Follow

public authorities "can secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison"... sounds like a nightmare but it is reality in the and eff.org/deeplinks/2018/12/new-

This is how it (should) work: In the case of Apple’s , would be compelled to silently add new devices to the list apps think you own: when someone sends you a message, it will no longer just go to, say, your , your , and your – it will go to those devices, and a new addition, a spying device owned by the government...

... With messaging systems like , the approach will be slightly different: your user interface will claim you’re in a one-on-one conversation, but behind the scenes, the company will be required to silently switch you into a group chat. Two of the people in the group chat will be you and your friend. The other will be invisible, and will be operated by the government.

bottom line: Don't trust the shiny advertising brochure which tells you about end-to-end encryption, security and privacy if you only get a black box at the end. Only , , and the ability to self host will be able to secure your privacy.

@bjoern Eh, the fun part is that under the Australian law anyone who runs a computer attached to the internet could count as a telecommunications provider. This means they can be directly served with an assistance notice and compelled to secrecy under threat of jail time no matter whether it's open source, proprietary or federated. The problem and its solution concern the legal situation and I'm not sure throwing shade on the big biz who currently happen to be on our side will help.

@tk But if it is my server, they have to come to me and ask me for a backdoor to spy on me. So at least I know 😉 It is not about "throwing shade on the big biz". Not only since today I'm convinced that Free Software, federation and the possibility to self-host are the pre-condition for freedom and privacy respecting tools.

@bjoern True, and reading it again you weren't really blaming the companies, so not a fair comment from me. Really I'm trying to push back gently against the idea that we can code our way out of all our problems. Self-hosting is a very effective response to untargeted mass surveillance... but for this kind of law, there's no real way to get around it with better software. It kinda sucks.

@bjoern While I mostly agree, this conclusion seems too simple for me. Maybe for some this is true, but for John Doe, it also (once again) will boil down to trusting people not to do "bad" things. For end users, this kind of technology *always* will remain a black box, just the way my car is a black box to me in most parts. Plus, we've seen more than enough security issues in example arising from self-hosted, poorly maintained PHP web CMS. In this case, I dare to say self-hosting is even ...

@bjoern ... more of a problem if the person hosting the infrastructure doesn't have sufficient skills or resources to actually keep the environment safe and maintained all the time. That's why I'd rather plead for #FLOSS, #OpenStandards - and *reliable*, trustworthy, transparently funded organizations (Wikimedia? FSFE? ...?) running such services for end-users in a professional yet privacy-aware way.

@z428 The problem, with this laws in place public authorities will demand this backdoors from this organizations as well. And they only have two options: comply or shut the service down. Both options will not give us sustainable freedom and privacy respecting tools.

@bjoern Maybe. I don't really argue against that. But that doesn't change much about the fact that John Doe is by no means able to operate an infrastructure such as #mastodon or an #XMPP server in a reliable, safe, stable way. And Jane Doe isn't able to verify whether the somewhat large #FLOSS package (just looking at how large a stock #NextCloud installation is) already might contain backdoors added by developers who have been "compromised". In this case, the only way out for ...

@bjoern ... arbitrary end users would be to not use digital means of communication at all. It would make this a privilege of the few again - just like it used to be before we saw Google, Facebook or WhatsApp rise.

@bjoern Plus, if talking about a legal dimension, we won't be able to solve this using even #federated tools. How should we? The "naive" default response: Social problems can't be solved with technology. The more complex response: If a public authority doesn't want to have certain things to happen, we will see other means to regulate this. Consider regulations of #netneutrality. Consider strong laws (such as #gdpr) that make custom individual hosting potentially dangerous/unsafe. Maybe ...

@bjoern ... some of the "technical" challenges for end-users could be solved by focussing on real peer-to-peer solutions (such as a social network or a messenger not relying upon centralized servers but rather on local apps / clients synchronizing with "each other"). But even such an approach could easily be blocked by legal means, at the lowest level by strictly regulating ISPs.

@bjoern @z428 my understand is that these laws will apply *everyone* creating digital technology, including volunteer developers working on #FreeCode projects. The only ways to fight this are a) civil disobedience - loudly refuse to put back doors in our apps and services and support each others' legal battlers, and b) campaign to get these sorts laws of laws declared unconstitutional, as violation of fundamental #HumanRights.

