Follow

Encryption is like vaccination: it's not about protecting you from a leak, it is about protecting our society from a dictatorship.

@NHonigdachs

What?

Of course encryption is about protecting one from leaks.

What are you thinking?

If encryption does not protect individuals, how does it protect society, exactly?

@hhardy01 Ok... this one is... tricky to explain.

to prevent leaks, you need more than encryption. A motivated attacker can simply hack your device to circumvent encryption.

But this attacker (usually the government) can not hack ALL devices.

So, if only a few people use encryption, they are fucked, because the fact that they are encrypting is a thread to their lives.

Only if a sufficient amount of people use encryption for everyday stuff, those who relay on it have a chance to survive.

@NHonigdachs

Why can't governments hack all devices?

Most devices have backdoors, such as, disputedly, _NSAKEY. Telecommunications switches have reportedly been backdoored since the early 1950's. Similarly copy machines and printers.

But if data & disks are salted & encrypted, private keys offline, data encrypted end-to-end, keys exchanged out-of-band &tc, those are still best practices.

"We hunt sysadmins" believe me I know. Which is why we do the things.

wired.com/1999/09/debate-flare

@hhardy01 That is a good point. Probably all major OS have NSA backdoors.

So encrypted communication on those devices will only protect people from dictatorships that the USA don’t like.

As you suggested End to End encryption on airgapped devices will probably work even against the NSA.

Still, the same problem persists: if you are the only one who uses NSA-Proof communication you are probably going to end up on a no fly list!

That’s why everybody should have an offline key IMHO

@NHonigdachs

We are old friends, going back to when you could get an account on dockmaster simply by knowing who to ask for it. :)

@NHonigdachs

Remember,

"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode."

cs.cmu.edu/~rdriley/487/papers

@NHonigdachs

...and this, gentlebeings, is why we never say "secure" or "computer security." We say, "less insecure," "raising the bar," "always assume nothing and no-one is secure," and the like.

This does not make us popular with the "but... we don't need a sysadmin/security office, etc, because we have an [X piece of equipment, such as a "firewall" or an "IDS solution."]

Remember, anytime marketing literature says the word, "solution," substitute, "problem." :)

@NHonigdachs @kirschwipfel I disagree. Public Information should never be encrypted, because

a) encryption often breaks true anonymous access. (authentication)

b) encryption excludes older or simple DIY software.

c) has an environmental impact due to computational complexity and makes it impossible to use something like torrent to reduce network load.

d) public information has no reason to be encrypted.

@bitnacht @kirschwipfel d) -> Probably true, but differentiating between public and private data would make the phrase significantly less catchy. 😅

@NHonigdachs

One difference between encryption and vaccination is that if someone wants to not encrypt their data it is their choice and no shaming will occur to them but if they want to choose to not vaccinate then they will be shamed on social media at minimum.

@NHonigdachs
Vaccination only helps the body deal with the attack better, it does stop the attack, the virus still gets in.
I think a castle would be a better analogy.

@Horizon_Innovations sure, my metaphor is not perfect.

But do castles provide herd immunity if everyone has one? 🙃

I think I wanted to express another aspect of security that I can not put into a picture with castles....

@NHonigdachs
I know the idea of a herd is a mobile group, but if everyone had a castle, I reckon the idea of herd immunity is sound even if not mobile 😀
But I see your point about vaccines.

Sign in to participate in the conversation
norden.social

Moin! Dies ist eine Mastodon Instanz für Nordlichter, Schnacker und was sonst noch so aus dem Norden kommt. Administriert wird der Norden von Niklas & Benny. Zusätzliche Moderatoren sind Marius und Kurzi.
Bitte gebt bei der Registrierung einen kurzen Text ein. Das erleichtert uns euch schneller freizugeben.