General > General Technical Chat
YouTube runs experiment addressing users with ad blocker
<< < (48/75) > >>
tom66:

--- Quote from: Ranayna on October 20, 2023, 12:12:39 pm ---And that is very likely why the EU and UK are looking into mandating backdoors for cryptography.
With a backdor, they can look into whatever you are transmitting, then it is trivial to filter and block.
And if they can't look into the traffic: well, you have circumvented the mandated backdoor, with all the consequences that entails...

--- End quote ---

Yes, the problem is essentially, there is no way to build a back door into something like asymmetrical crypto, that others could not eventually exploit.  Things like hidden keys or secrets that are only available to the government will be leaked.

So what they are asking for is cryptography to be banned, and that's just not feasible.  Too much of modern society depends upon it. 
madires:

--- Quote from: Ranayna on October 20, 2023, 10:14:09 am ---There are actually a lot of interests to control and limit the internet. Banning private use of VPN services can, and quite likely will be, a part of that.

--- End quote ---


--- Quote from: Ranayna on October 20, 2023, 12:12:39 pm ---And that is very likely why the EU and UK are looking into mandating backdoors for cryptography.
With a backdor, they can look into whatever you are transmitting, then it is trivial to filter and block.

--- End quote ---

Cryptography is so pervasive that it can't be simply put back into a government's safe. Weak encryption or backdoors won't work either. We had that already (crypto wars: https://en.wikipedia.org/wiki/Crypto_Wars). Those measures would also violate very elementary rights of citizens in several countries. Additionally, that would break a lot of current technology and create a serious impact on the security of most information and communications systems. Your enforced backdoor can be used by your enemy too. This is not just a theoretical danger, this happened already a few times. For example, Juniper's security incident in 2015 (https://www.bloomberg.com/news/features/2021-09-02/juniper-mystery-attacks-traced-to-pentagon-role-and-chinese-hackers).
ve7xen:
It's always interesting to see privacy sensitive folks advocating for the use of VPN services. These services hide your traffic from your ISP, and maybe your government if you're worried about that, but they also send it all in the clear to some often-shady-seeming company in a foreign country, whose customers are also often shady, or have 'something to hide'. To me that makes them both juicy targets for black hats / intelligence entities, as well as potentially a 'cure worse than the disease' if that company itself decides to leverage the information they have access to (legally or not). I wouldn't be surprised at all if the next Snowden Papers revealed the NSA using these services as 'honeypots'. You'll also frequently get flagged as suspicious when using various services through such a VPN, which is annoying. I think you really need to make an informed decision about this for your own situation, because which is better is going to heavily depend on who you trust (or not) and your own situation. It is absolutely not a panacea.

It does obscure the most trivial way of identifying you for data collection, but what these companies are actually doing to link the data they collect with 'you' is far more sophisticated. Not that it matters much, since most people give up this information 'willingly' by logging in. If you're logging into accounts, using a VPN service thinking it will protect your privacy just seems like a step backwards.

Among the options, I think CloudFlare's Warp is among the better for privacy; it has a pretty strong privacy policy, isn't their primary revenue (or traffic) source, and I think CloudFlare has established itself as a trustworthy company, relative to those VPN services advertising with YouTube creator embeds (ironically...). Operating such a thing yourself, on devices you control, is a different story too of course, but you give up some of the privacy benefits by not mixing your traffic with a bunch of others.

As far as legality, I can see such services whose intended purpose is to obscure identity / geographic location running into legislative difficulties, they do pose some legitimate issues. But crypto is far too pervasive and useful to 'ban' in any wide manner, and there will likely always be foreign jurisdictions that don't ban such services, who you can buy service from by jumping through some hoops. It'd also be a case of legal whack-a-mole, like we have seen with things like The Pirate Bay, and the underground stuff will always find a way to exist. Of course you will always be able operate such a thing yourself, with slightly more effort and slightly less anonymity by purchasing a VM, which is another thing that is not feasible to ban outright.
Bicurico:
You cannot ban cryptography. Even I could implement known public algorithms and protect my communication. Use WhatsApp and copy&paste encrypted strings. Doesn't need to be the latest method. A simple improved Vigenere algorithm would already keep security agencies busy enough. Even better if you hide the coded message inside normal text.
ve7xen:

--- Quote from: Bicurico on October 20, 2023, 07:54:13 pm ---You cannot ban cryptography. Even I could implement known public algorithms and protect my communication. Use WhatsApp and copy&paste encrypted strings. Doesn't need to be the latest method. A simple improved Vigenere algorithm would already keep security agencies busy enough. Even better if you hide the coded message inside normal text.

--- End quote ---

You can't prevent anyone from using it of course, but you can certainly ban it in the same sense as anything else is banned: limit distribution by applying leverage against companies that might sell it, and exercising violence against people or entities that use it anyway. This is no different than banning anything else, except that doing so with cryptography would be completely impractical, with wide ranging implications, not to mention the basic rights it would violate. I doubt it has/will/would prevent the less reasonable of our world governments from trying it anyway, and using "you used crypto, you are a criminal" as a weapon against people they don't like, particularly the people who need it most, like journalists and whistleblowers. You are not 'safe' if using crypto in any manner is equally punished as whatever it is you're trying to hide.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod