Phone calls, emails, and text messages don't have e2e encryption, and we have been using them for 40 years. We are still using them.
Nobody cares.
The USA communications are under constant mass surveillance, by a group of people that denies it, abuses it, uses secret courts to rule about it even when unconstitutional, coerce others to submit every data and shut up about it, and destroy the life of whoever point finger at it.
And people still don't care.
Good luck with telling people that are recording their entire life on facebook, snapchat and tik tok to be mindful about the tools they use.
What’s the point of lumping private phone calls in with things you post publicly to the internet?
Like even someone who posts to IG and TikTok still probably wants to have a private conversation. I think the issue in tech circles is that people outside of them don’t necessarily seek “mathematically private” conversations. My conversations on FB, Hangouts, phone calls, email, etc. aren’t literally mathematically probably private but neither is any IRL conversation.
And ultimately the point is that I don’t particularly care that FB in theory can see my conversations because my threat model doesn’t include Google and Facebook — it includes my friends, family, peers.
It’s not a lack of caring. It’s a misunderstanding about what people’s threat models actually are.
The people at Facebook are peers you don’t know. Not figuring them into the model, but figuring everyone you do, is poor threat modeling.
People’s threat model is to protect their physical/literal life. Without it, as far as we know, emergent emotional ideas of threats is nothing to be bothered with.
Death isn’t to be feared. I’ve been medically dead. It’s just blank. It’s pressure humans bring at scale to have their work externalized into easy to use tools that freak me out. How easily they seem to be willing to dismiss threats of human behavior
So long as society stays stable they’re the least of my concern while billions are destroying the environment. But they are part of a real threat at scale.
The pandemic response in action right here: this thing that will grow into a problem isn’t a problem. My stable neighbors, when measured by their activity of routinely going to a job, are the real threat.
Yeah that’s true but not at the scale you’re imagining it.
Pretending we should, at scale, explicitly model protectionism for all those private customization is a fools errand.
Let’s customize social protection for shared biological traits, and let people wank their specialness in private. Oh, but we have to live like the romantic stories old people carry forward. Where external social pressures rule us.
What’s the point of carving up data into pools generated by any one person except when scientifically interesting? Oh right to build my custom little emotional castle.
It’s people like us, instigating others to give their special details to our DBs over empty false promises of something special occurring at scale if they do.
How anyone smart doesn’t see the obvious parallel to religion there, I don’t know.
You’re not owed a cool tech job while someone else grows your potatoes. You should include the pressure you put on people that don’t owe you personally in your threat model
> my threat model doesn’t include Google and Facebook
Who does it include? Does it include the government if Facebook develops a sentiment model trained on public and private data that governments can use only public input to estimate [dissent|radicalism|political affiliation|etc]?
Do not underestimate how companies can abuse your privacy without direct disclosure.
I think he means that he doesn't care if Google and Facebook or even the government finds out his aunt sue's Apple pie recipe that she posted on his wall.
If he was throwing an overthrow the government party, then he would put in some thought as to which tool to use and probable stick to verifiable, open source utilities.
Repeating this mantra all the time is not helpful.
People have been told that modern computing and privacy cannot coexist. That all software companies spy on them and users can only choose between giving up privacy or giving up technology.
On top of that, privacy, by itself, is meaningless. What matters is information inequality. Inequality is power.
When people can monitor a government you have democracy.
When people cannot monitor a government and the government monitors people you have tyranny.
Unsurprisingly, there are many paid privacy and anonymity services for wealthy people.
Please don't say that people just don't care. People have been educated to be meek to authority.
Educated people have been repeating "don't put things on facebook", "use free software", "gov is spying on you".
The answers have been "I don't have anything to hide" and "you are paranoid".
Because nobody cares.
You can craft the best technological solution to that, if nobody cares about it, nothing will happen.
You can give the best information, if nobody cares, nothing will happen.
You can provide the most secure thing, if the competition gain an advantage from not doing it and you gain nothing, you will lose.
And deep inside you know that because:
1 - you are using a throwaway account
2 - you don't provide any solution to the problem
The situation is exactly the same as with all other topics where we gain a lot of comfort individually to do the wrong thing collectively.
Did we slow down global warming? Didn't we prevent 60% of the insects from disappearing? Did we stop delegating slavery to asian countries? Did we even stop buying from all those companies that enrage us in the news?
