At least Florida’s SB 868/HB 743, “Social Media Use By Minors” bill isn’t beating around the bush when it states that it would require “social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.” Usually these sorts of sweeping mandates...
What’s the point of encryption then? lol
Are you kidding? It’s a wonderful trap still.
“None are more hopelessly enslaved than those who falsely believe they are free,”
Definitely don’t use open source software like Signal to communicate. Use a trillion dollar corporations promise of privacy like WhatsApp instead.
People disclose more when they think they are safe. Your typical Windows user from year 2009 with their collection of porn banners and botnet nodes would have their private info safer than a new Linux user of the same time. Because the Linux guy would believe he’s free now.
I remember those manuals how to run Skype and every proprietary program from a separate user, while every client in X11 can capture the whole display and see all keystrokes. Or every schoolboy using “but I’ll be able to examine the code” in arguments. Or “but the sources are open” on the subject of OS security even by literate people, while how many people have looked at those sources? If just 3-4 times that amount of people look at Windows components’ disassembly with the same effort, they’ll probably have the same effect on security, one can conceal backdoors in source code well enough. There are so many things one can remember, but those were nice times.
Same with “security” in the Internet. We were using ICQ and everyone knew one can spy on those messages, we were using HTTP and POP and IMAP without encryption and everyone knew one can spy on these too, but we were fine - we adjusted our behavior for that knowledge and used the Web as it should be used.
And what’s the funniest, this “insecure” Internet was more secure, because people acted on the right premises and formed behaviors that made it secure. When you know something is unprotected and can’t be protected, you are not completely taken by surprise if it’s lost.
Now teenage girls use centralized services as they would use private diaries, where an unclearly defined group of people can see the content of those. Many of them think it’s safe because that’s called “private messages” and they “didn’t give access” on some webpage of that service, or even just because there’s a lock sign in the browser address line.
People think they have been given magic that obeys them, magic is different from tech in not requiring understanding to obey. There’s, obviously, no magic, only things fully understood obey their owners, and almost nobody fully understands even door locks.
So - I think the new important kind of social advertising is teaching people to not trust security. Security is like a war victory, it’s not guaranteed and never certain enough to rely upon it. No system based on implication of functional security must be used.
We must use only openly unreliable systems.
That also applies to home appliances (intended) and all kinds of complex devices. When those came with schematics and detailed maintenance manuals, people dreamed of something not requiring these, and as we can see, that something is not better and doesn’t take less effort when breaks.
Unreliability is freedom, and reliance is slavery. But at the same time unreliable systems are better than no systems. Unreliable systems are the compromise between luddism and degenerate civilization.
I don’t know what these manuals said, but you can run an X11 software package in Xnest or Xeyphr to functionally sandbox X11. Both of those have been around for a long time. I use firejail, which will use either to isolate software if being used in an X11 environment. That might permit for clipboard snooping, have to check, but avoids the keylogging and display-dumping issues.
It is true that X11 — not to mention most traditional desktop operating systems – were not really designed to sandbox software packages. Local stuff is trusted. Wayland improves on that a lot. But even so, Linux desktop apps in general still don’t normally run isolated. Steam games are not isolated in 2025, which is something that I’d kind of like to see.
But I’m more optimistic than I think your comment is, think that things have generally gotten better, not worse.
Go back a quarter century and nearly all Internet traffic was unencrypted; most is encrypted today. I’d trust Web browsers to reliably sandbox things today more than I did then. We have containers and VMs, which are a big improvement over chroot jails. My software updates are mostly cryptographically-verified. If you want a cryptographic filesystem, it’s not a big deal to set up these days. We don’t have operating systems automatically invoking binaries because they happened to live on something that looks like a CD drive that was connected. We’re using more programming languages that are more-resistant to some common memory management bugs that historically led to a lot of our security problems.
I agree that it’s important not to falsely believe that security is present when it’s not. But I don’t think that everything is dismal, either.
I know (did that with Telegram for some time, until deciding I’ll take the insecurity with working clipboard), but those manuals would only touch upon having a separate user or a chroot.
Will read about firejail.
It’s about philosophy - I really like p2p applications built using something like Kademlia, because they are built with the premise that everything is unreliable and that works.
Also unreliable things don’t create vendor locks. It’s much easier to change from one unreliable thing to another.
Yes, I’ll repeat my opinion that things becoming more complex and that being described as needed for them to become more secure - means just that the security theater is better now.
Encrypted with keys decided using certificates ultimately with some approved CA as root, and the list of those trusted CAs is supplied with software. There have been plenty of cases where a CA has been compromised.
As protection against some punks peeking upon neighbors it works, but the main threat is not some punks. The post is about E2EE and nation-states.
Why do we have hypertext browsers running cross-platform applications? Why can’t we separate these two classes of programs? There are, say, the Gemini protocol for the former and, say, JVM for the latter.
I agree about this.
And this.
Well, yes and no, people had Perl and Tcl as popular ones back then too, ha-ha.
Not dismal, I don’t mean that. It’s a lot of fantastic achievements, but they won’t work if taken for always present.
It’s strategically wrong to expect complex unachievable to full extent things to work. People can expect landline to always work (they did at some point at least), but to expect computing to be mostly secure is nuts, and that’s what everyone is doing. Landline phones are one of a very few really reliable technologies, but most of our civilization is not like that.
It’s a single frontend to using a variety of the tools that permit for running software in isolation on a single machine. Like, you can expose only limited parts of the filesystem, have them be read-only, disallow network access, run software under Xephyr or Xnest for X11, disallow sound access, stuff like that. You set up a profile for an application, and it’ll run it with those restrictions. It comes with a very limited set of application profiles made, so it’s not just an “install it with one command and then run everything maximally sandboxed” piece of software – you gotta set up a profile for an application to choose what you want restricted.