The encryption protocols available haven't been the weak link for some time, no one cracks the messages in transit; you just go for the endpoint. If you can hack the OS and exfiltrate screenshots it doesn't matter how secure your app or network channel is.
The only approach that's given me hope has been Tin Foil Chat, isolating the keychain from the network. Me and some fellow noisebridgers built a kind of cyberdeck prototype implementing this but couldn't find much interest in commercializing it. Since the input stage is isolated from output, you can't copy paste any public keys but have to enter them manually (448bits as 56 characters) and messages/attachments can't be forwarded. Juice wasn't worth the squeeze overall. We'll see if there's a milder approach here but I don't see anyway to get around the endpoint security.
Even marketing to criminals is a tough sell, no reason to believe we weren't a 3 letter cutout:
> An encrypted chat platform that catered to criminals is actually an FBI sting operation.
> Since 2019, the FBI has been secretly operating Anom, a company that pretended to offer encrypted messaging to criminal organizations. In reality, the Anom app would relay to federal investigators a copy of every message sent.
This has happened many, many times in various countries. At the end of the day I don't think anyone else in the space would be able to compete on price with the various 3 letter agencies
Wickr was sold to AWS for an undisclosed amount of money, so we don't actually know if it's a graveyard or if it was a life-changing amount of money for the founders, or somewhere in between.
Use a camera and QR codes to transfer information instead of manual input, it would be much more viable. You could use any chat application that supports images as a transport laye.
Some years ago I was going through some old laptops, older than many HN readers and commenters no doubt, and these were loaded with old versions of Windows. I decided to see if I could use one by remotely controlling it from a more powerful computer running UNIX-like OS over the local network. It seemed all the popular "remote desktop" software used to do this with these old versions of Windows is long forgotten and difficult to find. "Unsupported", "deprecated", not "modern", yada, yada. So I got a copy of Back Orifice, which is still easy to find, and it worked like a charm. Small, easy to use. Does what it's supposed to do and not much else.
This reminded me just how bad software today has become, even worse than it was, and how Microsoft and its partners rely on planned obsolesence and turn perfectly usable computers into e-waste. Windows XP, everyone must stop using it offline because MS wants it to disappear. (As if Microsoft can control what software people choose to run on their computers.) Connect to the internet 24/7 and use "Windows 11" instead. Don't worry, MS has got people covered with its "automatic updates". Command and control from Redmond.
This is why I use NetBSD and Linux distributions. The latest release runs fine on all those old laptops. That's what "backwards compatibility" means to me.
"Planned obsolesence"... I get the desire to bash Microsoft at every possible opportunity here, but one thing Microsoft did better than most companies was backward compatibility and the ability to run legacy programs / maintain API compatibility going back years. Windows 3.x -> 95/98 legacy (even 16bit) apps continued to work. There are APIs even in Win10/etc that support old apps. I don't think Microsoft can be one of those "orchestrating planned obsolesence". This comment is particularly inaccurate.
There are things that are valid for complaining about Microsoft, but "planned obsolesence"? No.
Maybe not "planned obsolesence", but they do however have a "API incontinence".
This is mostly driven from a desire to sell new crap to enterprises. So they rewrite everything and churn out new crap every few years, new APIs, new frameworks, new "this is the way to do X now" and so on.
So, them maintaining backwards compatibility for the old stuff is half of the picture. Developers and (especially enteprise customers) are still pushed to adopt some new thing with alarming frequency, and stuff that works perfectly well gets thrown out for the new hotness. This leads to a rat race to keep up with the latest stuff, no updating of old stuff with new functionality, and so on.
Explain to me how win32 APIs from the 90s were still a thing on win mobile in the mid 2000s? On the enterprise front, yes they probably want to push but you ignore how often there are Windows EOL announcements where things are extended for large "enterprises" including government and large customers.
>Explain to me how win32 APIs from the 90s were still a thing on win mobile in the mid 2000s?
