there is no such thing as a zero-trust society (although I now want to write that scifi story and tease that idea out). As such, the cost of living in a society will always be some amount of infringement of privacy beyond complete anonymity. Even you were comfortable giving your address and name to 4 other parties (under the presumption that only they would use that information), and even then how many individuals within those organizations have access to that information?
Thus privacy cannot be thought of as an all-or-nothing battle. Privacy is a compromise between total anonymity (un-people) and convenience (you can’t get public utilities to your house if they don’t know where you live). The fact is that we have the level of privacy we do right now because of a lot of resistance and hard work. If it wasn’t for all the survivalists and conspiracy theorists and paranoid software devs and whistleblowers and tech journos and anti-authoritarian content creators and anti-surveillance artists and even ordinary joes like me who just want to use online services withouth the digital equivalent of the weird kid in class who stood over your shoulder and watched everything you did (x1000), things could and would be much worse.
If you must think of it as a war, consider it to be analogous to state-vs-collective wars of history: our “opponents” are organizations that are constrained by their hierarchical nature to certain unspoken rules of engagement, and we are a guerilla collective bound only by our shared value(s). Think the Texas Revolution, Vietnam, African National Congress, Zapatistas, IRA, Black Panthers or pretty much anything the Romans did with northern European Barbarians. I won’t sit here and lie to you that the devastation that happened to these peoples and their homelands was “winning,” but I can tell you that the dominators certainly didn’t get their way either.
Where did they say that they were comfortable doing that? I don’t see a word or an acronym of it.
Sometimes you must do things that you are not comfortable doing, but you just can’t avoid it. Doing that for the ISP (who need to set up the cable into your home and the gateway) is not the same as doing that for e.g. netflix or facebook.
Fine, in that case: more comfortable than the alternative. No one’s kicking down your door and forcing you to get phone or internet, you don’t have to live on-grid to survive, it’s not illegal to not own a vehicle.
there is no such thing as a zero-trust society (although I now want to write that scifi story and tease that idea out).
It’s been done, kinda. Guy named Hannu Rajaniemi wrote a dilogy called “Jean le Flambeur.” I think it’s in the second book, The Fractal Prince, the lead character visits Mars, which has a society where everyone has the ability to encrypt and/or sign all interactions; citizens have an organ that facilitates this, making the operations as fluid and natural as speaking. It’s well thought out, well written, and the series is an entertaining read. It reminded me of John C Wright’s “The Golden Oecumene” trilogy.
Make sure to click the voice to text icon (and maybe enable in settings?) before disabling network permissions. It will download the model and do voice to text off line. It works alarmingly well.
And recently India too. There’s a hacking for hire scandal going on beyond just this incident. Worse: it was Indians hacking Indian journalists using Israeli spyware.
Centralized CAs were and are a mistake. HTTPs should work more like ssh-keys where the first time you connect to a website it’s untrusted, but once you have validated it the website you want, it never bothers you again unless the private key changes. Private key rotations can be posted on public forums, or emailed, or any number of other ways and users that don’t care can ignore the warnings like they do anyway, while users who DO care, can perform their own validation through other channels.
The most important aspect is that there is no “authority” that can be corrupted, except for the service you are connecting to.
There is no way a user can know the website is real the first time it’s visited, without it presenting a verifiable certificate. It would be disastrous to trust the site after the first time you connected. Users shouldn’t need to care about security to get the benefits of it. It should just be seamless.
There are proposals out there to do away with the CAs (Decentralized PKI), but they require adoption by Web clients. Meanwhile, the Web clients (chrome) are often owned by the same companies that own the Certificate Authorities, so there’s no real incentive for them to build and adopt technology that would kill their $100+ million CA industry.
There is no way a user can know that their traffic hasn’t been man-in-the-middled by a compromised CA either. And why is it “disastrous” to trust a website after you have cryptographically verified its the same website you visited before? It would present the same public/private key pair that you already trust.
That’s where the SSH analogy comes from. On the initial connection you get the signature of the web-site you are trying to visit and your browser trusts it from then on. If something changes later, then the scary warning comes up.
Literally everybody does SSH wrong. The point of host keys is to exchange them out-of-band so you know you have the right host on the first connection.
And guess what certificates are.
Also keep in mind that although MS and Apple both publish trusted root lists, Mozilla is also one of, if not the, biggest player. They maintain the list of what ultimately gets distributed as ca-certificates in pretty much every Linux distro. It’s also the source of the Python certifi trusted root bundle, that required by requests, and probably makes its way into every API script/bot/tool using Python (which is probably most of them).
And there’s literally nothing stopping you from curating your own bundle or asking people to install your cert. And that takes care of the issue of TOFU. The idea being that somebody that accepts your certificate trusts you to verify that any entity using a certificate you attach your name to was properly vetted by you or your agents.
