It's terrifying that basically nothing has changed since the Snowden leaks. And most people simply don't care so governments can keep scooping up our data, sifting through it for whatever they may deem interesting.
DNSSEC doesn't encrypt anything - it's all plaintext on the wire. There are some DNS extensions that encrypt the query/response (DNS over HTTPS does this), but DNSSEC is not that.
DNSSEC is simply a way to verify that the response you get has not been meddled with in transit - it's the domain owner signing the DNS records so that you can verify that your DNS responses aren't being modified by a malicious entity (that may very well be your ISP).
The number of users of recursive resolvers that support DNSSEC vs users of browsers that use DoH? Number of companies that has infrastructure that supporting DoH compared to number of companies that has infrastructure that supporting DNSSEC? Daily users?
The right figure of merit should be "lookups protected by DoH/DNSSEC" (stipulating that DoH and DNSSEC have different definitions of "protected" and just assuming arguendo they're the same). I don't think it'd even be close; I would assume DoH exceeds DNSSEC by several orders of magnitude.
Note that this isn't lookups that happen to run through a resolver with DNSSEC enabled; to count, you'd be talking about such a lookup to a zone that had DNSSEC signatures. You can see the advantage DoH has here, since it works with all zones.
That would be the volume of traffic being sent over DoH compared to the volume of traffic from every recursive and authoritative dns servers that support dnssec.
It would interesting to see statistics. I wouldn't assume anything in that race. Some TLD's which are signed has quite a lot of traffic going through them on any given day, and most resolvers connecting to those have dnssec enabled by default. There are published statistics for this, but I can't find anything similar from either google or cloudflare.
All traffic sent over DoH is protected. Most traffic --- the overwhelming majority of traffic --- sent through a DNSSEC-verifying resolver isn't signed by DNSSEC, because the overwhelming majority of zones --- and an even higher proportion of popular zones, by any reasonable metric of popularity you choose (I use the Moz 500) --- aren't signed.
However so many sites are using CloudFlare and other DDoS prevention and CDN services. I'm sure the NSA has fiber taps (beam splitters) at the point where the data travels unencrypted on the internal datacenter network.
CloudFlare itself might not even be aware of the taps. Or maybe only a few select employees know about it.
I think the solution to these problems is to reduce dependence on the Internet. It's now possible to torrent an entire library worth of books and have it all on your personal computer at home. 20TB HDDs are readily available, and constantly getting cheaper. Also check out https://reddit.com/r/DataHoarder. And we have local AI models, again these do not need the Internet to function.
> I think the solution to these problems is to reduce dependence on the Internet
Uh, I thought the concern is about communications (email, IM, etc), not about content consumption. Communications can't be replaced with some static archives.
I doubt any TLA cares if I read Python or Rust documentation, or if I watched Oppenheimer, or Barbie, or both. If they do - well, it's their loss, because such data is absolutely worthless at scale, as repeatedly demonstrated by the ad industry failing to extract any meaning from all the Big Data(tm) they hoard. And if they would somehow get interested in me personally - I don't think having an offline Wikipedia copy would help me any much.
The solution is to encrypt and authenticate every single byte transferred, end-to-end, with strongest known algorithms. And, well, some legislative action too.
https everywhere is literally throwing the baby with the bathwater. yeah we got a little better at hiding content, still leaking ton of metadata, and still vulnerable to all the root CAs in your browser... and lost cache and everything else that http had.
> https every[where] is literally[1] throwing [out] the baby with the bathwater[2].
1) That would be figuratively, not literally, as there's no literal baby in HTTPS-everywhere that I know of.
2) What is HTTPS-everywhere throwing out? Which part is the baby and which is the bathwater? I don't think this is the right expresion to use here, not even figuratively.
>and still vulnerable to all the root CAs in your browser...
certificate transparency makes this very risky to pull off, making it all but useless unless you're trying to catch a international terrorist or something.
you forget systems have humans in them. most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations. those are usually CAs signed by the CAs in your browser.
so, yeah, a gov abusing this is very bad and visible. scammers profiting from the complexity and humans in the machine, is very common.
>most online banking scams hijack bank domains and use CAs for that country gov, which usually have keys leaked or sold on the right (wrong?) places. just look at india or brazil list of small govt CA revocations
Source? If true they're grounds for ejection from root certificate programs of various OS/browsers.
karpersky writes about then from time to time. since its not the CA key but some CA signed by those CA they just revoke that one and move on and nobody cares. last year (or the one before) they discussed this at length on the mozilla chats before the meeting
The zip images? It meant that less data was being sent. Same with the cache.
