Re: [105attendees] (re. plenary) measuring privacy, trusting devices and verifiability
Robert Moskowitz <rgm@labs.htt-consult.com> Thu, 25 July 2019 10:31 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: 105attendees@ietfa.amsl.com
Delivered-To: 105attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2ECD1201E9 for <105attendees@ietfa.amsl.com>; Thu, 25 Jul 2019 03:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qa4QoM5lUrJd for <105attendees@ietfa.amsl.com>; Thu, 25 Jul 2019 03:31:50 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF9B12008D for <105attendees@ietf.org>; Thu, 25 Jul 2019 03:31:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 7C69360945; Thu, 25 Jul 2019 06:31:48 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id AfDG91TaqlAy; Thu, 25 Jul 2019 06:31:38 -0400 (EDT)
Received: from lx140e.htt-consult.com (dhcp-914c.meeting.ietf.org [31.133.145.76]) (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 15D6B6080C; Thu, 25 Jul 2019 06:31:35 -0400 (EDT)
To: Tobias Muhanguzi <mztoby12@ieee.org>
Cc: David Lamparter <equinox@diac24.net>, 105attendees@ietf.org
References: <20190724224051.GQ258193@eidolon.nox.tf> <b96b553d-1938-6da5-56bb-1fa74b761b72@labs.htt-consult.com> <CABu=JNZ-mk8eHoub7=6s7By_-hJBOAu92FbHywYhsaagAcrYEA@mail.gmail.com>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
Message-ID: <acfa403e-e094-1bfd-c3f5-05f42e8859e5@labs.htt-consult.com>
Date: Thu, 25 Jul 2019 06:31:31 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CABu=JNZ-mk8eHoub7=6s7By_-hJBOAu92FbHywYhsaagAcrYEA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------2F337CDD75CCA395E974959A"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/105attendees/6flovqPl7QHXz4imn2wEoryhCIw>
Subject: Re: [105attendees] (re. plenary) measuring privacy, trusting devices and verifiability
X-BeenThere: 105attendees@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list of all 105 attendees for official communication <105attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/105attendees>, <mailto:105attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/105attendees/>
List-Post: <mailto:105attendees@ietf.org>
List-Help: <mailto:105attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/105attendees>, <mailto:105attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 10:31:53 -0000
https://us.cnn.com/2019/07/24/tech/nyc-cellphone-location-data-sale-ban/index.html On 7/25/19 1:26 AM, Tobias Muhanguzi wrote: > When it comes to security in IoT, consumers should have an opt out > switch, and on top of that, security in design should be priority, we > can't avoid the future, more so IoT > ...@Richard > > On 7/25/19, Robert Moskowitz <rgm@labs.htt-consult.com> wrote: >> Caveat. >> >> You no longer have control of the IoT in your life. >> >> Utility smart meters >> Cars >> >> for starters. >> >> You want water efficient washers? Buy NOW before they all are connected >> IoT. >> Do you use heating oil? Select your provider carefully. They are >> putting IoT in your fuel tank. >> >> I know things about that AMI on my electric line. I could have opted >> out, maybe. >> >> On 7/24/19 6:40 PM, David Lamparter wrote: >>> Hi all, >>> (enter den of the lion) >>> >>> >>> I find this discussion about measuring privacy, IoT devices and >>> end-to-end encryption mildly hilarious and somewhat alarming. >>> >>> The /only/ situation where I will trust (and recommend others to trust) >>> any device is when I have the ability to build and compare the code that >>> runs on it. I normally would want to be able to change it too, but >>> comparing is enough. We have reproducible builds these days, so we can >>> even compare the resulting binary. >>> >>> And this goes all the way down to the hardware. I'm only going to trust >>> it if I can look at the design and compare it, even if that means >>> slicing open the chip. >>> >>> It's not about billions of people each doing this. It's enough that >>> it's possible to do; a few people will do it and publish their results, >>> and by random statistical sampling each of the billions of people can >>> look at the maybe 10 people who did it, and make their *individual* >>> decision to trust or not. >>> >>> In most cases this means open source, you can get into a discussion >>> about signed binaries / inability to modify here, but it doesn't matter >>> as the point relevant here is verifiability. >>> >>> And with that in mind, the only question I ponder is "what's the time >>> span to FOSS availability on <buzzword>." If you want to throw your >>> data around, be my guest and join the hype train on whatever is the >>> thing du jour. Trying to make a privacy statement about smart toilet >>> paper with closed source firmware is building on sand. You may have a >>> good grasp on the sheet you wiped your a** with, but the next one's >>> gonna send your data to the Martian intelligence agency. >>> >>> So, should we make allowances in things like TLS for the user to break >>> them to do a privacy analysis? >>> >>> *HELL NO.* >>> >>> The thing to break (into) is the devices. Not our protocols. >>> >>> Cheers, >>> >>> >>> -David >>> >> -- >> Standard Robert Moskowitz >> Owner >> HTT Consulting >> C:248-219-2059 >> F:248-968-2824 >> E:rgm@labs.htt-consult.com >> >> There's no limit to what can be accomplished if it doesn't matter who >> gets the credit >> -- Standard Robert Moskowitz Owner HTT Consulting C:248-219-2059 F:248-968-2824 E:rgm@labs.htt-consult.com There's no limit to what can be accomplished if it doesn't matter who gets the credit
- [105attendees] (re. plenary) measuring privacy, t… David Lamparter
- Re: [105attendees] (re. plenary) measuring privac… Robert Moskowitz
- Re: [105attendees] (re. plenary) measuring privac… Ted Lemon
- Re: [105attendees] (re. plenary) measuring privac… Ted Lemon
- Re: [105attendees] (re. plenary) measuring privac… Robert Moskowitz
- Re: [105attendees] (re. plenary) measuring privac… Robert Moskowitz
- Re: [105attendees] (re. plenary) measuring privac… Toerless Eckert