@strypey Yes, that's how I see things as well. It's a legal aspect. We need organizations such as the #EFF, the #FSF / #FSFE, #Mozilla and others to stand up and play the political playground. Technology won't save us here. Likewise, however, we need to make sure we focus on the most important things first (that's why, these days, I'm pretty often irritated to see people out here bashing #Mozilla or the #EFF to just be "whitewashing" for big IT giants --- divide and conquer again).
@bjoern

@z428 @bjoern yes, when I see people like #YashaLevine attacking the EFF in left-wing publications like the #Baffler, and claiming that tech corporation are the real threat to our privacy (which they can be), and governments are its saviours (which is so obviously bullshit), I get very suspicious:
thebaffler.com/salvos/all-effd

@strypey Yes, that's pretty much the article I was referring to.
@bjoern

@bjoern @z428 Would it be possible to build a system where compromising the user's privacy requires the *unanimous* cooperation of *all* (or most) of a group of multiple servers? And then host the servers in different jurisdictions, ideally ones that are hostile to each other.

@sonata @bjoern
@wim_v12e Yes, maybe these are good ideas. I don't really know whether these issues could be handled entirely technologically. Maybe a mixture of stronger cryptography, anonymizing network services and P2P networks *could* help around some of these. But in the end, I'm afraid there always will be easy-to-access weak points in these systems. ISPs. End-user facing operating systems. App stores. Browser manufacturers. 😐

@bjoern GPG, for all of its faults, is incapable of being used in this manner.

cyberpunk apocalypse Show more

cyberpunk apocalypse Show more

cyberpunk apocalypse Show more

cyberpunk apocalypse Show more

@Björn Schießle 🌍 🇪🇺 @Aral Balkan @Wu-Lee @Strypey (Quitter.se refugee)

I'm building crypto tools that I can't break.

Y'all can do what you want.




OT: I'd like to talk about one my friends for a minute. His name is Billy Bobkins.

'Do any of you have home alarm systems? Have you ever accidentally tripped the "tamper switch"?'
-- Billy Bobkins

@mike
> I'm building crypto tools that I can't break.

That's great, and I totally support people doing that. It's part of the solution. But what do you do when the Australian government charges you under anti-terrorism laws for refusing to back door the software you're developing with the territory they claim jurisdiction over? Technical solutions will no survive without political organizing to support them.
@bjoern @aral

BTW I've been in situations where folks that I worked with on activist tech projects were arrested in "anti-terrorism" laws raids, although not in relation to those projects (at least not directly ...). Our people were being held indefinitely while the Attorney-General decided whether they could be charged as terrorists or not.
nzonscreen.com/title/operation

It was fucking terrifying. None of knew if we might be next. Only some incredibly stubborn solidarity work got us through:
@mike @bjoern @aral

@mike @strypey @bjoern @aral

"I'm building crypto tools that I can't break."

I don't know the context here, but sounds like a case of Schneier's Law.

@bjoern

Please, PLEASE don't forget your cns. This stuff is a mental health minefield.

@Björn Schießle 🌍 🇪🇺 @Aral Balkan @Wu-Lee @Femmotional @Adam Bredenberg @Adrian Cochrane

Well since none of you have my back, I reckon I'm just stuffed for trying to fight this multi-headed monster myself.  That's OK. You're next. Then we'll all be in jail and encryption will be for outlaws. In the meantime I'll try and make some progress on my own because I really think this is important.

@mike @bjoern @aral Quite simply, I don't know how to fight it. As is I just get extremely frustrated by it.

@mike

@bjoern @aral

Sorry, who are you? And why are you coming for me as if I attacked you when I actually said something relatively mild?

I also appreciate how, considering I specifically referenced the mental health impact discussions like this can have, you just leant into it with the 'you're next' bullshit.

I'm well aware of the implications of this. I get to decide how I manage my own mental health, not you. Frankly, fuck you for this.

@mike

@bjoern @aral

All I said was 'hey, please use cns, as this subject is a mental health minefield.' not even talking TO you. I have no opinion on your work because I have neither the time, expertise nor spare personal resources to evaluate it. But if you think it's reasonable to drag me like this for literally nothing, that I'll take your passive aggression and harmful behaviour with a rictus grin and good grace here of all places... No.

@mike @bjoern Mike, I have no idea what you’re talking about. Why are we all added into this? AFAIK, we’re all working on this issue in our own ways.

Did I miss something?

@aral

We didn't uncritically fellate his every word, so even those of us with literally no clue who he is may as well have called his mother a harlot and his project pure charlatanry

mental health drama Show more

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!