Posts by doublelayer

Re: end user

Well, this needs some analysis. We'll start with the easy part:

"Your original post makes no mention of NSO, only knives, nukes, and exploits/malware."

Well spotted. I was referring to spyware. The article referred to spyware too, wouldn't you know. And the group making it was NSO. The original comment in this thread was making an analogy about holding NSO responsible. My reply was making a counter-analogy to that. I figured that link was obvious, but evidently not. For clarity, the rest of this comment will be discussing NSO and the legality of its spyware.

Now, let's talk about tanks. Lots of considerations. The first one is easy: making a tank causes no damage to anybody. Operating it might, but creating one is not much different from manufacturing some other type of vehicle. Malware creation often involves finding vulnerabilities in a system through penetration, which happens to be illegal. So manufacturing a tank has no intrinsic criminal elements but manufacturing malware does. For the analogy, manufacturing nukes or nerve gases may not in themselves be dangerous activities, but they would be contrary to various laws in most nations, including, for the nerve gases, the Geneva protocols.

Now, when tanks are made for militaries, they are made at the specific request of the military, under a contract. Sometimes it's a contract from an international military and the laws permit this. This means the production of the tank can be attached for determining responsibility to the manufacturer and the military that is on the other side of the contract. If the manufacturer does something illegal that the military has the right to allow them to do, the military can essentially make that legal. NSO did not create their products under contract, and they can claim no such immunity.

Certain countries may modify the laws allowing them to create and use malware. That does not make it legal in the way you're arguing. If Israel wrote a law allowing their government to create malware, which they have done, it doesn't give NSO the permission to do so unilaterally--only places controlled by or under contract to certain parts of the Israeli government have the special permission. If Israel's government did allow NSO to make the malware under that special legislation, which they don't appear to have done, it wouldn't make it legal for them to sell it to other governments or individuals. And if Israel's laws allowed NSO to do anything they wanted including break into systems to create malware for any purpose, which is not at all the case, it would not stop those actions from being illegal in other countries such as the U.S., which they are. If I start my own country, and my laws say that I can hack into your bank account and steal all the contents, I can still be arrested should I ever leave my country, because bank theft isn't legal where you are.

Re: What's next?

While it's not word's decision to make, let's try it.

do we really need capitalization to tell words apart? even proper nouns are clear enough that it's not needed. punctuation makes a clear separation in sentence parts, so we have no need of capitalization to start them. the only problem i can see is distinguishing acronyms that someone has made use the same letters as an actual word from that word would be tricky, but since most of those acronyms involve tortured word choice, that might actually be a benefit.

Yeah, it looks weird to me too. I'm not going to do it again, but maybe we could do without capitalization.

Re: It's still the fastest Apple iPhone at the lowest Apple price

It measures 138 by 67 mm. I'll grant you that we've seen plenty of smaller devices. Unfortunately for those like me who like smaller devices, we haven't seen them recently. I did a search on a phone database for devices released in the last two years smaller than those dimensions, and 73 results came up. Then I adjusted the list to remove watches and feature phones. Only seven results came up.

It would seem that there's at least some competition, but then I checked out each of the others. Each is an Android Go edition device, which is a reduced feature-set version of Android for devices with limited specifications, and they really mean it with the "limited specifications". The most specced phone in the list has 16 GB of flash and 1 GB of memory. Several only have 8 GB of flash. One only has 512 MB of memory! Not a single one supports 5 GHz WiFi. Most are on Android 8.1. I think we all know even those running 9.0 go edition aren't getting any updates. Not to mention that I'm doubting you can even buy many of these in your country of residence--though I could see one or two making it there, these mostly seem aimed at developing regions.

So if you want a smartphone, you want it to be new, and you want to have one smaller or equal in size to the iPhone 8, the newest iPhone may be your only reasonable option.

"If only separate peripherals was a thing"

It is a thing. It's one of the things people to whom these devices appeal are trying to avoid. Extra keyboards can be convenient, but not all the time. There are obvious downsides, such as having two batteries to check and two devices to carry, but there can be other problems as well. For example, try finding a good portable bluetooth keyboard. There are many available, but they often fall into a few categories without a good middle ground. There are full-sized ones that you cannot carry with you in your jacket. There are some folding ones that are quite large for a pocket, but are usually good, but which don't fit well when unfolded in a low-space situation. Then there are tiny ones with weird key placement. If someone wants to do a lot of typing but doesn't necessarily expect to have much of a surface to place a keyboard on, it's possible none of those categories will work well for them.

Re: Let me see

The description above is no different. It still relies on storage on a phone. Now that may use a shorter passcode, relying on a phone's hardware to maintain control on how many attempts you have before an unstoppable erasure. If you trust this, there is a simple answer: get a phone, configure it for the security you can withstand, get a password manager on it, set the master key to "a". If you don't have complete trust in the phone's hardware to maintain access controls, then you remember a longer password and trust to much more provable encryption. This service does not have any more trustable security than that. It might be more convenient, but it also comes with negatives as detailed above.

Re: A Good Step

"So a Delaware corporation needs to have a "registered agent" for service of subpoenas, etc."

Great. Except we can't start sending out subpoenas, because we aren't a court. Even if they are breaking a law, we can't subpoena them. We could file complaints, but that doesn't necessarily mean anything will happen. In this situation, though, it doesn't matter about that either because we're after transparency, not enforcement of a law. The corporate subpoena-receiver has no legal duty to tell us things we want to know, such as who put the money in the bank account and who took the money out again to get an ad released. They won't tell us, and there's no requirement for them to do so. So we will get pretty much nothing from this.

Re: No surprise then

I don't think running Windows was one of their primary considerations. It was enough of one that they made Bootcamp, but they did that quite a while after making the transition. I think it was mostly about getting a faster laptop that neither ate through a battery in an hour nor caused burns, given the power requirements of the G5 PowerPC chips.

However, even if Windows was one of their primary considerations then, it doesn't necessarily mean that it is one now. There's a discussion further down about whether an iPad is similarly capable as a laptop. While I've been arguing that it isn't, my arguments have been for specific use cases. For many users, the applications they need do function at a certain level on an iPad. Most of the time, that's not because the writers have decided IOS is great and they want people to switch to it, but instead that many companies either put resources into cross-platform applications or have switched to web ones. In either case, they will probably have something that works fine on Mac OS. I bet Apple doesn't think their users care much about running Windows on their hardware, and they're probably right for quite a lot of their users. They'll be wrong about some, just as there will be some people who need an Intel-compiled binary which doesn't get emulated right or just never gets updated, but I have this feeling that Apple doesn't really care about those people.

Re: "Cops, Feds, and ISPs have been vocal opponents of the technology"

I suppose that makes sense, but you have to trust at least one group with it. No matter how far you push your own DNS setups, something has to make the queries and those queries are going to be sent through an ISP. If you set up your own resolver, then you can still be tracked based on its queries. The benefit of using someone else's resolver is that, as long as you trust them not to spy, nobody who watches their traffic knows what you're doing because your data is mixed in with everyone else's. So if you don't trust them, do you have someone you do?

Re: Big Brother Watch

I think these organizations are well worth supporting, but at the risk of seeming quite cynical, I have to ask whether they have an effect. Oh, they do incredibly useful work in looking at and protesting and in some cases launching legal attacks at surveillance programs. But their efforts haven't seemed to stop any of the major abuses being passed, nor have they managed to get increased public support. The legal cases seem to keep coming out on their side without getting anything changed. I hope that, with sufficient support, they can get more public interest and action such as protests together because that seems like the only method that hasn't really been tried yet. Sadly, it seems very difficult to organize and with a tenuous hope of success as well. My major hope is for some political group to start to realize the importance of this, as I haven't seen anything above a single politician understanding the importance of privacy, so my vote is pretty much pointless on this issue.

Re: Single Point of Failure?

It's not quite as single a point of failure as it seems. There are many protocols that are not affected by this--if these keys expire, many parts of the DNS root system continue to run like clockwork.

But, let's assume that all the people who do this are killed at once by some type of internet-hating terrorist group. What would happen is that IANA would get in a locksmith and break into the safe again. They might need more time, and they might need to do a bit of trial and error if there are any passwords involved, but they can handle that.

Let's assume the terrorists also take out the facility where the safe is. IANA just moves over to Virginia where there is a second copy of the safe and breaks into that one, then probably copies the contents and reestablishes the two-locations system again.

Let's assume that both locations and all participants are destroyed. In this case, IANA are a little stuck, but that's assuming they have no backups of the system somewhere (and nobody managed to copy the keys for a laugh). Given how secure they want this to be, it's possible they don't have them, but I wouldn't be surprised if that weren't the case. But if that happened, the problem would eventually fall down to the next set of servers. For a while, cached results from the root servers would be fine and nobody would have a problem. That's why attacking the DNS root servers, even if it works, doesn't immediately bring down the internet. During this time, users continue to act as normal while IANA and other DNS operators decide what needs to be done.

Let's assume they fail to do it. They don't have the ability to create a new key and have it trusted implicitly, and nobody has an idea of a quick way out of this. What happens then is that people have to fall back to other DNS information without authentication. It has problems, but it has also worked for quite a while. We're just back to that. Many places will have to change their system configurations. We'd see a lot of annoyed users. We technical folk would get a large helping of blame we don't really deserve. But life, the internet, and everything would continue to exist. IANA might get a lot of bad consequences for that, but that's where it'd end.

Re: Dedicated device

"This should be a tiny disposable wearable."

That's a bad idea pretty much whatever you think about the plan. Please consult the following list and choose the rebuttal based on what you think about the idea of tracking contact.

Tracking's great and everyone should do it: With a small disposable device, people will forget to check that it's charged. When they do charge it, it will be away from them and they might do something without it. It might break. In order to sync keys out, it will need a connection to something, probably either WiFi or Bluetooth, which makes it tricky to set up. You have to get one to everybody which is harder than digital delivery of an app.

Tracking's terrible and we should disobey en masse: With a small dedicated device, it becomes easy to verify if someone is complying with tracking. Police could ask to look at it and make it a crime not to have one on you. If the device has a connection, they will know any time you don't have it on. If it doesn't have a connection, there will be the ability to suggest random enforcement checks. With a hardware device, most likely with completely closed firmware, it won't be easy to investigate it, either to understand what it's doing or how to get around it.

Tracking is bad, but in this case a necessary evil: The small device has many downsides compared to a mobile app, see the rebuttal for "tracking's great". It also may lead to additional surveillance afterward, see the rebuttal for "tracking's terrible".

I have to live with tracking: This works in addition to any other opinions you have selected in this list. If we do need to do tracking, and it's done with a device, you need to remember to charge it. To check whether it's working. To not wear it in a place where it gets wet when you wash your hands (I'm assuming they don't make it waterproof because they want them cheap and disposable). To sync it with the key storage place or the key-retrieval-and-checking program on your computer or phone.

Re: IPXE's CX protocol solves this

Sure, it sounds nice. However, I note a few problems. First, there aren't those apps yet, though it is stated they'd be easy to create. Second, there are no providers of dangerous seeds (which would have to be set up by health providers), so it'd be useless even if there were such apps.

The third problem concerns this quote from their documentation. This is how you find out that you've been in contact with someone:

"The healthcare provider publishes a notification list of hazardous seed values corresponding to positive diagnoses. Each participating device downloads this list and compares the hazardous contact identifiers against its own record of observed contact identifiers."

Or, in simpler terms:

1. Device creates a seed at some time.

2. Every [short amount of time], it uses that to generate a new identifier. The page doesn't say how long, so I'm going to guess twenty minutes.

3. That identifier is broadcast for that [short amount of time].

4. The user tests positive.

5. Their seed is uploaded to a database which is region or country-wide.

6. Everyone downloads a list of seeds and uses them to generate the identifiers.

7. Identifiers match, and alerts can be generated.

The problem is that generating a bunch of identifiers from random seeds when they change so frequently is intensive from a processing perspective. If a seed is generated a month ago, then to check the identifiers for that seed means my device has to generate 2160 identifiers and check 1008 of them against my list. Also, I need to know when that seed was generated. I have to do this for every person in the country who tests positive. Every day. Probably most of that would get done while I sleep and the phone charges, but it could cause battery drain and slow processing if the phone is trying to do that while I'm using it. The severity of this would depend on the extent of the outbreak and of testing. In Australia, I'd have to generate and check about 82000 identifiers per day. In Germany, it'd be about 7.79 million.

Is the system gravely flawed? No. It's been thought through with some care from the look of things. But it has some flaws, and they may be severe enough that it doesn't get adopted elsewhere. I'd be happy to add this to the list of possible ways to do this, but it won't solve any of the major problems still facing the concept, including these:

1. The concept only works with thorough adoption.

2. The concept only works with thorough testing.

3. The concept only works with comprehensive support from health authorities.

4. The concept does not have much time to start to be useful before it ends up being too late and mostly useless.

5. The concept can promote anxiety if it is too broad.

6. The concept can promote complacency if testing is insufficient or contacts are not correctly logged.

7. The concept could be modified to add additional surveillance which would undermine confidence. (Yes, this approach slightly mitigates that concern, but if seeds can be collected by some means including a government-created app implementing the rest of the protocol, it would still allow surveillance).

Re: Respect

The only possibility is people wishing to use bitcoin like a currency but frustrated about not having many people willing to accept it. True, they could exchange the crypto for cash and use that, but that requires either a physical trip to wherever the exchange is or a bank account (and many people interested in cryptocurrencies don't like banks). So it could theoretically be used for legitimate purposes in the same way that most other tools primarily used by criminals could. I'm doubting most of their business was intense crypto-promoters though.

Re: Wot, no Sammies?

From the Lineage OS supported devices list, it doesn't seem like Samsung is terrible. Of every manufacturer on the list, Samsung has the highest number of supported devices (71 versus 33 for the next highest, LG). However, I note that Samsung's list has quite a few old devices and that some of their devices are listed many times for carrier-specific variants. I think it's a constantly-moving target in that a manufacturer can either be magnanimous with bootloader access or make mistakes that make it easy with one model and then turn around and change their tune quickly, similar to how Huawei locked its bootloaders a couple years back and have fallen of the list of good devices for replacement firmware.

The other side of that coin is that a device can have a completely open software stack and still not get much attention. Only if the phone is owned by enough people will the work get done. At one point, I had found a device where basically everything was open (even most of the hardware, strangely), but it was not found by anyone else because it didn't even have a brand name (I still don't know who made it), it was intended as a very cheap device with poor specs, and by the time the previous owner gave it to me for erasure and I figured out how open it was it was three years old.

True, but if you publish them where the general public can read them, then you'd better hope that you and everyone else have protected against what it says. What would be useful is to create a closed group of organizations that distribute them internally when they are obtained (and if they can be obtained by theft or without completing a payment I'm all in favor) and another public site where the pathetic wrong ones get released publicly. Anyone who finds that public site won't be able to complete a fraud with the instructions, and we avoid funding the how-to-commit-fraud industry.

An alternate suggestion is that we create some guides of our own, which we submit to the reviewers on these sites until they let us on, then we send all those who purchase it a PDF of that guide but with extra malware inserted. Bonus points if the malware can be written to turn these people in.

Perhaps I should clarify my policy. An app can ask for location permission and need it to work (E.G. navigation), and I will grant that permission. An app can ask for location for a clearly-identified feature, such as adding geotagging to photographs, and I will deny it, but if it still works, it can stay. If an app asks for location and does not have either of the previous two excuses, including where I don't know why it wants location, then I will decide the app is untrustworthy and I will discard it entirely. It doesn't matter to me if it works without the permission--if it asked for that, it might be doing other things it didn't ask about but I don't trust.

Re: Only took Apple 2 years...

There are a few, but they're not necessarily what you want. For example, the Unihertz Atom XL was reviewed here not that long ago and has a small screen. However, you would then be dealing with a relatively unknown manufacturer, so there are provisos if you decided to buy it. It seems the general public has decided that they don't need to fit their phone anywhere and will take massive screen real estate over compactness; I don't understand why either, but somehow the majority has decided against us.

That assumes that when they said inexplicable, they meant "the perfectly logical way everyone expects". Maybe, when they said inexplicable, they meant inexplicable in the sense of nobody really knows why the icon changed but it shouldn't have. This app got set up really fast and rolled out to a billion devices--you have to expect that there will be bugs when that happens, including incorrect reports or syncing issues or system malfunctions. It happens with things much simpler than this.

Franchising is weird when the service being provided isn't physical. Usually, you don't need one and you don't have one, and most exceptions only have local affiliates (usually not franchised) to provide local support. Signal doesn't have national franchises now, and for a very good reason: they'd be useless. But let's assume that they did set one up. Essentially, they provide the main system and a national franchise is created which links citizens to it. If the local franchise is connecting people to an encrypted system, they can't access the data being sent. If they were sent an order to divulge that data, they wouldn't be able to comply and could be charged. The owners of the company who authorized the franchise could also be charged on the basis that they did not intend to follow the laws when they agreed to establish a franchise. Enforcing that charge if the owners were out of the country would be difficult, and getting judges and juries to agree would also be tricky, but it is certainly possible in the law to do so.

