Re: [105attendees] (re. plenary) measuring privacy, trusting devices and verifiability

Toerless Eckert <tte@cs.fau.de> Thu, 25 July 2019 14:08 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: 105attendees@ietfa.amsl.com
Delivered-To: 105attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D876F120241 for <105attendees@ietfa.amsl.com>; Thu, 25 Jul 2019 07:08:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ReGgICH6vWtO for <105attendees@ietfa.amsl.com>; Thu, 25 Jul 2019 07:08:11 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31127120271 for <105attendees@ietf.org>; Thu, 25 Jul 2019 07:08:11 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 3FD34548342; Thu, 25 Jul 2019 16:08:06 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 2C8DB440041; Thu, 25 Jul 2019 16:08:06 +0200 (CEST)
Date: Thu, 25 Jul 2019 16:08:06 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: David Lamparter <equinox@diac24.net>
Cc: 105attendees@ietf.org
Message-ID: <20190725140806.omaxmp6n6izkhysu@faui48f.informatik.uni-erlangen.de>
References: <20190724224051.GQ258193@eidolon.nox.tf>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190724224051.GQ258193@eidolon.nox.tf>
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/105attendees/PuBLR2RMlkXlKZV_A_WHaqs_yBs>
Subject: Re: [105attendees] (re. plenary) measuring privacy, trusting devices and verifiability
X-BeenThere: 105attendees@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list of all 105 attendees for official communication <105attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/105attendees>, <mailto:105attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/105attendees/>
List-Post: <mailto:105attendees@ietf.org>
List-Help: <mailto:105attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/105attendees>, <mailto:105attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 14:08:18 -0000

I would love if the IETF would think about what could be done
to empower users to audit what devices are communicating. I
very much liked how he presentation today pointed that out.

I think the way "privacy" is presented without context is as
misleading as presenting "trust" without context. IMHO, the
way encryption via e.g.: TLS is used today is mostly successful
because it protects the privacy of often questionable, exploitative
business model. But its sold as if it primarily exists because of
end user privacy. If more users understand this distinction,
maybe transparency could become as big a requirement as privacy
is made to be.

You should sart analyzing behavior of peace makers. Friend who is
also frusted about bad working software with undocumented interfaces
and data m

On Thu, Jul 25, 2019 at 12:40:51AM +0200, David Lamparter wrote:
> Hi all,
> (enter den of the lion)
> 
> 
> I find this discussion about measuring privacy, IoT devices and
> end-to-end encryption mildly hilarious and somewhat alarming.
> 
> The /only/ situation where I will trust (and recommend others to trust)
> any device is when I have the ability to build and compare the code that
> runs on it.  I normally would want to be able to change it too, but
> comparing is enough.  We have reproducible builds these days, so we can
> even compare the resulting binary.
> 
> And this goes all the way down to the hardware.  I'm only going to trust
> it if I can look at the design and compare it, even if that means
> slicing open the chip.
> 
> It's not about billions of people each doing this.  It's enough that
> it's possible to do; a few people will do it and publish their results,
> and by random statistical sampling each of the billions of people can
> look at the maybe 10 people who did it, and make their *individual*
> decision to trust or not.
> 
> In most cases this means open source, you can get into a discussion
> about signed binaries / inability to modify here, but it doesn't matter
> as the point relevant here is verifiability.
> 
> And with that in mind, the only question I ponder is "what's the time
> span to FOSS availability on <buzzword>."  If you want to throw your
> data around, be my guest and join the hype train on whatever is the
> thing du jour.  Trying to make a privacy statement about smart toilet
> paper with closed source firmware is building on sand.  You may have a
> good grasp on the sheet you wiped your a** with, but the next one's
> gonna send your data to the Martian intelligence agency.
> 
> So, should we make allowances in things like TLS for the user to break
> them to do a privacy analysis?
> 
> *HELL NO.*
> 
> The thing to break (into) is the devices.  Not our protocols.
> 
> Cheers,
> 
> 
> -David
> 
> -- 
> 105attendees mailing list
> 105attendees@ietf.org
> https://www.ietf.org/mailman/listinfo/105attendees

-- 
---
tte@cs.fau.de