[105attendees] (re. plenary) measuring privacy, trusting devices and verifiability

[David Lamparter <equinox@diac24.net>]

Hi all,
(enter den of the lion)


I find this discussion about measuring privacy, IoT devices and
end-to-end encryption mildly hilarious and somewhat alarming.

The /only/ situation where I will trust (and recommend others to trust)
any device is when I have the ability to build and compare the code that
runs on it.  I normally would want to be able to change it too, but
comparing is enough.  We have reproducible builds these days, so we can
even compare the resulting binary.

And this goes all the way down to the hardware.  I'm only going to trust
it if I can look at the design and compare it, even if that means
slicing open the chip.

It's not about billions of people each doing this.  It's enough that
it's possible to do; a few people will do it and publish their results,
and by random statistical sampling each of the billions of people can
look at the maybe 10 people who did it, and make their *individual*
decision to trust or not.

In most cases this means open source, you can get into a discussion
about signed binaries / inability to modify here, but it doesn't matter
as the point relevant here is verifiability.

And with that in mind, the only question I ponder is "what's the time
span to FOSS availability on <buzzword>."  If you want to throw your
data around, be my guest and join the hype train on whatever is the
thing du jour.  Trying to make a privacy statement about smart toilet
paper with closed source firmware is building on sand.  You may have a
good grasp on the sheet you wiped your a** with, but the next one's
gonna send your data to the Martian intelligence agency.

So, should we make allowances in things like TLS for the user to break
them to do a privacy analysis?

*HELL NO.*

The thing to break (into) is the devices.  Not our protocols.

Cheers,


-David