Not sure what you're asking.
I didn't say they kill and stop supporting old APIs.
I said they keeping putting out and pushing for "new hotness" APIs/frameworks, forgetting their old APIs/frameworks with an alarming rate.
A 20 year old API still working is good.
A 20 year old API properly maintained and updated, instead of having several new APIs/frameworks introduced and killed in between, with like the 5th "doomed to be replaced soon" API/framework now pushed as "THE" way to do things, is even better.
True but it's changing now. Now that they're pivoting to selling subscriptions instead of software. The windows 11 requirements were arbitrary and way too heavy. Especially considering unsupported machines work fine if you use a workaround.
I work for a company that relies on the MS cloud for virtualized environments, to let our still popular (And profitable) legacy app run in an environment it's more or less used to, but still be in "the cloud" so we can manage things for our customers, keep them on mostly the same version etc.
Well, they did, up until a point. Then they got into the habit of pushing technologies hard, then abandoning them. I don't think you can run activeX or Silverlight stuff very well without effort today.
Can you run Flash? What about a Mac OS 9 executable on a modern Mac? What about a Python 2.7 script?
Why is it reasonable to insist that MS allow something to run easily that is over a decade old that was notoriously insecure when it was in use? Are they an exception?
The planned obsolescence isn't the third party software, it's that version of Windows itself.
The new version comes with a new version of some APIs, which new software starts to use, and now you can't run that software on the version you have. They have backwards compatibility but not forwards compatibility.
Then someone finds a security vulnerability in the old version but they never patch it, and neither can anyone else because of copyright, so now you can't even keep using it the way you always had without falling victim to their inability to get it right the first time and refusal to either go back and fix it or release the source code so someone else can do it.
So just use the new version which still works with all your old software, you say. But the old version didn't spy on you and the new one does.
They do updates for pretty long and a lot of the OS you can trick into updating far longer. Windows 10 LTSC IOT for example is going to get security updates for a looong time and has all the bloatware and spyware stripped out.
> They do updates for pretty long and a lot of the OS you can trick into updating far longer.
"You can trick into updating for far longer" is supposed to be an argument that it isn't planned obsolescence?
> Windows 10 LTSC IOT for example is going to get security updates for a looong time and has all the bloatware and spyware stripped out.
Because there is a market segment which is less tolerant of this kind of abuse. But when John goes to the store to buy a new laptop because the one he had with Windows XP on it is too slow to run any variant of Windows 10, that edition generally isn't what it comes with. Why not? Is there a customer desire for spyware and shorter support lifetimes, or is there an abuse of naive customers going on here by default?
> Microsoft and its partners rely on planned obsolesence and turn perfectly usable computers into e-waste.
> This is why I use NetBSD and Linux distributions. The latest release runs fine on all those old laptops. That's what "backwards compatibility" means to me.
Based.
Yet, I get downvoted when I complain about i686 support being phased out.
I'm pretty sure the latest VNC clients can still connect to VNC servers from the XP era. How unsupported XP really is depends on the programs you try to run on it.
XP works fine (though it's insecure and a reminder about that is not bad) but that doesn't mean every piece of software has to support it. Hardware acceleration and usable 64 bit software has made a major difference in making animations and transitions possible. Clunky or simply bad kernel APIs were replaced with better ones.
All the old APIs are still available, but nobody makes software for a system only retro enthusiasts and some old factory control units are using. There's no interest in keeping it work, there are too many workarounds necessary, and nobody is willing to pay anyone for XP support.
Don't think Linux is much better. Getting code from 2004 to compile can be a real pain because the dependencies of yore have long been discontinued, their tarballs hidden somewhere on archive.org, and its reliance on 32 bit GCC behaviour long broken. Old hardware drivers break all the time because nobody has the hardware or the interest to keep that one Toshiba CD drive you have working on kernel 6.5. If your sound card isn't one that's used in virtual machines, good luck making it work out of the box. Your only advantage is that most Linux software is open source (but far from all of it) so recompiling it for modern systems is possible, but that doesn't mean it's any easier.
