#securitybyobscurity

beautifuldowntownmannheim@squeet.me

Wußtet ihr eigentlich, dass die durch Steuergelder finanzierte #NINA #WarnApp den Quellcode nicht veröffentlicht hat?

Eine #IFG Anfrage Januar 2021 wurde unter Verweis auf proprietäre Elemente, #SecurityByObscurity und Corona beantwortet: https://fragdenstaat.de/anfrage/source-code-nina-app/#nachricht-572346

Dankenswerterweise hat im Dezember 2022 ein Antragssteller dieses lose Ende aufgegriffen und eine Folgeanfrage gestellt, welche bis heute unbeantwortet geblieben ist:
https://fragdenstaat.de/anfrage/update-source-code-nina-app/

Gibt wohl Probleme mit Notifications die via #Google Services laufen derzeit. Aber wüßte nicht, warum das einer Veröffentlichung des Quellcodes im Wege stehen sollte.

#PublicMoneyPublicCode #OpenSource

dredmorbius@joindiaspora.com

We've been thinking about it wrong: The norm has been Insecurity by obscurity

The Crypto AG CIA backdoor story (2020) clarifies to me much of the neverending flood of "outlaw strong crypto" thinkpieces and "lawful access" (a/k/a mandated backdoors) proposals.

I realised today that the whole #SecurityByObscurity discussion was missing a major insight: For much of the Cold War period, the operational standard has been instead #InsecurityByObscurity

Crypto AG was an allegedly secure system which was, obscure to the public, insecure. And that insecurity (along with fear, suprise, ruthless efficiency, and an almost fanatical devotion to the Pope), seems to have been a key element of US and #FiveEyes surveillance capabilities from the 1950s onward. (I'm aware Crypto AG's role under the CIA begain ~1970.) More recent stories of package intercepts (where backdoors are installed on specific equipment), zero-day hacks (such as are routinely purchased and exploited by Cellebrite, Palantir, the NSO Group, and others, is the logical extension of Crypto AG methods. As is putting a surveillance device in the pockets of the population that the surveillance targets themselves fight amongst themselves to buy.

Our information systems, technology, devices, and infrastructure are, obscure to us, insecure. And we fall for it again and again.

Because while the cryptography of the NSA and Five Eyes, as well as their counterparts worldwide, is no doubt prodigious, the cheapest way to break through a wall is to go around it. By far.

And virtually all the continuous whinging since the early 1990s about the hazards of emerging strong crypto makes vastly more sense in this context. The agencies know their own strengths, weaknesses, and secret weapons. And have been trying to preserve their advantage. (Even though this ultimately puts us all at vastly greater risk.) Their policy recommendations have been premised on this, even if they've been unwilling to admit this publicly.

But yeah, insecurity by obscurity as an operational norm. Describes much of the present Web as well.


Adapted from an earlier Mastodon thread: https://mastodon.social/@natecull/106112437055287730

#CryptoAG #security #surveillance #surveillanceCapitalism #surveillanceState #infosec #infotech