Warning: this is certainly a depressing post.
The NSA/PRISM/big brother scandal of late didn’t surprise nor shock me. The discovery that “the NSA probably silently circumvents/broke all our crypto and hid backdoors everywhere” is not really a discovery to geeks who have given the whole system a bit of thought — spies are spying on us, and they’re not telling us that our GPG keys or disk encryption are not sufficient to guard against them? No sh**, Sherlock!
What kept me relatively optimistic about the whole thing is that running a fully open-source software stack on your computer gives you long-term protection, in theory. Sure, it probably has backdoors planted by the NSA right now (you may now begin the witch hunt), but the increased awareness and outrage from recent events means (hopefully) that we’ll weed out those vulnerabilities with more audits, ruthless efficiency and an almost fanatical devotion to security.
But then, on the privacy side of things in general, some much more worrying thoughts have started resurfacing in my mind.
For starters, let’s just take the case of WiFi networks. Until today, it somehow did not truly occur to me that no matter how security-conscious I am, no matter how “safe” my encryption is considered to be or how clever my wifi passphrase is, it doesn’t matter at all: as soon as a friend or family member logged into my wireless network once, it’s game over: Google (or Apple, or whoever) knows your passphrase, which allows circumventing the entire system.
I say that I’m surprised this realization had not occurred to my mind until now, because this is just the logical extension of what I’ve been thinking for years about everything else, about GMail, social networks and addressbooks. Network effects means that you do not have any “opt out”, only the illusion of it. Even if you boycott them and avoid giving out any information, your friends and family (you know, normal people) will happily enter this information into the system. Didn’t fill in your birthdate, phone number or door passcode number in your profile? It doesn’t matter: somebody else added that info right next to your name and email address in their own addressbook which, unless they are as paranoid as you, is stored (or synchronized) online.
Even if we go full-tinfoil and use only privacy-intensive, security-audited, local-storage-only open-source software, we are still compromised… because humans are socially interconnected and technology has become integral to the world as we know it. I don’t know where to go from there, so maybe there’s a huge flaw in my analysis that I’d love to hear about.
Latest posts by Jeff (see all)
- Liberté logicielle et matérielle, compte rendu de l’émission La Sphère du 16 septembre - October 5, 2017
- Painting two old friends—Tintin vs Sephiroth - June 11, 2017
- Defence against the Dark Arts involves controlling your hardware - March 18, 2017