This is not the only way how political fight happens. There are indeed many whistleblowers with runied lives. But there are also many more people who devote a part of their life to educating others and encrypting what they can. I put GNU/Linux to every computer of my relatives I could reach. I participate in I2P and Tor networks regularly. I also have a day job and I am not going to risk it. But if a tiny part of the population did what I do, the world would be entirely different. People do care about anonymity and privacy. It's just that they have very limited resources and not everyone can devote a significant part of their time for that. Please help them and do not spread the mood of giving up.
tl;dr: Privacy is not binary. You can always increase the price of hacking you and others.
You make the mistake a lot of geeks does, thinking it's a technical problem. It's not.
You can have the best tech in the world, if the state is against you, if laws are against you, if society is against you, you'll only have scraps of a life.
It's all about people caring. Because only the mass of human can oppose anything. The rest are just sparks.
And you can state "do care about anonymity and privacy" as much as you want. Words don't matter. Actions do.
And people are still putting their entire life willingly on Facebook.
I never said it was a technical problem. It is the problem of asymmetry in information and resources. When more people know that you can confortably use devices without spying and violations of privacy, more people will oppose stupid laws removing our basic rights and spyware.
However, not everyone has time/energy to think about those issues. You need to help people by showing them better options, especially if they do not impose any restrictions. And a lot of free software is like this in 2020.
I wish I could upvote your post 1000x. People don't want to spend time and energy on these things. They just want to live their life. It is only when they can't that people start to care. Despite everything, quality of life in the US and western world is far too high to have people (in large numbers) pushing back in any real way.
I've never heard of a bank account being compromised because of lack of e2e encryption by Facebook, Google, Microsoft, etc. When that happens then post about it and I'll start caring.
People will not give up convenience and performance for encryption/privacy. And they only barely care when it comes to their financials - because they assume the bank carries the credit card fraud risk for them (whether it's true or not is moot).
And encryption is important, but not important enough for the general public. This is why nobody uses TOR for everyday usage, even tho doing so is massively better for the privacy of society.
By this logic GPS is "not secure" because the US government pays for that too.
But GPS receivers don't even have to transmit anything, they calculate your position by receiving broadcasts made by satellites with timestamps and calculating your position by triangulation based on how long it takes for messages from particular satellites to reach you. It would be difficult to have better security properties than this, which was done on purpose because the US military can't have the positions of their units leaking to the enemy.
We know this is true not just because their incentive are aligned but because the system's mechanism of operation is public and anybody who discovers a vulnerability can publish it. And so it is with Tor. The US government funds it because they use it, but it's also completely open source. If there is a vulnerability in it, as they say, PoC or GTFO.
Most vulnerabilities don't come from breaking GPS or Tor or AES. They come from, you have a suitably private way of calculating your position using GPS and then your phone takes that information and uploads it to The Cloud. They come from people visiting a website using Tor and then typing their name into it. They come from people uploading their TLS private key to a public repository, or generating it with a predictable random number generator.
Which still doesn't give them the location of your GPS receiver.
It also applies even less to Tor, because they "turn off" GPS by encrypting it so that only their own receivers can use it. Doing the same thing with Tor both doesn't work because they don't run all of the relays, and doesn't work because it would compromise the anonymity of their own users if they were ever the only ones using it.
I for one don't care as long as my important communication is. And should the US government ever turn authoritarian and malevolent then we can all use VPNs and switch to better communication as happens in China. It's not like Americans are forever accepting unsecure communications, they just don't feel a need for more security. When the need arises Americans will adapt. Hopefully they don't have to.
I'm not sure I could adapt at this point. Yes, I know how to use encryption to properly secure a conversation, but that assumes I can trust my device, my recipient's device, and that the underlying algorithms are really as unbreakable as advertised.
At this point I go through life under the assumption that the government (or bad actors within the government) could eavesdrop on every facet of my life if desired, and live with the anxiety that entails, which is low enough to be drowned out by other, more traditional anxieties. And I focus on political solutions rather than technological ones.
Everything goes out the window if you have a government willing to do anything and everything. It's a moot point. All this end-to-end encrypted technology would just be banned as you suggest.
So what? Conference tools are a replacement for face-to-face meetings. The expectation in such a meeting is privacy.
Further, tapping your phone is unlikely to hijack your computer, steal your credentials and company data.