Starting with Windows 8, but quickly advancing after the release of Windows 10, the enshittification of Windows is real and it sucks. I'd love the modern Windows kernel running the 7 or XP UI stack instead of whatever the hell Windows 11 is supposed to be. However, programs only supporting the operating systems people use isn't breaking backwards compatibility, it's just good business.
It may be that I just don't know enough about the software used to control old versions of Windows from UNIX, and I just found Back Orifice the easiest option. In any event, I appreciate the cDc software. That was the point of the story. I have used their nc for Windows as well, the one written by Weld Pond.
I am sure a certain potential future governor of texas approves.
On a serious note though, ideology aside, the internet hardly needs another encryption protocol. The problem with these approaches is they try to solve everything. Unix and interner philosophy of layered piping (compartmentalization) exists for a reason.
How do you establish trust? TOFU? Your app is broke from the start! How do people on the internet establish the other anonymous person is really their anonymous person? Censorship resistance? Hah! How do you dynamically find network access nodes or peers without getting blocked? HTTPS? Well they decrypt that and you shouldn't rely on non-E2EE stuff for such reasons? Does the network rely on domains? Does your app rely on domain names to be found and installed+working? They can block domains and block you in app stores. Domain front? Russia was blocking entire /8's of google and aws because of apps like Signal.
This is why you solve problems one layer at a time.
All of the problems are listed (and more) require a unique standardized protocol solution that interoperates with other layers.
I said ideology aside earlier so let me bring it back and say this: it is a mistake to create any communication system that is censorship resistant but also lacks practical ways to moderate harmful content.
This was something I was very passionate about then I decided I don't want to help build something that can be abused and things that censor are not going to be used by most people anyways so no point.
Wow, looked up to Cult of the Dead Cow in the early 90's as a fledgling little hacker punk and didn't know they were still around. That's cool. And also, this is very cool.
>Cult members say their protocol is built from the same digital DNA as the Tor browser
If it's built on technical ideas of TOR + IPFS, is it also susceptible to same legal liability exposure?
A man from Austria was successfully found guilty of running a Tor exit node because he had child porn flow through it. Him not purposefully allowing child porn traffic did not let him off the hook. He got 5 years probation instead of a jail sentence but it still cost him over $6k in lawyer fees:
According to the first result on the query you've linked:
> The court noted that experts had found and reconstructed image files from the "lost cluster" of a hard disk containing pornographic depictions of minors. However, it found the accused not guilty of knowingly accessing those images, since it could not be established with the certainty required in criminal proceedings that they had been downloaded by him rather than by the automatic action of a Web browser.
I have to wonder how that image ended up on that hard drive. Your run of the mill Tor exit node certainly does not keep copies of the content it spreads on disk.
The sentence wasn't about hosting an exit node, it was about offering hosting services to pedophiles. Tor itself wasn't under attack, at least not in that particular criminal case.
Privacy is a political issue, not a technological one.
If you vote people in who then ban encryption or demand back doors or a weak algorithm, no amount of tech is going to save your privacy.
The technical side of secure communication is (mostly) a solved problem and there are more than enough competent people in the industry and interest groups to solve upcoming challenges.
A piece of (probably actual) paper can disable any of that for most people. And that paper can reach as deep in the tech stack as it needs to in order to achieve its goals. Down to the silicon mask if required.
Within the legal framework some companies benefit from protecting users privacy and some don't but, again, this isn't a technological challenge but a political one (for business reasons this time).
And yes I get why tech minded people often try to engineer us out of such situations anyway, but in the long term they can only score short term victories while loosing in the long term.
