6/ @FrancesHaugen says that "regulatory oversight" is required because that's the only way for us to be certain that Facebook is implementing "real* end-to-end encryption.
Perhaps I should have given @Riana_Crypto a trigger-warning or something before typing that.
7/ I've already submitted this glorious piece of text to @internetarchive in case it, like the @Telegraph piece, changes in future.
8/ Props to @riptari for calling me "self-styling", that's clearly why my hair's such a mess, not that much remains of it…
9/ but being as I am one of those people attempting to help formalise a definition of end-to-end secure messaging, I'm confident that I can also say Ms Haugen is jumping the gun to think that "regulation" will help define it.
Let alone undermine it.
10/ Part of what's really problematic here (apart from her "government regulation should confirm that Facebook is using 'real' end-to-end encryption" stuff) is that @FrancesHaugen is basically saying
"It's not *real* e2e encryption unless it's standalone."
Which is not good…
11/ "Security should not be a bolt-on" - I have been saying stuff like that since ~1992, but there's no denying that E2EE is an "enabling technology" and it can and should be sprinkled like fairy dust to improve architectures wherever it adds value.
12/ Note that I said "adds value" - like a seatbelt makes you safer - rather than "is the entire value proposition".
Sure, there are projects like @BriarApp which are doing amazing experimentation in the space of E2E Secure Forums.
13/ But Facebook, Twitter, Reddit, etc, exist, and can certainly benefit from more and diverse applications of end-to-end encryption technology in order to add security and privacy to user content and interaction.
@FrancesHaugen is apparently now trying to gatekeep that.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Hot on the heels of #ChatControl and in the name of “identity” and “consumer choice” the EU seeks the ability to undetectably spy on HTTPS communication; 300+ experts say “no” to #Article45 of #eIDAS #QWAC alecmuffett.com/article/108139
If you would like to see more discussion regarding:
Regulation: EU Digital Identity Framework — including #eIDAS and #QWAC
When Signal and WhatsApp have fled the surveillance of the #OnlineSafetyBill, what app will still be around for politicans, journalists, and actual normal people to use, securely.
@JohnNaulty @matrixdotorg Let's be clear: we are talking about the evacuation of the entire Signal and WhatsApp userbase / niche, from the United Kingdom.
That's a lot of people.
WOW:
- No Signal
- No WhatsApp
- No iMessage
- No Facetime
@jamesrbuk called it #internexit; the UK will be extraordinarily isolated from the rest of the internet.
A big part of the the reason for the existence of that API was because the European Union wanted to enable people to access their data; so they created the problem, complained when the inevitable leaks happened, and are now reinventing it
Could be the attached, but my suspicion is that this is going to be another CYBER! DARKWEB! CYB3R! SYBER! CAMBRIDGE ANALYTICA‼️BRAIN CONTORL! YOU SAW AN ADVERT AND SO A RUSSIAN ARTIFISHIAL INTELLIGENCE APP MADE YOU VOTE FOR UKIP! … thing.
Plucky spooks in Cheltenham but dressed for speed-dating in 2015-era Shoreditch, battle "Russian influence operations" that Nadine Dorries will soon cite as rationale for the #OnlineSafetyBill.
Token American subplots help sell the series to the US.
Back in 1991 I published an open-source password cracking tool which defined the state of the art for the next 5+ years, so much so that echoes of it can be found in all major password crackers of today.
Some folk criticised me for doing this, choosing words like these to do so:
I know that in general it's bad form to take a single quote out of context and use it to critique an entire essay (concerned.tech) — but I do feel that this time it's deserved.
The concerned-dot-tech essay has had extensive technical debunking, e.g.: