the sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook. If the company’s new on-device content moderation succeeds it will usher in the end of consumer end-to-end encryption and create a framework for governments to outsource their mass surveillance directly to social media companies, completely bypassing encryption.
In the end, encryption’s days are numbered and the world has Facebook to thank.
Kalev Leetaru
July 26, 2019
The Encryption Debate Is Over – Dead At The Hands Of Facebook
[Via email from Chet who referred me to Slashdot, which linked to Bruce Schneier, who linked to the article quoted above.
The article says WhatsApp will be, or perhaps already has been, compromised by Facebook. Moving to Signal is probably warranted but that is no guarantee of security. Furthermore, I think blaming Facebook for this is a little unfair.
Back when I was working for Pacific Northwest National Labs I suggested the government could add code to whatever O/S a particular set of terrorists were fond of using and then “upgrade” their phone to send duplicate copies of messages, phone calls, and even record conversations when the phone was believed to be “asleep”. To the best of my knowledge the suggestion went nowhere. But that doesn’t mean I was just very late to the game and there was no need to tell me it had already been done.
Similar things can be done to your Windows and/or Apple devices. You upgrade your computers and other communications devices all the time to guard against security vulnerabilities. But how do you know you aren’t also installing a custom version of the O/S dictated to Apple, Google, and/or Microsoft, by government spies?
If you want communication security you will need to make sure your O/S is secure as well as the applications and the channels it transmits over. It’s not an easy thing to ensure.—Joe]
I’m no expert, but it seems to me like you’d need a system that completely isolates program and data memory; and then only uses ROM for the program memory. No flash, no firmware updates.
Your device would be unable to keep up with changes to messaging systems’ protocols, etc., so it would need to operate as a standalone and in the end, likely would be able to interact only with other devices of the same type.
And finally, you would still need to trust the people who made it, didn’t include a backdoor. And that the people you’re talking to aren’t themselves compromised.
The first two points could become annoying rapidly, as I see the resultant devices as being, functionally, akin to encrypted two-way pagers. But the real kicker is still the last point: unless you personally have the skills and tools to verify it’s likely secure, you’re still left having to trust someone else … the maker as well as the people you’re communicating with.
And, with the political left and globalist constantly doing everything they can to destroy trust and fracture the nations’ populations with identity politics and mass immigration, that’s becoming nearly impossible.
Yes, if you want security you have to trust your OS. And your applications, which probably means that any application which stores data at the company is a bad thing.
If you’re really careful you have to check more than that. There is this famous paper: https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf . And if your computer uses microcode, as Intel designs do (but not, I think, ARM), you should worry about the microcode.
And finally, there were reports in the press recently about contract manufacturers adding unauthorized parts to boards they were building, with some indication that these were back door devices. They were vehemently denied at the time, but it wasn’t clear to me that the denials were credible. I haven’t heard further, though.
A couple of years ago I had to set up a site behind the great firewall of China. The “remote hands” gave me a VPS with a version of Ubuntu installed and credentials to access.
I was in this interesting situation of not trusting any piece of software on the system, not trusting the repos as accessed, not trusting the signatures downloaded from the repos that the server accessed.
I ended up manually bringing over a limited set of “trusted keys” and then setting up a VPN (By the By, the great firewall detects openVPN connections and blocks those ports. Be prepared to bounce your ports.) Then downloading from my own trusted repos via the vpn to reinstall every single piece of software. Then using a stock system to generate fingerprints for every single installed file on that stock system to compare with what was actually installed on the China system.
And even this depended on me trusting the signatures that I retrieved from my “trusted source.” Those signatures could have been corrupted at a government level.
And all of this work didn’t actually protect me because everything on the VPS was accessible to host system. It was just a small step I could make towards securing the server.
Bruce issued a retraction on this:
https://www.schneier.com/blog/archives/2019/08/more_on_backdoo.html
I’ve long run on the assumption that everything I say is, or will be made, public.
The Dark Side needs to keep secrets. They love that stupid nonsense, it makes them feel super duper important and special, and that’s why there are so many secret societies including all the fraternal organizations, whereas the conspiracy of the righteous should operate wide open, in the full light of day.
Murder me for speaking the truth; you’ve revealed and condemned yourself and done me a favor.
Matthew, chapter 5;
“10 Blessed are those who are persecuted for righteousness’ sake,
For theirs is the kingdom of heaven.
11 Blessed are you when they revile and persecute you, and say all kinds of evil against you falsely for My sake. 12 Rejoice and be exceedingly glad, for great is your reward in heaven, for so they persecuted the prophets who were before you.”
So you see; it’s been foretold, and anyway; it’s been the way of the world for some time. No man-of-the-world wants to hear the truth, because the truth rebukes him, and it takes away any and all legitimacy from all the things he’s been striving for all his life. He’ll do anything to stop you if you start telling the truth, because he knows it can spread like wildfire. If that means murdering 100-million people and terrorizing all the rest, then so be it. On the smaller scale, if it means beating his wife and terrorizing his own children, then he’ll do it without hesitation.
It would be very difficult for this to happen on iOS devices, short of security holes (which they are patching).
Take a look at Apple’s Security Guide, which describes in detail how they protect OS installs and updates from being anywhere but from Apple:
https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf
It’s my understanding the keys to sign the updates are heavily protected.
How do you know Apple wasn’t told to give you a “special” update?
The correct answer is, if you have things that you absolutely do not want a third party to be able to read them, is to encrypt and decrypt offline.
You simply can not trust a machine that is hooked up to a public network of any kind to be secure. Period.
So this entails one of two things: Either you have an airgapped machine that is never plugged into a public network to encrypt or decrypt your messages and you use some kind of physical media to transfer encrypted messages to and from it to a device that is hooked up to a public network, or you encrypt/decrypt manually using pencil and paper.
Both involve a degree of inconvenience. However, depending on the situation, that inconvenience might be mitigated by the inconvenience of others reading your messages.
And yes, there are manual encryption methods that are, for all intents and purposes, unbreakable, and of course the one completely unbreakable system only gets it’s full security when it’s in manual form, the one time pad.
I should point out that the generation of truly random keys for OTPs isn’t that hard, it can be done with a manual typewriter, some blank carbonless forms, and a handful of quality 10-sided dice. You aren’t going to need megabits of key to pass important messages. Think along the lines of tweets and telegrams, not big images or video.
Similarly, because the amount of keys you’d need would be pretty small compared to what most people think about when they think “encryption” today, key exchange isn’t all that tough. You can pass a *LOT* of messages with the amount of keys that you could stuff into a package the size of a pack of cigarettes.
Or, alternatively, you can have relatively complex algorithms for encryption or decryption that aren’t unbreakable in theory, but are largely so for the amount of traffic you’d be passing. The famous “VIC cipher” is an example of that.
But honestly, if you’re really that concerned, that kind of thing should be the “backup” system to OTP use, for when you run out of pads or lose them or you know they’ve been compromised.