The worst of it was that internet providers wanted to tamper with data, and insert this or that advert into what they sent. The absence of that is a good thing.
Something changed: government agencies are now clear that they can carry on, build more of it, and get away with it. Even try and build more of it into law (see EU). It was an expensive test but successful.
Plenty has changed. In general the technology industry cares a lot more about security these days. Things have gotten better and many services became much more secure by default. WhatsApp is the most widely used messaging platform in the world and it has end-to-end encryption. It's not ideal but the fact is never before have so many people used something this secure. It's foiled my country's courts more than once.
What we need now is to get these governments to accept defeat and stop trying to undermine our security with constant legislative assaults. The fact they keep trying is evidence that it's working.
this is not true and insulting at the same time. Individual people are powerless against organized commercial activity, and, more than one million people in the USA are on payroll with uniform services, so they cannot object.
in addition, the throw-away word "terrifying" is also useless and annoying.. really
It's absolutely an insult and frankly disheartening. And in order to get a word in edgewise you would have to rollup an entire decade of work into a simple cliche using appropriately PC keywords. Which is just as draining to contemplate as do.
It's fascinating how different minds can process information. I myself have a photographic memory - only one of my kids has it as well. The two of us are constantly being asked where this and that is lying around, and we can always tell while the others in the family wouldn't be able to guess even if they just saw whatever they were looking for. It's simply amazing.
When will they ever stop? The moment we (=the people) have fought one surveillance law, they (=politicians) simply come up with another. Until we are too tired to fight anymore...
That’s their _politicians_ strategy. It’s a time worn political stratagem. Keep pushing the same bill through with a different name, different sponsors, and at a time few are paying attention.
There has to be some sort of punishment for them to stop. Otherwise they'll just repeat it. If they find themselves consistently primaried or voted out for supporting bills they'll get the message.
There's no voting this wacko out. The lady who keeps shoving these bills out (or onto other bills) is an unelected senator that is there til she's 75 or does some gross misconduct or something.
I think blame may lie more on lobbyists than politicians. Though the fact that politicians haven't fixed the problems with lobbying doesn't look so good either.
In what way would AI deserve our trust? To date data hungry companies have proven to NOT have consumers interest in mind. Why should AI companies be any different?
Tutanota has got a Linux app, and the Android app is available on F-Droid.
I love what both companies are trying to achieve with building private ecosystems, but for me Linux must always come first. Everyone who loves privacy has switched to Linux by now.
I use Linux as a litmus test, is that the term, to see how serious a company is about privacy. Without a Linux presence, it's privacy marketing or just lip service. I might still use the product on another OS simultaneously, but I need to know that the control point exists.
They have a way to run thunderbird by running a local bridge. I don't really want their desktop client anyway. I do use their android app which is decent.
You can use Proton Mail on Linux already via our Proton Mail Bridge: https://proton.me/mail/bridge. We plan to make the Proton Mail Linux native app available in early 2024.
This is the new cancel culture: Comment away with hate speech (bots) to stop a true and honest discussion. It's too bad the internet is not yet ready for this form of misinformation and destroying real conversations. Now with AI (bots) coming up, it will get even more difficult...
> Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.
> “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application
Goes without saying this is so reckless and dangerous. Was he ever charged? I couldn't find any information.
The telling quote from the linked Wired article is:
Although Roberts hasn’t been charged yet with any crime, and there are questions about whether his actions really did cause the plane to list to the side or he simply thought they did,
"or he simply thought they did"
The principal article for this thread concerns some far more open hackers who had an entire functioning COVID grounded aircraft scheduled for scrapping to play with. They assert that, as expected, the in flight entertainment and flight control systems are fully isolated as required to meet FAA regulations.
"caused one of the airplane engines to climb" is about what you'd expect from a bad Hollywood take, so I think you're being overly polite with regard to the validity of his claims
"Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight."
So they wrote a simulation without knowing how any of it works and then showed they could hack their own cobbled together mess.
"They built a test lab using demo software obtained from infotainment vendors and others in order to explore what they could to the networks."
Yep, cobbled together random non-production infotainment software which is isolated from the actual flight systems. Generally only certified to DO-178 DAL Level D/E since they are isolated in such a way that total failure or even maliciousness can not possibly cause a meaningful safety impact.
The functional equivalent of claiming you could totally steal from a bank vault because you successfully stole some pens from the counter. Just another self-aggrandizing idiot.
However, I’m surprised they don’t protect us more against hacked phones. When each iPhone is 4,000mAh, it could cause quite a fire, let alone entire laptops.
Is the entire security theater based on the trust that terrorists won’t short-circuit batteries?
