this post was submitted on 04 Dec 2024
628 points (99.4% liked)

Technology

60038 readers
2862 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] phoneymouse@lemmy.world 230 points 2 weeks ago (3 children)

The US Govt 5 years ago: e2e encryption is for terrorists. The govt should have backdoors.

The US Govt now: Oh fuck, our back door got breached, everyone quick use e2e encryption asap!

[–] Agent641@lemmy.world 78 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

The Australian government tried to straight up ban encryption some years ago.

[–] dan@upvote.au 46 points 2 weeks ago (3 children)

I laughed so much at that. Encryption is literally just long complicated numbers combined with other long complicated numbers using mathematical formulae. You can't ban maths.

If I remember correctly, there's also a law in Australia where they can force tech companies to introduce backdoors in their systems and encryption algorithms, and the company must not tell anyone about it. AFAIK they haven't tried to actually use that power yet, but it made the (already relatively stagnant) tech market in Australia even worse. Working in tech is the main reason I left Australia for the USA - there's just so many more opportunities and significantly higher paying jobs for software developers in Silicon Valley.

[–] cupcakezealot@lemmy.blahaj.zone 14 points 2 weeks ago (1 children)

You can’t ban maths.

tell me about it; it tried that against my teacher in middle school

load more comments (1 replies)
load more comments (2 replies)
[–] theherk@lemmy.world 23 points 2 weeks ago (1 children)

Different parts of the government. Both existed then and now. There has for a long time been a substantial portion of the government, especially defense and intelligence, that rely on encrypted comms and storage.

[–] jlh@lemmy.jlh.name 15 points 2 weeks ago (1 children)

FBI has definitely always been anti-encryption

[–] elucubra@sopuli.xyz 18 points 2 weeks ago (4 children)

I have never understood why electronic communications are not protected as physical mail

load more comments (4 replies)

More like 23 years ago when the Patriot Act was signed, and every time it has been re-authorized/renamed since. Every President since Bush Jr. is complicit, and I'm getting most of them in the previous 70-ish years (or more) wish they could've had that bill as well.

[–] Maeve@kbin.earth 180 points 2 weeks ago (1 children)

Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who'd have thunk it? 🤦

load more comments (1 replies)
[–] circuitfarmer@lemmy.sdf.org 115 points 2 weeks ago (6 children)

It's probably also good practice to assume that not all encrypted apps are created equal, too. Google's RCS messaging, for example, says "end-to-end encrypted", which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.

Start assuming every corporation is evil. At worst you lose some time getting educated on options.

[–] mosiacmango@lemm.ee 33 points 2 weeks ago (20 children)

End to end is end to end. Its either "the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them" or it's not.

Signal is a more trustworthy org, but google isn't going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.

[–] EvilBit@lemmy.world 51 points 2 weeks ago* (last edited 2 weeks ago) (18 children)

google isn't going to fuck around with this service to make money

Your honor, I would like to submit Exhibit A, Google Chrome “Enhanced Privacy”.

https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should

Google will absolutely fuck with anything that makes them money.

[–] circuitfarmer@lemmy.sdf.org 27 points 2 weeks ago (1 children)

This. Distrust in corporations is healthy regardless of what they claim.

load more comments (1 replies)
load more comments (17 replies)
[–] zergtoshi@lemmy.world 18 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

Signal doesn't harvest, use, sell meta data, Google may do that.
E2E encryption doesn't protect from that.
Signal is orders of magnitude more trustworthy than Google in that regard.

load more comments (3 replies)
[–] sem@lemmy.blahaj.zone 17 points 2 weeks ago (10 children)

It could be end to end encrypted and safe on the network, but if Google is in charge of the device, what's to say they're not reading the message after it's unencrypted? To be fair this would compromise signal or any other app on Android as well

load more comments (10 replies)
load more comments (17 replies)
load more comments (5 replies)
[–] blockheadjt@sh.itjust.works 85 points 2 weeks ago (6 children)
[–] zergtoshi@lemmy.world 22 points 2 weeks ago* (last edited 2 weeks ago)

Yes, like Signal!
Which does not only use end-to-end encryption for communication, but protects meta data as well:

Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.

Source: https://signal.org/blog/signal-is-expensive/

I haven't verified that claim investigating the source code, but I'm positive others have.

load more comments (5 replies)
[–] cupcakezealot@lemmy.blahaj.zone 83 points 2 weeks ago* (last edited 2 weeks ago) (37 children)

until the republicans ban them so they can find queer kids and pregnant people getting healthcare and people reading books

[–] daniskarma@lemmy.dbzer0.com 17 points 2 weeks ago (5 children)

A good advice: start learning how to self host, specially a matrix instance.

load more comments (5 replies)
load more comments (36 replies)
[–] Lost_My_Mind@lemmy.world 66 points 2 weeks ago

Everybodies aunt at thanksgiving:

"I should be fine. I only trust the facebook with my information. Oh, did I tell you? We have 33 more cousins we didn't know about. I found out on 23andme.com. All of them want to borrow money."

[–] obinice@lemmy.world 59 points 2 weeks ago (3 children)

Real encrypted apps, ...or just the ones their own government can use to spy on them?