_____________________________________________________________________
| |
| == Your Invitation == |
| |
| Where: DefCon 31 in Las Vegas |
| When: Friday, August 11. Additional details pending. |
| Dress Code: Recommended (but not required) dress code- y2k |
| 31337 Haxxor threads. Think Zero Cool and Acid |
| Burn meet Max Headroom and Franken Gibe. There is |
| no contest, but the Bovine Mother is watching, so |
| make her proud. \m/ |
|_____________________________________________________________________|
xXx \\ The herd hath spoken. .ooMen // xXx
Do cDc members even comprehend the current internet landscape? Is this poised to be in the same vein as the TBL gaffe of making a new internet?
Although they're putting in noble efforts, I think they are out of touch with the actual contemporary internet culture. It's not the world they grew up in.
Obviously they're not going to dethrone Facebook or anything like that, but Signal has tens of millions of users so it doesn't seem impossible for a new protocol to achieve similar scale.
Veilid isn’t quite ready for primetime yet, though it will be soon. The protocol’s creators plan to hold a “launch party” at 2023's DEFCON, the annual cybersecurity conference, in Las Vegas, next week.
Ehm… bold take. It is /the/ Cybersecurity conference along with BH Vegas. It’s scope has grown, but it’s still an infosec conf at its core. That is its defining feature. You are trying to split some very fine hairs that din’t even exist.
The encryption protocols available haven't been the weak link for some time, no one cracks the messages in transit; you just go for the endpoint. If you can hack the OS and exfiltrate screenshots it doesn't matter how secure your app or network channel is.
The only approach that's given me hope has been Tin Foil Chat, isolating the keychain from the network. Me and some fellow noisebridgers built a kind of cyberdeck prototype implementing this but couldn't find much interest in commercializing it. Since the input stage is isolated from output, you can't copy paste any public keys but have to enter them manually (448bits as 56 characters) and messages/attachments can't be forwarded. Juice wasn't worth the squeeze overall. We'll see if there's a milder approach here but I don't see anyway to get around the endpoint security.
https://github.com/maqp/tfc
Yeah you're not going to make a business out of it. Secure messaging is a big graveyard of companies.
At least not a legal one...
Even marketing to criminals is a tough sell, no reason to believe we weren't a 3 letter cutout:
> An encrypted chat platform that catered to criminals is actually an FBI sting operation.
> Since 2019, the FBI has been secretly operating Anom, a company that pretended to offer encrypted messaging to criminal organizations. In reality, the Anom app would relay to federal investigators a copy of every message sent.
https://www.pcmag.com/news/fbi-sold-criminals-fake-encrypted...
(this is also in the TFC FAQ as why not to sell a device, trust is not solved by cryptography alone)
This has happened many, many times in various countries. At the end of the day I don't think anyone else in the space would be able to compete on price with the various 3 letter agencies
another case: https://en.wikipedia.org/wiki/Crypto_AG
Wickr was sold to AWS for an undisclosed amount of money, so we don't actually know if it's a graveyard or if it was a life-changing amount of money for the founders, or somewhere in between.
The goal appears to be protecting against monetisation, rather than state-level hacking.
Use a camera and QR codes to transfer information instead of manual input, it would be much more viable. You could use any chat application that supports images as a transport laye.
https://web.archive.org/web/20010726224437if_/http://www.tex...
https://www.reuters.com/investigates/special-report/usa-poli...
Some years ago I was going through some old laptops, older than many HN readers and commenters no doubt, and these were loaded with old versions of Windows. I decided to see if I could use one by remotely controlling it from a more powerful computer running UNIX-like OS over the local network. It seemed all the popular "remote desktop" software used to do this with these old versions of Windows is long forgotten and difficult to find. "Unsupported", "deprecated", not "modern", yada, yada. So I got a copy of Back Orifice, which is still easy to find, and it worked like a charm. Small, easy to use. Does what it's supposed to do and not much else.
