"In another Orwellian measure, Pyongyang phones' government-created operating system takes screenshots of the device at random intervals, the two defectors say-a surveillance feature designed to instill a sense that the user is always being monitored. The images from those screenshots are then kept in an inaccessible portion of the phone's storage, where they can't be viewed or deleted."
Oh, hah, a friend of mine worked at a company that developed employee monitoring software that did exactly that, it also took pics of you using the webcam. They used it for their own employees, too.
> And why is he still your friend? Seriously, I have little respect for developers in such ventures
because what people do in their jobs have little to do with their values. It's an economic and financial transaction first, and rarely an ethical transaction.
I'm glad that people who worked on these sorts of software still have friends who dont think like you do. Using social ostracization to implement public policy is a terrible idea. Rather you ought to be doing activism and promote privacy and outlaw bossware.
If the alternative meant starving, I'd agree. That's rarely the case for software developers though, so I think it definitely shows of their values.
Doing it "for the money" is not a free card to do anything unethical when it's easy to say no and get another job.
An extreme example: Was voluntarily being a guard in Auschwitz fine because it was legal? Should you be able to get away with saying "I only did it for this money"?
why is starving the arbitrary line in the sand? Why isn't "a great home in a HCOL area" the line? Or some other line? Ethics is subjective to each person - this is why if there's actions that shouldn't be taken, it ought to be encoded in law, rather than as ethics.
The bottom line is, by saying that other people ought to have more "ethical consideration" when they have to make an economic sacrifice to enact that ethical consideration, you're also implying that they should be sacrificing their own benefit for your benefit. It's hypocrisy adjacent.
I'm all for advocacy in lawmaking to ensure that bossware or spyware is illegal. But i would certainly not look down on someone who is currently making such software - after all, it's not their fault that this software is being made.
> An extreme example:
yes, i would. The guards at auschwitz may not be nazis, or they may be. Them working there is no indication of what their personal sense of ethics are. That's why you don't fight the guards, but against the central gov't that is actually imposing nazi-ism.
I think everyone is responsible for doing what they can to contribute towards a better society, not only governments and law makers. That also means you're responsible for the actions you make which does the opposite, whether you get paid for it or not. If someone values having a great home over contributing to a better world, that obviously does tell of that person's values.
Starving is not very "arbitrary" because it means life or death, and you can't expect people to choose death over doing something unethical.
If more people say no to doing unethical things (or show disapproval of those things being done), it'll be harder and more expensive for companies to find people who will do said things. Software engineers working in online gambling make a lot more where I live, which makes that industry less profitable. That's way more effective than waving signs on the street.
Why do you feel that you can't be held accountable for your actions as long as you get paid for it? Do you not want a better world? Or do you think it's up to others to do something about it, and not you?
> values having a great home over contributing to a better world
which is what everyone already does. After all, everyone continues to burn fossil fuels, even if they know it's contributing to pollution.
The point is that it is natural and acceptable for an individual to ensure their own comfort and wellbeing, to the extend allowable by law. Why would one suffer any sacrifice, if they do not directly see the effects of that sacrifice benefiting themselves?
This is why there's a need for gov't and regulation and laws. Collectively, people can agree not to take action which would benefit oneself at the expense of somebody else. This cannot happen unilaterally.
> Do you not want a better world?
of course i want a better world. Who doesnt? The question isn't whether one wants a better world - the question is whether you will be willing to sacrifice more than your neighbour for this better world, if the neighbour is going to be able to gain the same benefits from your sacrifice without having to sacrifice his own.
> The question isn't whether one wants a better world - the question is whether you will be willing to sacrifice more than your neighbour for this better world, if the neighbour is going to be able to gain the same benefits from your sacrifice without having to sacrifice his own.
This sort of thinking is why we’re facing such terrible conditions.
But it’s fine. I’ll recycle even if my brother has said he doesn’t see the point. I’ll walk short distances that my buddy drives. And I’ll resent that people like them (and apparently you) are too self-important to endure a bit of discomfort because it’s the right thing to do for the good of the species.
Apologies that this is harsh and combative. I find the attitude above very hostile towards our shared future.
> because what people do in their jobs have little to do with their values.
Huh? I've never seen a job as a way to earn money. I can't just sell myself. I can't work at a place that I don't ideologically align with, no matter the salary.
And one of my values is very simple: being respectful to your user is not optional.
Good on you for having an ideology that you stick to, despite it costing you an economic sacrifice to maintain the ideology.
Most people don't ascribe to this type of ideological discipline. Most people choose to maintain economic advantage, at the cost to ethical considerations (which are certainly more fluid - after all, everybody has a price).
It was admittedly tongue in cheek and not a serious recommendation to end the friendship. Personally, for me it is important that my work has a positive influence or at least not a negative one. Sure, perhaps there is some pile of money where my conscience might fade, I will not deny the possibility.
I think the trust in software is heavily affected by badly behaving parts of the industry, especially the security industry that addresses mainly IT customers and I won't hold back against clear indignation of surveillance-ware chasing a quick buck by scaring people into a position where they believe they need it.
I also know enough about management and know what types of manager this enables. It isn't the productive ones. An employer has the right to demand performance from his employees and there are ways to do that without questionable software. But parts of the industry decided that it can use the opportunity of weak legislation to sell their scams. I believe this is a problem for everyone. But sure, in the long run legislation is necessary. That wasn't always the case and privacy and real security of users was paramount to developers.
