There are a number of technological / legal hybrid policies developing that come at the very jugular vein of computing freedom - the notion of a “general purpose” computer itself. OS level identity / age verification, hardware attestation, walled garden app signature requirements. All evincing the same aim.
The revelations that Epstein had interest and involvement in the development of 4chan really makes me wonder what we would find behind the curtain at next iterations like KiwiFarms, etc if we looked hard enough. Not to sound an overly conspiratorial note, but sewing division within a foreign culture is one of those things that intelligence communities excel at, might match some patterns we’ve seen, and would serve to help explain some of the divergence between expectation and reality, here.
There is a theory that some skeptics of tech optimism have advanced for a while, that governments like Internet freedom and widespread availability of ICTs in rival nations because it either (1) makes people there hate and fear each other, or (2) makes them easier to propagandize.
In this account the U.S. State Department's Internet Freedom Agenda (which many of my friends and colleagues have been directly funded by) is about destabilizing other countries, while Russian or Chinese spies in turn relish American Internet freedoms because they can stir up conflicts here.
I have never endorsed this view but I've run into forms of it again and again and again. Adjacent to it is the idea that some of our prior social harmony was due to a more controlled or at least more homogeneous media landscape.
I definitely buy into the “monoculture” argument a bit. When hundreds of millions of people are all voraciously consuming the same very limited cultural messaging - three TV stations, a handful of movie studios, a handful of major book publishers - there is bound to be a leveling of interpersonal expectations that will be absent in a more fragmented culture.
That’s not some kind of crypto denunciation against cosmopolitan diversity, but it is what it is and I do think there’s a there, there.
That idea sounds like it is a Freudian slip of sorts of an authoritarian mind. Basically, involuntary ideological tells from patterns of their thinking that slip through into their speech. The sorts of things which would give a spy away.
The idea you mentioned is the mark of an authoritarian who considers expressed dissent a sign of weakness instead of a crucible for the strength of ideas. That they literally cannot conceive of a purpose of it other than propaganda or division because they see democracy as inherently a weakness and they think that a 'strong man' is needed to create unity.
It is a similar tell to bigots who cite 'homogeneous society means' as being inherently socially cohesive or responsible for low crime because they cannot comprehend a cohesion based on something other than ethnic unity.
Or reflexive deceivers promising to 'restore a sense of trust' because the thought of being trustworthy even never comes to mind as something to promise as a lie. I have seen that one in officials in response to corruption or abuse scandals far too many times. A cousin to that is expressing fear of 'turning into a low trust society' where they promise parades of horribles to try to poison the well against people rightfully distrusting them.
ICT is correct. It’s the economic bucket that Facebook, Google, etc are categorized under for export accounting. “Social Media” would have worked in its placed.”
You can see this playing out right now, with X spreading holocaust denial and all sorts of corrosive messages in Europe, with it's owner being actively hostile to European institutions and the US government actively guarding it from consequences.
> The revelations that Epstein had interest and involvement in the development of 4chan really makes me wonder what we would find behind the curtain at next iterations like KiwiFarm
For starters, that Putin was right when he was calling the internet a CIA project back in 2010, 2011, those whereabouts.
Later edit: From 2013 [1]:
> Barlow: Let me give you an example: I have been advising the CIA and NSA for many years, trying to get them to use open sources of information. If the objective is really to find out what is going on, the best way to do this, is by trading on the information market where you give information to get information.
What form of accountability are you suggesting is even being leveraged, here? No law could force Meta to backdoor its encryption, afaik. Public pressure would be unlikely to work.
Is Meta afraid of anything real, or is this just blame shifting via ungrounded speculation?
They can because Meta has chosen to implement e2e encryption. They could have chosen not to implement e2e encryption. All within their controls.
Australia already has this law in place where a company must hand over user's conversation. A company cannot make an excuse that they themselves implement e2e to prevent themselves from reading user's messages. Source: https://www.bbc.com/news/world-australia-46463029
UK has a proposal to ban encryption this year. It is still being discussed.
> Public pressure would be unlikely to work
Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?
> Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?
