this post was submitted on 10 Apr 2024
372 points (98.7% liked)

Technology

60080 readers
3334 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 8 months ago (2 children)

That’s one of the costs of liberty. The government will need to find another way.

No, that’s not liberty. If the average user would have any way of detecting when software is doing nefarious thighs, then sure, you’d be right, but the average user can’t possibly know that software is misbehaving just like they couldn’t have possibly known that asbestos or lead was bad for them. Software is opaque. As long as it remains opaque, consumers are unsuspecting victims and need help.

[–] [email protected] 1 points 8 months ago (2 children)

Side tangent, but your oopsie of Nefarious Things to "Nefarious Thighs" fucking FLOORED me xD Wish I could detect nefarious thighs!

[–] [email protected] 2 points 8 months ago

Hah! I'm not changing it

[–] [email protected] 1 points 8 months ago

Sounds like a George Michael song to go along with Careless Whisper.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (2 children)

average user can't possibly know

Hence the information campaign to make people aware.

Look at cigarettes, they are harmful and therefore have a strong information campaign to inform the public. I highly doubt you'll find anyone today who isn't aware of the dangers of smoking, but just 100 years ago, it was considered classy and largely innocuous. The difference was a big information campaign to counter the tobacco lobby's attempts to spin smoking as somehow healthy.

The government's role should be to make opaque things transparent, not to bad things that could be harmful. At the same time, they can spy on other countries to get an idea of what types of control they can exert, which would help them better inform the public.

But at the end of the day, it's up to the individual what they choose to believe. Liberty is having the freedom to make poor choices, and to live with the consequences. The government's role should be to earn our trust, but they violate it at every opportunity in the name of "security" (NSA, TSA, etc). Yes, a lot of people will ignore it, and that's a part of having liberty.

[–] [email protected] 5 points 8 months ago* (last edited 8 months ago) (1 children)

Hence the information campaign to make people aware.

There are still those who think the lunar landing didn’t happen so this is not a valid option for something that might pose an immediate danger to society.

But at the end of the day, it’s up to the individual what they choose to believe. Liberty is having the freedom to make poor choices, and to live with the consequences.

Government backed malicious software is not just dangerous to the user, it’s a societal level threat. And unlike smoking, which is banned wherever it poses a danger to more than just the smoker, there isn’t a way to restrict usage in a way in which it only affects the user.

[–] [email protected] 2 points 8 months ago (1 children)

immediate danger to society

But what exactly is the definition of that?

For example, which of these meet that definition:

  • an antivirus that ignores viruses from the county of origin
  • a social media app that collects data from a device and sends it home
  • a social media app that likely promotes content with a specific political agenda the government doesn't like
  • an app that hides monetary transaction details, which is commonly used by terrorists and other criminals
  • a social media app that doesn't id users and allows criminals to use it to communicate

The first two are probably the initial targets, but a law enforcement agency could make a decent case for the rest. Where does it stop?

That's why I think we need a hard limit on government authority here. It's better for some bad stuff to propagate than for the scope of what's blocked to expand and effectively limit freedoms of speech, association, press, etc.

Government have a lot of tools at their disposal, I honestly don't think banning software needs to be one of them.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

There is no way you of knowing what closed software does, especially software such as Kaspersky. Any piece of software can act as a backdoor for total control of all your devices and network. And when that software has the power of a state like Russia or China behind it, it can gain access to all sorts of secrets it shouldn’t have access to and can be used to corrupt people, compromise entire corporate level security systems and entire state level security systems.

Government have a lot of tools at their disposal, I honestly don’t think banning software needs to be one of them.

I really don’t understand why this is where you think the line should be drawn. Countries routinely decide to stop trading with various other countries for multiple reasons. For example, Russia is already under an embargo, why should software of all things be left free. Software is one of the least controllable goods that can be traded across borders.

effectively limit freedoms of speech, association, press, etc.

Since when do you have the freedom to associate with non-US citizens? Do you even understand what this is about!

[–] [email protected] 2 points 8 months ago (1 children)

There is no way you of knowing what closed software does

Sure, and that's why I very much prefer FOSS and avoid nonsense like Kaspersky. I also actively tell everyone I know to prefer FOSS.

Countries routinely decide to stop trading with various other countries for multiple reasons

I'm also against that, generally speaking. I think open trade promotes freedom and therefore democracy, and blocking trade just encourages more authoritarianism. I have yet to see a case where it actually impacts the leadership enough to matter, especially when it comes to larger countries like Russia.

Since when do you have the freedom to associate with non-US citizens?

Why wouldn't I? If they have the freedom to associate with me, I should have the freedom to associate with them.

[–] [email protected] 1 points 8 months ago (1 children)

Why wouldn’t I? If they have the freedom to associate with me, I should have the freedom to associate with them.

That’s a very very big “if” considering US’ foreign policy. An “if” that translates to you not actually having this freedom.

I very much prefer FOSS and avoid nonsense like Kaspersky. I also actively tell everyone I know to prefer FOSS.

How noble of you, but what do you suggest we do about people who aren’t reached by your words of wisdom?

[–] [email protected] 1 points 8 months ago (1 children)

An “if” that translates to you not actually having this freedom.

I'm not sure what your point is. Someone not having the freedom to associate with me doesn't limit my freedom of association. Someone else being locked away in jail doesn't mean I'm in jail just because I can't freely associate with them.

We should be pushing to remove barriers to association, not responding in kind. And yes, that includes changing our foreign policy.

what do you suggest

As I mentioned, the government should raise awareness around the issues of proprietary software, especially software originating from adversarial countries. Don't raise FUD, but instead fund research into these software products. Get researchers onto platforms where they can reach a wide audience, like late night talk shows, popular YouTube and similar channels, etc.

