Mailing List Archive

Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook
Kicking the can down to the endpoints -- but really, haven't you always had to trust your app / OS? Unless you coded or audited it yourself from top to bottom and built your own hardware (hah), there is always a level of trust required in the code/device.  Trusting Facebook seems... unwise.  But not everyone is churning out industrial grade evil like Facebook.

https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#55ac36aa5362

-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
https://keybase.io/digicana
Sent via ProtonMail
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook [ In reply to ]
On 31/07/2019 15:36, Ryan McGinnis via Gnupg-users wrote:
> haven't you always had to trust your app / OS? Unless you coded or
> audited it yourself from top to bottom and built your own hardware
> (hah), there is always a level of trust required in the code/device

Facebook are being expected to act as both poacher and gamekeeper
simultaneously. Cory Doctorow has an interesting viewpoint - we can
either regulate the internet giants and expect them to act as an arm of
the state, or we can break them up and expect them to act on behalf of
the customer. But we can't reasonably expect both.

There's a balance to be had between the needs of personal privacy and
public security, and the best way to ensure it's done honestly is for
different agents to take different sides and have it out in public. It's
conflicts of interest and the inevitable closed-door decision making
where the problems really start.

--
Andrew Gallagher
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook [ In reply to ]
??????? Original Message ???????
On Wednesday, 31 July 2019 ?., 17:36, Ryan McGinnis via Gnupg-users <gnupg-users@gnupg.org> wrote:

> Kicking the can down to the endpoints -- but really, haven't you always had to trust your app / OS? Unless you coded or audited it yourself from top to bottom and built your own hardware (hah), there is always a level of trust required in the code/device. Trusting Facebook seems... unwise. But not everyone is churning out industrial grade evil like Facebook.
>
> https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#55ac36aa5362
>
> -Ryan McGinnis
> https://bigstormpicture.com
> PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
> https://keybase.io/digicana
> Sent via ProtonMail

Facebook receives disproportionally high criticism in recent years not because of technical reasons but because of politics. The wave of attacks on Facebook began after 2016 US election. Initially it was like "fake news in facebook helped one candidate to win" and the idea was to allow journalists of big media companies to mark information in facebook as "fake" and probably delete. Later the attack has spread in all directions. Nowadays everyone tries to punch Facebook in order to look smart.

Regarding techincal reasons. The author argues that if devices are compromised, then encrypted communication between them is too. But this is not a surprise, it has always been. July 2019 in this aspect is not different from January 2019, or 2017, or 2007. In addition, not only Facebook, but other big tech firms (Microsoft, Apple, Twitter and so on) can download unencrypted data from user device for analysis before encryption. As an exercise, one can replace "Facebook" in that article with "Apple", the bias will be more evident.
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook [ In reply to ]
In my personal opinion, Facebook has earned their reputation.  Their stance towards privacy has always publicly been "Uhh, what?  Privacy?  Uhhhhh, yeah... we love privacy!" while they fill their platform with dark patterns and extract every last bit of usable data you give them into something they can monetize.  They were selling the 2FA phone numbers people would supply for increased login security to advertisers for Pete's sake.  Sometimes that giant space station that looks like a moon with that thing that looks suspiciously like a janky planet-busting laser slapped to the side of it really is something to worry about.

I do agree you can say this about any platform, but I don't agree that they're all equally suspicious.  Apple *could* be secretly building a data empire out of their users, but they way they've structured their business plans, the way they market, the way they continually design their devices with security and privacy not just in mind but as a top priority... it's doubtful that they're secretly the bad guys.  Possible, sure, but if you're going to pick a closed source hardware/software platform, you could do waaay worse.  

-Ryan McGinnis
https://bigstormpicture.com
https://keybase.io/digicana
Sent via ProtonMail

??????? Original Message ???????
On Wednesday, July 31, 2019 11:40 AM, Maksim Fomin via Gnupg-users <gnupg-users@gnupg.org> wrote:

> ??????? Original Message ???????
> On Wednesday, 31 July 2019 ?., 17:36, Ryan McGinnis via Gnupg-users <gnupg-users@gnupg.org> wrote:
>

> > Kicking the can down to the endpoints -- but really, haven't you always had to trust your app / OS? Unless you coded or audited it yourself from top to bottom and built your own hardware (hah), there is always a level of trust required in the code/device.  Trusting Facebook seems... unwise.  But not everyone is churning out industrial grade evil like Facebook.
> >

> > https://www.forbes.com/sites/kalevleetaru/2019/07/26/the-encryption-debate-is-over-dead-at-the-hands-of-facebook/#55ac36aa5362
> >

> > -Ryan McGinnis
> > https://bigstormpicture.com
> > PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
> > https://keybase.io/digicana
> > Sent via ProtonMail
>

> Facebook receives disproportionally high criticism in recent years not because of technical reasons but because of politics. The wave of attacks on Facebook began after 2016 US election. Initially it was like "fake news in facebook helped one candidate to win" and the idea was to allow journalists of big media companies to mark information in facebook as "fake" and probably delete. Later the attack has spread in all directions. Nowadays everyone tries to punch Facebook in order to look smart. 
>

> Regarding techincal reasons. The author argues that if devices are compromised, then encrypted communication between them is too. But this is not a surprise, it has always been. July 2019 in this aspect is not different from January 2019, or 2017, or 2007. In addition, not only Facebook, but other big tech firms (Microsoft, Apple, Twitter and so on) can download unencrypted  data from user device for analysis before encryption. As an exercise, one can replace "Facebook" in that article with "Apple", the bias will be more evident.
Re: Forbes article: The Encryption Debate Is Over - Dead At The Hands Of Facebook [ In reply to ]
Can you please move this discussion elsewhere. The purpose of this list
is:

https://lists.gnupg.org/mailman/listinfo/gnupg-users

About Gnupg-users

GnuPG user help mailing list.

The topic of this is list is help and discussion among users of GnuPG.
This includes questions on how to script GnuPG, how to create or sign keys and
general discussion on encryption and digital signatures
as long as it somehow pertains to GnuPG.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Thanks.

matthias

--
Matthias Apitz, ? guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: ???????? ????????????! Thank you very much, Russian liberators!