Readit News logoReadit News
dngray commented on Mullvad VPN present And Then? (Chat Control is back on the menu)   mullvad.net/en/blog/mullv... · Posted by u/dotcoma
notepad0x90 · a month ago
I think it does, but not having such a regime has lots of implementation complexities? either you have one or you don't, so binary.
dngray · a month ago
> The solution to authoritarian regimes is to not have one

The solution to not being poor is being rich. You could apply that logic to a lot of things. Have this thing instead of that thing. Using your example above of "differential privacy scanning"

Differential privacy is a property of a dataset meaning you can’t tell an individual was part of a dataset. If it’s traceable back to the individual device it’s not differentially private.

I think at this point you're just trying to say "don't have this thing have that thing instead" as a response to anything.

dngray commented on Mullvad VPN present And Then? (Chat Control is back on the menu)   mullvad.net/en/blog/mullv... · Posted by u/dotcoma
notepad0x90 · a month ago
For conviction I agree, for suspicion not so much. Suspicion isn't guilt. The authorities should suspect people based on probable cause, courts should presume innocence and require the state builds a flawless argument beyond reasonable doubt.
dngray · a month ago
> For conviction I agree, for suspicion not so much. Suspicion isn't guilt. The authorities should suspect people based on probable cause, courts should presume innocence and require the state builds a flawless argument beyond reasonable doubt.

Except it doesn't work like that in practice. It would be nice if it did. Often a person can be found guilty simply by jury in a trial based on what they think a person might have done. That's reality, and it is the case in western would countries not some obscure dictatorship.

dngray commented on Mullvad VPN present And Then? (Chat Control is back on the menu)   mullvad.net/en/blog/mullv... · Posted by u/dotcoma
notepad0x90 · a month ago
This is already the case with other means of communication. the internet isn't that special. If you don't trust your government, do something else about it.

We rely on eye witness testimony and human juries all the time. The innocence project has a long list of people that spent decades in prison because of this.

The solution to authoritarian regimes is to not have one, not tolerate cp on the internet.

dngray · a month ago
> The solution to authoritarian regimes is to not have one, not tolerate cp on the internet.

Perhaps the problem doesn't have a binary solution.

dngray commented on Mullvad VPN present And Then? (Chat Control is back on the menu)   mullvad.net/en/blog/mullv... · Posted by u/dotcoma
Danjoe4 · a month ago
Better we let 10 criminals go free than violate the god-given right to privacy of 1 innocent.
dngray · a month ago
There is no god. You can bet the persons who have the magical keys to all the communications will come close to it though.

The world won't fall apart because people have secrets.

dngray commented on Mullvad VPN present And Then? (Chat Control is back on the menu)   mullvad.net/en/blog/mullv... · Posted by u/dotcoma
notepad0x90 · a month ago
I don't think there is a way around the fact that governments will always want at least "lawful intercept" (with warrants) capabilities.

It's a noble fight trying to get E2EE be compatible with the law. But I think some perspective for privacy advocates is due. People don't want freedom and privacy at the cost of their own security. We shouldn't have to choose, but if nothing else, the government has one most important role, and that is not safeguarding freedoms, but ensuring the safety of its people.

No government, no matter how free or wealthy can abdicate its role in securing its people. There must be a solution to fight harmful (not neccesarily illegal) content incorporated into secure messaging solutions. I'm not arguing for backdoors in this post, but even things like Apple's CSAM scanning approach are met with fierce resistance from the privacy advocate community.

This stance that "No, we can't have any solutions, leave E2EE alone" is not a practical stance.

Speaking purely as a citizen, if you're telling me "you will lose civil liberties and democracy, if you let governments reduce cp content", my response would be "what's the hold up?". Even if governments are just using that as an excuse. As someone slightly familiar with the topic, of course I wouldn't want to trade my liberties and freedoms, but is anyone working on a solution? are there working groups? Why did Apple get so much resistance, but there are no opensource solutions?

There are solutions for anonymous payments using homomorphic encryption. Things like Zcash and Monero exist. But you're telling me privacy preserving solutions to combat illicit content are impossible? My problem is with the impossible part. Are there researchers working to make this happen using differential privacy or some other solution? How can I help? Let's talk about solutions.

If your position is that governments (who represent us,voters) should accept the status quo, and just let their people suffer injustice, I don't think I can support that.

Mullvad is also in for a rude awakening. If criminals use Tor or VPNs, those will also face a ban. We need to give governments solutions that lets them do what they claim they want to do (protect the public from victimization) while preserving privacy to avoid a very real dystopia.

Freedoms and liberties must not come at the cost of injustice. And as i argued elsewhere on HN, in the end, ignoring ongoing injustice will result in even less freedoms and liberties. If there was a pluralistic referendum in the EU over chat control, I would be surprised if the result isn't a law that is even far worse than chat control.

EDIT: Here is one idea I had: Sign images/video with hardware-secured chips (camera sensor or GPU?) that is traceable to the device. When images are further processed/edited, then they will be subject to differential-privacy scanning. This can also combat deepfakes, if image authenticity can be proven by the device that took the image.

dngray · a month ago
> There are solutions for anonymous payments using homomorphic encryption. Things like Zcash and Monero exist.

The main problem is there are no products that solve the problem Chat Control aims to solve without infringing massively on everyone's privacy, (including children). Any suggestions that do exist come with serious risks or have complexities, eg homomorphic encryption is a generally new area that has expensive computational requirements.

The reason for that is because it's easier to encrypt data than develop some kind of system with a magical key only authorized people are able to use under certain circumstances.

What Mullvad highlights is that the whole chat control proposal is mired in corruption. A particular individual with an agenda to sell something has adjacent financial interests to being part of the solution. No doubt they will want funding for "research", because they don't actually have a solution everyone can use. They try to make it appear as if they do (grift) to get the politicians on board. Then there's a harassment campaign component (specifically the EU Survivors Taskforce) portion which aims to apply public emotional pressure on any remaining politicians who have concerns.

In the end everyone else (companies, developers etc) will have to do the heavy lifting to try to find some way to comply by their legal interpretation with whatever vague brain fart is passed into law.

Make no mistake about it, this proposal has nothing to do with child protection but rather is all about demonizing the use of encryption. Law enforcement would love to be able to simply argue the presence of encryption means there is likely to be offending. This is why they fight so hard in the UK in regard to Apple having default encryption on ADP. You can't make the argument to a court owning an iPhone means you're a criminal for instance.

The end game, and goal post movement will simply be to argue they used non-compliant software/products. If they do have something on the person then this will be used to argue that further offenses were likely concealed, (even if that is not the case) and they went to effort to do so (premeditation). It's a gift that keeps giving all along the trial process.

> EDIT: Here is one idea I had: Sign images/video with hardware-secured chips (camera sensor or GPU?) that is traceable to the device. When images are further processed/edited, then they will be subject to differential-privacy scanning. This can also combat deepfakes, if image authenticity can be proven by the device that took the image.

And there obviously will be totally like no way to like not do that and then have an anonymous photo. What are you going to do, confiscate all the computers, phones and cameras that already exist and don't have this special "hardware secure chip". Honestly at this point I think you're a troll.

> If your position is that governments (who represent us,voters) should accept the status quo, and just let their people suffer injustice, I don't think I can support that.

Things can be always worse, and you shouldn't assume that the powers that be will use these things to prosecute the things you find morally offensive. Which is another problem as well.

> Mullvad is also in for a rude awakening. If criminals use Tor or VPNs, those will also face a ban. We need to give governments solutions that lets them do what they claim they want to do (protect the public from victimization) while preserving privacy to avoid a very real dystopia.

The space will innovate regardless of what governments want, so that's the rude awakening. Criminals always will be criminals and they'll just get better at doing what they want to do regardless.

> Freedoms and liberties must not come at the cost of injustice. And as i argued elsewhere on HN, in the end, ignoring ongoing injustice will result in even less freedoms and liberties. If there was a pluralistic referendum in the EU over chat control, I would be surprised if the result isn't a law that is even far worse than chat control.

Okay then guess we can all "think of the children" whenever anyone is worrying about the injustice caused by abuse of these new powers.

> I understand that you seem to think that adding systems like this will placate governments around the world but that is not the case. We have already conceded far more than we ever should have to government surveillance for a false sense of security.

Placation of government and law enforcement is never complete. For them every goal post moved is perceived as making their job easier. They only have one job, and that's to convict people of things. That is the only metric they care about. That includes making up new offences to charge people with, including "the defendant used non compliant products to hide their offending which may or may not exist" - not a crime in the EU right now, but you can bet that will be the next step if people refuse to use compliant products.

> Let me post a longer reply later. But for your last point, we do have automated machine generated alarms in form of smoke detectors. We're legally required to have them in our homes.

A smoke alarm has very little room for abuse as it only does one thing which largely aligns with the occupant's interests. A more comparable argument would be that you must have cameras in every room in your house to record burglars, home invaders and potential child abductors. We need not look any further than the abuse of door bell cameras in the US to see how that plays out.

Funny how nobody has ever made that argument.

dngray commented on How does Russian media view your country?   russiannewsmonitor.com/... · Posted by u/magar_fos
dngray · 3 months ago
"Negative", unless you're from the usual axis of countries that actually will deal with Russia.

Saved you a click.

dngray commented on De-Googling TOTP Authenticator Codes   imrannazar.com/articles/d... · Posted by u/Two9A
ori_b · 3 months ago
If you log into accounts from your phone, that's also 1fa in the same way. And if you keep your phone in the same place as your laptop, so it can get stolen at the same time, that's also effectively 1fa.

The threats that TOTP protects against are ones that don't involve losing your device. For example, if somebody breaches a password database or phishes your password, TOTP codes prevent them from using the leaked credentials.

Phishing/bulk password dumps are more common issues than device theft.

dngray · 3 months ago
> If you log into accounts from your phone, that's also 1fa in the same way.

Not quite, there's a lot more sandboxing on phones than what might go on with desktop.

dngray commented on De-Googling TOTP Authenticator Codes   imrannazar.com/articles/d... · Posted by u/Two9A
Aachen · 3 months ago
To be clear, the point of storing a secret token on your phone and then typing over some codes that prove you have access to the secret still, is to provide 2FA. If you use oathtool on your laptop, and the password is stored there as well, you're back to 1FA

That can be fine if that's what you want, but if you wanted 2FA:

- FreeOTP: https://f-droid.org/packages/org.fedorahosted.freeotp

- someone forked that and called it FreeOTP+: https://f-droid.org/packages/org.liberty.android.freeotpplus

- FreeOTP again but from the dark side of the internet: https://play.google.com/store/apps/details?id=org.fedorahost...

- etc. It's a dead simple protocol so there'll be lots of options. Pick one that you trust

Edit: Even with the PGP option shown at the end of the article, the secret is still accessible to any malware whenever you access it. Unless PGP-based 2FA becomes super widespread, this won't be something malware looks for and so you'll be fine unless you are targeted by intelligence agencies, but still, it's not quite 2FA because it's not something you "have" but something you "know" (the PGP data's unlock password)

dngray · 3 months ago
I'd probably use Aegis on android https://github.com/beemdevelopment/Aegis?tab=readme-ov-file#... it's a bit more modern.
dngray commented on I tried every todo app and ended up with a .txt file   al3rez.com/todo-txt-journ... · Posted by u/al3rez
lelanthran · 4 months ago
> As a vim user, this is kind of what I have come to expect from emacs users.

I'm a vim user, with two exceptions:

1. SLIME

2. Org mode

There's a vim plugin for org mode that I used to use, but TBH, Emacs excels at org mode.

dngray · 4 months ago
> There's a vim plugin for org mode that I used to use, but TBH, Emacs excels at org mode.

Which one did you use? I use https://nvim-orgmode.github.io/ and am happy with it, it's fairly modern written as a lua script.

I did see an older one https://github.com/jceb/vim-orgmode but i don't think that's maintained anymore.

dngray commented on I tried every todo app and ended up with a .txt file   al3rez.com/todo-txt-journ... · Posted by u/al3rez
reddit_clone · 4 months ago
Org-mode is the most appropriate answer. It is as simple or as sophisticated as we want it to be.

Obviously one needs to be an Emacs user first

dngray · 4 months ago
> Obviously one needs to be an Emacs user first

Not true I use the Neovim plugin https://nvim-orgmode.github.io/. It supports everything I tried from the official org manual. https://orgmode.org/org.html

I use syncthing to sync it between my devices. https://www.orgzlyrevived.com/ works great on android.

d

u/dngray

KarmaCake day565March 30, 2019
About
openpgp4fpr:588f6e4eabe8c7b552d00fa641911f722b0f9ae3
View Original