Yeah, that is so strange, isn't it? 🤔
@jwildeboer It's always about who is in control of the backdoors...
@tbr You can check my level of interaction anytime at https://social.wildeboer.net/@jwildeboer/with_replies ;) I run my own mastodon instance for a reason ...
In a similar twist, they act all shocked when, after they coerced all vendors to add “lawful” interception capabilities, some dude in a dictatorship goes “I am the law. Turn that shit on.”
The only escape is no backdoors in our communications infrastructure.
No, not even just the one.
@kellerfuchs Whle that is a desirable goal, we all know it won't happen. So the seond best line of defence is end to end encryption for all communications. And I definitely don't expect the telcos and NEPs (Network Equipment Providers) to be of much help with that.
@jwildeboer Oh, I didn't mean only ISPs (and their hardware vendors) by communication infrastructure.
Backdoors in your end-to-end encryption are just as much of a risk (if not more) than in your ISP.
Also, we *have* to get rid of the ISP backdoors, as they collect plenty of metadata that is at least as juicy as the actual content (and E2EE is no help there).
For context, I work on/in privacy tech. And yes there's a lot we can do there. And yes, an adversarial environment is a reasonable assumption.
But as long as we pretend that privacy tech alone will solve those issues, we are
1) pretending all people will be knowledgeable enough to know/care about it
2) pushing a whole lot of cognitive overhead on them, and expectations of good opsec
3) completely ignoring that “the state is spying on us all the time” is a hell of a political problem, and that we should solve it.
Social & political problems don't have technical solutions.
@kellerfuchs Full ack on the need for societal and political change.
One of my arguments since a long time has been the obvious and simple observation: "Centralisation makes abuse cheap." This observation has a lot to do with technology. By focusing on centralised services, we have enabled the erosion of privacy and protection by lowering the price of abuse significantly.
@kellerfuchs Decentralisation (and E2E is part of that IMHO) drives up the cost of abuse. It is quite a cost difference between hacking/legally backdooring a centralised service or being forced to backdoor/hack millions of devices. When the cost of abuse goes up, the question to actually do it becomes more nuanced to answer.
It's a crude argument in some ways, but IMHO it points to a workable path. /2
@jwildeboer Yes, and it's not only centralisation of tech/infrastructure.
Hierarchical structures of power, at all level (states, corporations, universities, ...), make abuse possible/easier.
Centralisation of transport makes other form of abuse possible...
Regarding your comment on E2E, there are a couple of issues; as I said, end-to-end encryption, even within a decentralised system, doesn't necessarily hide metadata from the underlying, centralized communication infrastructure.
TBH, few/none of the “secure comms” projects I looked into make serious attempts at getting rid of centralized point of compromise, let alone provide strong privacy.
Mastodon instance for people with Wildeboer as their last name