Email or username:

Password:

Forgot your password?
ansuz / ऐरन's posts Post Back to profile
Top-level
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz Hum. Interesting question.
For some (like fertilizers), you control the sale. For others, it is not possible.
So do you then just say "ok, in that case, we accept the risk and do nothing against it?"

The problem is this, we are 2024, and are facing actors that are very good at turning the tables and using our own tools against ourself.

Perhaps the question is, who do you want to protect yourself from? Who do trust the least? Your own gouvernement or a foreign authoritarian one?

17 June at 21:07 | Wall-to-wall | Open on m.krbonne.net
6 comments
ansuz / ऐरन

@kristoff historically, yes, we have just accepted that you can't control some things.

if the only possible restrictions disproportionately affect the general public who are using those technologies for non-criminal reasons, then you consider that enforcement a net loss.

17 June at 21:12 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz I agree if we consider this to be just "law-enforcement vs criminals".

The problem -as I see it- is that we are now seeing a state-against-state battle, and a war between different models of society.

The question for me is, how do we deal with scenarios where encryption is being used to attack democracy itself, the thing we wanted to protect in the first place. (and probably the prime requirement to see encyption-technology in the hands of normal citizens)

17 June at 21:21 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff that's significantly outside the scope of the chatcontrol legislation I was talking about, but I'll weigh in anyway.

In the US (and a few other places) there was a big deal made about tiktok as a source of foreign spying and manipulation. The US could, in theory, deal with surveillance with a federal privacy law, but that would also affect their domestic avenues for spying (alphabet, meta, etc.).

Australia's privacy commissioner found that tiktok was not in violation of any privacy laws[1], for instance, and that they might want to consider stronger privacy laws.

Instances of banning foreign actors tend to relate more to xenophobia than interest in domestic citizens' well-being.

[1]: oaic.gov.au/newsroom/statement

@kristoff that's significantly outside the scope of the chatcontrol legislation I was talking about, but I'll weigh in anyway.

In the US (and a few other places) there was a big deal made about tiktok as a source of foreign spying and manipulation. The US could, in theory, deal with surveillance with a federal privacy law, but that would also affect their domestic avenues for spying (alphabet, meta, etc.).

17 June at 21:28 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz I have a different opinion on that. Why are a lot of randsom-gangs from Russia, a country where things only happen because the gouvernement allows it to happen.

How do you deal with mallware that use Telegram to connect to the command-and-control server as it is encrypted, it hides nicely in the noise of the legimate traffic and -as part of the telegram master-key is in Russia- ?

There is now a saying:
"telegram is the new dark web".

Why is that?
How do you deal with that?

@ansuz I have a different opinion on that. Why are a lot of randsom-gangs from Russia, a country where things only happen because the gouvernement allows it to happen.

How do you deal with mallware that use Telegram to connect to the command-and-control server as it is encrypted, it hides nicely in the noise of the legimate traffic and -as part of the telegram master-key is in Russia- ?

17 June at 21:38 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff this is the last thing I'll say on the matter because it's way outside the scope of the post you replied to:

starting by funding better software that isn't vulnerable to these things.

implement protections for security researchers who report flaws in hardware and software so that critical infrastructure (hospitals, power grid, etc.) can fix those vulnerabilities.

Canada's governement freaked out and banned devices like the flipper zero because it could (allegedly) be used to interfere witth other devices. In cases where those allegations are actually true, the root problem is that those devices were designed to operate in an insecure way.

Security researchers and well informed legislators have been saying all of these things for years, but it resonates more with many voters (and lobbyists) to blame foreigners.

@kristoff this is the last thing I'll say on the matter because it's way outside the scope of the post you replied to:

starting by funding better software that isn't vulnerable to these things.

implement protections for security researchers who report flaws in hardware and software so that critical infrastructure (hospitals, power grid, etc.) can fix those vulnerabilities.

17 June at 21:43 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz One thing for you to think about: if a Russian randsomware gang scoops up all the data of a sellers of schoolbooks (as happened here in Belgium) which includes names, addresses, phonenumbers, names of parents, .. count on the FSB to get a copy of that data. I'll leave it up to you to image what the concequence of that could be if you have a job in encryption

Cybersecurity is the responsability of everybody, not just the coders.

I completely agree with your remark on the Flipper zero. 🙄

17 June at 22:07 | Open on m.krbonne.net
Go Up