Schneier on Security

Autocomplete lacks “real understanding of context or consequences”; shock.

Not a silver bullet for countering the surveilance state… haven’t firms willing to sell to law enforcement been working on automated height and weight analysis and gait analysis for years?

That’s right, besides the mask, you also need to wear high heels and a fat suit and put rocks in your shoes… although maybe high heels will be enough of a change you don’t need the rocks to change your gait?

This does fool people up close.

VS backdoor

‘https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/

Microsoft provides a signed tunnel to execute code.
https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d

All the world’s a stage.
https://www.poetryfoundation.org/poems/56966/speech-all-the-worlds-a-stage

Thanks for Schneier on Security!

Comment: The Security issues for AI are going to be very interesting!

They will also confound automated camera surveillance quite easily. I suspect it won’t be difficult to train a NN to recognize them as a mask but that won’t help identify the person.

We’ll figure out new handshakes.
What’s old is new again.

In the sales lit, they also mention that they work like headbands or hats, so you could wear it bunched it up for immediate deployment or storage.

Considering that the (alleged) ceo killer fooled all the face recognition both AI and human with a surgical mask, and only got ID’d because he took it off, once, in a taxi, it seems a surgical mask would be Good Enough.

Now if you could get custom face masks of this type you could arrange for someone else to get ID’d. Generate lots of false positives in the system.

They don’t survive in-person scrutinity, but video cameras? no contest. Maybe if you zoom directly to the face with HD video.

Anyone who won’t share every single byte of data that went into training their AI shouldn’t be claiming said AI is “open” IMO.

No-one is going to do that of course because it would expose all the copyright violations going on in the AI industry.

Trust? I point you to https://slashdot.org/story/24/12/09/1548200/microsoft-ai-chief-says-conversational-ai-will-replace-web-browsers
where, if you read the implied text, he’s saying he wants to use AI to turn the Web into TV, where anybody with money can show, but you have no way to do so.

Hmm… The premise behind the title of,

“Trust Issues in AI”

Is incorrect and is one of those things that come about due to journalists writing but not listening or learning.

What it actually is is,

“Trust in People”

AI in the current form of ML and LLM are “deterministic systems” that people have famously called “stochastic parrots” are actually not even “just parrots”.

The “stochastic” or “random” comes from “user input” fairly much like it does in any other deterministic system or program...

“This essay was written with Nathan E. Sanders. It originally appeared as a response in Boston Review‘s forum, ‘The AI We Deserve.’”

Editing comment: it would have been useful to put this statement at the beginning of the post, along with an indication that the post it is responding to was by Evgeny Morozov. Then, the references in the post to “Morozov” would be less confusing.

@Bruce

Tools capable of more nuance, do require a deeper understanding of technique.
Such tools only have power over us when we do not see the strings being pulled.

Overcoming the fear of rejection and need to feel accepted can either lead us to look within ourselves and see what we can do to change ourselves, or it can instead lead us to blame others for the things we ourselves refuse to accept. There are many reasons we may be afraid to be rejected by others. It is often far easier to decide it is the other person who is at fault, rather than to reexamine our own preconceived ideas and interpretations of events. It is only by reevaluating our own past behaviour we can learn the truth of events...

@Clive Robinson

There are some techniques that can be more widely applied by social and traditional media.

Reducing animosity between groups:

“the political incentives to inflame and weaponize affective polarization for political gain must be reduced or eliminated”

‘https://journals.sagepub.com/doi/10.1177/23794607241238037

Improving intergroup dialogue…

https://journals.sagepub.com/doi/10.1177/10464964241302071...

@Clive Robinson

These mechanisms are so deeply hardwired we will often overlook truth and facts.

‘https://news.stanford.edu/stories/2024/10/new-study-shows-that-partisanship-trumps-truth

@ Winter, ResearcherZero, and others that would like honest political processes.

With regards,

“It pays to have laws actually regulating campaign financing and to not legalize corruption.”

Oh and firstly,

1, A legislature that will make solid laws.

And then,

2, Investigators who work without “fear or favour”.
3, Courts that likewise work without “fear or favour”.
4, No “get out of jail free” style Presidential and Gubernatorial “Pardons”...

