There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a “backdoor for good guys” is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There’s no safe way to create a backdoor that can’t be exploited by malicious actors. #privacy #security #infosec
@[email protected] Good point.
@[email protected] And yet the FBI and many politicians answer this with “NERD HARDER!!”
@[email protected] We and many know that there’s a few backdoors that are yet to be exploited and will be in the future.
@[email protected] Furthermore, there are no good guys. The existence of backdoors would attract even more bad guys into law enforcement/security than there are already.
@[email protected] Oh, and I bet the bad guys will find it fast and will use it way more proficiently than any government in the world.
If we’re lucky: against these governments - so that the backdoors will be shut real quick.
@[email protected] a “backdoor” is a vulnerability. End.
@[email protected] I agree absolutely, but it’s worse than that.
a. There may be classified back doors in some software, e.g. OS kernels, cryptography algorithms, etc., and we wouldn’t know if these had been rediscovered, e.g. by a malicious state actor.
b. If you think code visibility, e.g. through open source, avoids hidden back doors, enjoy reading https://blog.acolyer.org/2016/09/09/reflections-on-trusting-trust/
Not sure what the answer is, unless it’s simply to live with the possibility that any software I use could be compromised.
@[email protected] 99.9999999% of the time (rounding down) the “good guys” the back door is being created for are actually not very good too.
But hey, they tell us they are, so I guess that’s good enough.
Smaug: Previous owners installed a backdoor in MY mountain? Well, it’ll probably be fine.
Also Smaug: Patches break things. My armor is fine without patching.
Thranduil: But that barrel port’s for outbound traffic only. It’s not a backdoor. It’s fine.
Theoden: The Deeping Wall has never been breached. That tiny backdoor culvert is fine.
Sauron: The old backdoor tunnel past Cirith Ungol? It’s always had Shelob securing it. It’s fine.
@[email protected]
#chatcontrol #Chatkontrolle #EU #eugoingdarkRaph Koster once famously wrote, “The client is in the hands of the enemy.” Admittedly, that was in reference to the use of distributed computing in the running of MMORPGs, but the phrase is relevant to many, many aspects of programming for virtually every other online service.
There may be well-meaning ‘good guys’ out there who will utilize a backdoor for responsible and sensible purposes, but the general userbase of backdoors tends to be ‘bad guys’. So introducing a backdoor into your system for the responsible people is just implementing a weakness.
If you’re going to put an administrative login into your system, for the love of sweet candied apples, document it, make it clear it exists, and tell everyone how to lock it the heck down. #infosec
@nixCraft People still think that #EU bureaucrats are “good guys”.
They are not. Those who advocate the introduction of a backdoor are not “good guys”. In fact, these are the “malicious actors” you are talking about.
#chatcontrol is only a manifestation of the fascist tendencies of EU bureaucrats.
Therefore, full rejection of CC is not enough. Europeans need a law that protects their #privacy. Otherwise, the “good guys” will try with next versions of CC, again and again, until they succeed.
@[email protected] tell that to the EU please.
