[105attendees] (re. plenary) measuring privacy, trusting devices and verifiability

David Lamparter <equinox@diac24.net> Wed, 24 July 2019 22:40 UTC

Return-Path: <equinox@diac24.net>
X-Original-To: 105attendees@ietfa.amsl.com
Delivered-To: 105attendees@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 899A91202EC for <105attendees@ietfa.amsl.com>; Wed, 24 Jul 2019 15:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id uvFnGteaE5x1 for <105attendees@ietfa.amsl.com>; Wed, 24 Jul 2019 15:40:53 -0700 (PDT)
Received: from eidolon.nox.tf (eidolon.nox.tf [IPv6:2a07:2ec0:2185::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31D8C120110 for <105attendees@ietf.org>; Wed, 24 Jul 2019 15:40:53 -0700 (PDT)
Received: from equinox by eidolon.nox.tf with local (Exim 4.92) (envelope-from <equinox@diac24.net>) id 1hqPwJ-000JP1-I2 for 105attendees@ietf.org; Thu, 25 Jul 2019 00:40:51 +0200
Date: Thu, 25 Jul 2019 00:40:51 +0200
From: David Lamparter <equinox@diac24.net>
To: 105attendees@ietf.org
Message-ID: <20190724224051.GQ258193@eidolon.nox.tf>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/105attendees/6oMCv7Ob3ozMNKnx7XYrxq8-8FY>
Subject: [105attendees] (re. plenary) measuring privacy, trusting devices and verifiability
X-BeenThere: 105attendees@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list of all 105 attendees for official communication <105attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/105attendees>, <mailto:105attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/105attendees/>
List-Post: <mailto:105attendees@ietf.org>
List-Help: <mailto:105attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/105attendees>, <mailto:105attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 22:40:55 -0000

Hi all,
(enter den of the lion)

I find this discussion about measuring privacy, IoT devices and
end-to-end encryption mildly hilarious and somewhat alarming.

The /only/ situation where I will trust (and recommend others to trust)
any device is when I have the ability to build and compare the code that
runs on it.  I normally would want to be able to change it too, but
comparing is enough.  We have reproducible builds these days, so we can
even compare the resulting binary.

And this goes all the way down to the hardware.  I'm only going to trust
it if I can look at the design and compare it, even if that means
slicing open the chip.

It's not about billions of people each doing this.  It's enough that
it's possible to do; a few people will do it and publish their results,
and by random statistical sampling each of the billions of people can
look at the maybe 10 people who did it, and make their *individual*
decision to trust or not.

In most cases this means open source, you can get into a discussion
about signed binaries / inability to modify here, but it doesn't matter
as the point relevant here is verifiability.

And with that in mind, the only question I ponder is "what's the time
span to FOSS availability on <buzzword>."  If you want to throw your
data around, be my guest and join the hype train on whatever is the
thing du jour.  Trying to make a privacy statement about smart toilet
paper with closed source firmware is building on sand.  You may have a
good grasp on the sheet you wiped your a** with, but the next one's
gonna send your data to the Martian intelligence agency.

So, should we make allowances in things like TLS for the user to break
them to do a privacy analysis?


The thing to break (into) is the devices.  Not our protocols.