We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals

Re: Here we go again...

> for example to stop terrorists

How can this mouthpiece (a) be so naive as to think that's what it will actually be used for,

(b) be so naive as to believe that non-CGA crooks won't be the first to exploit it, and (c) be so naive as to think any informed person will believe him anyway.

It's so depressing that terrorism now seems to encompass expressing any opinion - or indeed fact - that someone in some government department finds inconvenient.

Re: Here we go again...

Made me laugh too: "...for example to stop terrorists." Get those fear-inducing keywords in there.

Why not mention clowns and hint at the possibility that there could be snakes in here with us too?

Re: Here we go again...

DWP will be right on that - using whatsapp, clearly not disabled and clearly committing serious fraud, which of course will be supported by the bench, nearly off whom no matter their age are technologically illiterate, biased towards the govt, see anyone on disability as "on the scrounge" and "fakers abound" and therefore instead of the state proving you committed fraud, the accussed is left to prove their innocence without legal advice (legal aid cuts and all)

Case in point disabled woman did a skydive for charity that the skydive company owner stated in court was suitable for disabled people, even severely disabled, was prosecuted, convicted and required to pay back years of diability living allowance and ESA because the bench concurred with the DWP that no disabled person would do a skydive (likely as in their head "disabled people" are those pale sickly types being wheeled around in wicker bath chairs on sunny days from the institution) and ignored all the defence witnesses

Re: No less true than when I first said it years ago

Exactly, it is just another backdoor.

No matter how you dress it up, a "ghost user" is still a means of decrypting without being one of the original parties based on some supposedly secret user-key, and so is subject to all of the same fundamental weakness as knobbling the cryptographic function directly.

Re: IPCO mostly trawls through spies' logs of who they spied on, after the event.

Local MSP tried to tell me that facial recognition was no different to first generation biometrics such as fingerprints. He's gone all silent after I pointed out his fallacy. He's also now gone from personal emails back to the MPs favourite - pre printed blurb written by whoever and ignoring all the points highlighted in correspondence.

SNP - Another party off the list for that reason, along with this "climate emergency" pandering to an unwashed rabble.

Now if the libretarian party were not against the NHS then I might consider voting for them. However since they are against it then stuck for a party.

Labour - rather not end up in the 1970s with closed shops all over the place.

Tories - no chance in hell, not after them going after the disabled and the snoopers charter

Lib dems - who will they whore themselves out to next

ChangeUK - more nulabour nonsense likely including keeping this "give the sick and disabled a continued kicking"

Greens - none of them have any experience living in a rural area where buses are 1 an hour or less, nor do I fancy living in a marxist commune (citizens assemblies sounds just like communism)

UKIP/Brexit - definetely not

Re: They'll never get it.

Dalek dung - smells really good though.

Re: They'll never get it.

They're attempting to weasel around the terminology a bit.

What they're asking for isn't *technically* breaking the encryption. They want the ability to insert an unauthorised (by the victim... sorry, target) user into a conversation so that the software on the devices of the parties encrypts a second copy of the message using the public key of the eavesdropper and sends it on to them.

No encryption has been broken there. So technically they're not breaking encryption and (they hope) can wave away such foolish things as maths which might be used to argue against them.

But, at the same time they're completely ignoring the issues with that:

- I'd not use any application which had the ability to do that.

- You need the end-users device to "know" about (but not display) the ghost user, so that it knows to encrypt for the peeler. Which means someone will figure out a way to detect the presence of the eavesdropper

- The people they claim to care about catching will move onto a technology that isn't affected whilst we all get digitally raped by the rampant privacy abuse of our Government and it's organs

- Eventually, it'll leak just how much the ability was misused, the industry will refuse to co-operate and we'll be back where we are now, having fucked up a lot of lives along the way

They *are* though, going to keep pushing until they get what they want. They don't need 100% coverage, just to take a few big scalps so that most of the population are using at least one affected app.

"Are GCHQ that dense? Yes, yes they are."

No they're not. They just hope they can get away with it anyway.

They'll brain-wash the Home Sec to let them do it. And heaven help us if the current Home Sec. in the HO gets into No 10. The current Home Sec in 10 has been bad enough but the current Home Sec. in the HO actually wrote an article in the times describing himself going through the process without even being aware of what he was actually describing.