Post AVO2KQ7KuaBZLpMCye by strypey@mastodon.nzoss.nz
(DIR) More posts by strypey@mastodon.nzoss.nz
(DIR) Post #AVJBBpdOb8pjgKX5Tk by strypey@mastodon.nzoss.nz
2023-05-04T10:22:44Z
0 likes, 0 repeats
The #IEFT were warning of this in the 90s:"Export controls and usage controls [on cryptographic software] are slowing the deployment of security at the same time as the Internet is exponentially increasing in size and attackers are increasing in sophistication. This puts users in a dangerous position as they are forced to rely on insecure electronic communication."https://datatracker.ietf.org/doc/html/rfc1984#HatTip to @onepict for pushing us to read this.#cryptography #security #privacy
(DIR) Post #AVJCLYTvKIaPKjIoc4 by onepict@chaos.social
2023-05-04T10:35:39Z
0 likes, 0 repeats
@strypey yay!The more of us getting other people to read RFC1984 the better. Governments and spy agencies will keep trying to push for encryption to be restricted or broken. We have to stay vigilant. The #IETF realised that and they also have human rights focused RFCs.@jens went over some of them in a talk a few years ago. RFC8280 and RFC8890 are a good read as well. We should be priotitising the #humancentricinternet, and end users #humanrights.
(DIR) Post #AVJM5U2d4BK4TEVjbE by canusfeminacanis@mastodon.nz
2023-05-04T12:24:42Z
0 likes, 0 repeats
@strypey @onepict Glad this is being seen now.We were talking about these issues, and basic remedies, 20 years ago.
(DIR) Post #AVJVpDNQFxnhh77NEe by TunnelJanitor@sfba.social
2023-05-04T14:13:53Z
0 likes, 0 repeats
@strypey @onepict Are any of you exceptionally pretentious freedom wizards actually doing export controlled cryptographic work right now, or just rehashing old fears from 20 years ago to drum up donations? I for one am in the field and I hate seeing things that aren’t true.Rules and regulations are only oppressive and restrictive if you are an illiterate person and cannot read.https://www.bis.doc.gov/index.php/documents/regulations-docs/2337-ccl5-pt2-4/file
(DIR) Post #AVKLpmD1whEhLEqWo4 by strypey@mastodon.nzoss.nz
2023-05-04T23:56:43Z
0 likes, 0 repeats
@canusfeminacanis> We were talking about these issues, and basic remedies, 20 years agoI've been online long enough to remember the websites of PGP software warning that it might be illegal to download their software is you were outside the US. It seemed ridiculous then and it seems even more so now.@onepict
(DIR) Post #AVKMuZvB9w3odKLl2G by canusfeminacanis@mastodon.nz
2023-05-05T00:08:45Z
0 likes, 0 repeats
@strypey @onepict Yup. It wasn't illegal here, but rates of promotion and implementation were shockingly low. And met with a surprising amount of resistance.
(DIR) Post #AVKRbizDjLsj184MwS by strypey@mastodon.nzoss.nz
2023-05-05T01:01:25Z
0 likes, 0 repeats
@canusfeminacanis> implementation were shockingly low. And met with a surprising amount of resistanceTo be fair the UX of PGP software is appalling, even today, although AutoCrypt is a big improvement. @onepict
(DIR) Post #AVKX0YSkUh8VOAXZXU by canusfeminacanis@mastodon.nz
2023-05-05T02:01:50Z
0 likes, 0 repeats
@strypey @onepict The UX of a lot of useful software is.... wanting. 🧐
(DIR) Post #AVKZDek0f7UiX9zNXU by strypey@mastodon.nzoss.nz
2023-05-05T02:26:42Z
0 likes, 0 repeats
@canusfeminacanis > The UX of a lot of useful software is.... wantingTrue, and this has been particularly true of Free Software, for reasons I'm happy to rant about at length ;) But I'm not just talking about the UI of PGP apps. I'm talking about the whole dance you have to go through to use PGP. I wrote an 'email with PGP for activists' HowTo in the late 2000s. Even then it was still so complicated very few people could get their heads around it.@onepict
(DIR) Post #AVLJC14bFz5J6kmAnQ by dusnm@fosstodon.org
2023-05-05T11:01:47Z
0 likes, 0 repeats
@strypey @canusfeminacanis @onepict The reason for PGP specifically is that the technology itself is a step above in complexity compared to others. You have to understand key exchange to use it, because there is no central "trusted" authority. I don't think abstracting this away from the user is a good idea.