This reminded me just how bad software today has become, even worse than it was, and how Microsoft and its partners rely on planned obsolesence and turn perfectly usable computers into e-waste. Windows XP, everyone must stop using it offline because MS wants it to disappear. (As if Microsoft can control what software people choose to run on their computers.) Connect to the internet 24/7 and use "Windows 11" instead. Don't worry, MS has got people covered with its "automatic updates". Command and control from Redmond.
This is why I use NetBSD and Linux distributions. The latest release runs fine on all those old laptops. That's what "backwards compatibility" means to me.
"Planned obsolesence"... I get the desire to bash Microsoft at every possible opportunity here, but one thing Microsoft did better than most companies was backward compatibility and the ability to run legacy programs / maintain API compatibility going back years. Windows 3.x -> 95/98 legacy (even 16bit) apps continued to work. There are APIs even in Win10/etc that support old apps. I don't think Microsoft can be one of those "orchestrating planned obsolesence". This comment is particularly inaccurate.
There are things that are valid for complaining about Microsoft, but "planned obsolesence"? No.
Maybe not "planned obsolesence", but they do however have a "API incontinence".
This is mostly driven from a desire to sell new crap to enterprises. So they rewrite everything and churn out new crap every few years, new APIs, new frameworks, new "this is the way to do X now" and so on.
So, them maintaining backwards compatibility for the old stuff is half of the picture. Developers and (especially enteprise customers) are still pushed to adopt some new thing with alarming frequency, and stuff that works perfectly well gets thrown out for the new hotness. This leads to a rat race to keep up with the latest stuff, no updating of old stuff with new functionality, and so on.
Explain to me how win32 APIs from the 90s were still a thing on win mobile in the mid 2000s? On the enterprise front, yes they probably want to push but you ignore how often there are Windows EOL announcements where things are extended for large "enterprises" including government and large customers.
>Explain to me how win32 APIs from the 90s were still a thing on win mobile in the mid 2000s?
Not sure what you're asking.
I didn't say they kill and stop supporting old APIs.
I said they keeping putting out and pushing for "new hotness" APIs/frameworks, forgetting their old APIs/frameworks with an alarming rate.
A 20 year old API still working is good.
A 20 year old API properly maintained and updated, instead of having several new APIs/frameworks introduced and killed in between, with like the 5th "doomed to be replaced soon" API/framework now pushed as "THE" way to do things, is even better.
Planned obsolesence was mentioned, legacy APIs being maintained and old programs continuing to run... that's not obsoleting anything.
Yeah, I know. Which is why I already wrote in my original comment
"Maybe [they do] not [have] "planned obsolesence", but they do however have a "API incontinence".
That's the point: to keep the competition busy trying to keep up with all their changes. Their slogan once was "We set the standards".
True but it's changing now. Now that they're pivoting to selling subscriptions instead of software. The windows 11 requirements were arbitrary and way too heavy. Especially considering unsupported machines work fine if you use a workaround.
I work for a company that relies on the MS cloud for virtualized environments, to let our still popular (And profitable) legacy app run in an environment it's more or less used to, but still be in "the cloud" so we can manage things for our customers, keep them on mostly the same version etc.
It costs a fortune.
Do other cloud services support virtualization of older versions of Windows?
Well, they did, up until a point. Then they got into the habit of pushing technologies hard, then abandoning them. I don't think you can run activeX or Silverlight stuff very well without effort today.
Can you run Flash? What about a Mac OS 9 executable on a modern Mac? What about a Python 2.7 script?
Why is it reasonable to insist that MS allow something to run easily that is over a decade old that was notoriously insecure when it was in use? Are they an exception?
The planned obsolescence isn't the third party software, it's that version of Windows itself.
The new version comes with a new version of some APIs, which new software starts to use, and now you can't run that software on the version you have. They have backwards compatibility but not forwards compatibility.
Then someone finds a security vulnerability in the old version but they never patch it, and neither can anyone else because of copyright, so now you can't even keep using it the way you always had without falling victim to their inability to get it right the first time and refusal to either go back and fix it or release the source code so someone else can do it.
