The problem isn't about the big corporations themselves but about the fact that the network itself is always listening and the systems the big corporations build tend to incentivize making as many metadata-leaking connections as possible, either in the name of advertising to you or in the name of Keeping You Safe™: https://en.wikipedia.org/wiki/Five_Eyes
Transparent WWW caching is one example of a pro-privacy setup that used to be possible and is no longer feasible due to pervasive TLS. I used to have this kind of setup in the late 2000s when I had a restrictive Comcast data cap. I had a FreeBSD gateway machine and had PF tied in to Squid so every HTTP request got cached on my edge and didn't hit the WAN at all if I reloaded the page or sent the link to a roommate. It's still technically possible if one can trust their own CA on every machine on their network, but in the age of unlimited data who would bother?
Other example: the Mac I'm typing this on phones home every app I open in the name of “““protecting””” me from malware. Everyone found this out the hard way in November 2020 and the only result was to encrypt the OCSP check in later versions. Later versions also exempt Apple-signed binaries from filters like Little Snitch so it's now even harder to block. Sending those requests at all effectively gives interested parties the ability to run a “Hey Siri, make a list of every American who has used Tor Browser” type of analysis if they wanted to: https://lapcatsoftware.com/articles/ocsp-privacy.html
One man's meta is another mans data. The classification of 'data' and 'metadata' into discrete bins makes it sound like metadata is somehow not also just 'data'.
If every morning I got in my car and left for work and my neighbor followed me, writing down every place I went, what time I got there, how long I stayed, and the name of everyone I called, it would be incredibly intrusive surveillance data, and I'd probably be somewhat freaked out.
If that neighbor were my cell phone provider, it would be Monday.
What we allow companies and governments to do (and not do) with this data isn't something we can solve in the technical realm. We have to decide how we want our data handled, and then make laws respecting that.
And with that, thanks to you, today I am a bit smarter than yesterday.
Thank you very much for that phrase, the rest of your post is a very good example for the layman, but that phrase should be the subtitle of a best selling privacy book.
> If every morning I got in my car and left for work and my neighbor followed me, writing down every place I went, what time I got there, how long I stayed, and the name of everyone I called, it would be incredibly intrusive surveillance data, and I'd probably be somewhat freaked out.
It's not "surveillance data," you are in a public place and have no expectation of privacy. It's only through such neighbourhood watch and open-source intelligence initiatives that our communities can be kept safe from criminals and terrorists.
Why are you so protective of your goings-on and the names of everyone you call? Are you calling terrorists or engaging in illicit activity at the places you visit? What is it that you have to hide?
I would actually take the premise of (national) security even further and extend collection to not only metadata, but data as well. Further, these capabilities should be open-sourced and made available to all private citizens. Our current law enforcement systems are not powerful enough, nor do they move quickly enough to catch criminals - by the time sufficient information has been gathered on a suspect, it may already be too late.
An argument so cliche, it has its own Wikipedia page[1]. In the US, we currently have a presidential candidate from a major party threatening harm to people based on their political, social, and biological qualities, which outsiders often determine by inference from data such as who people are in contact with and where they travel. Further, I would argue the need for individual privacy is innate in humans; as every child matures they find a need to do things without their parents over their shoulder, even without their peers, no matter how innocent the activity and it is a need that does not vanish in adulthood. We generally agree that things like removing bedroom doors as punishment is abusive because it robs the person of privacy. The same goes for installing monitoring software on your partner's phone, or a GPS tracker on their car. Privacy means we are able to be ourselves without our lives being scrutinized, criticized, judged, rated, shamed, blamed, or defamed by every person on the street. I close the door when I defecate, I draw the blinds when I copulate, I don't tell people my passwords, and I don't scan my grocery receipt to earn points because there are some things other people don't need to know.
Lol. So who does "deserve" privacy your highness? I'm guessing you do at the very least since you seem so judgemental on those with an "incessant, insatiable need to broadcast their lives 24/7" - which you presumably do not.
You're pretty judgy and seem incapable of even conceptualising a nuanced position on this topic. And your take on Assange, Snowden and Appelbaum is clearly first order trolling.
Unless you forgot the /s at the end of your whole comment.
Observing someone by chance in public is protected. Stalking them is generally a crime, although jurisdictions differ in their inclusion of surveillance (without contact or purpose) only as a form of stalking. Generally speaking, if someone is following you around everywhere, a reasonable person will start to fear for their safety and criminal codes seek to protect people from that.
While not as immediately threatening, realizing that a company is maintaining a large dossier about you may cause some concern about how they will utilize that (obviously against your undisturbed behavior). It is reasonable to be concerned about that usage and intent.
Imagine you are a baker in the end of 1930's Germany. You deliver bread every day to a synagogue. Imagine cell phones and apps existed. The Nazi government could now with little effort see you went to a synagogue everyday for the last couple of years so they decide to send you to a camp, although you are not a jew. Meta data is not dangerous you think?
There's no need for theoreticals - we know very well that Nazis used census data which recorded a person's religion to find and kill Jews(and others). At the time I imagine giving this data to the state felt like not a big deal, but how could they know it would lead to their deaths?
> Why are you so protective of your goings-on and the names of everyone you call? Are you calling terrorists or engaging in illicit activity at the places you visit? What is it that you have to hide?
