pull down to refresh

171 sats \ 1 reply \ @optimism 28 May \ parent \ on: Are we fighting an unwinnable war against privacy privacy ideasfromtheedge

Justin is 100% right that privacy isn't tools: it is a process and thus takes effort. The best privacy you can get is by not digitizing and broadcasting your secrets. And if you must: by not using software you didn't write and by not using hardware you didn't make. And if you cannot do that, work through the assumptions and at least understand every line of source code on your hot path.

You're still defeatist though. No matter what you believe the state of compromise of the compute space is, the question will always remain: what are you going to do about it?

they just need to wait for adoption

Not really, because NatSec "sets" the standards. There's a 2025/2026 series of posts on Bernstein's blog about an alleged current occurrence of what Justin points to, showing that there's no need to "wait for adoption":

  1. NSA and IETF
  2. NSA and IETF II
  3. NSA and IETF III
  4. NSA and IETF IV
  5. NSA and IETF V
  6. NSA and IETF VI
  7. NSA and IETF VII

Note that these posts aren't really written for normie consumption - they're more a reflection of raw frustration - but the bottom line question here is: why, if X25519+ML-KEM is provably more secure than the latter on its own, are people[1] lobbying for publication and adoption of the less secure option?

The only use-case other than "CNSA2 requires this" that I saw mentioned, was an example offered where an unnamed individual allegedly said that dropping ECDH and doing pure ML-KEM is good for an unspecified HFT algo, see post VII.

It doesn't even matter if Bernstein is right or wrong about this. What matters is that with this information being available, how are you going to judge its validity, and how are you going to defend yourself? Are you capable of selecting the ciphersuites used by your TLS interactions on the interwebz, anon? If not, are you just gonna sit there? Or are you going to learn?

  1. Bernstein implies these people are spooks, but let's give everyone the benefit of the doubt and just treat everyone, including you and yours truly, as a potential spook. No shortcuts.

write
compose
92 sats \ 0 replies \ @npub1zapsats OP 28 May

Amazing comment 👏 thank you brev

I guess I can't stop being killed if a bus runs me over, but I can learn to cross the road 🎤🫳 do you like that one 🤣🤣🤣

This is why I SN, to get this type of conversation

I know you're right and unless you're smelting your own silicone chips you have to assume everything is backdoored

reply