They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.
So why aren't we awash in a sea of available programs? Maybe they could but do they? An entire repository full of non-existent programs is worth "doodly squat".
All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.
Right up until the time, through data sharing, some law enforcement organization forgets to use parallel construction and the details about the program come out in a court proceeding before the Feds can seal the transcript.
Oh for gods' sake. I wrote a whole comment saying basically, "I don't see the problem here," based on the worthless summary, and then looked at the article. It's not about source code, it's about the signing key. It acknowledges that right in the article title, but whoever submitted this got their head on backwards.
Well the LavaBit reference makes a lot more sense now too.
I go on to ask about blockchain technology, which can help build trust in a given network by underlying it with an immutable database. "I think that, within the context of Airbnb, your reputation is everything, and I can see it being even more so in the future, whereby you might need a certain reputation order to have access to certain types of homes. But then the question is whether there's a way to export that and allow access elsewhere to help other sharing economy models really flourish. We're looking for all different kinds of signals to tell us whether someone is reputable, and I could certainly see some of these more novel types of signals being plugged into our engine."
Am I missing something here, or is this yet another example of "ooh, this technology sounds neat, let's take this hammer and see how many things look like nails"?
When all you have is a hammer, everything looks like a skull.
We need to stop reacting to every stupid thing a politician says, and wait until there is some reasonable risk of it becoming law.
The problem, at least in the US, is that the first is just one late night vote after everyone has left or budget bill rider away from being the second.
So... some sort of packet sniffer might be in order.
That assumes that the protocol doesn't use some sort of challenge/response or unique key mechanism for communicating the actual decryption key inside an encrypted envelope that prevents replay attacks.
I find it suspect that you can't procure talent except abroad. If there is such a dearth of talent here, perhaps you should relocate your business to where the talent is.
It sounded to me like he could find the talent he needed locally, but it cost too much. He wants to know why replacing this particular part with a cheaper one is such a big deal.
Self signed certs are MORE secure as long as the party at both ends understands the process.
I'm not sure how that can be since all root certs are simply self signed certs. There's just the ones that someone else has told us to trust such as the ones that come by default in your browser, and the ones that you deliberately choose to trust. There's also nothing that says you can't delete any "trusted" certs that you choose not to trust.
There's no such a thing for a 100% secure system, but a 98% will do for mundane things. No one will spend the effort just to play tricks on the customer's living room illumination.
The nice thing about computers is that they can automate routine tasks. A hacker doesn't have to spend any effort "just to play tricks", he can have his computer to it automatically for him just for the lulz.
He went on to argue that the phenomenon of communications "going dark" due to more sophisticated technology and wider use of encryption is "overwhelmingly affecting" law enforcement operations
Basically he is whining because the FBI actually has to, you know, go to a judge and prove sufficient cause for her to grant them a warrant before accessing an individual's property or papers like the 4th amendment says they have to.
Cry him a river, build him a bridge, and tell him to get over it.
If you people would only let us slowly tear the flesh off of our suspect, getting a confession would be that much easier. It's like you guys want more crime.
I believe the taser is the torture device du jour for LEOs these days.
Slashdot Mirror
If I had to guess, I would say it was Johns Hopkins University.....
And you would almost certainly be incorrect.
Why would they cut out internet and ability to upgrade later?
Because it's an SSL cert that's expiring and once it does the device can't make SSL connections any more which prevents OTA updates, etc.
I address that in the part of my comment you didn't quote.
Let me help you with a little definition of parallel construction. Feel free to compare it with what you said and hopefully notice the difference..
Judge: What was the source of this information?
FBI: Uhm... a hunch?
Yeah, you see, they'd have to admit the ability in open court for it to be useful.
Because the FBI would never use parallel construction in order to have a pat answer that had nothing to do with the real source of information.
Does it do more than qTox?
Well, it has an iOS client for one.
They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.