@Clive

Yup read that twice the FBI presumably under influence of others now says E2EE is good…

As the TLAs cannot protect Americans that count™ against foreign interference anymore, they have to tell these Important Americans to protect themselves.

I think we should not assume this advice extends to other Americans.

@ ResearcherZero,

With regards FSB it looks like we have the same security item but from different reports.

As far as I can tell, the FSB are still acting “More boots than brains” and it’s why we got to hear about just a little more that is going on toward the East of Europe.

From the news it would appear things are going on in the MidEast and the kinetic support “The English Dentist” was getting has like morning mist either evaporated or gone to ground...

Cat, meet mouse.

@ResearcherZero

Run for election with zero funds apart from a little outside assistance.

Rumania is not going to take this lying down. They have nullified the first round on grounds of illegal campaign financing and foreign meddling. The police are raiding offices:

‘https://apnews.com/article/romania-raids-election-georgescu-1095e5a6420af8c25208971a8855d664

It pays to have laws actually regulating campaign financing and to ...

@paymetofixaproblem

Re: why arent these features built into operating systems

The developers use machine learning to analyze the kernel for signs of spyware.

–

FSB spyware disguised as an app.

‘https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/

Run for election with zero funds apart from a little outside assistance.

66,000 fake accounts with 10 Million fake followers were deployed to influence a Romania election. 25,000 accounts became active two weeks before the election. Around 800 accounts were created as early as 2016 and showed no activity until November 11 2024.

‘https://www.infosecurity-magazine.com/news/romania-tiktok-propaganda-campaign/...

@ ALL

A couple of related notes.

Firstly it’s not just NSO et al doing this spying on your Mobiles and Smart devices. This story from a couple of days back is about the Russian FSB and their toys from a different box,

https://www.theregister.com/2024/12/06/badass_russian_techie_outsmarts_fsb/

Secondly, on a preventative measure, who remembers certain people going on about the evils of “End 2 End Encryption”(E2EE) and how LEO’s had to have ways to stop it?...

1. a super way to help Peggy adapt to cover its tracks better
2. to the extent Peg can fool this tool, ppl will be misled
3. a good way to identify surveillance conscious or surveillance evadimg people

why arent these features built into operating systems

Sounds like marketing to me…

pls check the facts before advertise this kind of s/ware

eg : https://discuss.privacyguides.net/t/remove-iverify-basic/20133

@Bob
“Authoritarianism”? Would that have anything to do with “moral engineering”? Some folks think that’s a way to fix problems of trust.
‘https://doi.org/10.1080/21620555.2024.2430265

Cynicism amongst the populations, and people not knowing what to believe. Polarization. All perfect conditions for authoritarianism to rise.

Why AI legislation will not work.

A right to reply objective view based on events in the past week alone.

There has recently been a lot of talk about “guide rails” for AI. Both the addition of software to encapsulate LLM ML systems, and that which could be made and enforced by legislation and regulation.

As we know current “guide rails” of the programmed variety are failing to work or worse creating vulnerabilities that can be exploited by the fact they effect the processing flow...

https://www.schneier.com/blog/archives/2024/11/what-graykey-can-and-cant-unlock.html/#comment-441870

I’m curious how smartphones are playing out in all of this. Android is mostly hacked (via apps/DLLs) so does any “bad” concentrate there vis a vis elections? How about in general? Since virtually all PII has been exposed by leaks (and apps) from virtually every megadata aggregator, does anyone “care” anymore about cell phone security?

@anon: The issue is that if there’s a way to extend the time the phone stays in a post-boot unlock state, that extends the time there is to exploit the phone with an exploit that wouldn’t work if it had restarted.

@ResearcherZero:

The countdown timer is likely started each time the device is locked.
Probably, but I haven’t seen that confirmed experimentally.

Not all use cases need perfect security. For example, in the past year, a number of journalists reporting on Palestine have been stopped by UK police or border security and ordered to hand over electronic devices so their contacts in Gaza can be targeted. If those devices can be immediately exploited, then the journalists in Gaza that they’re in contact with may be targeted for murder in the next couple of weeks. If a post-boot unlock-> pre-boot unlock reboot can secure a device against exploitation until a exploit is developed that works pre-boot unlock, and that lasts until the current attack on the people of Palestine is reduced in volume somewhat, those people may survive...

