this post was submitted on 17 Oct 2023
352 points (97.6% liked)

Privacy

31982 readers
410 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 25 comments
sorted by: hot top controversial new old
[–] [email protected] 79 points 1 year ago (1 children)

If this passes, the rest of the world will follow. This CANNOT be allowed to happen.

[–] [email protected] 22 points 1 year ago

Authoritarian states having a morning wood over that.

China, Iran, Russia, Belarus etc: this, for meee?

[–] [email protected] 50 points 1 year ago (1 children)

This is just plain up stupid.And wont stop any criminals. People who actively want to hide someting will just use smaller/selfhosted services.

[–] [email protected] 2 points 1 year ago

here's my prognosis: noticed how phishing is getting more popular recently? yeah that will turn straight into spear phishing. anyone sending messages from a public WiFi will be receiving personalized phishing mails written to perfection by ai. i really don't understand how politicians cannot think anything to a logical conclusion

[–] [email protected] 25 points 1 year ago

So we are going to have to go back to the old CB radio... Oh wait.

[–] [email protected] 20 points 1 year ago (2 children)

I want it to be mandatory to have glass houses!

[–] [email protected] 5 points 1 year ago

Where else will I throw my rocks? In the yard, like a peasant?

[–] [email protected] 16 points 1 year ago (2 children)

I have an idiotic request. Since I'm not familiar with the subject, could we be directed to a kind of wiki or megathread on how to actually encrypt our communications?

[–] [email protected] 19 points 1 year ago (2 children)

Depends on the application in use. The grail is end2end encryption with asymmetric encryption where no provider has access to the private keys. The difficulty is getting people on a common method where you can just look for your peer and get a public key handed to you without having to fuss around with where it was uploaded.

Maybe the most common/simple would be looking into things like PGP. You and I would both have a public/private key pair. When I send you messages it's encrypted with your public key and signed with my private key, and as a result only your private key can decrypt the message and you know it came from me because only my private key could have signed it.

The ugly mechanics behind it don't need to be anything you actually learn in detail, but just look for apps that offer end to end encryption where the encryption is set up locally rather than in the service provider's host, if the host generated the keypair then functionally it's useless because at that point they have the private key.

[–] [email protected] 6 points 1 year ago (1 children)

Please don't take this as laziness, but what is PGP?

[–] [email protected] 9 points 1 year ago (1 children)

Pretty good privacy. It's an unexciting name for a public/private key encryption program.

[–] [email protected] 6 points 1 year ago

Thank you kind stranger! I'll look into it more when my kid goes down for bed!

[–] [email protected] 7 points 1 year ago (1 children)

As the other commenter mentioned, your best bet is being selective about which services you use to communicate.

Unencrypted (plain text) is the worst, since data is easy for a third party to sniff (think of it as a wiretap). For example, HTTP and SMS are unencrypted.

Encrypted is a good start, since third parties can't sniff your traffic, but the server handling your communications can usually see everything that passes through it. For example, HTTPS is an SSL-encrypted variant of HTTP, and services like Facebook messenger are encrypted, but Facebook can still see all of your messages, since it's stored on their servers.

End to End Encrypted (E2EE) is the golden standard. Only the endpoints (i.e. you and your friend) can see the content of your messages, and all traffic is encrypted in a way that even the server cannot view it. Signal is end to end encrypted, as are many other modern messaging platforms (WhatsApp is E2EE in theory, as is Google Meet, but we can't verify this ourselves).

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

WhatsApp is E2EE in theory

Didn't Signal even work together with them, to implement their protocol?

But anyway, as far as I know, WhatsApp only encrypts message contents, not the associated metadata. So they're still able to learn a lot about you.

[–] [email protected] 3 points 1 year ago (1 children)

I believe WhatsApp uses the same protocol (or at least the same crypto algorithms), though I'm not sure if they were involved in its development.

Good point on the metadata. Signal has the "sealed sender" thing, which (I think) helps with the metadata problem somewhat.

[–] [email protected] 1 points 1 year ago

Metadata and the comm endpoints is one of the hardest parts to deal with. If an intermediary doesn't have a pointer to a destination then delivering a message becomes problematic, envelopes without an address tend to sit in bins. It would be possible to simply store messages and allow recipients to poll for them but that gets really inefficient at scale. Plus it creates a central repo where messages sit until retrieved which is a liability in itself.

Things like OTR encryption are interesting as a transient system ad-hoc type encryption for things that don't need or even want absolute assurance of identity, but if I want to talk to Alice and be sure it's not Eve then it's not ideal.

[–] [email protected] 6 points 1 year ago (1 children)

This article he just goes:

We should all use PGP, SSL or equivalent tools; VPNs, Tor and/or SSH tunnelling; IPFS, or other distributed file systems — and ditch proprietary OS's in favour of Linux or truly free Android distros. We should switch to Protonmail or similar webmail; to Matrix, Signal or similar messaging. Ad-blocking, URL cleansing and third-party cookie rejection should be the default for everyone. Those tools and techniques should cease to be arcane nice-to-haves for nerds: we must get more non-technical people onboard.

All this is a moral imperative to those of us who have the ability and the means to follow this strategy and to educate others about it.

He just relies entirely on the "moral obligation" people have to use this stuff, but then doesn't give any advice on how to convince people to actually use this stuff besides "using our abilities and the means to follow the strategy and educate others about it". Because I've certainly been trying that for ages and it hasn't worked. Of course a good amount of that stuff I don't even think I would use. I find Protonmail encryption to be annoying in compatibility since you actually have to pay to get the desktop program to decrypt your email, Signal, and a lot of Matrix clients lack a lot of the nice messaging features that extend beyond the app itself (Like Google Assistant/Siri support). Also not sure if OP has seen the current state of using an adBlocker on the web. I'm not sure if everyday people would want to actually deal with that. I certainly can't get my mother to use an adblocker, and whenever I try to instate pi hole onto our network, within moments, someone complains about the internet "not working correctly".

The argument is almost always "we need to start mandating these really private things onto everyone, don't give them any choice on it" and never "how can we make good enough things people will want to use with privacy by design?". I look at apps like Nextcloud and home assistant that have created better experiences than what the market currently offers. And I wish that I could see more of the same with that with apps that are private by design, and can integrate well with just about anything.

[–] [email protected] 3 points 1 year ago

I suppose it’s a call to arms - the intended audience is those who are familiar with all those acronyms. It’s meant to ignite a fire in the belly to spur individual action against the proposed Chat Control legislation.

I know what you mean though. The reality of “resisting” is actually kinda messy. Using all the mentioned tooling is exhausting. Much like I don’t think that consumer recycling is going to save humanity, I don’t think that if everyone “made the little effort required to secure their data and their communications” it would end crazy proposals like Chat Control. TLS is so common now (in HTTPS) and WhatsApp (implementing e2ee) is incredibly popular. Yet here we are.

The article briefly mentions open-source software. To me this is where I see more private & secure by design stuff like you mention. I'm happy that things like Lemmy exist making countermeasures like 3rd party cookie blocking sand URL cleansing irrelevant.

[–] [email protected] 2 points 1 year ago

I signed the petition, let's all at least do that.