1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Westminster attack.

Discussion in 'Serious' started by Yadda, 22 Mar 2017.

  1. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Of course you don't, you're Yadda and I expected you to pretend you know nothing about the thousands of security vulnerabilities discovered in software each year and the almost monthly disclosures from companies that they've been the target of hackers.

    Do tell me though how you expect the security services to prevent ne'er do wells from gaining access to the data when they can't even keep the data stored on their own private network safe.
     
  2. t5kcannon

    t5kcannon Minimodder

    Joined:
    7 Jan 2011
    Posts:
    140
    Likes Received:
    2
    I don't think that's an old-fashioned view, but rather a sensible one. It's manifestly obvious that the UK security services must read Adrian Ajao's final message in a decoded form. No one in their right mind would argue that platforms like WhatsApp should give criminals a secret place to plan their crimes, hide and remain undetected. Time for Investigatory Powers Bill part 2 I think :D
     
  3. Byron C

    Byron C Playing life on "Hard" difficulty

    Joined:
    12 Apr 2002
    Posts:
    8,480
    Likes Received:
    2,949
    I will. I will make that argument, because using an encrypted messaging platform is effectively no different than meeting in someone's basement and making notes on paper which is later burned.

    Terrorists don't need WhatsApp or Signal or A.N.Other Tech Platform to plan attacks, and weakening the encryption systems of these platforms does nothing to deter terrorists. All you do when you weaken encryption is eliminate all possibility of privacy for the ordinary people using these platforms.
     
  4. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    I'd be more worried about the millions of financial transactions conducted each day, if end-to-end encryption is compromised in a legal sense, banning, enforced backdoors, key escrow or that sort of thing, then that means i can no longer trust that my credit card details are only being sent to the retailer or that my online banking is safe.
     
  5. Byron C

    Byron C Playing life on "Hard" difficulty

    Joined:
    12 Apr 2002
    Posts:
    8,480
    Likes Received:
    2,949
    That. There's also that.
     
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    16,031
    Likes Received:
    4,966
    Or, y'know, the fact that even the CIA - the freakin' Central Intelligence Agency - has let people walk out the door with gigabytes of supposedly top-secret data. You think Our Glorious Leaders, including a Home Secretary who said - and I quote - she'd ask for advice from people 'who understand the necessary hashtags to stop this stuff,' are better at keeping supposed secrets actually secret?

    Yeah, good luck with that. Don't come crying to me when your web, banking, and messaging history makes its way to PasteBin courtesy a 'completely secure' government backdoor.

    After all, it's not like it hasn't happened before, is it?

    EDIT: There's now a rather lengthy news piece up on the topic.
     
    Last edited: 27 Mar 2017
  7. Harlequin

    Harlequin Modder

    Joined:
    4 Jun 2004
    Posts:
    7,111
    Likes Received:
    192
    The same home secretary who worked for JP Morgan for 15 years then went on to the board of 2 tax avoidance companies in the Bahamas.....


    who is now tasked with chasing those very same tax avoidance companies
     
  8. Yadda

    Yadda Minimodder

    Joined:
    25 Jul 2003
    Posts:
    3,217
    Likes Received:
    49
    Why does applying for access to one person's encrypted messages mean the downfall of all end-to-end encryption including online banking? That's just ridiculous sensationalism.

    Man-up. We have terrorists to catch. ;)
     
  9. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,003
    Likes Received:
    950
    Problems with giving that access:

    1: Governments abusing it to quell political dissent
    Do you think if the UK government gets that access other governments won't ask for it?
    Do you think that governments like Turkey or Saudi Arabia won't abuse it?

    2: Governments abusing it to hunt down whistleblowers and undermine the press
    The UK government has already abused anti terrorism laws for this very purpose, go look into what they did with a Guardian journalist with the Snowden leaks.

    3:Neither the Companies making those apps nor Governments have a track record that indicates they can be trusted to keep any data they are given access to safe.

    4: The technical feasibility of it

    If it went down the need a warrant to get the message route:

    This isn't like physical mail where opening one letter leaves all other letters intact, access to even just one message invariably means someone along the chain necessarily has access to all messages by everyone which means access to one single message is equal to abolishing privacy for everyone.

    If it went down the deliberate backdoor left for law enforcement route:

    Any weakpoint in the technology is guaranteed to be discovered and exploited sooner or later by criminals.

    Can you come up with a piece of legislation that allows law enforcement to access encrypted communications that doesn't undermine encryption in general?
    Do you expect our lovely government who lacks even the most barebone understanding of technology to be able to do so?
     
    Last edited: 27 Mar 2017
  10. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    Because how would you go about allowing access to one person's encrypted messages?

    Key escrow means keeping a copy of the decryption key for each person, that would work but what happens when those copies are made public?

    Inserting a backdoor would also work but what happens when some enterprising hacker discovers that backdoor?

    As has been said no one is saying terrorists should be allowed safe places to communicate, however unless you can come up with a way to listen in on them without it also effecting everyone else then it seems, like Amber Rudd, that you don't understand how encryption works.
     