@ ResearcherZero, ALL,

With regards your comment,

“Keep in mind your family, friends and colleagues likely will not practice good OPSEC.”

In my experience in life a couple of aspects to this occur,

1, Even when a persons very life depends on OpSec / Situational Awareness, they stop doing it effectively or at all very quickly.

2, No matter how you try to make others aware of the importance of OpSec / Situational Awareness, they will discount you, tell you you are paranoid, and tell others you are weird / mad...

You have been neglected by the government. I can better represent you and speak for you.

Shadow Representation

‘https://www.tandfonline.com/doi/full/10.1080/00344893.2024.2386987#d1e155

Seeing is Believing: The uncontrolled dissemination of decontextualized visual disinformation.

‘https://academic.oup.com/joc/advance-article/doi/10.1093/joc/jqae045/7908277

Information Warfare has evolved into an element of everyday life.
https://www.forbes.com/sites/alexvakulov/2024/11/19/information-warfare-spreading-chaos-a-guide-to-outsmarting-fake-news/

The fabricated quality of certainty...

@anon

The way countdown timers are generally implemented ensures that simply pressing keys or touching the screen will cause no effect to the countdown once the device is locked. If anyone attempts to interfere with the countdown timer through an exploit, that should cause kernel panic which will then cause the phone to reboot, hopefully neutering the attack.

‘https://en.wikipedia.org/wiki/Init...

This fails to mention the biggest threat from AI: propaganda. Just about every psychological trick in the book works even if you know it’s being used against you. Even if you know you are seeing an implausible AI deepfake, it still influences your opinion. Seeing a scandalous video or hearing a politician spout shocking opinions will make you question them, even if you know it’s a fake. You can’t unsee it. Similarly seeing enough heroic or patriotic images of a selfish, corrupt politician will make you more trusting, even if you know they are fake...

re: JW
Wouldn’t that simply increase the delay before the phone could be unlocked? Even if you pressed ‘1’ ‘backspace’ repeatedly?

@All

If you haven’t heard about hxxps://www.sanctuary.ai/ work they have been doing some interesting and difficult work. The current CEO is the former CEO of DWAVE.

MDK

@All

Feature should have been implemented a long time ago.

@Bruce

I’m sure you are aware but a confirmed nation state cyber campaign running against US Telco etc. It’s not good from the sounds of it. Dangerous times indeed.

MDK

Elon Musk says Grok will be soon capable of summarizing large bills passed by Congress for citizens to better understand.

AI will be able to answer questions like who benefits from this bill or how can the bill be tightened up so it can’t be gamed or how can this bill’s goals be accomplished and be more budget neutral.

It’s not all Bad… it’s just mostly Bad.

An odd attempt by a high-profile luminary to superimpose a giant smiley face on our rather bleak future. For some reason the professional researchers who invented this technology (e.g. Geoffrey Hinton) and understand the implications through first-hand experience do not share Schneier’s glass-half-full optimism.

And this raises unsettling questions.

It’s important to remember two things about this type of use of current AI based on LLM and ML systems,

1, The avatars/agents are not real or recordings of what was once real (they are “dishonest”).
2, Their use is in fact to make gain at others loss or expense (illicit “advantage”).

That is, as “an enterprise” it is gaining a,

“Dishonest Advantage”

Which is the basic definition of the crime of “Fraud”[1] in the UK and many other places...

This is just the beginning of a trend that will spread through democracies around the world, and probably accelerate, for years to come. Everyone, especially AI skeptics and those concerned about its potential to exacerbate bias and discrimination, should recognize that AI is coming for every aspect of democracy. The transformations won’t come from the top down; they will come from the bottom up. Politicians and campaigns will start using AI tools when they are useful. So will lawyers, and political advocacy groups. Judges will use AI to help draft their decisions because it will save time. News organizations will use AI because it will justify budget cuts. Bureaucracies and regulators will add AI to their already algorithmic systems for determining all sorts of benefits and penalties. ...

One should also assume those administering the law understand little about IT.

‘https://www.postofficescandal.uk/post/proposed-amendment-to-legal-assumption-about-the-reliability-of-computers/

Keep in mind your family, friends and colleagues likely will not practice good OPSEC.

Not that it is guaranteed to keep attackers from targeting your phone with some kind of spyware, or discovering your authentication details via other surveillance methods.

If a device contains sensitive information then remotely wiping it as soon as possible may prevent data from being accessed, as long as the device has not been shielded/turned off.

There are alternative solutions with a 10 minute inactivity timer and a scrambled 128 character password, with charging only allowed from a locked state to reduce attacks. Yet all the same caveats apply with such secure mobile operating system implementations. If an attacker has physical access to a device, they can hold onto it until such time an exploit is released that the device has not yet been patched to the prevent that exploit method...

@John White

The countdown timer is likely started each time the device is locked. Therefore the device would have to be in an unlocked to state to stop the inactivity timer from counting down.

“The Secure Enclave Processor (SEP) keeps track on when your phone was last unlocked.”

‘https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

@Andrew: The scheduled-reboot thing has been part of (typically) cheap Internet-enabled devices pretty much forever, think routers, access points, etc, to deal with the fact that they often can’t run for any amount of time without running into problems. So a daily or weekly reboot resets them into a clear state which (hopefully) won’t get too messed up before the next reboot hits.

I’m not convinced that this has been fully answered. It’s great that this feature exists, and it would be even better if Apple made it possible to adjust the time down so that it occurs more rapidly, but is it conclusively proven that button activity, interaction with the touch screen etc does not reset the timer as actually unlocking the phone would? Because the risk is that pigs and other bad actors could simply automate button clicks- or manually ‘touch’ all the phones- to extend the unlock time...

People should study older engineering…

There is a reason that this sort of thing happens and it’s been known to both mechanical, electromechanical, electrical, and electronic engineers for oh getting on for a couple of centuries. Charles Babbage was certainly familiar with it in his various mechanical designs just one of which was his difference engine. Strowger in his designs for his “fickle womanless exchange” for phones likewise. Moving on Konrad Zuse in his Z electromechanical computer was aware of it in his designs especially the floating point of the Z3. The list is long so I could go on and on with just the mechanical and electromechanical alone. Oh and although never built as such even the Turing Engine was an Electromechanical State Machine with Tape Unit. You could with a “micro-cassette audio recorder” of the style designed for Dictation and Reed Tone switches and relays build an electromechanical Turing Engine. For “fun” back when a teenager I cobbled enough bits together to build not just a “Turing Tape Unit” that way, along with an electro mechanical Dialer from a rotary phone to act as an input device (I did not build a state engine with relays I could not afford the number required or build a power supply to drive them)...

Interesting that the Apple code is so transparent that it’s easy to reverse engineer.
I found that the Windows code to trigger automatic updates was similarly transparent. I found a few lines of XML code that server as a timer to trigger updating. Microsoft has been known to use multiple means for updates, so the above might not be the last word. What people hate about Windows updates is they can arrive at the most inconvenient time and cause business disruption. Some people use Sordum’s Windows Update Blocker (WUB) to combat multiple update triggers...

OMG! EXACTLY the experiment I had wondered about but was too busy and too lazy to try.

I had found that interruption of the flow of info on some sites breaks their paywall, so I suspected (and the above confirms) it’s a general phenomenon.

@No Log

It’s almost unbelievable the amount of information [LLMs] can provide you given the right prompts and chaining, feeding your already-full consipracy-theorist mind.

But thanks to the firehose of falsehoods [1], you’ll never know what is true.

[1] ‘https://en.wikipedia.org/wiki/Firehose_of_falsehood

With the scaling laws of these LLMs being data hungry, they have already been fed so much classified data. Easily accessible with such attacks and more. It’s almost unbelievable the amount of information they can provide you given the right prompts and chaining, feeding your already-full consipracy-theorist mind.

We should make all ballots cast public information available for download. They shouldn’t have the persons name but all other data should be available in a blockchain like format. For example, for voter machines, it would have:

1) Date
2) Time (expressed in 10 or 15 minute blocks)
3) Precinct
4) Voter machine ID
5) Who was on duty as a poll watcher
6) Whether an ID was checked
7) Who was on duty to check people in...

So national governments are willing to leak their “selector” metadata to outside entities?! Crazy!

Although I guess I do it with “Google” all the time…

The meaning of walls can be multifaceted. On one hand, walls can symbolize strength, security, and stability, meant to protect what is within from external threats. On the other hand, walls also represent division and isolation, a barrier that separates and oftentimes alienates the entities on either side. As the original text suggests, walls might actually solve the wrong problem by focusing on separation rather than unity. Instead of fostering protection, they can interrupt communication and understanding, creating a false sense of security while hindering growth and empathy. In essence, while they offer an immediate solution to perceived threats, they can also prevent the harmonious convergence of ideas and communities...

I completely agree that we need to shift our focus towards outlining appropriate constraints on data flow that equitably distribute costs and benefits. By concentrating on the purposes and values of crucial social domains such as health, democracy, education, commerce, and personal relationships, we can ensure that our technological and policy advancements truly serve and enhance these areas. This approach seems far more productive than constantly trying to perfect consent mechanisms. Balancing these domains with fair data flow practices is crucial to both protect individuals and promote societal progress...

@Clive Robinson

Roll a dice in the Australian courts. Little oversight of the courts here, dependent on if it is an open hearing, and does not require suppression from government or may tickle the media’s fancy. If the matter is not too scandalous, and the litigant ugly enough, perhaps.

The main obstacle is the demeanour of the Officers of the Court and location. Plus a 50% chance of enough rogues with little concern for their duty to honestly uphold the law...

Pakistan’s new national internet “firewall”

‘https://www.aljazeera.com/news/2024/11/26/pakistan-tests-china-like-digital-firewall-to-tighten-online-surveillance

Technical censorship used to suppress access to online content and independent reporting.
https://freedomhouse.org/report/freedom-net/2024/struggle-trust-online

How does a national firewall work?
https://www.amnesty.org/en/latest/campaigns/2024/11/how-do-authorities-use-firewalls-and-other-tools-of-internet-control/...

Does anyone know if there is a repository where NSO files seized/collected by the court(s) can be downloaded? Something like the ‘Pandora Papers’ for NSO?

This is why I recently bought a new Google pixel 8 and then flashed GrapheneOS onto it. Yes, this means that I have to trust the developers for GrapheneOS, but you’ve gotta trust someone.

Graphene disables access to ALL of the sensors on your phone, like GPS, bluetooth, accelerometer, thermometer, whatever, as well as location, contacts and all the usual app permissions. You can choose to only allow those that you want per app. It doesn’t have the Google infrastructure on it. If you want that, you can install it, but it runs in a sandbox...

@ Rontea
I agree, but governments are already doing all that. I don’t see how a private company is any worse.

@ ResearcherZero,

With regards,

“NSO Group unlikely to be protected by sovereign immunity.”

Because they are technically a “commercial company” with “share holders” not a “direct government agency”.

There are advantages and disadvantages of “arms length” organisations.

Whilst they might give protection against “Freedom of Information”(FoI) Requests and give Government ministers and those beneath them in effect “deniability” or “commercial confidentiality...

@peter galbavy

Surveillance as a Service could be problematic for several reasons. First, it raises significant privacy concerns; constant monitoring can infringe on individual freedoms and civil liberties. Allowing private companies to control surveillance could lead to misuse of data, breaches of confidentiality, and lack of accountability. Furthermore, the commodification of surveillance services might prioritize profit over ethical considerations, undermining democratic principles. Additionally, there’s the potential for bias and discrimination if the surveillance systems are not managed with transparency and fairness. Overall, Surveillance as a Service demands a serious reevaluation with respect to ethical, legal, and societal implications...

SaaS has a new meaning. Surveillance as a Service.

@Clive Robinson

While NSO has claimed legal privilege to refuse handing over evidence, it has hacked the legal teams of targets, a breach of lawyer-client confidentiality, and has been called out by the UK court for “serial breaches of domestic criminal law”.

NSO Group’ has not denied in court that it reverse engineers other companies products, develops the exploits used to hack targets, and handles exploitation itself...

Geoblocking sometimes is appropriate in defense but organizations defend their networks by allowing connections only from pre-registered/vetted devices, regardless of location (nearest neighbor or not), user credentials, etc.

Having slopbots run amok in the comments is even more dispiriting than
human hate or unhinged manic diatribes. The blandness is
soul-sucking. Propagandists can deploy slop to simply wear down
intelligent debate. It’s just a different flavour of vandalism
designed to curtail discussion.

