HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mrexcess

no profile record

comments

mrexcess
·قبل شهرين·discuss
There are a number of technological / legal hybrid policies developing that come at the very jugular vein of computing freedom - the notion of a “general purpose” computer itself. OS level identity / age verification, hardware attestation, walled garden app signature requirements. All evincing the same aim.
mrexcess
·قبل شهرين·discuss
I definitely buy into the “monoculture” argument a bit. When hundreds of millions of people are all voraciously consuming the same very limited cultural messaging - three TV stations, a handful of movie studios, a handful of major book publishers - there is bound to be a leveling of interpersonal expectations that will be absent in a more fragmented culture.

That’s not some kind of crypto denunciation against cosmopolitan diversity, but it is what it is and I do think there’s a there, there.
mrexcess
·قبل شهرين·discuss
The revelations that Epstein had interest and involvement in the development of 4chan really makes me wonder what we would find behind the curtain at next iterations like KiwiFarms, etc if we looked hard enough. Not to sound an overly conspiratorial note, but sewing division within a foreign culture is one of those things that intelligence communities excel at, might match some patterns we’ve seen, and would serve to help explain some of the divergence between expectation and reality, here.
mrexcess
·قبل شهرين·discuss
lol honestly, I think a little on the contrary. If we can make a thing impossible technically, the law defers to that. One thing the government really can’t do easily in Western countries is forcing a company to add features or change core functionality.
mrexcess
·قبل شهرين·discuss
Legal solutions to technical problems are always dubious, especially when privacy against government surveillance is the problem.
mrexcess
·قبل شهرين·discuss
Web of trust or centralized trust are the main answers here.

Compromise of the secret key is a whole other issue - revocation.

MITM of a key can be solved pretty well via web of trust techniques.

Apologies if the dialog is frustrating to read! As a “recovering cypherpunk”, I find these sorts of discussions animating, as long as they’re polite and technically focused! Much love!
mrexcess
·قبل شهرين·discuss
True but the out of band secure channel could just be something like DNS, automated and constantly subject to distributed monitoring for deltas.
mrexcess
·قبل شهرين·discuss
Webs of trust based on OOB key verification and signing, or centralized trust authorities are the two primary models I’m aware of.

I’ve always been enamored of the idea of DNS as a back end protocol to enable the former largely decentralized solution.

Bob looks up Alice and receives her key from Alice’s namespace within the DNS hierarchy, along with her trust claims. David then looks up Alice’s key within her namespace, sees a reference to endorsement by Bob, and can validate this by querying Bob’s namespace. David can also issue non-authoritative queries about Alice’s key to Bob’s DNS servers, ensuring that there is no mismatch between the query response received by Bob and the one received by David.

If Mallory manages to compromise Alice’s DNS, but not Bob’s, the result is a mismatch in query responses that both Bob and David can thus detect.

At scale, a MITM compromising a system like this would be difficult without compromise of a large number of independent namespaces, increasing the likelihood of detection via the non-authoritative queries.

The missing component in this arrangement is cryptographic security of DNS, which I cynically suspect is why the DNSsec working group was comprised of the usual suspects and eventually produced a protocol without query encryption. It could still be layered on by a protocol extension, however.
mrexcess
·قبل شهرين·discuss
I would agree that it’s silly. So did former President Obama when he mocked the notion recently.

While motivating intent is always opaque to some extent, this would appear to be another form of a “flood the zone” approach, in my estimation.

Many officials who certainly know better are involved - let me put the question back to you: why do you think they’re using taxpayer dollars to fuel lies?
mrexcess
·قبل شهرين·discuss
You’re not sure what key fingerprints are?

Bob and Alice are setting up their e2e channel, and because they have some extra level of concern about snooping, they telephone each other and read off some form of hash of the public key to each other.

A more complex variant would be something like PGP implemented, where Bob and Alice could both sign each others keys after this exchange, ensuring that someone who hadn’t met Bob but did trust Alice could inherit trust in Bob’s Alice-signed key.

You’ve stated unequivocally that I’m wrong, so now, please show your homework.
mrexcess
·قبل شهرين·discuss
I’m not sure why you think so? If the service provider claims E2E but intentionally provides a defective version of this, it’s a pretty clear cut violation of the federal statute, which afaik based on the statute’s language contains no exceptions for defects cajoled into being inserted by government pressure short of a clear statute mandating it, which does not exist afaik.
mrexcess
·قبل شهرين·discuss
> Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?

I think that Meta can afford as much PR as they would need to out-message this sort of BS, again if they were inclined to protect user privacy in the first place. Look at Apple.
mrexcess
·قبل شهرين·discuss
That would seem to constitute Honest Services Fraud under federal law, if they promised E2E then sabotaged it intentionally…
mrexcess
·قبل شهرين·discuss
> And how does one verify that the public key received belongs to the intended party, rather than a mitm?

Fingerprints. Again, this is like Crypto 101. Not saying that as a personal attack of any kind, I just remain incredulous that what used to be entry level knowledge in “our thing” has evidently become so obscure.
mrexcess
·قبل شهرين·discuss
> The authority holds Meta responsible anyway

What form of accountability are you suggesting is even being leveraged, here? No law could force Meta to backdoor its encryption, afaik. Public pressure would be unlikely to work.

Is Meta afraid of anything real, or is this just blame shifting via ungrounded speculation?
mrexcess
·قبل شهرين·discuss
The answer to most everyone question you’re asking is just, “public key cryptography”. It’s kind of disheartening to me that such basic 1990s tech as implemented by Phil Zimmerman is now obscure enough to merit questions like this.

Both parties exchange public keys through the central service. Only the possessor of the respective (on device, Secure Enclave ideally) private keys can decrypt the messages encrypted to the public key. The process can also work in reverse, encrypting with the private key so only holders of the public key can decrypt: this is called “signing”.
mrexcess
·قبل شهرين·discuss
“Operation Infektion” attempted to blame the emergence of HIV/AIDS in the 80s to biological weapon attacks by the US. There has been some coverage of the explosion in occult and ufo stories from TASS etc, such as “The New Age of Russia” compiled by Otto Sagner, but that work is more focused on historically documenting the phenomenon, rather than analyzing its causes.

Not my area of expertise, I should say!
mrexcess
·قبل شهرين·discuss
Shades of late Soviet distractioneering, of the sort one would see in Pravda back in the day. Really disconcerting tbqh.
mrexcess
·قبل شهرين·discuss
Or, worryingly, unsolicited brainwashing, no?
mrexcess
·قبل شهرين·discuss
China does not have “shareholders”, though. There are incredibly substantive differences between the accountability structures and expectations of shareholders, and those that govern broad based and diverse national geopolitical interests in China.

China’s government is likewise not accountable to or easily fit into the framework of “a market”, for reasons not the least of which include it being explicitly anti-capitalist. Wealth hoarding does not accumulate political power in China, and those who attempt this play can and regularly do find themselves put back in their place - possibly a prison or a crematorium.

As for re-education “camps”, the US imprisons approximately 10% of its population - a huge number by any standards historical or contemporary - and virtually none of these are billionaires or governing elites, who are functionally immune to the systems of authority that “rehabilitate” regular Americans.