So just use the new version which still works with all your old software, you say. But the old version didn't spy on you and the new one does.
They do updates for pretty long and a lot of the OS you can trick into updating far longer. Windows 10 LTSC IOT for example is going to get security updates for a looong time and has all the bloatware and spyware stripped out.
> They do updates for pretty long and a lot of the OS you can trick into updating far longer.
"You can trick into updating for far longer" is supposed to be an argument that it isn't planned obsolescence?
> Windows 10 LTSC IOT for example is going to get security updates for a looong time and has all the bloatware and spyware stripped out.
Because there is a market segment which is less tolerant of this kind of abuse. But when John goes to the store to buy a new laptop because the one he had with Windows XP on it is too slow to run any variant of Windows 10, that edition generally isn't what it comes with. Why not? Is there a customer desire for spyware and shorter support lifetimes, or is there an abuse of naive customers going on here by default?
Seriously.
> Microsoft and its partners rely on planned obsolesence and turn perfectly usable computers into e-waste.
> This is why I use NetBSD and Linux distributions. The latest release runs fine on all those old laptops. That's what "backwards compatibility" means to me.
Based.
Yet, I get downvoted when I complain about i686 support being phased out.
I'm pretty sure the latest VNC clients can still connect to VNC servers from the XP era. How unsupported XP really is depends on the programs you try to run on it.
XP works fine (though it's insecure and a reminder about that is not bad) but that doesn't mean every piece of software has to support it. Hardware acceleration and usable 64 bit software has made a major difference in making animations and transitions possible. Clunky or simply bad kernel APIs were replaced with better ones.
All the old APIs are still available, but nobody makes software for a system only retro enthusiasts and some old factory control units are using. There's no interest in keeping it work, there are too many workarounds necessary, and nobody is willing to pay anyone for XP support.
Don't think Linux is much better. Getting code from 2004 to compile can be a real pain because the dependencies of yore have long been discontinued, their tarballs hidden somewhere on archive.org, and its reliance on 32 bit GCC behaviour long broken. Old hardware drivers break all the time because nobody has the hardware or the interest to keep that one Toshiba CD drive you have working on kernel 6.5. If your sound card isn't one that's used in virtual machines, good luck making it work out of the box. Your only advantage is that most Linux software is open source (but far from all of it) so recompiling it for modern systems is possible, but that doesn't mean it's any easier.
Starting with Windows 8, but quickly advancing after the release of Windows 10, the enshittification of Windows is real and it sucks. I'd love the modern Windows kernel running the 7 or XP UI stack instead of whatever the hell Windows 11 is supposed to be. However, programs only supporting the operating systems people use isn't breaking backwards compatibility, it's just good business.
It may be that I just don't know enough about the software used to control old versions of Windows from UNIX, and I just found Back Orifice the easiest option. In any event, I appreciate the cDc software. That was the point of the story. I have used their nc for Windows as well, the one written by Weld Pond.
Correction: Windows nc came from another group, not the cDc.
RDP is one of a big hole to be used for hacking. I understand why Microsoft want to deprecate older protocols.
https://cultdeadcow.com/news/veilidparty20230622.html
I am sure a certain potential future governor of texas approves.
On a serious note though, ideology aside, the internet hardly needs another encryption protocol. The problem with these approaches is they try to solve everything. Unix and interner philosophy of layered piping (compartmentalization) exists for a reason.
How do you establish trust? TOFU? Your app is broke from the start! How do people on the internet establish the other anonymous person is really their anonymous person? Censorship resistance? Hah! How do you dynamically find network access nodes or peers without getting blocked? HTTPS? Well they decrypt that and you shouldn't rely on non-E2EE stuff for such reasons? Does the network rely on domains? Does your app rely on domain names to be found and installed+working? They can block domains and block you in app stores. Domain front? Russia was blocking entire /8's of google and aws because of apps like Signal.