I think that Meta can afford as much PR as they would need to out-message this sort of BS, again if they were inclined to protect user privacy in the first place. Look at Apple.
The answer to most everyone question you’re asking is just, “public key cryptography”. It’s kind of disheartening to me that such basic 1990s tech as implemented by Phil Zimmerman is now obscure enough to merit questions like this.
Both parties exchange public keys through the central service. Only the possessor of the respective (on device, Secure Enclave ideally) private keys can decrypt the messages encrypted to the public key. The process can also work in reverse, encrypting with the private key so only holders of the public key can decrypt: this is called “signing”.
And how does one verify that the public key received belongs to the intended party, rather than a mitm?
If the answer is blind trust in a third party that runs the messaging service then I suspect that you can guess what the people asking those questions are really asking.
Diffe-Hellman-Merkel key exchange is vulnerable to attacker-in-the-middle attacks.
Eave could just do key negotiation with Alice and separately do key negotiation with Bob. You have to use a slightly more complicated cryptographic protocol to avoid this issue.
How would the keys get stored in the user's private browsing window? Do they lose all chat history when they log in on a private browsing window and then close it?
I don't know the technical details of that for sure, but I think the answer is that keys and chat history are stored on-device only; for example you lose your WhatsApp history if you don't restore a backup when moving to a new phone.
If a messaging app is showing you message history in a private browsing window then perhaps the encryption key for that history is derived from your password or something like that; that can be done locally so that all the server ever sees is encrypted data.
What if you log into the app and then log out of the app and then log into the app again? Should you be able to see your messages?
E2EE is a fail-secure design. In case of any doubt it deletes your private messages. When applied to this case I don't think the downside of constantly losing all your messages outweighs the upside of Facebook pretending they don't have a copy of all of them.
Are you asking for technical details about E2EE in messaging apps, or simply making the point that you don't like it? If you don't like it, then fine, you do you, however I would point out that we all accept some inconvenience in our lives as a trade off for improved security; the lock on my front door is inconvenient but I'd rather have it than not.
As to whether or not Meta have been lying about it, then that would be on-brand for them, but then what are they turning off if so? Or maybe the whole thing is theatre, and I should better disconnect from the internet altogether? I don't see the value in speculating about that.
Not being able to receive messages except on one device isn't a minor inconvenience.
To fix this, you either need to authorize each device (and web browser) from another device that's logged in, or the central authority holds your keys.
I run WhatsApp concurrently on two phones and receive all messages on both devices. But generally speaking this is where we disagree - requiring all devices to be authorised by me is feature not a bug as far as I'm concerned.
> And how does one verify that the public key received belongs to the intended party, rather than a mitm?
Fingerprints. Again, this is like Crypto 101. Not saying that as a personal attack of any kind, I just remain incredulous that what used to be entry level knowledge in “our thing” has evidently become so obscure.
You shouldn't be talking down like this, you're wrong about it. Alice and Bob need to exchange keys beforehand in some trusted out-of-band way. There's no protocol that solves this if Eve can be in the middle. I'm not sure what you mean by fingerprints, but if you describe a protocol, I can describe the mitm attack.
Bob and Alice are setting up their e2e channel, and because they have some extra level of concern about snooping, they telephone each other and read off some form of hash of the public key to each other.
A more complex variant would be something like PGP implemented, where Bob and Alice could both sign each others keys after this exchange, ensuring that someone who hadn’t met Bob but did trust Alice could inherit trust in Bob’s Alice-signed key.
You’ve stated unequivocally that I’m wrong, so now, please show your homework.
This is a very frustrating exchange. You guys are saying the same thing. For key exchange to be secure against an attacker who can MITM the channel you're securing, either the public keys or at least their respective fingerprints need to be exchanged out of band, over some channel the same attacker cannot also MITM. For a sophisticated enough targeted attack, a telephone isn't that.
The way military radios handle this is hardware key loaders that have seeds pre-synced in factory, in person. Every day in the field, a unit comms person takes the key loader and loads new keys onto everyone's radios. The key loaders themselves are reseeded and resynced during maintenance periods between campaigns or exercises. They're physically accounted for on every movement and twice a day when not moving, and if they ever can't be found, all messages from any device they loaded keys onto is considered compromised.