> because what people do in their jobs have little to do with their values.
My values would not allow me to work for a company engaged in operations that I considered unethical. I would not be friends with anyone who worked for NSO Group or the CIA, for example.
I don’t know why you’d criticize someone for having ethical standards.
Not really? I personally care a lot about being aligned with the company. And so does the company, they want employees aligned with their views. The company I work for is really into green energy. If I up and say "Hey I don't care about that, F the environment, big oil FTW" I'm sure I'll be on the short list out.
And especially for software developers it's not as if they don't have an abundance of options.
I can't agree more. The folks disagreeing with you on some ethical basis are full of shit. We're on a startup accelerator forum for fucks sake! BS crypto startups get glorified...but someone making employee monitoring software is a scumbag.
Most of the people here would happily work for mass surveillance corporations like Google or Facebook.
You would be surprised of how many corporations in "western democratic" countries regularly use software to spy on their workers, usually in work laptops given to employees but I wouldn't be surprised at all if work phones were also bugged intentionally.
I think people forget a lot of secured offices handling sensitive info have CCTV cameras all around and very restrictive desk and device policies. Some got the idea during pandemic measures to allow work from home on these sensitive jobs, as long as they could observe the employees using this kind of software. It's considered a compensating control.
Somehow people are weirded out by webcams and screen grabs but not CCTV?
* This was mostly aimed at the critics of the friend - not the NK goons!
Could you name the company? We need strong anti-monitoring laws. The only profession I think needs constant monotoring is the average cop, and not so average cop, like the FBI.
It's ironic many cops are required to wear cams now, but they can still cover that lens.
Sadly, I can't remember, but it probably wouldn't be too hard to google them up.
They had a hilarious part of the employment process which was figuring out if the new hire was in the EU or not, because if so, then legally the software could not be operated without consent. But that obviously lead to awkward conversations where consent given in that situation would be pretty questionable...
Pays $100K for senior developer role which is big money in many parts of the world (India, Eastern Europe, Africa, etc), so people put up with spyware.
That's like saying we don't need laws against physical punishment at workplace, after all, you simply have the freedom to not sign a contract with an employer who beats their workers with a stick, right? In fact why have any regulation around employment, you are free to pick where you work, do you not?
Freedom must be protected by good legislation, otherwise you end up with situations like wage slavery[0] or a food desert[1]. More freedom for companies could easily mean less freedom for the people. Although I concede the point that basically any country is in a better shape than NK in this regard.
Yeah that's true. Ideally I'd limit them to the least exploitative contracts possible. My thinking here is inspired by the free software movement, where the basic idea is that by having a specifically limiting license, they enable the greatest freedom for users. With the implied idea being that by having fewer restrictions, the system ends up being more restrictive, instead of less restrictive.
> You already have them: freedom not to sign a contract with such an employer.
When that employer is the only major one around, there is no such thing as a truly free choice.
There's a reason why meatpackers, Amazon or Walmart like to set up shop preferably in areas with high unemployment and why unionization attempts have been so fraught with failures - these companies exploit that the US social safety net is pretty much broken, and when your survival depends on that crap job you're not gonna complain too much.
A truly free labor market is one where everyone can choose to not work without losing their home as a result... only then, employers are forced to provide actually competitive working conditions (wages, workplace safety, equipment, break times).
You reasonably can't. Most people don't live in rural areas with enough farm land, and even if you have farm land that can grow enough (both in quantity and variety) crops to feed your family, which is a rarity in itself, you still need to deal with property taxes, expenses for maintaining your farm house and equipment, school expenses...
Face it, there is no way of living "off the grid" to a reasonable degree.
If you found this article interesting and are curious for examples of North Korea’s extensive digital surveillance, I recommend watching “Florian Grunow, Niklaus Schiess: Lifting the Fog on Red Star OS”: https://youtu.be/8LGDM9exlZw
The depths to which North Korea goes to track and monitor its citizens is a lot more complex than I thought (and this video is from 6 years ago, so they’ve probably only improved their surveillance)
USBs are a significant form of sharing information in North Korea. Many citizens have devices with USB ports and SD card slots. So for many years, North Korean defectors have organized efforts to smuggle outside info into North Korea on USB drives to counter Kim Jong-un’s constant propaganda. But these groups were buying memory devices at cost with limited resources. Flash Drives For Freedom is a campaign that travels the world inspiring people to donate their own memory drives. An initiative launched and managed by the Human Rights Foundation, Flash Drives for Freedom is significantly increasing the capacities of these North Korean defector groups.
Apparently the use of flash drives is due to the police shutting down power to a neighborhood and then doing raids. With a DVD player a disc would be stuck when the power is cut. So the police roll in and see you've been watching contraband and off to the dirt mines. With a flash drive you can remove it from the port and hide it even with the power out.
I mean, that's a basically a distinction without a difference, depending on who wields the power.
Disinformation in the Democratic People's Republic of Korea can be anything that goes against any official line. In the US disinformation can also be things (but not all things) that go against the official government line, v.g: Covid, elections, official promulgations, fact checks, etc.
It can be difficult to mark a difference, but it's safe to say that at least as of now, fewer things would be marked disinformation in the US despite the new DHS office that would appear to ape how soviet systems (such as DPRK) would deal with what they deem misinformation.
For me the border where it starts to flip is whether branding something "disinformation" tells more about the brander or the branded.