You are also welcome to submit your CA to Mozilla for consideration on including it on their master list. They are very transparent about the process.
Hell, there’s also nothing stopping you from rolling a CA and using certificates for host and client verification on SSH. Thats actually preferable at-scale.
A lot of major companies also use their own internal CA and bundle their own trusted root into their app or hardware (Sony does this with PlayStation, Amazon does this a lot of AWS Apps like workspaces, etc)
In fact, what you are essentially suggesting is functionally the exact same thibg as self-signed certificates. And there’s absolutely (technically) nothing wrong with them. They are perfectly fine, and probably preferable for certain applications (like machine-to-machine communication or a closed environment) because they expire much longer than the 1yr max you can get from most public CAs. But you still aren’t supposed to TOFU them. That smacks right in the face of a zero-trust philosophy.
The whole point of certificates is to make up for the issue of TOFU by you instead agreeing that you trust whoever maintains your root store, which is ultimately going to be either your OS or App developer. If you trust them to maintain your OS or essential app, then you should also trust them to maintain a list of companies they trust to properly vet their clientele.
And that whole process is probably the number one most perfect example of properly working, applied, capitalism. The top-level CAs are literally selling honesty. Fucking that up has huge business ramifications.
Not to mention, if you don’t trust Bob’s House of Certificate’s, there’s no reason you can’t entrust it from your system. And if you trust Jimbo’s Certificate Authority, you are welcome to tell your system to accept certificates they issue.
A better solution would be to have both at the same time.
Browser says: x number of CAs say that this site is authentic (click here for a list). Do you trust this site? Certificate fingerprint: … Certificate randomart: …
And then there would be options to trust it once, trust it temporarily, trust it and save the cert. The first 2 could also block JS if wanted.
I can see this would annoy the mainstream users, so probably this should be opt-in, asked at browser installation or something like that.
But you only really need one to say it’s authentic. There are levels of validation that require different levels of effort. Domain Validation (DV) is the most simple and requires that you prove you own the domain, which means making a special domain record for them to validate (usually a long string that they provide over their HTTPS site), or by sending an email to the registered domain owner from their WHOIS record. Organization Validation (OV) and extended verification (EV) are the higher tiers, and usually require proof of business ownership and an in-person interview, respectively.
Now, if you want to know if the site was compromised or malicious, that’s a different problem entirely. Certificates do not and cannot serve that function, and it’s wrong to place that role on CAs. That is a security and threat mitigation problem and is better solved by client-based applications, web filtering services, and next-gen firewalls, that use their own reputation databases for that.
A CA is not expected to prevent me from hosting rootkits. Doesn’t matter if my domain is rootkits-are.us or totallylegitandsafe.net. It’s their job to make sure I own those domains. Nothing more. For a DV cert at least.
Public key cryptography, and certificates in particular, are an amazing system. They don’t need to be scrapped because there’s a ton of misunderstanding as to its role and responsibilities.
It’s not even just your medical data. I picked up a prescription for my mother who just had spinal surgery, and they wouldn’t hand over the pain medication without taking down all of my info. I’ve had no issue picking up any of her other prescriptions. Seems the war on drugs is still alive and well.
To be fair, I work in hospice and we have run into situations where family members would help themselves to patient comfort meds if they could gain access. It’s not a bad idea to track who has access along the way.
Meanwhile, I’ve seen dozens of videos on Instagram of cartel guys floating literal boatloads full of coke and god knows what else across the gulf of mexico.
Watching the US government handle drug enforcement is like watching a toddler eat piss with a fork. Whatever they’re hoping to achieve isn’t going to help anyone and they’re not even trying to do it effectively.
Having Open Source projects providing the tools for that is extremely important. But ultimately the responsibility lies in the users hands. End to End encryption is the way. My files should 100% be encrypted on my side, with private keys that I own and nobody else. :)
Not everyone can do it.
I agree, but in this society even with that in considerations, corpo have responsabilities and duty…
Don’t misunderstand me, I’m on your technical philosophy. For my self, I trust my self. But society is manipulated with promises, and theses broken promises we have to talk about them, and outloud.
I’ve been very happy with my Nvidia Shield. It’s powerful enough for all 4k HDR media and runs Android so it’s customizable but I don’t have to think about it.
There is a bigger model that lays flat which has great hardware and then there is a “tube” model similar to the Amazon Fire stick size which is 32 bit only and has hardware issues also.
I like my Shield but it was a real bummer that I couldn’t just plug in a USB drive and play movies on it. It’s annoying that I have to setup Plex or Jellyfin or whatever to serve movies to the Shield
Same, it's kind of a symbolic gesture since I apparently haven't used DB since 2018, but still, I cited them sharing files with AI companies as the reason.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.