Anyone trying to overthrow a government or run a criminal empire or whatever is going to have to take measures at least this drastic. Or quit LARPing and accept that nation state attackers can probably slide into your Instagram DMs, which are probably being sent to people you don't know, and if they're hot and actually answering you, 90% chance they're a honeypot anyway.
Web of trust or centralized trust are the main answers here.
Compromise of the secret key is a whole other issue - revocation.
MITM of a key can be solved pretty well via web of trust techniques.
Apologies if the dialog is frustrating to read! As a “recovering cypherpunk”, I find these sorts of discussions animating, as long as they’re polite and technically focused! Much love!
No, it's not at all this simple. This is why so many "e2ee" apps like Telegram are bogus, they ended up prioritizing UX over security because there are many places where you can't pick both.
Webs of trust based on OOB key verification and signing, or centralized trust authorities are the two primary models I’m aware of.
I’ve always been enamored of the idea of DNS as a back end protocol to enable the former largely decentralized solution.
Bob looks up Alice and receives her key from Alice’s namespace within the DNS hierarchy, along with her trust claims. David then looks up Alice’s key within her namespace, sees a reference to endorsement by Bob, and can validate this by querying Bob’s namespace. David can also issue non-authoritative queries about Alice’s key to Bob’s DNS servers, ensuring that there is no mismatch between the query response received by Bob and the one received by David.
If Mallory manages to compromise Alice’s DNS, but not Bob’s, the result is a mismatch in query responses that both Bob and David can thus detect.
At scale, a MITM compromising a system like this would be difficult without compromise of a large number of independent namespaces, increasing the likelihood of detection via the non-authoritative queries.
The missing component in this arrangement is cryptographic security of DNS, which I cynically suspect is why the DNSsec working group was comprised of the usual suspects and eventually produced a protocol without query encryption. It could still be layered on by a protocol extension, however.
In practice it's possible to make a system that's hard to mitm if users are diligent. WhatsApp publishes a public record of hashes of the keys. If both sides check that record against their local keys, it's hard for WhatsApp to present different versions to each. Though that's a more recent development.
The harder part that Instagram is most likely concerned about is getting low-effort users to keep their private keys safe without losing them.
Throwing this on the "brainstorm if we had an ideal legislative world" pile: Stealing a user's private key should be a felony, even if it hasn't (yet) been abused for anything.
The tricky part is keeping it from being "permitted" by a crappy contract of adhesion. Banning it entirely would make it very difficult to buy/sell backup services...
lol honestly, I think a little on the contrary. If we can make a thing impossible technically, the law defers to that. One thing the government really can’t do easily in Western countries is forcing a company to add features or change core functionality.
I'd say those are legal barriers, rather than technical barriers.
For example, suppose the government demands constant access to your core database. You don't need to invent any new algorithms for that, you might just make an SQL user and a firewall exception and call it a day.
Similarly, If you have a messaging client, you don't need complex R&D to steal the "end-to-end" keys.
I’m not sure why you think so? If the service provider claims E2E but intentionally provides a defective version of this, it’s a pretty clear cut violation of the federal statute, which afaik based on the statute’s language contains no exceptions for defects cajoled into being inserted by government pressure short of a clear statute mandating it, which does not exist afaik.
“Operation Infektion” attempted to blame the emergence of HIV/AIDS in the 80s to biological weapon attacks by the US. There has been some coverage of the explosion in occult and ufo stories from TASS etc, such as “The New Age of Russia” compiled by Otto Sagner, but that work is more focused on historically documenting the phenomenon, rather than analyzing its causes.
Why do so many of you think this is some big distraction campaign? They have talked about this kind of thing before and people then made distraction allegations. Is there really any "distracting" going on? I still liberals going on and on about the Epstein files that they didn't care about under Biden. I think they know Democrats are still going to be talking about that, and "de-colonizing," talking about kings and fascism and all that. I think the whole UFO business is silly but I struggle to see it as some big conspiracy to distract it's not like it ever makes much of a difference one way or the other.