For example a Russian protester being detained for displaying an empty poster, doesn't tell us a lot about the specific believes of the person with the poster, but a lot about the people who react to such a thing by robbing that persons freedom by claiming it was desinformation (which it wasn't, it was a symbolic act of protest).
On the other hand if someone claims vaccines are a evil plot to inject nanobots into our bloodstreams to track everybodies position, this would be desinformation even without any state entity ever reacting to it. It tells a lot about the believe systems and world view of the person claiming such things, but it doesn't necessarily relate a lot to actual policy out there.
A third thing would be strategic denounciations like the ones the Nazis used when they coined ther term "Lügenpresse" which translates to "lie-press" or more modern: "fake media". This is used as a form of preventative denounciation. So the act of calling things disinformation before it is even clear what is said in order to weaken it's credibility once it is said and to create an incentive for their followers to only listen to them, not to others. This of course tells also more about the entity who calls something desinformation than about the receipients of such labels which can be wildly different people and organisations.
The media have their agenda and have spread misinformation on purpose throughout the ages. Sometimes there were trustworthy "newsmen" or presenters/anchors. However, quite often in the political realm they did not shy away from pushing agendas. how many 'conspiracy theories' turned out to be true? Recently we've had lots of misinformation disseminated via the media on behalf of officials as well as 'thought leaders'. There was the who Covid thing and its many bits of misinformation from pushing wet market narratives, to people drop dead on the street to masks don't work and back to masks work. The reluctance to examine the numbers when it comes to Covid. Also, dismissal of the younger Biden story as well as promoting the debunked "Russia-gate". So, yeah, they do lie and they diffuse many fake stories which undermine their credibility. Wild conspiracy theories (nanobots and 5G towers, etc) do not disprove the lies as well as hysteria conducted by the media.
In an ideal world, North Korean people would internally overcome their repressive regime.
Perhaps the first step forward is a tech elite that educate and unite the people against their leader. Maybe they are by accident, breeding a large group of hackers in the general public that will be employable outside of North Korea today.
North Korea would nuke south korea if they thought their government would fall. Makes no difference why the government is falling, if they're going they'll take the south with them. Also adds additional incentives for the south to stop wide scale dissent.
Weird to see "jailbreak" used in the context of Android phones, but I guess a it's fitting for an operating system where people can only ever install what the maker of their operating system allows.
For a totalitarian regime, it's a little surprising to see the devices still getting cracked, especially with the relatively small portion of the populace that can afford to get a computer science education.
North Koreans have been "jailbreaking" their electronics for a long time.
There are some good books about how ordinary people lived up to around Kim Jong-Un's reign, such as "Nothing to Envy" and "Under the Loving Care of the Fatherly Leader".
Devices such as TVs and radios were always set to only receive state broadcasts, and they are subject to regular inspections. But the safety measures were cheaply produced on a small scale, often a simple mechanical limit on a dial housed behind tamper-evident stickers.
The Tumen River has also been a traditionally porous border where black market media (and cosmetics, food, electronics, etc) could flow freely. As is usual in an authoritarian regime, well-connected people can ignore the rules, smart/wealthy people can work around them, and the occasional unlucky person can be made into an example.
> The Tumen River has also been a traditionally porous border where black market media (and cosmetics, food, electronics, etc) could flow freely. As is usual in an authoritarian regime, well-connected people can ignore the rules, smart/wealthy people can work around them, and the occasional unlucky person can be made into an example.
Sounds about right. Yeah and also, there's media that is freely distributed just for fun, and I think everyone can play Starcraft...there has to be a way. Game of cat and mouse. It's not just about what's forbidden and what's not it's also about bribing a little bit here, a little bit there...working the system, find a little something in the regular Wednesday (?) black market, hear a little secret...and as long as you're visibly contributing to society overall, you can push the envelope. Same as anywhere, Cuba is big on "sobrecumplir" meaning exceed expectations. If you do that, you can do all kinds of stuff.
So what is also missing from these viewpoints is that yeah on an individual basis, individual freedom, Koreans have fairly little of that to be sure. And it's not only due to rules, the rules and strictness is interwoven with the poverty, they cannot be thought of independently. If a country is poor, its prisons have to be that much worse than a rich country's for them to be a deterrent to theft. And that's just one example.
But collective freedom! Now that's a different story. These Koreans have a lot of that! Basically they gave up all their individual freedom in exchange for all the collective freedom they could possibly get. That's how you end up with Juche, for instance, mostly a way to accept poverty down the line but in exchange never allow foreign powers to perform manipulation through trade. And in fact, in the last "maximum pressure" period that Trump imposed, Korea didn't budge or suffer.[1] And for collective freedom the people--to my fullest understanding--need an autocrat, autocrator [2], the one guy everyone else in society stands in the way of bullets for, and who then thinks of all of them in return without any interference from foreign manipulation. Democracy is then in terms of the neurons of the autocrator. Any one of these neurons can change his mind completely[2], without tallying ballots or recounts.
That's what I gather from reading beyond the curriculum of Stanford's Korean History class.
[1] The price of rice didn't change under sanctions. A big reason given, though there were several, was that because North Korea's agriculture was generally not mechanized, State Dept. couldn't squeeze them on the availability of spare parts for machines. That was a huge surprise for State...and on top of that the counterfeiting. So while United States can owns the ability to print dollars, so does North Korea. How good would you think they would get if they made it a national priority? The brightest minds, thinking of ways to make a Benjamin cheaper than $100. It's a super simple goal. I think anybody can forge them for $1000 apiece, but to get it down under $100, ah! So while South Korea sends its brightest minds (in this case best test scores, they are totally subscribed to that) to eg Stanford, North Korea keeps them right put, working on sovereignty. Nationalism. Like they can get a 99 percentile student on every square millimeter of the $100 dollar bill. And get this, the North historically had better students than the South, especially the most mountainous areas, those had the most Yangban standardized exam passers. Because what else will you do with your time but study!