So why aren't we awash in a sea of available programs? Maybe they could but do they? An entire repository full of non-existent programs is worth "doodly squat".
All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.
Right up until the time, through data sharing, some law enforcement organization forgets to use parallel construction and the details about the program come out in a court proceeding before the Feds can seal the transcript.
Oh for gods' sake. I wrote a whole comment saying basically, "I don't see the problem here," based on the worthless summary, and then looked at the article. It's not about source code, it's about the signing key. It acknowledges that right in the article title, but whoever submitted this got their head on backwards.
Well the LavaBit reference makes a lot more sense now too.
I go on to ask about blockchain technology, which can help build trust in a given network by underlying it with an immutable database. "I think that, within the context of Airbnb, your reputation is everything, and I can see it being even more so in the future, whereby you might need a certain reputation order to have access to certain types of homes. But then the question is whether there's a way to export that and allow access elsewhere to help other sharing economy models really flourish. We're looking for all different kinds of signals to tell us whether someone is reputable, and I could certainly see some of these more novel types of signals being plugged into our engine."
Am I missing something here, or is this yet another example of "ooh, this technology sounds neat, let's take this hammer and see how many things look like nails"?
When all you have is a hammer, everything looks like a skull.
Stop trying to find ways to steal other people's work without compensating them and you won't have this problem.
But just like drug users, there will always be an excuse for why people think it's acceptable.
Ok, I give up. What are you nattering on about?
We need to stop reacting to every stupid thing a politician says, and wait until there is some reasonable risk of it becoming law.
The problem, at least in the US, is that the first is just one late night vote after everyone has left or budget bill rider away from being the second.
So... some sort of packet sniffer might be in order.
That assumes that the protocol doesn't use some sort of challenge/response or unique key mechanism for communicating the actual decryption key inside an encrypted envelope that prevents replay attacks.
I find it suspect that you can't procure talent except abroad. If there is such a dearth of talent here, perhaps you should relocate your business to where the talent is.
It sounded to me like he could find the talent he needed locally, but it cost too much. He wants to know why replacing this particular part with a cheaper one is such a big deal.
Self signed certs are MORE secure as long as the party at both ends understands the process.
I'm not sure how that can be since all root certs are simply self signed certs. There's just the ones that someone else has told us to trust such as the ones that come by default in your browser, and the ones that you deliberately choose to trust. There's also nothing that says you can't delete any "trusted" certs that you choose not to trust.
There's no such a thing for a 100% secure system, but a 98% will do for mundane things. No one will spend the effort just to play tricks on the customer's living room illumination.
The nice thing about computers is that they can automate routine tasks. A hacker doesn't have to spend any effort "just to play tricks", he can have his computer to it automatically for him just for the lulz.
not because they were trying to suck money out of every click.
Wow, totally misread this at first glance. That's why kerning is so important in a font.
Yeah, who needs a mainframe when you can just as easily install Linux on your typical 100 CPU, 3TB RAM server from Dell.
Can you replace a faulty CPU in the Dell while it's running?
So does the 5s have the secure enclave built in?
So it hertz too much?
Or just burn the wood. I like to take the long view.
Why spend the $4 a month for website access when you can spend the $5 a YEAR and get the print magazine delivered?
I don't know about elsewhere, but if you go through Amazon the subscription is all-access, including both print and digital copies.
Isn't that a "Ford Prefect"?
He went on to argue that the phenomenon of communications "going dark" due to more sophisticated technology and wider use of encryption is "overwhelmingly affecting" law enforcement operations
Basically he is whining because the FBI actually has to, you know, go to a judge and prove sufficient cause for her to grant them a warrant before accessing an individual's property or papers like the 4th amendment says they have to.
Cry him a river, build him a bridge, and tell him to get over it.
If you people would only let us slowly tear the flesh off of our suspect, getting a confession would be that much easier. It's like you guys want more crime.
I believe the taser is the torture device du jour for LEOs these days.