reply on: UK Orders Ofcom to Explore Encryption Backdoors \ stacker news

pull down to refresh

102 sats \ 2 replies \ @optimism 12 Jan \ parent \ on: UK Orders Ofcom to Explore Encryption Backdoors Politics_And_Law

If that genie is out of the bottle, it is out globally. That's why resisting this is important.

Here's the backdoors I can think of:

Direct in-app. Most likely: they'll just force Apple/Google to ban apps from the app stores that don't comply. Also remember your post re: Obtainium about sideloading, even though it was "weakened". Note that this is built this way into iOS already since forever.
Input capture. Think keystroke logging on keyboards. Signal used to have a built-in keyboard, but I think it's gone (at least from Android) so this is problematic.
OS level capture.
- Just record the screen like MS
- Or capture at the SDK level.
Microcode level capture: just wrap spy() around, say, the built-in crypto extensions in ARM's microcode. Intel and AMD use this method to "fix" bugs in hardware (many of them cryptographic extensions), so you could in theory use it to implement spyware.
You do what was the standard until '96 or so (when Zimmerman/Bernstein etc successfully challenged it in court): you whitelist a bunch of encryption schemes that you have compromised and then you outlaw everything not on the list.

I neither of these cases are you safe when you're outside of the UK, because each has impact on development.

naively I assumed that you were only referring to 5 in your earlier response. the keyboard thing is something I hadn't thought about. But thinking about all these other avenues for state capture of my device, I am now sad.

How optimistic would you say you are on the future that avoids these sorts of things? Like it's a 50-50 shot right now, or pretty much most devices will be openly^[1] backdoored in 5 years?

'openly' because I suspect many devices are already secretly backdoored (given how much is closed source...) ↩

102 sats \ 0 replies \ @optimism 23h

If I were to propose an encryption backdoor, that's what I'd mean ^[1], yes, but that is not what politicians mean. What they mean is: force developers to build spyware of any kind and regulate everything that circumvents it away. If all you have is a hammer...

How optimistic would you say you are on the future that avoids these sorts of things?

I'm optimistic that I can personally avoid it, probably I'm overconfident in my own abilities though. I'm extremely pessimistic for everyone that cannot code their own functionality without the help of an LLM. It's both awesome and awful at the same time that we're finally going back to the resistance 90s. It means that
"we" failed to normalize personal sovereignty, real cybersecurity for the individual, and most importantly privacy.

pretty much most devices will be openly backdoored in 5 years?

I think it won't be "openly". It will just be done.

Edit: like, now that allegedly the Chinese have hacked the FBI's own backdoors into the telco systems, suddenly "the Chinese are capturing everything". This implies that before the Chinese gained access, the feds were already capturing everything. Do we really believe in the benevolence of our own governments in 2026?

But even if that were the only case, it is expensive to maintain different kinds of encryption based on jurisdiction. The nerfed version will become the standard. ↩