[2] I think in Russia the Czar is called an autocrator internally, Czar was the external name.
[3] This concept was enshrined in the Choson dynasty, absolutely any son of the King could inherit the throne, without any restrictions on whom his mother was. Although I know little of palatial uh...well conspiracies, what else could you call them...dynamics. Dynamics. There were rules, and nuance, and many interests at play.
They often run very old versions, also on their Linux systems ("Red Star OS"). For someone with outside knowledge, it'd probably be trivial to acquire root
Definitely, but those people generally have access to the Internet. Modern Android security isn't what people used to jailbreak 30 years ago before the internet.
Yeah, we learned it as kids at my primary school. Forums and people there will help a lot if you ask nicely. I guess North Koreans have to learn it from other people directly, though... that's probably much harder. Cubans have huge data libraries shared on USB flashdrives, I wonder if North Koreans have it too.
Humans are adaptable. I figured out how to connect all the computers in the house over a LAN and dial the living room computer's modem on activity when I was little because a switch and some cat 5 was cheaper than an extra phone line. Computer science is just a way of discovering and sharing a niche of adaptations.
I'd genuinely be surprised if the majority of hackers and crackers outside of NK had formal CS educations, or at least only began cracking after receiving a formal education.
This is extraordinarily brave, given what usually happens to people who possess illegal content in NK. I think I'll stick to criticizing politically unpopular people on Twitter.
> When using a separate SD card, the user is asked to select between “use as a memory card” or “use as internal memory.” If the user chooses “use as internal memory,” it then requests initialization of the SD card so that it can only be used on the current phone. When “use as a memory card” is selected, initialization is not required but folder access is blocked.
This sounds suspiciously like Android's "adoptable storage", except the folder access part.
But meh, they got the thing, but didn't do any kind of technical analysis on it? Didn't dump the ROM for everyone curious to poke at? How so? The article itself, too, is almost annoyingly un-technical.
Japanese porn booklets used to be smuggled in back in the days [1], so I'm not surprised they are jail breaking devices to access forbidden media now :p
It might be. I don’t see anything in the article stating that this is via the internet. The sneakernet is popular in places with limited internet access.
why? I would totally agree that NK and the US are on different ends of the spectrum, but why is a comparison not allowed? Isn't it useful to compare two items that may be opposites to observe their differences?
First, if you read the GP, there’s an equivalency implied. You’re commenting on my message out of context.
Second, what’s the point? The differences would be immeasurable and nonsensical. It’s like saying shouldn’t we compare snoop dog to a blue whale? They’re mammals on the opposite spectrum!
The morals that I apply to others are so different from the morals that I apply to myself, that they cannot even be considered to exist in the same dimension.
Not attacking you personally, but it's important to keep this stuff in mind when we make choices as customers. Consumers are cattle. Don't be like cattle. Use your money for good.
----------------
The difference between you and North Korea is that nobody is holding a gun to your head forcing you to buy phones you can't root.
Which means that it is very likely that you volunteered for it. Unless somebody else paid for it, like work. Then that is their problem. I still recommend buying your own phone.
Why did you do that?
Is it because the phone is a particular brand that is fashionable and you want that to reflect on you when you use the phone around other people? Is it because it is cheaper to buy because the phone company subsidizes the phone in order to sell you spyware you can't get rid of and to lock in reliable monthly payments from you?
There are lots of reasons people do this. Maybe it's just ignorance. Maybe they tell themselves they don't have anything to hide. Maybe having control over the things in they own seems like too much work or too intimidating.
Because it is extremely likely you actually had a choice and your choice was to sell your freedom in exchange for shiny baubles.
You didn't have to do that. And you don't have to continue to do that. You have a choice. You have the power. You really do.
This is important because you have the chance to financially reward people that want to preserve your freedom or you can financially reward people that take it away.
This is the power you have. It is more democratic than voting. It also matters much more.
> nobody is holding a gun to your head forcing you to buy phones you can't root
The DMCA (and to a lesser extent, CFAA) is routinely abused by software & hardware manufacturers to prevent people from taking control of their own devices, and if you do it at a large scale then you will eventually end up with a gun to your head.
Regulations are short term /high friction solutions even if you had good ones, sooner or later big companies will work around them/regulatory capture , change will only come if people show it by what they buy .
Vote with your pocket , there are phones like fairphone [1] which makes right to repair a central part of their design .
Even if people don’t know or care about right to repair a lot of people care about sustainability , you can’t have one sustainable credentials with unrepairable phones like Apple keeps marketing.
Help others in your life make that informed choice .
We need regulations, and more so constitutionalism, to set boundaries for the free market economy in favor of humanitarianism, environmentalism and liberalism, or those who vote with their pocket will vote us all back into feudalism by selling their vote to their oppressors for short term tangible benefits.
And they looked from their windows at the angry masses and asked: "What do they want?" - "Well they are unhappy that Disney only streams to certified firmware, that banking apps don't work on rooted systems, and that their devices report to the secret police" - "I don't understand" - "They say their bread is moldy and rotten" - "Then why don't they eat cake?"
