New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It's not about technology or cryptology. It's about the principle of the thing. Politicians are ours, we voted for them, so they should respect our privacy and our reasons for voting them. I don't think any person voted any politician to spy on them.
@jsg thanks, some interesting food for thought.
Hopefully we'll see at least a bit more useful discussion along those lines.
(and no doubt the stage for much shitposting in this thread was set right out of the gate with the Borat memes and "national anthem" and took off from there, so ... well what can I say - I'd like to have my cake and eat it too, thank you very much!)
@jsg
Good post, agree with most of it.
Just a note:
there are legitimate, moral, reasons to invade one's privacy as well as to not inform them of it (especially when organized crime is being investigated) - because that information is also valuable to the suspects. Even if it's given after the investigation has been finished (for the time, since I'm yet to see a criminal retire, though a few manage to get into mostly legal, if not always moral, business, after acquiring enough capital).
The problem is the level of corruption. Most put emphasis on the "respect of the law". But one can do really bad stuff 100% legally - both criminals, corporations and the governments. So in practice, it boils down whether majority of citizens and police/government officials (coming from the same citizens, not from Mars, so usually similar) are moral, well meaning people, or not as good.
@default
If elections could really change anything, they would have not been allowed - anywhere.
Corporations pay funds/campaigns, so that narrows down the choice - majority won't vote for someone they don't know of.
Those who get sponsored (practically allowed to run) are the ones who are "in line", under control.
As far as ordinary citizens (workers) are concerned, all the listed candidates/parties offer the same thing, just differently advertised.
Use HTTP Public Key Pinning?
This has been discussed in various other sites with regard to this MITM, it won't help because HPKP specifically doesn't block cert mismatches caused by trusted root certs that the user has manually installed. Under the premise that the user knows better, and to support use cases like antivirus software and MITM by employeer in a workplace. I think these all are b/s and HPKP should have worked here, but currently it won't.
No surveilance here - and the sheep ain't no shitches!
...What?! No, Tarzan, don't believe the whore, she's lying!
Software vendors could step'in here and stop allowing users the installation of their own root certs at least on home/pro versions of winblows. Workplaces should always use enterprise software that would not be affected by this.
VPN is commonly used in companies for legitimate business. Russia actually proposed banning VPN at some time, but they softened their stance after the business community complained. So VPN users won't stand out.
Every authoritarian regime claims that censorship is justified to protect against terrorism and/or some foreign "fifth column". Every autocrat blames protests on misinformation and revolutionaries.
You're missing the problem
The problem is that there is usually no ability for the public to question these claims, either through a free press, proper elections, peaceful protests, etc.
Every authoritarian country in the region has been upgrading its monitoring of the Internet recently. E.g., Belarus just started requiring websites to verify phone numbers of commentators. This doesn't really correspond to a rise in terrorism but rather increasing domestic frustrations with a moribund economy. The golden years of high energy prices are over. There are serious economic problems on the horizon in these countries.
The law that is currently active, says that all VPN services must block sites that are on Russia's website censorship list, or they will be blocked themselves. It is true that it does not outlaw VPN as a technology. [Yet.]
They will stand out. Multiple reasons, one important one of which is that they usually can differentiate between private persons (about whom I talked) and businesses.
So, the USA and a major part of Europe are "authoritarian regimes"? I'm astonished.
. if one is based on the premise that Kazhakstan has no working legal system and/or government caring about the law. The problem with that premise is that it's wrong.
"Evil Russians!" - sorry but that gets boring. Pretty much EVERY country anywhere has been upgrading its monitoring, etc. That is very little to do with east or west, north or south, and very much to do with politicians of any colour and anywhere awakening and desiring to control "that internet thing".
Many "good western" countries do very similar things as e.g. Belarus. And, in case you failed to notice it, in the USA (where most of the tech giants happen to be) there is lots and lots of censorhip, closing of accounts, demonetizing, etc.
Plus e.g. Russia did experience plenty real terrorism with most of the terrorists communicating and coordinating via encrypted internet mechanisms. That's a clear fact. Another clear fact is that the governments reaction is not "russian" but simply normal; it's very similar to what western countries do too.
Btw, I just learned from the news that in the UK there is a lot of anger about the police often demanding the victims smartphone in cases of rape and similar. So, is the UK an "authoritarian regime" too?
I suggest that we stop the, Pardon me, very stupid sorting into "good west" and "evil east" and instead focus on the matter.
Implementation dependent, for example the local tesco application (Hungary) crashes when use different cert.
https://github.com/Fuzion24/JustTrustMe
News: https://tsarka.org/post/national-certificate-cancelled
Great news. They can finally enjoy internet.
LET's clamour has been heard! Free potatoe speech.
I just watched the blackhat keynote 2019 and they talk about these sort of things.
take China, they're the most firewalled ppl ever, right? they still have ddos, layer 7 ddos, and the attackers go outside the great firewall of china then come back in and they make huge DB query on the webapp that they're attacking to take the backend down, the great firewall actually hides their tracks!
so no, this won't stop bad actors from doing their things.
Meanwhile another country was smarter and realized providing free voluntary MITM proxy (ThethingfromwhichrainfallsfromFlare) for the server side gives the same results.
the Potassium must flow!
Yes, a nice evolution. But it wasn't a battle where the good guys won and the bad guys went to hell. It was a constructive dialog and what was basically "achieved" was what I (and others) have said from the beginning. That whole thing was never about "eavesdropping on evereyone!!!" but about preparing and testing some defense mechanisms that can be activated if needed. And the target wasn't Kazhakstans own population but terrorism and attacks from the outside.
https://torrentfreak.com/https-interception-breaks-slider-music-search-engine-190808/