Real people don't (just) need encryption


#1

Originally published at: http://boingboing.net/2017/08/14/evilregime.html


#2

Ah, but you see, EvilRegime does not exist, because corporations and governments are benevolent, only wishing to protect our freedoms from bad people.

Problem solved!


#3

Except for the corporations providing end-to-end encrypted messaging apps, of course.


#4

Android and iOS allow that, but there are problems:

  • Non-trivial apps rapidly accumulate permission requirements, especially if developers aren’t careful, and it’s hard for non-technical users to evaluate which ones are legit.
  • Granularity. A bubble-level app needs access to the tilt sensors, but permitting that allows it to access a lot more.
  • Intent. A virtual pie-throwing app might need access to your contact list, but there’s no evil flag to show that it’s also sending it on to the mothership.

#5

You know, if I was either a terrorist or a freedom fighter, I think I’d have a dedicated burner phone for denouncing the Czar, and it would have nothing on it that’s not essential. Then I’d have another phone with Pokemon GO and pictures of cute girls.

Come to think of it, my last employer had pretty much the same policy.


#6

Sigh. You can’t have it both ways. If you want to allow 3rd party app stores and self-security, then all the spies need to do is trick you into OKing a dodgy app or a dodgy store, or suborn an app company or an app store, and you are pwned. If you want the phone to be secure against Dodgyapp and its cousins, you need to create a walled garden and have strict restrictions on who is allowed to play inside, in which case you have all the drawbacks of a single point of failure for the security system as well as all the drawbacks of falliable humans holding the power to censor apps.


#7

Authoritarian governments are always allowed to play in the walled garden, otherwise they just ban the walled garden from their country.


#8

Even if they’re not, they are governments and therefore have the resources to set up any number of apparently legit organisations that can gain legitimate access without the nasty bother and publicity of forcing the gates of the walled garden.


#9

Real people don’t need a burner phone?


#10

This topic was automatically closed after 5 days. New replies are no longer allowed.