for the bad guys to get in, because now there’s all these extra keys to your home out there, which might fall into the hands of the bad guys.”
Not a perfect analogy, but it seems to make them consider the issue from a more personal angle. And for those that argue, “Well, I don’t have anything to hide.”, I usually counter with “Then why do you close your curtains/blinds when you change your clothes or get out of the shower?” With my dad who grew up during the World War II, it also helped to mention that a law like this, once on the books, will not be easy to overturn, and while he might be fine with our current regime having access to all his data, that might not be the case with future authorities.
Instead of extra keys, perhaps describe it as weaker locks. Would you consider the lock to which every cop had a key to be as strong and secure as a regular lock? And look at the USA for an instance of a new regime that can potentially use vast amounts of personal data to persecute and oppress anyone the fascists don’t like. Many people might have (naively) trusted the government with the surveillance Edward Snowden and others revealed, back when they did not perceive the US Government as an immediate threat to ordinary Americans. But the new regime quite clearly is ready to persecute and punish people for their political views, their race, their gender or their sexual orientation, and it now has all that data.
I’m not the person you’re replying to, but “weaker locks” feels like something you can make allowances for or work around. “Extra keys” feels like the Damoclean threat that it is.
It feels like the UK and France are in a competition to see who can steamroller their peoples’ rights the fastest.
Isn’t Sweden trying something stupid too?
Yup, they are trying to put a backdoor into signal, even though their military advised against it.
Isn’t that the CIA app?
A reminder that the people voting for these laws do not understand technology. They don’t get it. Yes, this law sucks, but even if it passes, I’d be really surprised if it was actually enforceable.
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say”
Snowden
TSA officers steal from passengers
This may seem unrelated but it gives a real life physical example on exactly why backdoors shouldn’t exist.
First off, fuck the NY post.
Secondly, no, it IS unrelated. An issue with the TSA is not an example of a backdoor. Both are bad things, but it ends there.
A law implementing a back door would be a far more ubiquitous concern than some one off sticky fingers in Florida.
Did the tsa use a backdoor to find out what people had in order to steal it? No. How tf is this dumb take supported.
The little red locks on luggage have a backdoor for the TSA, so yes, they literally used a backdoor to find out what people had and steal it. The reason I brought it up is because people sometimes have a hard time realizing the severity of something unless it’s grounded in the real physical world.
Also, chill the f out, man. Sheesh.
Red locks had nothing to do with that story. And they were caught and arrested. It is not related.
How do you think they open the bags?
You don’t need a tsa approved lock to open an unlocked bag. Nor a bag that is locked in any other fashion. Which is why this is a contrived connection.
Do you unlock your bags before pushing them through the scanner? I only do it if they ask me to and that only happens directly in front of me. But sure, let’s assume bags were fully unlocked and unattended, it’s still a case of representatives of a government organization (aka the good guys) with full access to a backdoor showing that they’re not to be trusted, which is the entire point I’m trying to make.
I don’t lock them to begin with. And I certainly wouldn’t purchase a tsa approved lock. Regardless, I was not subject to a law requiring that the non-tsa lock I was using to have a backdoor added. Which is why this is a bad comparison all around.
Its funny, I’m watching this show called Prime Target and basically the NSA is trying to prevent people from figuring out some sort of mathematical equation that would instantly break all encryption and talking about how it would be the end of the world as we know it.
Meanwhile the EU is forcing everyone to put in an express lane IRL.
I’m no cryptographer, so take this with a good heap of salt.
Basically, all encryption multiplies some big prime numbers to get the key. Computers are pretty slow at division and finding the right components used to create the key takes a long time, it’s basically trial and error at the moment.
If you had an algorithm to solve for prime numbers, you could break any current encryption scheme and obviously cause a lot of damage in the wrong hands.Basically, all encryption multiplies some big prime numbers to get the key
No, not all encryption. First of all there’s two main categories of encryption:
- asymmetrical
- symmetrical
The most widely used algorithms of asymmetrical encryption rely on the prime factorization problem or similar problems that are weak to quantum computers. So these ones will break. Symmetrical encryption will not break. I’m not saying all this to be a pedant; it’s actually significant for the safety of our current communications. Well-designed schemes like TLS and the Signal protocol use a combination of both types because they have complementary strengths and weaknesses. In very broad strokes:
- asymmetrical encryption is used to initiate the communication because it can verify the identity of the other party
- an algorithm that is safe against eavesdropping is used to generate a key for symmetric encryption
- the symmetric key is used to encrypt the payload and it is thrown away after communication is over
This is crucial because it means that even if someone is storing your messages today to decrypt them in the future with a quantum computer they are unlikely to succeed if a sufficiently strong symmetric key is used. They will decrypt the initial messages of the handshake, see the messages used to negotiate the symmetric key, but they won’t be able to derive the key because as we said, it’s safe against eavesdropping.
So a lot of today’s encrypted messages are safe. But in the future a quantum computer will be able to get the private key for the asymmetric encryption and perform a MitM attack or straight-up impersonate another entity. So we have to migrate to post-quantum algorithms before we get to that point.
For storage, only symmetric algorithms are used generally I believe, so that’s already safe as is, assuming as always the choice of a strong algorithm and sufficiently long key.
That’s a comment I was hoping for, thanks :)
