@nixCraft@mastodon.social Oh, and I bet the bad guys will find it fast and will use it way more proficiently than any government in the world.
If we're lucky: against these governments - so that the backdoors will be shut real quick.
this post was submitted on 06 Oct 2024
4 points (100.0% liked)
Privacy
2 readers
26 users here now
Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.
founded 1 year ago
MODERATORS
@nixCraft@mastodon.social We and many know that there's a few backdoors that are yet to be exploited and will be in the future.
@nixCraft@mastodon.social a "backdoor" is a vulnerability. End.
@nixCraft@mastodon.social I agree absolutely, but it's worse than that.
a. There may be classified back doors in some software, e.g. OS kernels, cryptography algorithms, etc., and we wouldn't know if these had been rediscovered, e.g. by a malicious state actor.
b. If you think code visibility, e.g. through open source, avoids hidden back doors, enjoy reading
Not sure what the answer is, unless it's simply to live with the possibility that any software I use could be compromised.
@nixCraft@mastodon.social Good point.
@nixCraft@mastodon.social Furthermore, there are no good guys. The existence of backdoors would attract even more bad guys into law enforcement/security than there are already.
@nixCraft@mastodon.social And yet the FBI and many politicians answer this with "NERD HARDER!!"
@nixCraft@mastodon.social
Smaug: Previous owners installed a backdoor in MY mountain? Well, it'll probably be fine.
Also Smaug: Patches break things. My armor is fine without patching.
Thranduil: But that barrel port's for outbound traffic only. It's not a backdoor. It's fine.
Theoden: The Deeping Wall has never been breached. That tiny backdoor culvert is fine.
Sauron: The old backdoor tunnel past Cirith Ungol? It's always had Shelob securing it. It's fine.
@nixCraft@mastodon.social
#chatcontrol #Chatkontrolle #EU #eugoingdark
@nixCraft@mastodon.social 99.9999999% of the time (rounding down) the "good guys" the back door is being created for are actually not very good too.
But hey, they tell us they are, so I guess that's good enough.
@nixCraft@mastodon.social
Raph Koster once famously wrote, "The client is in the hands of the enemy." Admittedly, that was in reference to the use of distributed computing in the running of MMORPGs, but the phrase is relevant to many, many aspects of programming for virtually every other online service.
There may be well-meaning 'good guys' out there who will utilize a backdoor for responsible and sensible purposes, but the general userbase of backdoors tends to be 'bad guys'. So introducing a backdoor into your system for the responsible people is just implementing a weakness.
If you're going to put an administrative login into your system, for the love of sweet candied apples, document it, make it clear it exists, and tell everyone how to lock it the heck down. #infosec
@nixCraft People still think that #EU bureaucrats are "good guys".
They are not. Those who advocate the introduction of a backdoor are not "good guys". In fact, these are the "malicious actors" you are talking about.
#chatcontrol is only a manifestation of the fascist tendencies of EU bureaucrats.
Therefore, full rejection of CC is not enough. Europeans need a law that protects their #privacy. Otherwise, the "good guys" will try with next versions of CC, again and again, until they succeed.
@nixCraft@mastodon.social tell that to the EU please.