False equivalences like this are not useful. Security should work. Most folks are unaware of how vulnerable they are, and the potential for abuse is astronomical.
If one looks at an issue that would emotionally charge the population, the protection of children, and then looks back 150 years, you'll find that much of society didn't appear to care. In the US, for a period of time, pets had more legal protection than children. I'll avoid the grimmer details, but people were willing to tolerate things that today would cause mass outrage. It may have taken over a century to change public opinion, but public opinion did change and massively.
So how can we do the same with privacy and protection of basic rights?
That was because nobody really paid attenion to your specific calls/emails/text messages and nothing really happened. The government could do it, but most of us don't show up on their radar. We didn't care about them because they didn't care about us.
Nowadays that is changing. Computers are able to listen to everything, match it all up to people, and with a little capitalism and profit, use the information. But don't let on.
Voila, personalized pricing. Hire only the age you like. Don't just rent to anybody. Date only thin people (with poor impulse control). Loan money to desperate people.
> Voila, personalized pricing. Hire only the age you like. Don't just rent to anybody. Date only thin people (with poor impulse control). Loan money to desperate people.
All of this stuff was happening at least 30+ years ago -- and probably much much longer (just I can personally recall it from 30 years ago).
Yes, you neglect the concept of precaution. I draw the parallels to
• wearing face masks,
• neither confirming nor denying when asked whether one did something naughty. (See the Plausible Deniability story arc in HPMOR.)
If one does not do it regularly and only in times of necessity, it stands out as weird, socially not acceptable, drawing attention.
We want encryption everywhere, every time, even when it's not strictly needed, so it is a socially normal thing to do, which in turn fuels wide-spread use, which benefits everyone through strong network effects.
It's encrypted and there's a long (somewhat silly) explanation of why it's not in a plain ascii format like everything else. You can't just crack it open and try something if you have a country hardware locked wireless device (via it's firmware). It's still possible to do here with a bit of effort but the next one isn't.
You can not get access to the decryption keys if you haven't rooted your phone. You need to hack your own device to look at what you stored on your sd card. If you're having a failing sd card and want to do recovery on it, well too bad, it's now utterly impossible, even if you own the phone.
These are just two real world actual problems I've run into in the past week alone.
Encryption can be, and often is used to be an extremely hostile, closed-data system. So that devices I Own, with My data I don't have access to and cannot see. That's not a better society, just like closed source isn't a better world.
The documentation talks about optionally signing the database with a key. You confuse things. A signature is not encryption.
> Android adoptable storage […] will encrypt without telling the user […] You can not get access to the decryption keys if you haven't rooted your phone. […] If you're having a failing sd card and want to do recovery on it, well too bad, it's now utterly impossible, even if you own the phone.
Works as designed? In this scenario, you're not the recipient of encrypted transmission, you're the adversary.
You should not be upset at encryption as a generic tool. You should be upset at the creators of this system that turns people who paid good money to own a mobile computer into dependent thralls: they cannot exercise the freedom to do with their property what they want. The answer to that injustice is not to abolish encryption, but to abolish the use of non-free software that enables the creation of such systems.
The predications from my previous post still stand.
Of course it's the implementation that matters and how it's used, that's the whole point. The reality is important. It Has To Be Done Better.
Sorry about the regdb example, that was me being frustrated with it and not looking deeply into it yesterday. I saw the binary format, saw the signing and just kinda assumed the rest (I've been trying to get a stronger 802.11 signal from these usb alfa and panda adapters on this pi4 I'm using)
Anyway, it could be a bold protector of personal liberty or another cargo cult ceremony on the checklist and callously shoehorned in inappropriate places.
It could be a defense of privacy that Schneier holds dear or a way for a company to hide from the user what it's recording and tracking through closed encrypted data
It could be Zimmerman's dream or make it so people get locked out of things they own. Locked out of their Bitcoin wallets, hard drives, phones, just about everything.
The "encrypt everywhere" assumes the rosiest of intentions from one group and the most malevolent from another. It assumes perfect technology without failure or fault, perfect human memory, and perfect organization.
