this post was submitted on 06 Oct 2024
4 points (100.0% liked)

Privacy

2 readers
26 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
ciferecaNinjo@fedia.io
4
There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it fur (mastodon.social)
submitted 1 month ago by nixCraft@mastodon.social to c/privacy@fedia.io
13 comments fedilink hide all child comments
 

There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec

you are viewing a single comment's thread
view the rest of the comments
[–] theogrin@chaosfem.tw 1 points 1 month ago

@nixCraft@mastodon.social

Raph Koster once famously wrote, "The client is in the hands of the enemy." Admittedly, that was in reference to the use of distributed computing in the running of MMORPGs, but the phrase is relevant to many, many aspects of programming for virtually every other online service.

There may be well-meaning 'good guys' out there who will utilize a backdoor for responsible and sensible purposes, but the general userbase of backdoors tends to be 'bad guys'. So introducing a backdoor into your system for the responsible people is just implementing a weakness.

If you're going to put an administrative login into your system, for the love of sweet candied apples, document it, make it clear it exists, and tell everyone how to lock it the heck down. #infosec