Supporting ethical companies is a good thing and you should totally do that. But i doubt the emergence of surveillance capitalism can be solved by that alone. By no means stop advocating for it, it does bring change, but some business and government practices must be regulated. And some existing regulation must be changed to favor humans instead of corporations and government agencies.
Note the thread is not about a "right to repair" but a "right to repair democracy"
I mean otoh the market only offers so much choice and often established producers work to make it more difficult for up and comers to themselves be established. We are infact often cattle whose choices are limited to merely where we can stand within a tightly controlled field of very limited size, especially when many of these tools we are reliant upon in modern life can no longer be practically made in the home.
> We are infact often cattle whose choices are limited to merely where we can stand within a tightly controlled field of very limited size
We are if we limit ourselves to act only as individual consumers. But if we act as a collective of citizens, we can compel companies to offer the choices we want.
As long as there is mass media the collective's voice is usually drowned out by the companies interests anyhow. Advertising is too effective to sway public opinion on any topic and just throwing more money works too well. Grassroots efforts are stomped before they are allowed to take flight, unfortunately. There is too much intertia to meaningfully change the status quo in a lot of ways. This is why its better to derive your happiness from other things than the state of the world.
Most people can't be experts at most things. That's how specialization works.
It's easy to blame consumerism and people being dumb when you look at a single market, but there are hundreds of markets and in the other 99 we're the dumb ones.
> your choice was to sell your freedom in exchange for shiny baubles.
Actually, my choice was that Apple engineers with teams, budgets, etc. and a mandate to protect my privacy will do a better job initially and certainly a better job with updates, than I would installing a collection of OSS software on a rooted Android phone. I mean, most people, if they care at all, slam umatrix as an add on with the default lists and call it a day. It's the same outsourcing, but to volunteers.
> This is the power you have. It is more democratic than voting.
I don't know about you, but I only stopped by physical keyboard having phones when the stopped selling them. You can look at dumb TVs, dumb cars, and a lot of other examples where they just don't make some options anymore. I mean, sure I can buy ethically, and try to, but I don't convince myself my money is the make and break difference. Hell, if you look at my purchase habits, you'll see I frequently am on the losing side.
Also, it's kinda bizarre to claim that the free market is more democratic than voting, since voting is the gold standard of democracy.
Sure, they just want to govern 'misinformation' but surely they don't mean to censor anything. Sure... Why would you even dream of giving the DHS the benefit of the doubt?
It always relieves me to know that while foreign regimes censor news, western regimes only censor misinformation. Glad we've kept the moral high ground.
> The depths to which North Korea goes to track and monitor its citizens is a lot more complex than I thought (and this video is from 6 years ago, so they’ve probably only improved their surveillance)
If you think that’s wild, get a load of what the NSA and GCHQ do
There is a significant difference in the degree of invasion between controlling the software users can run on their personal devices, and passively tapping the communication links between them. For NK, the former is backed up by direct laws mandating such direct control, while the latter is mainly made effective by users not doing the work to use privacy preserving protocols.
While we most certainly should condemn NSA's actions and work for our own society to become freer, we must not equate the two lest we end up forgetting which direction is up - just like many have done with regards to Russia's war on Ukraine.
In the west, Apple and Google do the former... Sure, you can run your own software, but in practice, who does? Probably the same sort of people who are jailbreaking their North-Korean phones.
You see, another interpretation is that beating our chest about other peoples moral failing is inherently a narcissistic display since it cannot lead to any changes other than making us more apathetic and powerless.
You can see the same dynamic in work every year in our elaborate performance over the Tiananmen square massacre and the simultaneous complete lack of interest in the Gwangju massacre.
No, once again there is a distinction. Apple, Google, et al control the software running on users' devices through network effects and apathy, rather than by legal fiat. When trying to change the state of affairs, details do matter. Just equating it all adds to the feeling of helplessness. I agree about the general phenomenon of performative concern, and perhaps that is what discussing North Korea's digital restrictions management ultimately is for most. But still proper criticism of that phenomenon is not to equate it with domestic issues that we can actually effect change on.
Yeah, so the question is not whether north korean surveillance is bad,we agree on that. The question is what meaningful difference is there in the surveillance? The fact that the surveillance is legislated and lawfully conducted seems to be a rather technical distinction vs the situation corporations are simply unregulated and, by default, permitted to own any data they collect, even without consent.
The only material difference seems to be that, in North Korea, the state is (feels) so insecure that it has to monitor what people say. Wheras in the US, they don't care what people say because there's nothing they can do to challenge corporate power anyway.
>For NK, the former is backed up by direct laws mandating such direct control, while the latter is mainly made effective by users not doing the work to use privacy preserving protocols.
What Ennesay does is either illegal or secretly justified (take your pick), and they lie to the rest of government and the public about what they do.
At least NK is open and expliciedit: to the downvoters, trust this is not me saying we need to be like NK. It’s me pointing out a flaw of the US government
Disagreed, the secrecy is a symptom of desire to avoid public retaliation because they know it will affect those who sponsor such programs.
This highlights there is need to continue to expose such systems via strong journalism + protections of freedom of speech (as written in the 1st amendment).
Saying "at least NK is open and explicit" is because the government fears nothing with absolute control, and as the grandparent comment says - we cannot forget this key difference.
