Skip to main content

Pilch

Pilch

Crypto and You

3 min read

So you want to learn more about the encryption debate.1 Well, take a knee, gang, its .

Flash back 10 years ago. No one gave a shit about cybersecurity unless you were in China or a ghostwritten Tom Clancy novel. Then, as people started using networked services in more places, the information leaks began. It was still not an issue for the government (particularly, law enforcement), because useful data was just as accessible to them as it was to nefarious agents, like hackers or Facebook.

In 2013, the Snowden leaks began to paint a picture of just how much our own security agencies relied on cybersecurity weakness in their day-to-day operations. Snowden had trouble finding a journalist who could figure out how to use PGP to read his heavily encrypted messages to disseminate this information.

The leaked information made Silicon Valley companies very angry. So they began to encrypt transmissions between their data centers, as well as building it into their email, messaging, and mobile operating systems.

Now, encryption is just lots of math. Ever watch a movie about code breakers in WWII? Encryption. The only difference now is that common computers can do a lot more math in a short amount of time. But before this point, it was never viewed as particularly important to consumer software.

Think of it this way. In the same way that a gun is an offensive weapon, encryption is a defensive weapon. It protects your information from prying eyes, whomever that may be.

So now law enforcement has a problem. This technology is widely available, even to enemies of the state. Their proposed solution is to break it. Or to put it in their words, make it work for some and not for others. Kind of like how if you point a gun at something or someone you like, it will not fire. Because it only works in certain situations.

This is obviously a farce. As the old argument goes, if we outlaw guns, only law breakers will have guns. Since enemies of the state are not likely to stop using encrypted communication if it is outlawed, the only people without it will be law-abiding citizens. Effectively the exact opposite of the stated goal.

Remember this when some idiot presidential candidate2 tries to tell you how encryption is bad because terrorists are bad. The only benefit of outlawing encryption is to spy on you.


  1. I know there is a new John Oliver monologue about this. I haven't seen it. I hope he makes some of these points better than me.

  2.  

    via GIPHY

     

Pilch

Pilch

Ventricular Septal Secure Socket Layer Defect

1 min read

Dear Stanley (my NSA angel),

Sorry I haven't had time to write you in a while. I've been busy trying to change all my passwords (well, at least the important ones) because of the Heartbleed bug.1 I hear you guys knew about it for a while now. Where's the heads up, buddy? I thought we were friends.

It sucks that it only takes one guy missing a couple lines of code to totally undermine security on about half of the internet. I bet you guys wish you were that efficient. So did you have to change your passwords too? Probably not. Whatever proprietary security software you guys use would probably still be secure even if everyone's password is "guest".

Anyways, feel free to keep photoshopping your vans out of my photos. Please take it easy on the filters though.

Til next time,

Craig2

image credit: Global Panorama


  1. XKCD has the best explainer of the bug that I have seen: Heartbleed bug 
  2. This mostly has nothing to do with Heartbleed, but I always think of it when I see "IP addresses". Me and him are gettin' on the internet.   

Pilch

Modern privacy

1 min read

It's quaint that after all those years of having to memorize and change and rememorize passwords, the better option might be an actual key.

It was summed up best in xkcd:xkcd: Password strength

Two factor authentication is finally moving beyond this problem for the average consumer. It is the fancy term for using something you know along with something you have to gain access to online accounts. It is a case of tech finally catching up to a fairly normal part of everyday life. I can see it becoming ubiquitous once Chrome adopts it.

It reminds me of a sci-fi trope (I believe I originally encountered in Animorphs - I'm a 90's kid) where the alien civilization invented books long after developing their version of the internet. They can't understand why the internet would be superior, because books offer the same knowledge with instantaneous access. You don't get access to your house by knocking on the door and saying "correct horse battery staple" for the same reason.