That's why I can sit around all day and give you endless real life horror stories. For the bitcoin example, I've personally lost north of a million dollars through mismanagement of wallets (I wasn't monitoring disk failure on a raid array around 2012 and 2 of them finally went). You can look at this list (https://bitinfocharts.com/top-100-richest-bitcoin-addresses....) - there's a number of wallets, hundreds, with histories like this: https://bitinfocharts.com/bitcoin/address/12ib7dApVFvg82TXKy..., last activity 2010. Either this person has the discipline of a soldier or they lost access to it. Hard disk crash, accidental deletion, who knows - normal human failure in an imperfect world.
Human practicality matters. Imagine if a traditional bank kept 243 million locked away forever because you lost a special ID card they sent you in the mail in 2009. This stuff matters. An excuse of "well it's your fault for not being perfectly organized on perfect systems" doesn't cut it.
Encryption and security is too often an unsophisticated hammer that's getting tossed and applied without consideration of the nuances of reality.
It Has To Be Done Better. Not "don't do it". But instead "stop foolishly doing it so naively". Otherwise there will be a large push back and nobody will want it at all.
It seems you are conflating transport encryption with encryption at rest. I can not imagine a scenario where encrypted end-to-end transit can "bite" you as there is no recovery scenario apart from snooping network operators/attackers.
E2E encryption can be really resource consuming, especially with the amount of traffic used for video chat. You might not want this just because of a worse user experience.
Video chat is something like 1.5Mbps. Even phones can do chacha20 at >1000Mbps these days. It's not that expensive.
Where people start to feel it is if you want the server in the middle to be decrypting and re-encrypting everything, because it's not that much for one user but it starts to add up for a million users. But the obvious solution there is to use E2EE and then it isn't doing that.
I cannot inspect what closed source software is sending to the server, how it is tracking me or what information it has. It is encrypting my data against me so not even I can view how I'm being studied or recorded. This applies to the public writ large, nobody outside the deep annals inside the company knows how the public is being monitored and sold.
I've tried to make various tools and utilities for things like logging, auditing, inspection, etc, and have had to do self signed keys and a number of interesting hacks to work around encryption. Often times it's impossible.
It's thousands of times more likely that the authorized party is spying, snooping and stealing my information to package and resell it in open bidding data markets and trying to hide that fact and cover their tracks then they're trying to be bold protectors of my liberty against roving blackhat ne'er-do-wells. Although they'll run to that defense whenever necessary.
Ever see the amount of data trackers on say, a local news site? It's astounding, and they are the technically incompetent. Imagine what happens when people with the same wanton disregard for scruples knows what they are doing.
I've convinced myself at least that instagram listens to the microphone and services ads based on conversations. I have blackboxed tested this in many ways --- and that's the only way I can do it, blackboxed - that's the problem. I could lay out the tests if you want, none are of course definitive, they can't be, that's the point. It's uninspectable and can't be proven either way because it's encryption that none of us can inspect.
Like any other powerful party trying to hide information and abuse their subjects, they claim to actually be protecting us against the dark treachery that surely lies beyond the forest. Let's all tremble in fear and thank them for their service! Give me a break. It's a slight of hand, they've instead taken our digital stuff and protected against us from inspecting the process, the protections against an additional third party is merely a side effect.
If I can't turn encryption off and see what's going on OR if I can't inspect my own device then I don't trust the network OR the supposedly "trusted" party with access to it. I don't trust Google, or Facebook with access to my microphone or ad networks running on apps and you shouldn't either. If I can't inspect the contents of the payloads, then I don't know what's happening. Platitudes and assurance be damned, what data is going OTA, that's all that matters.
I understand there's brigading and hivemind against this basic reality, but I'm dedicated to reality, not to popular opinion.
See, this is the one complicating factor for L7 E2E, and I think you make a compelling case; you pretty much need open source/reproducible builds to be able to have any kind of protection against leaking PIIs over encrypted channels.
I think the best one can do today with services like Facebook/Instagram is to use third-party clients, or, in lack of that, the web apps.
IMO DoH/DoT is the main venue where this tradeoff becomes obvious today; privacy with regards to infrastructure providers, or ability for the user to see/control what your software reaches out to?
Nobody cares.
The USA communications are under constant mass surveillance, by a group of people that denies it, abuses it, uses secret courts to rule about it even when unconstitutional, coerce others to submit every data and shut up about it, and destroy the life of whoever point finger at it.
And people still don't care.
Good luck with telling people that are recording their entire life on facebook, snapchat and tik tok to be mindful about the tools they use.