• 0 Posts
  • 116 Comments
Joined 2 years ago
cake
Cake day: June 14th, 2023

help-circle
rss





  • Personally I find the complete opposite, I’ve !selfhosted@lemmy.world everything I can with open source services, to keep control of my personal data but access it from anywhere. I know where all my critical data is and I know nobody is selling it out behind the scenes.

    On my local machine, I have no concerns about running proprietary software because I can easily sandbox it and make sure it’s not going to touch anything it’s not supposed to or phone home with things I don’t want it to. Running shit like discord doesn’t really bother me because I’ve got it sandboxed away from anything valuable.

    I suppose the reason we’ve probably had such different experiences is I suspect we have different strategies for where to keep our most precious “crown jewels”. For me, I want everything on SAAS, but because I’m putting my most valuable data there it has to be MY SAAS and thus open-source and heavily secured. I suspect you on the other hand probably minimize your data’s exposure to SAAS providers which you view as potentially suspect, and keep everything valuable strictly local if you possibly can. I don’t think one way is necessarily better than the other, and I’ve definitely made my choice, but this would explain our different perspectives at least.








  • If you don’t have a government that can be held accountable to some level of trust, then what you have isn’t a government it’s tyranny.

    The state has no idea where an umarried person lies on the spectrum from aromantic-asexual to bouncing from orgy to orgy on a daily basis. They don’t know if someone is into BDSM, roleplay, doing it outdoors or threesomes. They also rarely know much about non-sexual hobbies.

    Seems naive to me. The question is not whether your government has or can get that kind of information if it wants to (the gestapo had little trouble figuring out things as personal as that without any help from an app) the question is whether your government would lose the cost-benefit analysis if it was ever found to be using such information. You have to hold them accountable and keep their activities in the open so that accessing that information is as close to zero value to them as it can be and they have no incentive to try to get it because people will be able to find out if they do.

    “Who watches the watchers?” We all do. At least we’re supposed to. If you don’t trust your government, priority 1 is fix your government, you’re way beyond anything a dating app’s data can be expected to help with. You’re not going to be any safer from an unaccountable government because you denied them access to a dating app.


  • Prepare to defend your way of life then, if necessary with violent resistance. We in Canada certainly are. I still hear an awful lot of passive voice “do not support” and “wish it were not true” and “don’t know what to do” comments from down there. Everyone seems awfully reluctant to admit to themselves how badly fucked up this actually is. I think you guys need to accept how serious this is, organize, and get really, really active. Or not. It’s your country. I’ll be defending mine though, so maybe I’ll see you on the battlefield.




  • It’s not only obvious, it’s already done worldwide. Deep packet inspection evolved into HTTPS inspection and corporate/enterprise firewalls can detect and hijack attempts to establish encrypted connections already, as a “feature”. So do government firewalls in totalitarian countries. Of course they (probably) can’t do this secretly and transparently, because of the man-in-the-middle protections built into SSL, so they simply make the actual encrypted connection themselves on the client’s behalf, and give the client a different encrypted connection signed by their own certificate authority, which they force you to accept.

    In this situation, you have two choices: You accept the certificate, and you accept that the owner of the intermediate certificate will be inspecting your “encrypted” connection. If you don’t accept the certificate, then your connection is blocked and you have to find some other way to encrypt and hide your traffic without it being intercepted, because it won’t let you go direct end-to-end. Usually, at the moment, this is not that hard for the tech-savvy to avoid, it doesn’t even require something as secretive as steganography, it’s usually simply a matter of tunneling through a different protocol or port. Although those approaches are still obvious, and can easily be detected and either blocked in real-time or flagged for investigation after-the-fact if they have any interest in doing something about it. Corporations or countries that want to lock down their networks further can simply block any ports or protocols that would allow such tunneling or inspection-evasion in the first place.

    Deep packet inspection already allows any non-encrypted traffic to be clearly identified. If you don’t want any encrypted traffic to sneak through, you can safely assume anything that can’t be clearly identified is encrypted and block it. Depending on how strict you want to be about it, you start essentially whitelisting the internet to known, plaintext protocols. If it’s not known and plaintext, just block it. Problem solved. Encryption gone, until people start building (possibly hidden) encryption on top of those plaintext protocols, which is inevitable, and then you update your deep packet inspection to detect the encrypted fields inside the plaintext protocol and block them, and the back-and-forth battle continues.

    Encryption is probably a false panacea against a major state-level adversary anyway, especially if they have plausible access to network infrastructure, but that’s a whole different can of worms and unless you’re a serious revolutionary/terrorist probably beyond the useful scope of most people’s realistic concerns.


  • You can download a torrent client and start pirating because it’s encrypted. Nobody knows you’re doing that besides the people you’re directly connected to on the other end. If they wanted to crack down on it, the first thing they need to do is crack down on encryption. If they can see exactly what you’re doing, it’s now possible to easily catch you, with encryption it isn’t.

    Note that this also applies to encryption itself. Once it’s banned, it gets much more difficult to hide the fact that you’re encrypting something. Encrypted data itself has to go into hiding. You have to resort to something like some pretty hardcore steganography which means you need to hide secret encrypted messages in normal-seeming non-encrypted traffic. The problem is that to do this you need to have a sufficient quantity of non-encrypted traffic to hide your secret encryption in without it starting to look suspicious, either due to the unusually massive volume of meaningless “normal” traffic needed to subtly encode the hidden data, or the fact that large amounts of hidden data in small amounts of “normal” data become increasingly obvious as the large number of supposedly “normal” mistakes and errors and artifacts that form the encoded data will suggest some of those variations are not in fact “normal” at all and will indicate that encrypted data is being concealed.

    Governments banning encryption will of course never stop everybody. But it makes it much harder for the people still using encryption anyway and much easier for the people who want to see what they’re doing or at least see who they are. It’s classic “black or white” thinking to assume that because it hasn’t simply stopped encryption it hasn’t worked. This would be a big step that makes things much harder, and even taking small steps to make things slightly harder is an extremely effective tool and it’s become extremely common to try to convince people that these small regressions and erosions are inconsequential and normal even when they are in fact targeted, repeated, relentless and consistently add up to dramatic change over time. The only saving grace we have is that at least some people are simultaneously making the same kind of targeted, repeated, relentless changes for the common good and those can have just as drastic an effect.