I wrote here about people intent on using technology to spread misery
and violence beginning to combine offensive tools:...

@ Bruce, ALL,

With regards,

“We assumed that those countries use the spyware themselves.”

I thought you were aware that NSO and several others run “A full Service Package” to customers. If for no other reasons than to stop the customer using the software against,

1, The licence fees requirements.
2, Various nations personnel.

The official excuse to customers was “the speed of change” that is the customer was “renting access to target” not “buying very quickly outdated access methods”...

NSO again refuses to hand over evidence claiming it doesn’t spy on activists.

‘https://www.jurist.org/news/2024/11/thailand-courts-dismissal-of-spyware-misuse-lawsuit-spurs-international-concern/

Russian plans to disconnect RuNet from international internet.

‘https://jamestown.org/program/russia-ramps-up-internet-censorship/

Lost visibility in the Russian IP space.
https://isc.sans.edu/diary/31476

Leaked files show how China and Russia cooperate to block their citizens.
https://www.rferl.org/a/russia-china-internet-censorship-collaboration/32350263.html

Without accurate data you cannot define the problem and implement a solution. Half the population does not vote, or stand up for it’s rights. If you do not understand the issues, there is little chance that anything will change. No one is going to change things for you.

There is no savior. There is only yourselves. You must make the changes for yourselves.

Half of Americans don’t vote…

‘https://apnews.com/projects/election-2024-our-very-complicated-democracy/election-2024-why-americans-dont-vote-episode-6.html...

@Jesse Thompson

“88% of geoblocked domains do not serve informative notice of why they are blocked.”

Then the paper makes recommendations about how the situation can be improved.

@Jesse Thompson

Re:Hundreds of thousands of US citizens live abroad. Thousands more need to access these services while on vacation.

The Geoblocking only blocks users on Tor. It does not block users using a regular browser to file their tax returns. Anyone overseas can still access the the IRS website.

If conflating whistleblowers, politicians, and policy with tax returns. Read this:

‘https://www.biometricupdate.com/202411/australias-debate-on-age-verification-for-social-media-reaches-parliament...

The future can be predicted, but you may not be able to change the course of events.
Therefore the threat model should always assume the worst, without action to prevent it.

We know that without adequate privacy law we will have no privacy.

–

You are what you are assumed to be.

‘https://privacyinternational.org/long-read/5472/chatbots-adbots-sharing-your-thoughts-advertisers

Identity is a process of becoming rather than being...

@ALL

In many areas Privacy law does not cover emerging technologies that intrude into public, personal and intimate spaces. Privacy legislation was originally designed only for data, not to protect privacy and so does not cover collection, just the storage of that data.

Newer technologies since the conception of the Privacy Act are not mentioned by the legislation, yet it is the only legal guidance that is used to regulate invasive tech...

@Rontea

Lack of qualified staff to regulate rights frameworks and a “hodge-podge approach to the governance of data and technology.”

Additional government-wide law or guidance required:

“To assist federal agencies with consistently implementing civil rights and civil liberties protections when collecting, sharing, and using data, we suggest that Congress direct an appropriate federal entity to issue government-wide guidance or regulations addressing this matter. In its direction, Congress should consider delegating to such entity the explicit authority to make needed technical and policy choices or explicitly stating Congress’s own choices.”...

It’s dangerous and illegal, but we’re comfortable.

Yup,basically as with everything else – outsourcing. Plus here, the benefit is even bigger, instead of sloppy, incompetent government wannabe “spies” – you get R E A L Professionals. SaaS has a new meaning and it’s not wotcha think or are used to know, it’s Spying as a Service or HaaS. Give a man a fish a day, no, teach a man…, NO. I will Ph(f)ish for you and I’ll feed it to ya too, all ya gotsta do is just say “yum – I lika taste o’ dat.”...

This method gives governments plausible deniability, and they can honestly say that they are not involved in bugging opponent’s (or dissident’s) phones.

It sounds like the company was merely a front for the Mossad. If there was a little more distance between it and the Mossad, it also could have been considered a cut-out, knowing the source of information and the destination (Mossad)…and facilitating the transfer of information.

Whenever they get caught, which is always a risk, the company can fold and then perhaps resurrect under a different name and continue “business”. You can’t undo knowledge, especially if it is useful to you. Plus Mossad is not implicated...