  11. Yadda

    Yadda Minimodder

    Joined:
    25 Jul 2003
    Posts:
    3,217
    Likes Received:
    49
    http://www.pcadvisor.co.uk/feature/...cryption-opt-out-of-adverts-security-3637780/
     
  12. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    That Guardian report has since been debunked, sure you can change a contact's key and attempt a MITM attack but you'd risk getting caught by the sender who simply has to check the keys still match, that's not a backdoor it's a mechanism for detecting if key's have changed.
     
  13. Yadda

    Yadda Minimodder

    Joined:
    25 Jul 2003
    Posts:
    3,217
    Likes Received:
    49
    Of course the Devs are going to deny it, it's their main selling point.
     
  14. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    It's not the devs denying it, that's how cryptography works, if the keys change for any reason, like what would happen with a MITM attack, then it's up to the sender and recipient to confirm if the new key is trusted.
     
  15. FatalSyntaxError

    FatalSyntaxError What's a Dremel?

    Joined:
    6 May 2016
    Posts:
    32
    Likes Received:
    7
    Linking to an article which you've barely taken the time to understand doesn't qualify as an answer.

    If you bothered to read the article and the links it provides to sources and other statements you'll see that this isn't a backdoor but a system that allows your contacts to read older messages you sent them when you switch to a new phone or reinstall the app for whatever reason.

    In layman's terms once a message has been sent and received by the recipient (double blue ticks) WhatApp will not ask the senders client to re-encrypt and resend those messages if they install WhatApp on a new phone or reinstall the app as their encryption key will have changed in doing so. The entire point of this system is so that if someone does hack into the servers they can't force the server to resend messages and encrypt them using keys that the hacker might have specifically provided themselves so they can decrypt them at will.

    I don't understand how you can justify making everyone else less secure so you can get a single person up to no good. Its akin to saying some criminals use really tough locks on their doors to prevent the authorities gaining entry when they have a warrant so we've decided to completely ban everyone from having locks on their doors.

    Great, now the police can simply turn the hand to get inside the house of any criminal they want so long as they have a warrant. Except now the thieves can get into any house they want without any hassle and of course they won't give a crap about not having a warrant.
     
  16. Yadda

    Yadda Minimodder

    Joined:
    25 Jul 2003
    Posts:
    3,217
    Likes Received:
    49
    The link you provided was the Devs denying it. :)


    Why not? Everyone else does.
     
  17. FatalSyntaxError

    FatalSyntaxError What's a Dremel?

    Joined:
    6 May 2016
    Posts:
    32
    Likes Received:
    7
    And that's not an good excuse/reason for you to do something either.

    In 1939 the vast majority of Germany was persecuting people of Jewish descent/belief. Did that make it acceptable? Of course not.

    Your welcome to your opinion but don't defend it by linking to articles that you've selectively chosen to back up your point of view. Its not how you have a meaningful and productive debate.

    Secondly and more importantly from a personal perspective for you, actually taking the time to read and understand something helps prevent you from ending up in a situation where your own argument ends up coming back to bite you.

    I guarantee it took me less effort to read that article and the others it linked to and then disprove the point you were trying to make with it than it took you to find it using google.

    Anyway, you've quoted a single line from my reply and yet offered nothing to rebuke any of the other stuff I said, so as it stands in this debate I'd say I'm currently in the lead having proved you wrong and provided a counter argument that you've yet to disprove. ;):rock:
     
    Last edited: 27 Mar 2017
  18. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    The link i provided was the devs explanation of how their cryptographic system works, their not denying it their educating uninformed people, but hey if the devs explaining how cryptography works then a quick Google would turn up loads of information that explains how it works.
     
  19. Yadda

    Yadda Minimodder

    Joined:
    25 Jul 2003
    Posts:
    3,217
    Likes Received:
    49
    Guys, as amusing as it is, I'll leave you experts to it. I really can't be bothered. :)

    It's a shame every thread like this descends into a "privacy good, government bad" circle-jerk. I guess I'm just a little too long in the tooth for it now.

    I'll bow-out and leave you to it. Enjoy yourselves. :)
     
    Last edited: 27 Mar 2017
  20. Byron C

    Byron C Playing life on "Hard" difficulty

    Joined:
    12 Apr 2002
    Posts:
    8,480
    Likes Received:
    2,949
    Umm... *raises hand* I am.

    The things that make it "safe" for terrorists to use also make it safe for me to use, so I am most definitely all for it.

    The fact that this has become a debate in recent years should surely shift the focus to the real problem here: the fact that whether we like it or not, pretty much all of our digital communications are being swept up by the NSA, CIA, GCHQ, or whoever. Whether you're under any kind of suspicion or not is completely irrelevant. By keeping these people in power we are all implicitly endorsing this. It doesn't matter that the dick pics you sent via whatsapp can't be decrypted when some analyst somewhere already knows that erotic donkey furry fanfic blows your frock up, because they've slurped your ISP traffic & search history. If I had any kind of certainty that my every online move wasn't being watched then I wouldn't be so bothered about needing end-to-end encryption.
     

Share This Page