Tracking media reports on the "Let us break end-to-end encryption by adding hashes" is a time sink. But someone has to do it, so that others need not.
Our first winner in "Not knowing what the subject is" is Money control, which contains these gems:
/1
If two people talking to each other is "National Security risk", it gets better.
No discussion on technology. No discussion on Diffie-Hellman. No discussion on OTR deniability. Just some abstract idea on middle ground.
Basically Baba Ramdev Charlatan territory
/2
We are also back to Clipper chips and key escrows here.
Again notice the lack of one single technical term here. If only we could find a wish fulfilling tree that can work like magic...
/3
And then there is "We don't know anything" and "We know everything" both being true on the same time.
So all in all, still not having any idea but hopefully someone or anyone will come up with something.
/4
All this means there are only 2 alternatives:
1. Banning WA 2. Banning encryption except by algos approved.
Both these approaches are the same as Chinese Ministry of State Security.
However they have competence which the govt here does not.
/5
All in all, we are now on the quiet phase between encryption wars redux. With breaches becoming normal, any messaging provider who is forced to store anything is a bigger national security risk b/c other countries will also ask the same thing.
/6
Not looking good. There is more, much more than what has been reported so far.
5 years ago: Sure, you do SQL backups, but have you ever tried restoring them?
Now: We do SQL backups, but misconfigure the AWS backup bucket so badly, that we did not even configure cloud watch logs, and this allows hackers to spawn VMs to check restore and siphon off data.
If 100 rupees of grain is sent via the PDS distribution channel and only 60 rupees goes to the beneficiary, economists talk about 40% leakage and corruption.
Now if AEPS fails 40% of the time, what is the corruption and leakage? This is world beating technology?
For all practical purposes, transfer costs of moving money from one bank account to another is Zero. NEFT and RTGS are dated systems, but they work reliably.
But AEPS is not NEFT, RTGS. It adds 3 more layers.
The Aadhaar Mapper and 2 Seeding Layers.
Seeding Layer 1 is adding your UID to the benefit scheme.
Seeding Layer 2 is adding your UID to your bank account.
And then Transfer is not to the destination bank account directly but by an intermediate switch called the Aadhaar Mapper.
The amazing thing about people criticizing the PM for suggesting lamps and plates is that they simply don't understand him. He has taken the corono crisis to not only increase his follower count, but has also turned them into a cult.
Cults are immune to facts and figures and in fact revel in the irrational and thrive in opposition to the cult. They are fundamentally anti-intellectual and by pass it fully to appeal to the emotions and thereby create long lasting loyalty.
The plate banging and diya lighting are demands to sacrifice rationality. Once done, the follower fully merges with the cult. They may retain their wisdom on other things but their loyalty to the PM is sealed.
(Read Second Foundation, The Mule by Asimov to understand this).
Biometric blacklists are already a feature and @UIDAI has built it.
"We can not only cancel Aadhaar but also ensure through the offenders' biometric data that they never apply for it again, preventing their re-entry into the system,"
For those of you wondering, why the #Yesbank moratorium has messed up fintech's and their clients - a short thread:
1. Yes bank had one of the best banking APIs allowing API based banking. The moratorium hence is "Losing the API".
2. Until today, I did not know that I had a Yes bank account b/c I used @Razorpay to generate a virtual account and linked it w/ POS vendors like PayTm, ezeTap etc.
3. Now all settlements from POS vendors are locked, till I move it to other bank accounts.
4. So in essence the cost to fintech's multiplies because their API should now work w/ not-so-great-API, semi-automated processes of other banks.
5. It also points to the folly of using direct banking APIs. If you had linked your ERP to Yes bank APIs, you are toast.
All of these entries' DNS was changed to 127.0.0.1
(See Screenshots below on timeline)
@asiatimesonline 2. Unlike other media orgs which reported that the data is on nrcassam.nic.in, which is *wrong*, the data actually comes from these 3 domains.
All of them were changed to 127.0.0.1 1 month ago. So if the @HMOIndia knew where to look, this would not have been a surprise.