(DIR) Post #AVNdRtcn6YVy2VXPlI by canusfeminacanis@mastodon.nz
2023-05-05T12:10:30Z
0 likes, 0 repeats
@dusnm @strypey @onepict I know about PGP. I was a Linux coder, promoter and user for 20 years. Still would, if there was a decent distro for Mac's.
(DIR) Post #AVNdRuIyZiG69LH6W0 by strypey@mastodon.nzoss.nz
2023-05-06T13:58:13Z
0 likes, 0 repeats
@canusfeminacanis> Still would, if there was a decent distro for Mac'sDefine "decent". Trisquel ran on most Mac hardware while they were using Intel chips.@dusnm @onepict
(DIR) Post #AVNdu3wKLZaI8i6fcO by strypey@mastodon.nzoss.nz
2023-05-06T14:03:19Z
0 likes, 0 repeats
@dusnm> I don't think abstracting this away from the user is a good ideaIf a user is trusting a service to host not only email servers but webmail clients too, why wouldn't you trust them to do a good job of encryption with AutoCrypt? I agree it's not as privacy-protecting as managing your own keys. But sending letters in envelopes is still an improvement over sending postcards, which can be read by anyone involved in transport from sender to receiver.@canusfeminacanis @onepict
(DIR) Post #AVNeN3JrjT9uc5wLIG by dusnm@fosstodon.org
2023-05-06T14:08:32Z
0 likes, 0 repeats
@strypey Because unlike traditional post, this tech has the ability to create truly private, trustless emails a thing. Why would you want to trust anyone? Trust can always be abused.
(DIR) Post #AVO2KQ7KuaBZLpMCye by strypey@mastodon.nzoss.nz
2023-05-06T18:36:59Z
0 likes, 0 repeats
@dusnm> Why would you want to trust anyone?Your line of argument makes 3 assumptions; 1) we can trust ourselves to correctly perform every step of elaborate PGP dances, at all times. 2) we're willing to risk permanently losing access to our mail if we miss a step.3) our threat model justifies both the effort and the risk.It's a rare person for whom all 3 are true, and AutoCrypt is not a good enough solution.
(DIR) Post #AVOXYko9sVEk9ghZ7Q by canusfeminacanis@mastodon.nz
2023-05-07T00:26:55Z
0 likes, 0 repeats
@strypey @dusnm @onepict Would 've been the only one that did. How far back? 2012/2013?
(DIR) Post #AVOY2BwQ4nEChnbQrw by canusfeminacanis@mastodon.nz
2023-05-07T00:32:15Z
0 likes, 0 repeats
@strypey @dusnm @onepict I like the idea of managing my own digital security, as well as I can, as simply as I can. But it takes time, and not everyone has that time or the know-how.It comes down to trusted servers...and the information available from them to assure oneself that they can be trusted.
(DIR) Post #AVOorV0uWWW1tQBstk by strypey@mastodon.nzoss.nz
2023-05-07T03:40:49Z
0 likes, 0 repeats
@canusfeminacanis> Would 've been the only one that didIt's based off Ubuntu, minus blobs and other nonfree bacon bits. So I'd expect any 'buntu based distro to have worked during that period. Trisquel is just the most freedom-respecting.> How far back? 2012/2013?Not sure, I never had Mac hardware to try it on. Maybe ask on the Trisquel forums at Trisquel.info?@dusnm @onepict
(DIR) Post #AVPHCmGcMurECWTL4S by dusnm@fosstodon.org
2023-05-07T08:57:31Z
0 likes, 0 repeats
@strypey It's also true that if all 3 aren't satisfied the communication isn't truly private and secure. You're willing to make certain compromises, I'm not.
(DIR) Post #AVQb1toIAwnYeSH0BU by strypey@mastodon.nzoss.nz
2023-05-08T00:15:14Z
0 likes, 0 repeats
@dusnm>vif all 3 aren't satisfied the communication isn't truly private and secureThis is a false binary. Both privacy and security are on a slider, not an off/on switch. There is no perfect security or privacy. The question, case by case, is whether the practices are sufficiently secure or private to address the threat model.