Security quotes of the week [LWN.net]

One of the only definitive takeaways, besides "steer clear of free VPNs," is that your choice of VPN should depend on what you're using it for. If you're just trying to stay safe online, it may make sense to steer toward a larger, U.S.-based company that's clear about both who owns it and how it treats your data. If your goal is to torrent pirated files, view blocked content, assassinate an ambassador, or otherwise evade the long arm of your government (or the governments it shares intelligence with), one based offshore might be a better bet—provided you're quite sure it doesn't have secret ties to the government you're trying to evade.

— Will Oremus at Slate (Thanks to Paul Wise.)

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Pervasive surveillance capitalism -- as practiced by the Internet companies that are already spying on everyone -- matters. So does society's underlying security needs. There is a security benefit to giving access to law enforcement, even though it would inevitably and invariably also give that access to others. However, there is also a security benefit of having these systems protected from all attackers, including law enforcement. These benefits are mutually exclusive. Which is more important, and to what degree?

The problem is that almost no policymakers are discussing this policy issue from a technologically informed perspective, and very few technologists truly understand the policy contours of the debate. The result is both sides consistently talking past each other, and policy proposals -- that occasionally become law -- that are technological disasters.

— Bruce Schneier

to post comments

Security quotes of the week

Posted Mar 7, 2019 8:11 UTC (Thu) by bustervill (guest, #85383) [Link] (3 responses)

Very interesting how in the consumer advice about VPNs, downloading torrents and assassinating an ambassador are in the same category of bad stuff. I mean, when you save the world in a comic book movie you have to get paid.

Security quotes of the week

Posted Mar 7, 2019 23:05 UTC (Thu) by flussence (guest, #85566) [Link]

Mentioning things like browsing sci-hub in the same breath as assassination… are they trying to say science is evil, or that politicians should be that expendable? ;-)

Security quotes of the week

Posted Mar 8, 2019 12:01 UTC (Fri) by moltonel (subscriber, #45207) [Link] (1 responses)

He doesn't define "stay safe online" either; what's the threat model ? A VPN doesn't/shoudn't alter, block, or even scan the content that it transfers to you, so you're as exposed to the malware as you were before. You are protected from vulnerability scans on your IP address, but that's a small fraction of the online threat. IMHO a VPN is more about privacy than safety, whether you you use that privacy for legal or illegal activities.

Also, the dichotomy between "us-based" and "offshore" is tiring, for the vast majority of internet users who don't live in the US. I know Slate targets an american audience, but the US isn't the only country capable of producing large reputable companies with clear ownership. And the US doesn't top my list of privacy-protecting countries. I'm tired of things like us-based information sources using farenheit and miles despite the fact most of their audience is outside the US and using SI units.

Security quotes of the week

Posted Mar 10, 2019 12:54 UTC (Sun) by nilsmeyer (guest, #122604) [Link]

The use of Fahrenheit and other imperial units always annoys me as well, especially when looking up nutrition information or anything else scientific(ish). I just checked whether there is a Firefox plugin for that to just convert the units, this may be promising: https://addons.mozilla.org/en-US/firefox/addon/everything...

Security quotes of the week

Posted Mar 8, 2019 8:44 UTC (Fri) by domenpk (guest, #12382) [Link]

Paying for a product does not magically make it good.
Companies normally want to maximise the profit, and if one source is the same as with 'free VPNs', they will definitely look into it.

Democracy...

Posted Mar 16, 2019 2:22 UTC (Sat) by Garak (guest, #99377) [Link] (1 responses)

The problem is that almost no policymakers are discussing this policy issue from a technologically informed perspective, and very few technologists truly understand the policy contours of the debate. The result is both sides consistently talking past each other, and policy proposals -- that occasionally become law -- that are technological disasters.

Democracy. Gotta Love It. It doesn't get you a great solution to every problem, or even a good one. Just better than all the alternatives.

Democracy...

Posted Mar 16, 2019 2:51 UTC (Sat) by Garak (guest, #99377) [Link]

Or rather, the unattributed cliche I was grasping for was perhaps- Democracy- It will eventually arrive at the optimal solution, after exhausting all the alternatives.