Email or username:

Password:

Forgot your password?
Meredith Whittaker

Case in point: there's no way to build a backdoor that only the "good guys" can use.

When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.

wsj.com/tech/cybersecurity/u-s

32 comments
Danny Lucas

@Mer__edith Backdoors for the "good guys" only? Yeah, right. That's how you get hacked. 🚫💻

Duncan Idaho

@realdanny @Mer__edith
And even in case it _would_ be possible - you never know when "good guys" turn into "bad guys"

So - never do it!

Bruce Sigmon

@Mer__edith

apple.news/AgTMvweTVQlqWcs4Rbf

for those of you with apple news subscription but not direct WSJ subscription.

Steven Willems

@Mer__edith 💯
it’s pretty simple: a backdoor is in the first place a door.

The Gibson

@Mer__edith

Preach!

We feel the same way at Veilid.

katzenberger

@Mer__edith

The more fundamental problem being that there are no good guys anyway.

DELETED

@Mer__edith I have always the impression that the people who are pushing chat control in the EU have no idea how this should work technically and what is and isn’t possible. As is so often the case, clueless politicians make decisions about things they don’t understand.

snosrapkungfu

@doerk @Mer__edith very much so. End2end encryption is honestly pretty simple. That genie is fundamentally out of the bottle and you can't put it back in. Are you going to make "math" illegal?

moonwalker

@Mer__edith but there is one the "good guys" could use and the "bad guys" discover and freely use without any restrictions... you know a free for all

Zephod Beeblebrox

@Mer__edith The "good guys" can do evil too.

And the article is behind a paywall.

Zephod Beeblebrox

@rochelimit @Mer__edith

Oh yes.... China spied on secret US systems while the US was oblivious.

When will people learn the elementary school lessons....

1. Nothing online is ever private or secure.
2. Nothing published online is every fully deleted.
3. Very little on websites is factually accurate
4. Living online is wasting your life.

wakame

@Mer__edith
And related: Never trust people who call themselves the "good guys".

Justin Derrick

@Mer__edith The only answer to a request for backdoored encryption is "You first."

Then all the reasons they can't do it are all the reasons WE won't do it.

Ehrenreich Meuchel

@Mer__edith

Mobile backdoors proudly brought to you by the ETSI Technical Committee LI etsi.org/committee/li

lobingera

@harkank @Mer__edith

I don't think "proudly" and the idea originated in other places

Edit: I don't find li a particularly good idea, but afaiu etsi had to follow the legislation, that had been put in place - and the driver was iirc not even Europe

Ehrenreich Meuchel

Indeed @lobingera, the idea can be traced back to an infamous meeting in Quantico VA in 1993. But from 1996 all backdoor requirements originated in Sophia Antipolis, France. The technical specifications are produced by this ITU group called 3GPP SA3LI. Here are their latest doqs from July

@Mer__edith

portal.3gpp.org/ngppapp/TdocLi

lobingera

@harkank @Mer__edith latest CRs ... standardization has some bureocratic overhead.

And itu and 3pgg have different agenda, you are simplifying here

Disclosure: in my dayjob my org's name contains "standardization" and SA3's job is more than LI... (in case you wonder: my work is in RAN 1/2/3/4)

joe

@Mer__edith Also there's no backdoor which guarantees only to infiltrate the bad ones.

boredsquirrel

@Mer__edith

Encryption shifted the focus of surveillance on the devices. They lost control over our data.

Knowledge is power, and in an unencrypted world all the FBI people can still just call by the phone, because only the state gets the info from the telcos.

Now that everything is encrypted, they panic, and want to get a hold of the devices.

This CCSAM argument is such an obvious pretense, it's crazy. This is literally not something that needs device backdoors. Just better police work.

Orca🌻 | 🏴🏳️‍⚧️

@Mer__edith@mastodon.world
In an extreme case ~20 years ago, when "good guys" tried to slip in a backdoor for the "good guys" to access data, the "good guys" are the one who was damned instead.
https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%9305

And 20 years later we're still trying to "educate" the "good guys" for not doing this.
wtf

Jenny Andrew

@Mer__edith Not to mention that it takes a stunning feat of naivety, neglect of history* and exactly ZERO marginalised characteristics to imagine that “the good guys” are ever completely the good guys.

*history like Switzerland last week

Brian Strouselhousen

@Mer__edith So clearly the answer is to use AI to encrypt it, then put it on the blockchain, and store a secret in an NFT that is then stored in a smart contract which is then stored in an offline (cold) wallet available only to the good guys. Sounds reasonable, right?

:blobcatlaptop: gravitos :blobcatcomfsip:​

@geekdoh

snaps fingers, completely screwing over the AI's interpretation of the world on accident and receiving the secret from said AI without any effort whatsoever because neural networks like these are way too unreliable for cryptography

yeah. sounds reasonable. anyway here's your loca-

@Mer__edith

Jeff Codes 🤨

@Mer__edith it's almost like legislators have no idea how technology works...

Justin Scholz

@Mer__edith @matrix a back door is just the front door on the other street.

Go Up