@Mohammed Khan
This may or may not hold true, the thing is that the future can not be predicted.
This is why the threat model should always assume the worst in my opinion. As for your example, seeing the recent Israeli operations, assuming the absolute worst seems like a good bet.

@Clive
The kill switch seems like a nice idea in theory, but for consumer products it seems like too much of a hastle to be adopted. As always balance has to be found between security and usability has to be found, which as you described is not an easy thing...

Daniel Popescu • November 26, 2024 4:10 PM

What happened in 1983 or what’s the context for that reference?

https://www.imdb.com/title/tt0086567/ film “WarGames”.
Worm Computer: Strange games [both tic-toc and war games], only winning strategy is not to play; how about a nice game of chess?

What happened in 1983 or what’s the context for that reference?

American movie, War Games

teenager with an (already obsolete) IMSAI and a 300 baud modem dials up US national security computer, hijinks ensue.

@ResearcherZero

However, if you are not a US citizen, then you do not need to use the service. Most users will be located within the US.

Hundreds of thousands of US citizens live abroad. Thousands more need to access these services while on vacation.

Geoblocking is a braindead solution to a non-existent problem, here. It just means that whoever wants to attack those sites have to do so from the portions of their botnets that are on US soil, which is still going to represent a pretty large portion of their botnet...

The public was given one day to comment.

‘https://www.crikey.com.au/2024/11/25/teen-social-media-ban-inquiry-submissions/

Digital ID cards for proof of age verification.
https://www.psychologytoday.com/intl/blog/digital-world-real-world/202411/will-banning-social-media-make-youngsters-safe-and-healthy

@Eriadilos: It is not always neccessary to have perfect forward security. You can look, for example, at what the UK regime has been doing, detaining if not arresting any journalist in communication with sources in Palestine when they cross the border. Under ‘Operation Incessantness’, information about those sources- often local journalists- is then passed onto the Israelis so they can target them for murder...

A proposed bill would have given consumers the right to take legal action.

‘https://apnews.com/article/privacy-cantwell-consumer-ftc-social-media-algorithm-2f8a8d15a4e20ea11696c213ed57c5bc

But corporate lobbyists gutted it…
https://www.wired.com/story/apra-privacy-bill-doomed/

@Clive Robinson

Consumers want the ability to enforce their right to privacy.

‘https://www.consumerreports.org/electronics/privacy/americans-want-much-more-online-privacy-protection-a9058928306/

Concepts of Privacy: Why do we need it?

‘https://link.springer.com/chapter/10.1007/978-3-031-51063-2_2

The plurality of identification.
https://knightcolumbia.org/content/anonymity-identity-and-lies

“privacy is valuable not because it empowers us to exercise control over our information, but because it protects against the creation of such information in the first place.”

https://www.hup.harvard.edu/features/what-is-privacy-for...

Set your phone to at least reboot every twelve hours. Wipe it remotely if stolen/seized.
Alternatively, have a trusted party who can wipe it for you if you yourself are indisposed.

@ Daniel Popescu, and others too young.

1983 was a year when fairly good security advice came from being entertained…

An AI had to learn almost the hard way what MAD really ment and thus passed an opinion,

https://m.youtube.com/watch?v=NHWjlCaIrQo

I don’t know how many millions of people have seen it but strangely we humans do not appear to have learnt from it 🙁

@Daniel Popescu
It’s a quote from the 1983 movie “WarGames”.

@ TimH, ALL,

With regards,

“A quick-off hotkey would be good.”

From whose perspective?

As an experiment back at the turn of the century when mobile phones were much simpler, I developed a “Molly Button” / “quick kill” for a device I mainly used as a “Personal Organiser”.

Data at rest was always encrypted, and data that was in certain applications like editors was also encrypted even when in use...

Could have easily been an interpretation of some things here

https://www.schneier.com/blog/archives/2024/07/upcoming-book-on-ai-and-democracy.html

Because we want Open Source AI to exist also in fields where data cannot be legally shared

That’s like defining Good People as saviors, altruists and, heck, pirates, because we want Good People to exist also in lawless places. Such tactical naming isn’t going to bring about any good will to said lawless places.

But a definition is just a jargon element, so it can’t be bad, right? Wrong. As to why we do ...