Consider a simpler example of a franchise: an international chain restaurant. If a local franchise is formed which needs to get ingredients, and the ones they are required to buy break local health laws, the owners of that franchise can be charged for that violation. In addition, the owners of the main business can be charged with breaking the same laws by making that requirement, which is illegal. Again, this isn't a guarantee of a legal victory, but it is a case that can be made which often leads lawyers to try to avoid that risk.

Re: If you're not part of the solution, you are an idiot.

Original quote: ""You are strongly requested to stay in your house, and when you go out for exercise, please be courteous to others and keep 2m apart, and please don't congregate with people you're not living with", well, that's got a chance of being done."

Response: "And Neil Barnes, [original quote] has worked really well so far, hasn't it? They tried that. It did not work. What did you do when Boris said "we are advising you to stay indoors"?"

Not really connected to the rest of your comment, but you appear to have missed their point. The point was about wording, specifically "order" versus "strongly request". The opinion stated there was that "strongly request", though technically a weaker statement than "order", would have produced a smaller sense of injustice and would have been better adhered to by the public. If you knew that, then you know that "strongly request" was not tried by the U.K. authorities (it is much stronger than "advise", and the statement I found when searching for that one had some limits on it), meaning we can't know whether the stated opinion was correct or not. For the record, although I'm not in the U.K., when I received my suggestion (yes, mine was a suggestion) to stay at home, I did so. I have not come within range of others since that time.

Re: Apps

Sideloading is easy. But it might not be enough. Google's APIs may be proprietary, sketchy, prone to crashes, and completely unauditable. However, many apps have decided to use them. If you don't have them, and this doesn't, then you may run into problems after sideloading. For example, I am running Lineage OS which I have decided not to poison with Google's APIs. I've just tried a few apps that need them. In general, they look completely fine until they've finished the first set of loading screens, then they crash repeatedly until the phone decides not to try and start them again. This is not a problem for me--I was running these as a test and I could find replacements anyway. For the general public, they might not know why it's crashing like this, and they probably won't understand how to fix it. For those who understand the former but not the latter, they might find unreliable, crash-prone or malware-laced versions of those APIs instead. Whether this is a problem for the consumer hasn't really been determined, but it's worthwhile to understand that sideloading doesn't by itself fix the problem.

"What's bizarre about turning your router and mobile off at night? I don't see any point in them consuming energy when I'm asleep and therefore have no need for them."

That's not bizarre. What is bizarre is people turning them off some of the time because they think they are dangerous. It's already bonkers to think that they are dangerous after so many tests, but if someone was convinced that they were dangerous, they shouldn't have them turned on at all. It's like saying "I know that driving without a seat belt faster than the speed limit with my lights turned off is dangerous, so I'm only going to do it twice a week instead of three times.". Even the nutcases don't believe their nonsense enough to do what would be warranted if their ravings were true.

Re: People don't buy encryption

I've heard this argument before. It was stupid then, and it is now. There are three solutions to the problem of not being able to offer some features and provide end-to-end at the same time. They go like this:

1. Offer end-to-end and work on enabling the features in a more security-conscious way (store recordings on the cloud in an encrypted form that cannot be decrypted without the user-stored key, have dedicated call-in boxes with encryption built in that cannot continue to store keys and have individual trackable keys so only authorized ones can be added).

2. Offer end-to-end, and if someone tries to enable one of the features that doesn't work with it, you tell them they can only have one and prompt them to choose.

3. Don't offer end-to-end, don't lie about having it anyway, and cite those reasons when people ask (and most won't ask).

Any one of those is a legitimate way to handle it. What they did wasn't.

Re: ah yes there were times at work they went round and audited the machines

I used an archive file format the name of which I cannot remember at one point which did work like that, at least to an extent. I think it would stop compressing further after about three runs. My guess was that the algorithm in use had some limits to ensure compression didn't take very long leading to inefficient choices being made. People liked sending files over slow connections at the time so this three-run trick got quite a bit of use.