Snot Flickerman
Our News Team @ 11 with host Snot Flickerman
- 0 Posts
- 73 Comments
Death of encryption?
They are rolling out forced turned-on-by-default BitLocker hard drive encryption for everyone using Windows 11. Including all those people who dont understand how it works and won’t save their backup keys.
Microsoft is dumb but pretending they are trying to kill encryption is also dumb.
Groups like this need to understand that their PR would do better if they said nothing at all rather than just being an asshole.
See also: CEO of Kagi search who thinks he can browbeat people into agreeing with him. It makes me never want to use Kagi.
Just shut up and let your fucking products speak for themselves. The more you rant about your philosophy to others, the less they actually want to use your products.
Really, after what he did to Pebble, people shouldn’t have been surprised that Migicovsky didn’t and doesn’t have a plan. You couldn’t trust his word on Pebble, and you couldn’t trust his word on this.
In November 2022, they flubbed my onboarding to Beeper by not telling me that the onboarding would be a recorded Zoom meeting until I was entering the Zoom meeting. I declined to join the meeting and followed up with questions about their privacy policy. Specifically, I referenced the previous sale of Pebble to a different company, and asked what guarantees there were about the privacy policy staying the same after a sale of the company. It’s often one of the first things changed due to “enshittification” when purchased by a larger company, that the “rules” of your relationship to the company change. I never received a response to my questions. I sort of figured the lack of response said as much as a response could have which was “Yeah we don’t have any guarantees” as proven by this sale. Like you pointed out, they’re merging Beeper with a closed source project, of which the outcome will likely be… another closed source project.
This is a mess and it makes me glad I never gave this charlatan a dime. Spinning up your own Matrix server and bridges was always a better idea, since Beeper was just other people doing that step for you anyway.
https://matrix.org/ecosystem/servers/
There are multiple options for homeservers and the Python one is just one of several implementations. There are others written in C++, Rust, Go!, etc.
It’s an interesting idea, but as many have pointed out before: if you tried to propose Public Libraries in modern America, the idea would be shot down.
This proposal is Public Libraries on steroids and opens a lot of questions about ownership of the data and who can request their data be removed, etc. If its publicly funded, they can’t hide behind “we own all this content because you uploaded it” like, say, Facebook does. They would be much more liable for people wanting to control their data, and if people wanted videos removed, they’d have fewer legal precedents to lean on.
Like I said, interesting idea, but it raises a multitude of questions in my mind. Who do you entrust to run it? Would it be a government organization, or something more like the BBC, where it’s government-funded but separated?
community shared content hosting
It’s technically still a thing you’re not supposed to do, for the most part. Still something can be sued for, civilly liable, and when you get to hosting for a massive group of people, you’re risking entering criminal liability territory. However, private torrent trackers exist, and those generally function as those types of communities. Some trackers even have nice people on them.
Further, the depth of knowledge these people have about encoding/color profiles/sound engineering etc. is fucking astounding. It’s always people doing it for the good of the community who seem to have the most real competence over a variety of disciplines. It’s not surprising a lot of them live and breathe FOSS and GNU/Linux.
I remember early YouTube where there wasn’t a financial incentive to make content and they clearly did not suffer from a lack of content.
People weren’t saying “Oh, well, you can’t make money on YouTube so why would you” back then. They made content because they wanted to and because it was fun.
YouTube is just entrenched in the public consciousness much like television was when YouTube came around.
This doesn’t seem that much worse than American rules that have already been in place for a long, long time.
As it is, large payments or withdrawals must be reported to federal agencies, anything over $10k. This applies to cash transactions as well and the forms the IRS requires you to fill in a $10k+ cash transaction can be found here.
The biggest difference would be the impact on cash transactions and crypto transactions in the EU.
I’m pro-privacy, but a lot more crypto facilitates crime than not, so I don’t really know why people would be shocked that governments would attack crypto specifically here (literally almost all ransomware uses crypto). Looks like way more of a crackdown on crypto than cash, but maybe that’s just me. (On top of the fact that a lot of crypto isn’t privacy-oriented. Looking at you, Bitcoin)
Related: https://www.nbcnews.com/news/venmo-paypal-zelle-must-report-600-transactions-irs-rcna11260
Two years ago USA put in rules for commercial digital transfers over $600 to be reported. Just pointing out that the EU’s rules don’t seem particularly draconian when weighed against already existing rules elsewhere.
https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-module/
Because parts of it have already been reverse engineered, we know it runs a modified version of Minix, and I would think that if a backdoor had been found during the reverse engineering process, that it would have been huge fucking computer security news.
It’s only a backdoor in the sense that Intel was practicing security through obscurity instead of real security. There is proof an attacker could abuse the IME, but there is not proof it’s an intended backdoor for use by Intel in spying on their customers.
EDIT: Further, as an all-AMD user, I almost never see this same scrutiny applied to the AMD Platform Security Processor. We know far less about it, and it deserves the same level of scrutiny, honestly.
Mullvad doesn’t mention a blog post, I think this has been in the works a lot longer than that blog post was.
These servers run from RAM, with fully encrypted disks mounted to store the backend PostgreSQL database. We cannot fully run our servers from RAM due to requiring a persistent database, but that was a trade-off we had to make.
These servers run the same OS and kernel configuration as the rest of our infrastructure that runs from RAM, and we have had this service audited pre-production by Assured AB. The issues found by Assured have since been resolved.
Auditing takes time, as does fixing issues found during audits. This wasn’t in response to a blog post. This was because Mullvad is a company that is trying to do right by their customers (a shocker, I know).
The problem is we live in America, where “self-regulation” is the rule.
They can’t get away with lying when it comes to well-crafted and well-enforced regulation. America just doesn’t want to do it partially because of the revolving door between Regulators and Regulated. If you work for Verizon for 15 years as a lawyer and then move on to be, say, the Chair of the FCC, it’s pretty fucking valid to question whether or not you’re actually working in the interests of the citizens.
In America, that exact issue was treated as a nothingburger, so much so that the man in question made a “comedy video” making fun of the idea that he was still working with Verizon’s interests in mind. We let corruption flow so much in the USA, the elites literally joke about it like they’re not rubbing it in our faces.
There are ways to organize governance that prevent this, and you just happen to live in a country where laws like that are a non-starter because all the politicians and regulators are paid off and owned by the people being regulated.
USA is a fucking racket, top to bottom. That’s the issue.
Liars can’t lie if they’re forced to regularly prove what they’re doing and have to bring evidence and have to prove that evidence hasn’t been tampered with.
I always come back to this:
The problem isn’t the technology, the problem is that the technology isn’t sufficiently regulated.
If we have real privacy regulation in the US and the EU (the EU is at least starting to take things seriously but still has a lot of regulation written by lawyers instead of technicians), we might be able to implement this kind of technology without these kind of fears, because there would be severe penalties for using consumer data in such a way.
Because the reality is, spying on consumers isn’t the only reason companies are moving to a smart-grid type setup, and it’s because it gives them a lot more real-time data about how their grid is functioning and where inefficiencies lie. That’s a good thing, and it’s just a bonus in their eyes that they can also spy on the energy use habits of their customers.
If we had strict regulation of that kind of data, we might not be in such a position to have to worry about such services, because we could rest easy knowing if they were caught doing such a thing, that their asses would be nailed to the wall.
Of course, that also means we would have to solve certain aspects of corporate governance that allow individuals to avoid going to jail due to “incorporation.” No, that shit has to stop, too. We can’t let these rich asshats hide behind their corporate coffers for their wrongdoing because you can’t put a business in jail. So if a business is a person, give it the damn death penalty and nationalize that shit if they’re caught fucking with consumer data.
Anyway, just my two cents. It’s not the technology that’s the problem, it’s how it’s used, and how there effectively isn’t any legislation and regulation to prevent its abuse.
Dude facial recognition catches the wrong people all the time. It is not as infallible as they make it out to be and this is just adding an entire extra level of mistakes they can make.
Facial recognition tech is bogus and because of its technical limitations, unintentionally(?) racist. (ie the cameras are not designed well to take good photo/video of dark skin, leading to high false positive rates when it comes to dark-skinned people) edit: even further, the cameras are often too small of a resolution for quality matching.
Further, facial reconstruction based on DNA isn’t exactly super accurate on its own.
Please don’t fall for this bullshit.
Cops only like technology when they can abuse it to avoid having to do real investigative police work.
They don’t care to understand the technology in any deep manner, and as we’ve seen with body cams, when they retain full control over the technology, it’s basically a farce to believe it could be used to control their behavior.
I mean, on top of that, a lot of “forensic science” isn’t science at all and is arguably a joke.
Cops like using the veneer of science and technology to act like they’re doing “serious jobs” but in reality they’re just a bunch of thugs trying to dominate and control.
In other words, this is just the beginning, don’t expect them to stop doing stuff like this, and further, expect them to start producing “research” that “justifies” these “investigation” methods and see them added to the pile of bullshit that is “fOrEnSiC sCiEnCE.”
A long screed but has this jackhole who writes so unprofessionally even reached out to Mullvad for comment or explanation? Because that’s usually what respectable journalistic outfits do.
They don’t post some screenshots, make inferences without knowing all of Mullvad’s backend, and say “what we are saying is definitely true and there’s no possible way we could technically be wrong.”
I can think of several ways they could be wrong, it would have been helpful to have any statement from Mullvad, because they might have a technical reason for this (up to and including making sure their emails aren’t disappeared as spam, because running your own email server sucks.).
Anyway, pretty unprofessional and makes me pretty skeptical of the claims until more solid evidence than a screenshot surface.
For example, who is to say that Mullvad hasn’t set up their own client side encryption keys? This is an option Google offers for use with business accounts. This effectively means Google doesn’t have your keys nor can read your emails.
https://support.google.com/a/answer/10741897?hl=en
It took me five seconds of searching to find this. Did the guy who wrote this article even try?
Arc is Chromium based. In other words, you’re still using Chrome/Chromium.
Firefox and Safari are the only two browsers (seemingly) left on the market with their own rendering engines. (Gecko and WebKit respectively)
So while things are fucking bad at Mozilla, it’s important to try to get people to use Firefox so market share will increase enough that Mozilla won’t want to diversify away from Firefox. I know that’s living on hopes and dreams, but that’s better than just rolling over and letting Google take over the modern world-wide web.
Probably the people who paid attention to jackholes like Tom Morello walk around shitting on local businesses because “don’t you know who I am.”
https://concreteplayground.com/auckland/arts-entertainment/culture/rage-against-the-machine-guitarist-pulls-a-dont-you-know-who-i-am-on-cafe
Tom and folks like him are way more concerned with the trappings of being famous than they are with actual workers gaining actual rights as evidenced by shitting on a local business because the business was already at capacity and didn’t make room for his “fame.”
He didn’t even do any research on the business before labelling them anti-worker when what they really were were anti-special-treatment-for-famous-people.
You would think Tom Morello of RATM would be on board.
So yeah, soft.