It’s rather funny how governments that have always wanted backdoors (for „lawful interception“) in telco infrastructure are now suddenly claiming to be afraid of having backdoors in their products.

@jwildeboer It's always about who is in control of the backdoors...

@galaxis @jwildeboer
I don't think he reads his fediverse replies at all. It seems to be just a carbon copy of his Twitter messages with zero interaction.
Which if you think of it is pretty sad for someone claiming to be an open source advocate…

@tbr @galaxis your bias is your freedom, but it is still wrong. I’m as active here as on Twitter :)

@tbr @galaxis also thanks for jumping to conclusions and question my motivations wrt Open Source based on that …

@jwildeboer @galaxis I didn't see interactions from you at all here and yes that's what I based my statement on.
I'm happy to be proven wrong seeing that you are active here.

@tbr You can check my level of interaction anytime at ;) I run my own mastodon instance for a reason ...

@jwildeboer Yeah...

In a similar twist, they act all shocked when, after they coerced all vendors to add “lawful” interception capabilities, some dude in a dictatorship goes “I am the law. Turn that shit on.”

The only escape is no backdoors in our communications infrastructure.
No, not even just the one.

@kellerfuchs Whle that is a desirable goal, we all know it won't happen. So the seond best line of defence is end to end encryption for all communications. And I definitely don't expect the telcos and NEPs (Network Equipment Providers) to be of much help with that.

@jwildeboer Oh, I didn't mean only ISPs (and their hardware vendors) by communication infrastructure.

Backdoors in your end-to-end encryption are just as much of a risk (if not more) than in your ISP.

Also, we *have* to get rid of the ISP backdoors, as they collect plenty of metadata that is at least as juicy as the actual content (and E2EE is no help there).

For context, I work on/in privacy tech. And yes there's a lot we can do there. And yes, an adversarial environment is a reasonable assumption.

But as long as we pretend that privacy tech alone will solve those issues, we are

1) pretending all people will be knowledgeable enough to know/care about it

2) pushing a whole lot of cognitive overhead on them, and expectations of good opsec

3) completely ignoring that “the state is spying on us all the time” is a hell of a political problem, and that we should solve it.

Social & political problems don't have technical solutions.

@kellerfuchs Full ack on the need for societal and political change.

One of my arguments since a long time has been the obvious and simple observation: "Centralisation makes abuse cheap." This observation has a lot to do with technology. By focusing on centralised services, we have enabled the erosion of privacy and protection by lowering the price of abuse significantly.


@kellerfuchs Decentralisation (and E2E is part of that IMHO) drives up the cost of abuse. It is quite a cost difference between hacking/legally backdooring a centralised service or being forced to backdoor/hack millions of devices. When the cost of abuse goes up, the question to actually do it becomes more nuanced to answer.

It's a crude argument in some ways, but IMHO it points to a workable path. /2

@jwildeboer Yes, and it's not only centralisation of tech/infrastructure.

Hierarchical structures of power, at all level (states, corporations, universities, ...), make abuse possible/easier.

Centralisation of transport makes other form of abuse possible...

Regarding your comment on E2E, there are a couple of issues; as I said, end-to-end encryption, even within a decentralised system, doesn't necessarily hide metadata from the underlying, centralized communication infrastructure.

TBH, few/none of the “secure comms” projects I looked into make serious attempts at getting rid of centralized point of compromise, let alone provide strong privacy.

Sign in to participate in the conversation

Mastodon instance for people with Wildeboer as their last name