For individuals, promote and donate to organizations like Mozilla, the EFF, and Proton that push for open software and privacy. Use those services and recommend them to your friends and family.

If you ban something, you just get the Streisand effect and erode trust. If something is dangerous, the best strategy is to be completely transparent about why and provide information that can be independently verified.

[–] [email protected] 1 points 8 months ago (1 children)

Someone not having the freedom to associate with me doesn’t limit my freedom of association.

US visas & other things make it so that otherwise free people cannot do business in US or even enter the US. This means that, by definition, your state prevents you from associating with them.

the government should raise awareness around the issues of proprietary software

But this doesn't remove the threat at all. Look at tiktok, governments have been raising awareness about it and flagging it as a national security concern and yet the user count is growing.

There are things where raising awareness makes sense, e.g. alcohol consumption, smoking, etc. There are other cases where state intervention is required, e.g. working with asbestos, led, mercury, etc. Software falls in the latter category, because, like I said, it's not just a matter of personal choice. S

If you ban something, you just get the Streisand effect and erode trust.

I really doubt that banning Karspersky would have the effect of more people using Kaspersky. That's silly.

[–] [email protected] 1 points 8 months ago (1 children)

US visas & other things

I agree, and I'm absolutely in favor of dramatically relaxing our immigration policy. If I could snap my fingers, I'd double immigration quotas and guarantee visa renewal for anyone here legally who has not been convicted of a crime. I work with some wonderful immigrants, and I think we need more.

That said, my freedom of association isn't being limited with poor immigration policy, I can still collaborate with them online, share software with them, etc. The only limitation is physical proximity. That's an issue, but I don't see it as an abridgement of my freedom of association in at all the same way as banning software.

yet the user count is growing

Then the people have spoken. They prefer whatever that app provides over national security.

The government should step up the awareness campaign and find legitimate issues to substantiate the guidance to avoid it.

But I do not consent to the government banning any form of media.

Software falls in the latter category, because, like I said, it's not just a matter of personal choice

What's special about software? The defense here is proper security practices at all levels. The main risks are:

  • botnets - ISPs should shut that down
  • worms - proper security
  • identity theft - insurance and criminal prosecution

Honestly, if governments pressured computer vendors to properly sandbox applications, we'd have far fewer problems. That's where the awareness campaign would do wonders, naming and shaming when vendors cut corners on security.

I really doubt that banning Karspersky would have the effect of more people using Kaspersky.

Maybe not, I don't think people have a real sense of loyalty to their antivirus.

But I think it could totally be a thing for TikTok.

[–] [email protected] 1 points 8 months ago (1 children)

Then the people have spoken. They prefer whatever that app provides over national security.

You should read about the tyranny of majority.

[–] [email protected] 1 points 8 months ago (1 children)

I'm quite familiar with it.

But think of it this way. The majority is often poorly informed and will likely agree to some group making decisions on their behalf. That group is not necessarily subject to the will of the people and instead operates in its own bureaucracy where "security" is preferred over other priorities the people may have. Look at the TSA, they have been blinded by a pursuit of the appearance of security that they have gone well past the effective controls necessary to provide reasonable security to likely threats (e.g. bullet proof cockpit doors), and have failed to actually prevent things their tools are designed to detect.

The majority want safety, and a government agency wants to maintain relevance. Solving the problem by granting the government more power will devolve into the agency looking for more reasons to stay relevant and keep its funding. There's plenty of examples of that, so it's not an unfounded slippery slope argument.

So instead of the majority blindly handing over their responsibilities to a third party, we should instead teach the majority to avoid the worst of it. And then we can use the agencies we already have to gather information about potential threats and shut them down through other means (e.g. instead of banning potentially harmful apps, they could sue the app makers for actual damages).

[–] [email protected] 1 points 8 months ago (1 children)

through other means (e.g. instead of banning potentially harmful apps, they could sue the app makers for actual damages).

but that’s just the point, isn’t it? There are no means of obtaining compensation from an adversarial state or its companies and the damage caused might be irreparable. The discussion is not about countries that US has strong ties with. This is foreign policy. And just like your fundamental US granted rights are not guaranteed outside the US borders, nor should adversaries enjoy the same rights in the US. Since the country in question, Russia, makes no commitment to observing any US laws and since there is no way of coercing it or punishing it when it doesn’t, why should US citizens be exposed to this?

And by the way, I think there’s another piece of info that you’re missing. Software bans are not the same as other bans. Banning Kaspersky, for example, just means that the company cannot officially trade and advertise their products in the US. But there is no way of preventing users from using those products(unfortunately).

[–] [email protected] 1 points 8 months ago

There are no means of obtaining compensation from an adversarial state or its companies

If they do business here, they are subject to our laws. TikTok, for example, does have an entity here, so they would be subject to our laws. I don't know about Kaspersky though.

why should US citizens be exposed to this?

Because they choose to. Restricting that is a restriction on US citizens' freedom of association.

Banning Kaspersky, for example, just means that the company cannot officially trade and advertise their products in the US

It goes further than that, it also restricts companies like Google and Apple from including them in their app stores. And for something like Apple, that effectively means users cannot install the app on their device because Apple does not allow other app stores.

I may reconsider if there were no practical limits on what users can do with their devices. Any restrictions should purely be on the companies offering the service, and it should never be illegal for me to use a given piece of software, even if it's on the government's "do not trade" list or whatever. What I do with that software may be illegal, but merely possessing and using it without violating other laws should never be illegal.

I also don't think it should be illegal for any app store to distribute and process payment for a given piece of software, though perhaps it could be illegal to promote it. Otherwise, that's a restriction on the freedom of the app store as well.

[–] [email protected] 1 points 8 months ago

The cost of liberty and freedom is eternal vigilance from those who want to harm us, and those who claim to protect us.