• iknowitwheniseeit@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    48
    ·
    19 days ago

    From RFC 2804:

    • The IETF believes that adding a requirement for wiretapping will make affected protocol designs considerably more complex. Experience has shown that complexity almost inevitably jeopardizes the security of communications even when it is not being tapped by any legal means; there are also obvious risks raised by having to protect the access to the wiretap. This is in conflict with the goal of freedom from security loopholes.

    https://datatracker.ietf.org/doc/rfc2804/

    This was written in 2000 in response to US government requests to add backdoors to voice-over-IP (VoIP) standards.

    It was recognized 25 years ago that having tapping capabilities is fundamentally insecure.

    • rottingleaf@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      19 days ago

      It was always recognized.

      Every time I go to the Interwebs and read what people have to say on security, it’s always the same high horse absolutism.

      I’ve read Attwood’s book on Asperger’s syndrome a couple weeks ago. There such absolutism was mentioned as a natural trait of aspies, but one that, when applied to social power dynamics or any military logic, gets you assroped in jail.

      People who want to spy on you or read all your communications understand too that general security suffers, but just not having that power is out of question for them, and also with the power they already have the security effect on them personally won’t be too big.

      It’s a social problem of the concept of personal freedom being vilified in the Western world via association with organized crime, terrorism, anarchism, you get the idea.

      It’s not hard to see that the pattern here is that these things are chosen because they challenge state’s authority and power, because, well, subsets of what’s called organized crime and terrorism that can be prevented by surveillance are not what people generally consider bad, and anarchism is not something bad in any form.

      What’s more important, people called that do not need to challenge the state if the state is functional, as in - representative, not oppressive and not a tool for some groups to hurt other groups.

      As we’ve seen in all the world history, what’s called organized crime and what’s called terrorism are necessary sometimes to resolve deadlocks in a society. It has never happened in history that a society could function by its formalized laws for long without breaking consistency of those. And it has never happened that an oppressed group\ideology\movement would be able to make its case in accordance with the laws made by its oppressor.

      Why I’m typing all this - it’s not a technical problem. It’s a problem of bad people who should be afraid not being afraid and thus acting, and good people who should be afraid not being afraid and thus not acting.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      12
      ·
      19 days ago

      You don’t need technical knowledge to see the problem.

      If you live in an apartment and your landlord has a master key, then all an attacker needs to do is get that master key. In an apartment complex, maybe that’s okay because who’s going to break in to the landlord’s office? But on the internet, tons of people are trying to break in every day, and eventually someone will get the key.

      Even for the landlord, I’d rather them have a copy of my key than a master key, because that way they’d need to steal my key specifically.