This is why you solve problems one layer at a time.
All of the problems are listed (and more) require a unique standardized protocol solution that interoperates with other layers.
I said ideology aside earlier so let me bring it back and say this: it is a mistake to create any communication system that is censorship resistant but also lacks practical ways to moderate harmful content.
This was something I was very passionate about then I decided I don't want to help build something that can be abused and things that censor are not going to be used by most people anyways so no point.
That’s a name I haven’t heard in a long time.
I think my uncle knew about the Cult of the Dead Cow.
Wow, looked up to Cult of the Dead Cow in the early 90's as a fledgling little hacker punk and didn't know they were still around. That's cool. And also, this is very cool.
So, um, Signal? https://github.com/signalapp
No, this is a little different from the Signal protocol.
If the difference is so little, perhaps you could venture to explain it?
Signal is what you use if you want your chats subpoenaed
Can you explain more?
CdC is still around? I thought they went corporate as @Stake decades ago.[1]
[1] https://www.wired.com/story/cult-of-the-dead-cow-at-stake-ha...
It was L0pht that was acquired by @stake, not cDc. But there was a lot of overlap.
Oh, right. Thanks.
>Cult members say their protocol is built from the same digital DNA as the Tor browser
If it's built on technical ideas of TOR + IPFS, is it also susceptible to same legal liability exposure?
A man from Austria was successfully found guilty of running a Tor exit node because he had child porn flow through it. Him not purposefully allowing child porn traffic did not let him off the hook. He got 5 years probation instead of a jail sentence but it still cost him over $6k in lawyer fees:
https://www.google.com/search?q=tor+exit+node+child+porn
According to the first result on the query you've linked:
> The court noted that experts had found and reconstructed image files from the "lost cluster" of a hard disk containing pornographic depictions of minors. However, it found the accused not guilty of knowingly accessing those images, since it could not be established with the certainty required in criminal proceedings that they had been downloaded by him rather than by the automatic action of a Web browser.
I have to wonder how that image ended up on that hard drive. Your run of the mill Tor exit node certainly does not keep copies of the content it spreads on disk.
The sentence wasn't about hosting an exit node, it was about offering hosting services to pedophiles. Tor itself wasn't under attack, at least not in that particular criminal case.
Privacy is a political issue, not a technological one. If you vote people in who then ban encryption or demand back doors or a weak algorithm, no amount of tech is going to save your privacy.
> If you vote people in
How do you feel the U.S. political system in congress is working currently and with half of the citizens wanting Trump to be the president again?
It shows how the billionaires control the media and are making people crazy and distracted so the populace won’t rise up to them.
In that context tech encryption and privacy are the least of our concerns
Exactly.
The technical side of secure communication is (mostly) a solved problem and there are more than enough competent people in the industry and interest groups to solve upcoming challenges.
A piece of (probably actual) paper can disable any of that for most people. And that paper can reach as deep in the tech stack as it needs to in order to achieve its goals. Down to the silicon mask if required.
Within the legal framework some companies benefit from protecting users privacy and some don't but, again, this isn't a technological challenge but a political one (for business reasons this time).
And yes I get why tech minded people often try to engineer us out of such situations anyway, but in the long term they can only score short term victories while loosing in the long term.
.-=+++++++ .. .+++++++++- =#:##: =+++++++++ %@:=@# +++++++++= .@-:@@. -+++++++++. :#=.%@= +++++++++= * #@* . ::-- . ::-- :+++++++++: -* @%. @@: =@@: .@@# .=#@@ ++++++++++ :%%.=@@: .@@: =@@ :+++++++++: :@@::@@+ :=++=: --== .@@: :--=: :==+=@@ =+++++++++ -@-.%@# +@%+==#@%: -@@ .@@: .=@@ +@@+=-=#@@ .+++++++++- -#= #@%. @# @% -@@ .@@: %@* @% =@@ =+++++++++ @* +@@- @@@%%%%%%@@ -@@ .@@: %@* @@+ =@@ +++++++++==@# =@@* @@+ -@@ .@@: %@* @@* =@@ -+++++++++%%.+@@% +@@- :: -@@ .@@: %@* +@@- @@ +++++++++#%@@@: -#@@%%%%- #%@@% %@@% -#@@@#: =%@@#%-@@%+ :+++++++++%@@@# +++++++++@@%. . . .__ , :+++++++++#@- | _.. .._ _.|_ [__) _.._.-+- . +++++++++*+ |___(_](_|[ )(_.[ ) | (_][ | \_| .+++++++=- ._|
(End transmission)
You might also like our platform that we’ve been building for 12 years and are preparing to launch:
https://github.com/Qbix/Platform
Damn. That's a name that I haven't heard in two decades...
I first thought it sounded a bit like Retroshare[1], but now I am not sure.
[1] https://retroshare.cc/
Do cDc members even comprehend the current internet landscape? Is this poised to be in the same vein as the TBL gaffe of making a new internet?
Although they're putting in noble efforts, I think they are out of touch with the actual contemporary internet culture. It's not the world they grew up in.
https://cultdeadcow.com/about.html
In what way?
I’m sure the members haven’t been in a Han Solo-style cryo freeze and have experienced the same changes you have.
Obviously they're not going to dethrone Facebook or anything like that, but Signal has tens of millions of users so it doesn't seem impossible for a new protocol to achieve similar scale.
> Do cDc members even comprehend the current internet landscape?
You know they all have professional careers where they have invented foundational technologies and ran large tech companies right?
Hands down some of the smartest people I have had the pleasure of meeting.
Yes, and the question is relevant: the issue with tracking and privacy on the web is not the cryptographic protocols.
So you have pre-announcement access and have reviewed it already? Any insights you'd like to share?
All I have gotten is a few cool stickers.
Also one of them turned out to be Beto O’Rourke.
already posted two days ago https://news.ycombinator.com/item?id=36983384
> Cult members say their protocol is built from the same digital DNA as the Tor browser and the chat app Signal
Then just use those, as they are bettle-tested and received much more scrutiny than this new framework.
Link to source code?
https://veilid.com/
https://forum.defcon.org/node/246124
Veilid isn’t quite ready for primetime yet, though it will be soon. The protocol’s creators plan to hold a “launch party” at 2023's DEFCON, the annual cybersecurity conference, in Las Vegas, next week.
DEF CON has cybersecurity parts but it is not a cybersecurity conference. That would be like calling Comic Con a cosplay conference.
Ehm… bold take. It is /the/ Cybersecurity conference along with BH Vegas. It’s scope has grown, but it’s still an infosec conf at its core. That is its defining feature. You are trying to split some very fine hairs that din’t even exist.
Is it more prestigious/influential than the CCC?
I think so given that it has more of an international audience.
> More info about Veilid will be available- including technical deep-dives and source code- after the launch in August.
Black Hat and DefCon are happening this month, so it should drop very shortly.
Only a glimpse, but Python bindings: https://pypi.org/project/veilid/0.1.7/ https://files.pythonhosted.org/packages/66/ee/aa2a9319303626...
Sounds trendy, how does it work?
Thats not even a cow skull. lol
Indeed; the actual cow skull [1] has the teeth much further recessed from the front.
[1] https://www.skullsunlimited.com/products/replica-cow-skull-t...
“.. the same digital DNA as the Tor browser and the chat app Signal” - what kind of lazy journalism is this. No specifics on the protocol?
Specifics are not public yet AFAIK, from their website:
> More info about Veilid will be available- including technical deep-dives and source code- after the launch in August.
It looks like they accidentally published (and yanked) Python bindings to PyPI early today, which provides some clues:
https://pypi.org/project/veilid/0.1.7/ https://files.pythonhosted.org/packages/66/ee/aa2a9319303626...