It was a hop to a more generic/repetitive topic, which is generally to be avoided because the resulting discussions tend to be more shallow and less interesting. Doubly so when the hop is also in a more ideological or flamewar-prone direction.
Yeah, I've yet to hear of NK sending submarines to tap undersea cables or storing essentially all internet traffic for future decryption efforts. Their little spy OS seems pretty quaint in comparison.
Not sure why this is being down voted as it is a true story. The underwater recording unit was on display in the Kremlin (is it still?) with a "Made in USA" plaque attached for all to see.
The cable this sub tapped was the line between Kamchatka and Vladivostok. Both sound a bit like Nantucket, but really aren't in Massachusetts or any other US state.
This thread started with "track and monitor its citizens" and continued "If you think that’s wild, ...", the latter of which was going for the tu quoque, i. e. "the US is worse than North Korea", for which the example is useless.
It would work well in supporting the argument that the NSA (or CIA) had some rather sophisticated technology all the way back in the 80s, at least compared to North Korea, which, frankly, wouldn't be very surprising but at least somewhat sane, which makes it a rather sad commentary on the state of discourse that there is zero doubt which argument the parent comment was going for.
One of their workarounds for violating the constitution is to route domestic traffic out of country so that it is classified as "foreign" and fair game for collection.
This was the stated reason too, at least here in Europe. National security, which is a polite way of saying the Chinese would tap them. Which they definitely would, since we would too in their position.
"Wait 'til you hear about people who record conversations the park! The spook bouncing lasers off the window of your home & office to reconstruct audio of your conversations will seem quaint by comparison."
In other words: most of the proper sense of proportion here is set by what reasonable expectations of privacy are.
I can certainly appreciate the merits of a communication channel that features secure messages in transit. But I don't expect that by default. Privacy expectations should be set by contract or statute.
On the other hand, I definitely expect that conversations in my residence or data on my device should be private by default.
Eavesdropping is a whole different category from intrusion, even if you find both unpleasant.
I think it evokes such incredulity that someone could point it out in good faith while also technically possibly being a correct statement that it's just humourous by itself.
It's got the irony that evidence is not evidence unless people know about it and the fact the agency is known for hiding what they do from even the institutions that are supposed to oversee it.
You've got the leap of faith to take at face value that an agency that denied a program existed for years, continued the program for years after it was pointed out it was illegal has said it's not doing it anymore.
The relative recentness of the actions by specifying 2019.
At the time the program was shut down in 2019, it was completely legal, having been written into law. You are claiming that the NSA is doing something illegal, yet in the vast trove of documents that Snowden released, there was only one program that was possibly illegal.
Prior to Snowden's leaks, I would have been more open to believing they were involved in the type of extralegal activities the CIA was notorious for, but after Snowden's leaks, it became clear that this wasn't the case. Suppose Snowden were the SharePoint admin at your company and leaked all its documents to the press. Do you think there would be only one questionably legal program in there?
It wasn't even questionably legal for 4 years where it was publicly known to be illegal let alone the length of time before that while it was operating in secret. That would be like saying drinking alcohol during prohibition was questionably legal which is flat out wrong no matter your morality.
I can guarantee you that 1 in 400 of our projects by budget at my work aren't ilegal or could even have questions raised about their legality. Like most companies if we found a project that was illegal or found an employee was routinely breaking local law to do his job that would be fixed immediately not in 4 years while we waited for it to become legal. And if it turned out I was wrong and people where purposefully commiting crimes against my fellow countrymen I'd be cheering the whistleblower who brought it to light while looking for a different job that wasn't such a cesspit of moral compromise.
The silliest part about your statements is you seem to be ignoring the problem by focusinng on only (I won't even say positives because your just saying it is no longer illegal and that there is no up to the minute evidence from inside a secret organization) the neutrals in the situation. You're doing the equivalent of saying yes the arsonist set fires and destroyed 1000s of acres but isn't the sunset pretty because of the smoke. Oh and look the firetrucks put out the fire after only a couple of hikers died. Plus people did want to do a controlled burn of that forest at some point so we shouldn't take away his lighter and certainly shouldn't charge him.
> It wasn't even questionably legal for 4 years where it was publicly known to be illegal let alone the length of time before that while it was operating in secret.
Smith v. Maryland makes it constitutional. Whether it was authorized by the PATRIOT Act was not clear, but their lawyers provided justification.
> I can guarantee you that 1 in 400 of our projects by budget at my work aren't ilegal or could even have questions raised about their legality.
Snowden could see the documents describing all the programs, but there was only one program that was questionably legal in there.
> And if it turned out I was wrong and people where purposefully commiting crimes against my fellow countrymen I'd be cheering the whistleblower who brought it to light while looking for a different job that wasn't such a cesspit of moral compromise.
What if the "whistleblower" also released the documents for all the other programs that were clearly legal? I guarantee you if the SharePoint admin at your company released all the internal documents, there would be at least one crime in there. Does that make it right for all SharePoint admins at every large company to always publicly release all the documents on their servers? I certainly wouldn't cheer them at my company, especially if they released documents helping competitors, like a list of compromised Chinese networks and when they were compromised.
> The silliest part
is that what North Korea is doing would be clearly illegal in the US, but pueblito claims that the NSA is doing worse without any evidence and with the evidence from Snowden's leaks showing that the NSA at least tries very hard to follow the law.
There was also no evidence before the 2013 disclosures (to my knowledge) that the NSA monitored US citizens using phone metadata at all. A bit of healthy scepticism is good for you.