[–] Agent641@lemmy.world 23 points 2 weeks ago

In the voice of Nelson Muntz: "Nobody spies on our citizens but us!"

load more comments (2 replies)
[–] walden@sub.wetshaving.social 51 points 2 weeks ago (3 children)

Sounds bad I guess, but the USA has been spying on us for a long time now. Is the bad part that it's China?

[–] TropicalDingdong@lemmy.world 54 points 2 weeks ago (2 children)

Bets on this being directly related to back doors that US spy agencies demand be installed?

[–] treadful@lemmy.zip 37 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

RTFA

The third has been systems that telecommunications companies use in compliance with the Commission on Accreditation for Law Enforcement Agencies (CALEA), which allows law enforcement and intelligence agencies with court orders to track individuals’ communications. CALEA systems can include classified court orders from the Foreign Intelligence Surveillance Court, which processes some U.S. intelligence court orders.

[–] Kbobabob@lemmy.world 16 points 2 weeks ago

So, bet won?

load more comments (1 replies)
[–] mox@lemmy.sdf.org 35 points 2 weeks ago

When a whole nation's communications are intercepted by another entity, yes, the bad part is that it's another nation. Especially an adversarial one.

This is not about individuals' personal privacy. It's about things that happen at a much larger scale. For example, leverage for political influence, or leaking of sensitive info that sometimes finds its way into unsecured channels. Mass surveillance is powerful.

load more comments (1 replies)
[–] iknowitwheniseeit@lemmynsfw.com 48 points 2 weeks ago (2 children)

From RFC 2804:

  • The IETF believes that adding a requirement for wiretapping will make affected protocol designs considerably more complex. Experience has shown that complexity almost inevitably jeopardizes the security of communications even when it is not being tapped by any legal means; there are also obvious risks raised by having to protect the access to the wiretap. This is in conflict with the goal of freedom from security loopholes.

https://datatracker.ietf.org/doc/rfc2804/

This was written in 2000 in response to US government requests to add backdoors to voice-over-IP (VoIP) standards.

It was recognized 25 years ago that having tapping capabilities is fundamentally insecure.

[–] sugar_in_your_tea@sh.itjust.works 12 points 2 weeks ago (1 children)

You don't need technical knowledge to see the problem.

If you live in an apartment and your landlord has a master key, then all an attacker needs to do is get that master key. In an apartment complex, maybe that's okay because who's going to break in to the landlord's office? But on the internet, tons of people are trying to break in every day, and eventually someone will get the key.

Even for the landlord, I'd rather them have a copy of my key than a master key, because that way they'd need to steal my key specifically.

load more comments (1 replies)
load more comments (1 replies)
[–] mox@lemmy.sdf.org 39 points 2 weeks ago (1 children)

End-to-end encryption is indispensable. Our legislators (no matter where we live) need to be made to understand this next time they try to outlaw it.

[–] Semi_Hemi_Demigod@lemmy.world 19 points 2 weeks ago (3 children)

“So it’s like a filter on the tubes?” - Our legislators

[–] pdxfed@lemmy.world 14 points 2 weeks ago (1 children)

"you wouldn't put a dump truck full of movies on a snowy road without chains on the tires would you?"

load more comments (1 replies)
load more comments (2 replies)
[–] KingThrillgore@lemmy.ml 38 points 2 weeks ago

On January 20th: The cyberattack is coming from inside the house!

Dumbfuck and his cronies now have access to PRISM and ECHELON. Again.

[–] SocialMediaRefugee@lemmy.world 33 points 2 weeks ago (2 children)

I use a one time pad with all of my contacts. I ask them to eat or burn each page when they are used up.

[–] overload@sopuli.xyz 14 points 2 weeks ago* (last edited 2 weeks ago) (5 children)

I go one further and also use public/private key pairs that my acquaintances must use to decrypt the scrambled letters I mail them.

load more comments (5 replies)
load more comments (1 replies)
[–] A_A@lemmy.world 21 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

What i read [and corrected] from the article :

"The hacking ~~campaign~~ [group], nicknamed [ by Microsoft ] Salt Typhoon ~~by Microsoft~~,
[ this actual campaign of attacks ] is one of the largest intelligence compromises in U.S. history, and not yet fully remediated. Officials in a press call Tuesday [ 2024-12-3 ] refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had previously told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers."

load more comments (2 replies)
[–] pineapplelover@lemm.ee 15 points 2 weeks ago (1 children)

The same people who want to get rid of encryption

load more comments (1 replies)
[–] 2pt_perversion@lemmy.world 14 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Hear me out, maybe we should update pots and sms to have optional end-to-end encryption for modern implementations as well...Optional as backwards compatible and clearly shown as unencrypted when used that way to be clear.

load more comments (2 replies)
[–] treadful@lemmy.zip 14 points 2 weeks ago (1 children)

Guess that confirms that E2EE is effective against these backdoors.

load more comments (1 replies)
[–] futatorius@lemm.ee 13 points 2 weeks ago* (last edited 2 weeks ago)

There's been a lot of good research done lately on how to achieve trusted communication on untrusted platforms and over untrusted channels. Encryption is a big part of that.

And there are a number of scenarios where the ISP creates a hostile environment without having been compromised by an external actor. A malicious government, for example, or an ISP wanting to exploit customer communications for commercial reasons.

load more comments
view more: next ›