mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

13K
active users

Meredith Whittaker

Case in point: there's no way to build a backdoor that only the "good guys" can use.

When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.

wsj.com/tech/cybersecurity/u-s

@Mer__edith Backdoors for the "good guys" only? Yeah, right. That's how you get hacked. 🚫💻

@realdanny @Mer__edith
And even in case it _would_ be possible - you never know when "good guys" turn into "bad guys"

So - never do it!

@Mer__edith 💯
it’s pretty simple: a backdoor is in the first place a door.

@Mer__edith

The more fundamental problem being that there are no good guys anyway.

@Mer__edith The "good guys" can do evil too.

And the article is behind a paywall.

@Mer__edith
And related: Never trust people who call themselves the "good guys".

@Mer__edith The only answer to a request for backdoored encryption is "You first."

Then all the reasons they can't do it are all the reasons WE won't do it.

@Mer__edith

Mobile backdoors proudly brought to you by the ETSI Technical Committee LI etsi.org/committee/li

@harkank @Mer__edith

I don't think "proudly" and the idea originated in other places

Edit: I don't find li a particularly good idea, but afaiu etsi had to follow the legislation, that had been put in place - and the driver was iirc not even Europe

Indeed @lobingera, the idea can be traced back to an infamous meeting in Quantico VA in 1993. But from 1996 all backdoor requirements originated in Sophia Antipolis, France. The technical specifications are produced by this ITU group called 3GPP SA3LI. Here are their latest doqs from July

@Mer__edith

portal.3gpp.org/ngppapp/TdocLi

@harkank @Mer__edith latest CRs ... standardization has some bureocratic overhead.

And itu and 3pgg have different agenda, you are simplifying here

Disclosure: in my dayjob my org's name contains "standardization" and SA3's job is more than LI... (in case you wonder: my work is in RAN 1/2/3/4)

@Mer__edith Also there's no backdoor which guarantees only to infiltrate the bad ones.

@Mer__edith

Encryption shifted the focus of surveillance on the devices. They lost control over our data.

Knowledge is power, and in an unencrypted world all the FBI people can still just call by the phone, because only the state gets the info from the telcos.

Now that everything is encrypted, they panic, and want to get a hold of the devices.

This CCSAM argument is such an obvious pretense, it's crazy. This is literally not something that needs device backdoors. Just better police work.

@Mer__edith it's almost like legislators have no idea how technology works...

@Mer__edith they just need to NERD HARDER!
what's so difficult about it?! I don't even

@Mer__edith Even if everyone's a good guy, we still have to trust that they know how to maintain data safely, that they won't build a system which stores spy-level access codes in plain text, or copy them onto a USB stick then leave it on a train.

Governments are the last people in the world I would trust to keep data secure. Not because they're bad actors necessarily, but because they're incompetent. Government IT projects routinely fail because they don't understand what constitutes success.