There is also no evidence that they stopped; just that one "program" stopped.
There's also a bunch of other arms of the USG that like to spy (both foreign and domestic) - the IC is more than just the NSA. The CIA is, for example, spying on domestic financial transactions.
The NSA monitors a lot of US citizens. So does the CIA. Verizon and ATT and T-Mobile also keep logs, which are available to DHS/FBI/CIA/NSA/et al on demand without warrants.
Grouping those agencies together is an oversimplification as they have wildly different authority for data collection under the law.
Also, saying that commercial data is available “without a warrant” is a strange framing of the issue. It’s available to anyone as long as the check doesn’t bounce.
> Grouping those agencies together is an oversimplification as they have wildly different authority for data collection under the law.
They routinely operate outside of the law, using classified interpretations of what they believe the law allows them to do. This is not about what is or isn't lawful, they don't give a fuck about that. The CIA hacked American congressional computers to delete evidence (about the CIA torturing people), got caught, and lied about their deleting evidence, and nothing happens. What is or is not permitted "under the law" is completely, totally irrelevant and bringing it up is a red herring.
> Also, saying that commercial data is available “without a warrant” is a strange framing of the issue. It’s available to anyone as long as the check doesn’t bounce.
Every US citizen with a security clearance is fair game for warrantless monitoring at any time. They get to maintain a domestic surveillance apparatus just for that capability alone. Of course, once you have a hammer...
Snowden's leaks contained a single program that collected US data at the time, which Mark Klein had already revealed in 2006. That program was reduced after Snowden's leaks and then shut down entirely in 2019.
The United States should back it's (alleged) principles & help develop & spread liberalizing, anti-authoritarian software, like this.
This is still couched as consuming media. The stakes are higher, but I'd have us go further: try to allow person to person, group, & broadcast communication in places where the internet is being subverted & blocked.
"The Internet interprts censorship as damage and routes around it". -John Gilmore.
Alas the current regimes, bith conservative & liberal, are more focused around demanding things of the internet & making up new regulation, bith as a direct threat to letting people operate & maintain presence they would online. It's extremely hard days seeing one of the greatest emerged possibilities in the world- a universal right to speech & connect- clambored over & shouted down like this. Stories like this & others, of helping people see beyond their oppressive regimes, need much bigger celebration & support.
Well, how does such software currently spread in North Korea? And, what do you think will happen to your average North Korean who gets caught with the current non-US-backed anti-authoritarian software?
But then when we look deeper, it gets more complicated. Could we make software that is easier to use and harder to detect? Probably. If someone gets caught with it, will they be in more trouble than they would with non-US-backed software that had similar functionality? Very likely. If the time comes when NK figures out how to track it, and more people have it on their phones because we encouraged them, and the hammer comes down on them, but more information got into NK because of this, is that a good trade-off or a bad one? (I'm not even going to propose an answer to that question...)
If i had all the answers i'd be doing it. Wifi-p2p, bluetooth-le broadcasts... who knows. We need more trying stuff.
This salty snippy rejectionist behavior doesnt help. Being so certain of failure, convincing everyone not to try to improve things, swearing all attempts are futile... dont you see what vaccuous sucking nihilism this is? It's badgering & bullying to have a stance that is so uncompromising, so mightily assured of failure, that phrases "concerns" so demeaningly. There's no room for any possibility that maybe, just maybe, we could make things better, and that: I hard reject as cruel & unsavory.
I dont know what happens. Maybe we find some fantastic covert plausible deniability systems- launch the tech as a small payload in every top 10 site on the planet. Maybe NK doesnt end up being a good spot for freedomware. Maybe it helps Russia, or Myanmar. Doing nothing will help no oppressed people ever: that I promise. Lets not be cowards, let's find some principled things to explore & advance, lets try.
Ignorantly pushing random solutions because "we need more trying" can be so much worse than not helping. North Korea and many of these regions pose huge geopolitical problems. The potential gepolitical outcome of a misguided "solution" isn't just that we "will help no oppressed people ever", it is mass destruction & conflict on a global & industrial scale.
Deniability based on technicalities and plausibility is really tenuous at the geopolitical level and I think it's outrageously harmful to suggest ignorantly fucking with it, as if the leaders in North Korea and their Chinese allies give two shits about plausibility when they see a coordinated cyberattack from the US aimed at their systems.
If you have no idea what you're talking about, please don't try. You are not playing with VC dollars. Otherwise, the US govt is hiring and they're looking for thoughtful and discreet people.
i'll make sure i practice my beliefs & my values quietly where no one else might see them. sounds smart. very safe. i am too fearful uncertain & doubtful to share my hopes & ideas of betterment: mission accomplished.
Ooh, burn. I feel sorry for Alan Turing and his colleagues at Bletchley Park, all they could pitifully do was practice their beliefs & values quietly where no one else might see them. It would have been much better if they overcame their fear, uncertainty & doubt to share their hopes & ideas for the world to see, what a shame you weren't there at the time to leak them. Wouldn't want to gatekeep.
To me it seems clear they weren't engaged in grand strategy, that the particulars of democracy & values weren't at the forefront. Simply turning back the tides against onslaught was the move of the day. Facing overrun, they were seeking every advantage they could; they did not have the luxury of advocating their values.
I feel sorry for AT & his colleagues. Because they couldn't share their great work, because incredible advanced & efforts had to be kept secret. Because people had to die, information had to go un-acted upon, to maintain the strategic advantage.