I would agree that it’s silly. So did former President Obama when he mocked the notion recently.
While motivating intent is always opaque to some extent, this would appear to be another form of a “flood the zone” approach, in my estimation.
Many officials who certainly know better are involved - let me put the question back to you: why do you think they’re using taxpayer dollars to fuel lies?
> You have a near-permanent upper class that has no real political opposition that could impact their value creation ambitions.
Sorry, what? China regularly prosecutes billionaires. Between 2003 and the mid 2010s it EXECUTED at least 15 billionaires.
When was the last time a US billionaire faced a death penalty case, even when their actions directly result in tens of thousands of innocents dying?
Isn’t the US much more aligned with the dreams of the capital class, given that distinction alone? All the money in the world won’t save a Chinese citizen from their laws. Meanwhile, we have the President’s family selling crypto coins and NFTs and Trump Gold Cards and “produced by USA” Trump phones made in China.
You're putting capital on a higher hill than the political class. That's not always the case.
Billionaires are problematic by their very existence, but the sort of power they want is what the CCP has. They want to use their capital to build that. Trump's having the best luck so far. If there are people who also just happen to be extremely wealthy who get in their way, they'd gladly use the power they then had to get rid of them. Alex Karp would be a good example of this sort of aspirational melding of the state and capital.
In a way, the CCP is beyond someone with a lot of money being able to do anything about it, which would be nice, except for the fact that they're totalitarian.
Comparisons between CCP and private industry in the West seems misaligned in several respects. CCP does not have fiduciary duty to shareholders, instead, it has accountability to national political goals as well as broad based economic outcomes.
This is a much different model. Yes, the CCP has the sort of power that elite authoritarians crave, but it also has constraints and demands that no elites would ever face.
I would add that China also executes quite a few government officials for corruption and bribery. Estimates based on reporting suggest that about 25 Chinese officials each year are executed for this, and over 200,000 have been prosecuted in serious criminal trials, often with multi decade prison sentences or even life sentences. Again, the contrast with Western permissiveness is stunning.
Of course it has fiduciary duty to shareholders. If they don't set up deals that investors want, they can't continue to exist. Is it something that they can be sued for in a court? No, but it's just how markets work.
As far as the execution of government officials for bribery, they also do quite a bit of other enforcement action that "Western permissiveness" just wouldn't tolerate, like sending ordinary people - not billionaires or cadre members - to re-education camps for wrongthink.
China does not have “shareholders”, though. There are incredibly substantive differences between the accountability structures and expectations of shareholders, and those that govern broad based and diverse national geopolitical interests in China.
China’s government is likewise not accountable to or easily fit into the framework of “a market”, for reasons not the least of which include it being explicitly anti-capitalist. Wealth hoarding does not accumulate political power in China, and those who attempt this play can and regularly do find themselves put back in their place - possibly a prison or a crematorium.
As for re-education “camps”, the US imprisons approximately 10% of its population - a huge number by any standards historical or contemporary - and virtually none of these are billionaires or governing elites, who are functionally immune to the systems of authority that “rehabilitate” regular Americans.
Given the Trump administration’s actions against private industry from TikTok, to Anthropic, to a hundred other examples from auto makers to air conditioning manufacturers, is it fair to deem it delusional to think he might possibly succeed?
Good luck suing the White House, sovereign immunity basically makes this impossible in most cases.
While sovereign immunity is a problem in and of itself that must be reformed, the real problem here is the illegitimate supplicants on the Supreme Council.
Hasn’t the US been equally so, including the auto company bailouts, government fleet purchases restricted to US-made vehicles, US national moves to secure supply chain inputs for the auto makers, etc.?
The main difference that I see isn’t protectionism, it’s that BYD took a direction the market wanted, whereas US auto makers have not produced vehicles that were appealing to consumers who had choices.
BYD's direction was largely at the behest of the Chinese government, who were willing to demand things of BYD in exchange for that protectionism, instead of wringing their hands and saying "nothing you can do about the market" while simultaneously propping up industries of national strategic significance.
