网络科技

    今日:788| 主题:246262
收藏本版
互联网、科技极客的综合动态。

[科技] E2E or GTFO

[复制链接]
久年 发表于 2016-10-8 22:42:46
113 1

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x

E2E or GTFO-1 (chocolate,subsequent,government,political,painfully)
   Oh, Yahoo. We’re not just mad at you. We’re also really, really disappointed. First it took you two years to figure out that you were hacked by a nation-state. Then you allowed another nation-state — the US government — to scan all of your user’s emails … using a buggy Linux kernel module … without ever telling your security team. Seriously, Yahoo? Seriously?
   Regardless of one’s moral / political stance on blanket user surveillance in the name of so-called national security, that combination of actions is just painfully, even staggeringly , inept. As were the subsequent non-denials:
     Media to Yahoo: Did you eat all the cookies?
   Yahoo *with crumbs and smeared chocolate around mouth*: We do not have any cookies.
    — Christopher Soghoian (@csoghoian) October 5, 2016
     They arguably weren’t even asked to do anything particularly awful, in and of itself. Scanning incoming emails for a signature which ( allegedly ) identified communications from a state-sponsored terrorist organization — that’s not so different from scanning for child porn or malware, right? At least from a certain point of view.
   I imagine the mindset was: why even bother fighting back? Sure, this demand apparently came from the creepy star-chamber rubber-stamping Foreign Intelligence Surveillance Court , and was accessorized by an open-ended gag order — nothing says “checks and balances” like clandestine courts issuing classified orders enforced in absolute secrecy, right? — but it still seemed so reasonable . I completely understand that stance. I disagree , but I understand. That’s what makes it so disconcerting.
   Ultimately every centralized system will be required, and will agree, to surveil their users. Not clandestinely, by the deep state, but openly, because we-the-people will, wrongly, demand it. We live in a time of near-unparalleled peace and prosperity; Americans are a four times more likely to be killed by lightning than by terrorists; and yet, even so,
  By two-to-one, Americans now say that they are more concerned that the government’s anti-terror policies have not gone far enough to protect the country (56%), rather than that these policies have gone too far in restricting the average person’s civil liberties (28%)”
   according to a Pew study last year .
   Imagine what will happen the next time the West does suffer from an attack on the scale of what happened fifteen years ago. Remember the zeitgeist of late 2001? Imagine that, again, except further conditioned by a decade-and-a-half of an endless War On Terror.
   I don’t doubt for a second the sincerity of the people whose job it is to protect users from surveillance. Even at Yahoo, as former Yahoo security engineer Yan Zhu writes in a typically incisive post :
  At the time this was happening, I was on the Yahoo Security team leading development on the End-to-End project … Ironically, if only we had been able to actually ship E2E, we would have given users a way to protect themselves from the exact backdoor scenario that they ended up in! … Personally I am grateful both for those who left and blew the whistle, and for those who stayed to protect Yahoo’s 800 million users.
  But most people ultimately don’t want protection from universal surveillance; they want the government to protect them from terror, even if that means universal surveillance. Again, I completely understand that stance — it’s hard not to — even though I think the surveillance cure is ultimately far worse than the terrorism / child-porn / moral-panic-of-the-week disease, as awful as those latter things may be.
   But we can’t rely on centralized systems to protect us out of the goodness of their hearts, if and when an overwhelming majority demands that they cease and desist. There is a solution, and it is end-to-end encryption, the same thing that Yahoo never did roll out, the same thing that (to their shame) Google supports but does not default to , the same thing that (to their credit) WhatsApp and iMessage and Signal provide by default.
   …To date. But even they are centralized services; even they can and may change. I still hold out hope for a usable decentralized email/messaging service, once that literally cannot be issued orders or held to account, because there is no central entity to address. I remain disappointed (though I like the look of Sandstorm as a building block). But my hope is that this, too, is only a matter of time.
   Featured Image: Tizio/ Wikimedia Commons UNDER A Public domain LICENSE
友荐云推荐




上一篇:广州网约车新规拟规定驾驶员具初中毕业以上文化程度
下一篇:看看 Instagram 的新办公室,确实很 Instagram
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

谢晶晶 发表于 2016-10-10 03:13:20
路过。。。。
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表