But developing a toolkit for democracy, developing capabilities and potentials: that threatens no one. There's no cost to doing that. We don't have to try to seed democratic technologies to the world. But we should have this arsenal of freedom. We should ennoble & potentiate humanity, so that when the times come, we are ready. Let's try. Let's not be afraid, and worthless. Let's be as brave as Bletchley, let's prepare.
Threatens no one? Toolkits for democracies threaten illiberal autocracies like China, Russia, and North Korea, they present it as a threat to their sovereign power and they threaten retaliation against everyone else in response. With the recent ongoing war against nuclear Russia in the spotlight, with China's looming threat to swallow Taiwan into its totalitarian police state, it's surprising to encounter such ignorance to what's at stake. Strategic advantage is more important than ever.
If you want to be as brave as Alan Turing and his colleagues, then have the bravery to be thoughtful and discreet as they were. They weren't afraid and worthless. Alan Turing had the bravery to do what you now call cowardly, but I can think of worse insults to describe ignorant & reckless vigilantes in the high stakes theatre of geopolitics. If you want to prepare, the US govt (and other democratic countries) is hiring.
Also, wouldn't they be much more successful trying to spread it in South Korea, where they have considerable political influence (they command its military, they have 30,000 troops stationed there, the intelligence agencies are highly interlinked, the defence ministry is almost literally inside a US army base)?
> "The Internet interprts censorship as damage and routes around it". -John Gilmore.
This is one of those old bromides like Postel's law that just doesn't reflect the reality of the situation in the modern world. Today's modern equivalent would be "The net interprets heterodoxy as noise and filters it out." The most recent example being, a guy asked about what it would take to get Twitter's AS depeered for "disruptive activity" after the Musk acquisition:
It's probably difficult and unpopular among the large telecom firms to do this now, but with the right incentives we may see sites depeered for political reasons in the future.
The internet is still a series of dumb tubes, as I see it. I believe in site's rights to maintain themselves as they will, and this is not a contradiction. That's a high-level concern, one the internet infrastructure doesn't notice or care about.
You are absolutely correct that things could get shitty. But I see no indicators on my radar right now that the various anti-internet forces that be in the world are at all embraced or accepted: I think we all still see them as enemy of the common good, quite clearly, and foes to fundamental human rights.
> The internet is still a series of dumb tubes, as I see it.
The internet is a series of contractual agreements between large corporate entities that, till now, have provided an interface that is like a series of dumb tubes. Up till now, they have operated on the principle that everybody has the same color money and should therefore receive the same service.
However.
These days, large corporate entities need to be aligned with the ESG rules established by the major investment banks who provide them with finances and sit on their boards. That includes an obligation to fight back against forces deemed insufficiently progressive, to avoid the rise of another Trump. Nobody wants to be remembered for complicity in the rise of fascism in the USA, like IBM's complicity in the holocaust. If a site on the internet is seen to be a locus for fascist voices, it will soon be acceptable for that site to no longer be on the internet. Better to enter the kingdom with one eye than to be cast with both eyes into Gehenna.
I’m not optimistic, considering the state of democracy in US.
It looks like liberalism and democracy is insufficient to counteract the ill effects of capitalism - the transformation of society from a market economy to a market society.
I'm not sure what you mean by "liberalism" in this context, but over here, it's liberalism that has us relying on billionaires to buy media platforms so that we get access to forbidden media.
I'm guessing most people in NK aren't carrying $1000 phones. They are carrying "...government-approved, Android-based smartphones...". Your statement about companies controlling the devices is certainly worth arguing for, but it's a different, far more draconian situation in North Korea.
It's the same situation, just taken to the extreme conclusion. We see varying shades of control of electronics from different governments and corporations, but at the end of the day putting a stop to any of these varying amounts of control requires the same solution: being allowed to use a computer for general purpose computing.
Mobile devices move around. A device that assumes physical possession equals ownership is not secure.
I will agree that bootloaders should be unlockable, but to argue that locking functionality shouldn’t exist is arguing in favor of physical security vulnerabilities.
If you think that the North Koreans would be unwares that people are trying to circumvent anything unless they read it on HN, then you are just not very imaginative.
If you see the message, and you didn't unlock the bootloader, somebody else unlocked the bootloader, and you should apply the appropriate level of distrust to the device. I agree that the message could be made more secure by displaying some hash of the system partition, so if you unlock the bootloader deliberately, you will know if somebody else replaced your modifications. Not displaying the message at all, as you've suggested, is a huge security risk.
Well the world is already fracturing in multiple spheres of entertainment, cyber and politics. Just waiting for the west to power up their great firewall with the US clean network initiative.
"In another Orwellian measure, Pyongyang phones' government-created operating system takes screenshots of the device at random intervals, the two defectors say-a surveillance feature designed to instill a sense that the user is always being monitored. The images from those screenshots are then kept in an inaccessible portion of the phone's storage, where they can't be viewed or deleted."
Hypothetical: What if the images were instead kept inside an Apple "Secure Enclave". The Secure Enclave is equipped with a dedicated secure nonvolatile storage device. How could the owner of the device access and delete them.
I don't think you need to be so defensive. GP is not saying that's how it works today. They're speculating about how existing technology can be repurposed to do evil things.
It's more like a TPM, HSM or ARM's TrustZone than it is an encrypted disk. You can use it to enable encryption of data elsewhere on the device that the user doesn't have access to, among many other things.