Basic political associations can become problematic when people get riled up. See “the red scare”.
We’re not far from that again with people cutting out major relationships based on support or disdain of Trump.
I am struggling to comprehend how allowing everyone between you and the services you use to view not only the metadata but the content as well could possibly be considered privacy-preserving.
It’s kind of an unorthodox take, but I’m guessing the idea is that if corporations perceived that they didn’t have secure ways to protect stuff, they would refrain from gathering as much stuff, because they would be afraid of the liability. And btw the perception / reality distinction is important here in supporting this theory.
I disagree. What makes corporations afraid of liability are laws enforcing liability. We never got those, and I don’t see why weaker encryption would’ve created them. We could, for example, have meaningful penalties when a company leaks passwords in plain text.
in your mind, ssl won't leak anything. and non ssl leaks everything.
make a list of everything you can infer without a cert looking on a ssl connection. then add on top of that all the things people with the cert or control over CAs can see and make a list of them all
when you're done you notice ssl is not perfect as you think and the extra request and no cache compound all that.
> make a list of everything you can infer without a cert looking on a ssl connection
This exactly, and not just connection but connections, plural. If the network observes my encrypted connection to ocsp.apple.com followed by another encrypted connection to adobegenuine.com, an analyst could reasonably assume I'd just opened an Adobe Creative Suite app. Or if they see ocsp.apple.com followed by update.code.visualstudio.com, I probably just opened VSCode. Auto-updaters are the same kind of privacy scourge and every additional connection makes it worse.
> Transparent WWW caching is one example of a pro-privacy setup that used to be possible and is no longer feasible due to pervasive TLS.
What? You're kidding. If we didn't have pervasive TLS we'd have neither privacy nor security. Sure, a caching proxy would add a measure of privacy, but not relative to the proxy's operator, and the proxy's operator would be the ISP, and the ISP has access to all sorts of metadata about you. Therefore pervasive TLS did not hurt privacy, and it did improve security.
You're making the same mistake as Meredith Whittaker. It's a category mistake.
> Other example: the Mac I'm typing this on phones home every app I open in the name of “““protecting””” me from malware.
What does this have to do with secure cryptography? That's what TFA is about. You are conflating security as-in cryptography with security as-in operating system security. More category errors. These are serious errors because if we accept this nonsense then we accept weak cryptography -- that's DJB's point.
Oh damn, that escalated quickly. Nice! How is that 51nb board? I totally forgot they were a thing. I have many ThinkPads but unfortunately am at the cap of coreboot-able (X230)... It's sadly getting to the point where the web, of all things, is gradually creeping out of reach.
It is the best computer I have ever used but parts availability can be an issue. For example I had the eDisplayPort flex-PCB go bad in my X210 and had to homebrew my own replacement. I have an entire spare machine just in case, since I couldn't just go out and buy one if I needed it Right Now.
Nice, that's cool to hear (best computer), but yeah I suppose it has some inherent "rarity" to it. One of the nice things about the ThinkPads is their popularity/"ubiquitousness" (is that a word?) - I have like, five X230's at this point! So easy to find an amazing deal on one if you're patient. But yeah, these are really starting to show their age. Still fine to use overall, but it can be pretty limiting at times.
Ignore the downvotes - you raise a point worth discussing.
Apple spent a good amount of time and money putting out marketing to convince people that their brand emphasizes privacy. This was part of a brand recovery effort after quite a few folks' intimate photos were leaked out of iCloud.
But it's become evident, as in the post you replied to, that they aren't as privacy-friendly as their marketers want you to believe. You should consider alternatives for your computing needs - specifically, open-source software which is not in control of large corporations.
Apple has been focusing on privacy as a part of their core offering since long, long before the iCloud photo leak. Them being imperfect is not a sign that they are willfully malevolent actors.
The post they replied to doesn’t make anything “evident” it just claims without basis that if you want privacy you should stop using Apple products.
I mean sure in an absolute sense that’s true. Using Apple products gives them some information about you. But relatively speaking, Apple tends to collect significantly less data about its users than its competitors: Meta, Google, Microsoft, et al.
I don't find the "not as bad as" argument to be a convincing one. Given that users can run hardware and software that doesn't give out any information about them, it seems defeatist to only consider software which does give out information. A lot of people have spent a lot of time and effort to make software like Linux and LineageOS available and easy; choosing the least-bad of bad options makes no sense when actual good options are available.
The OP of this thread gave a specific example of Apple circumventing user privacy in a way that I would find unacceptable. "Replied to" was not the best phrasing for that, I admit.
Users can also live in a shack in the woods which is even more privacy-preserving.
Presumably just like most users don’t want to do that, most users also don’t want to learn enough to admin a Linux system, run their own domain and email server, and keep a NAS at home as their “cloud” storage.
If you assume that users want someone else to handle this stuff for them, then yes, “not as bad as” is a great argument.
Wow, nice analogy - you really think that using Linux is like living in a shack in the woods, huh. It's actually very easy to use these days. Have you tried it?
I’ve used Linux for the last twenty five years, both as my daily driver personal desktop and as an admin.
My point is that if you want to chase privacy absolutism, a shack in the woods is where you inevitably end up. If you accept that people want to use consumer-focused goods and services that come with some privacy cost—as basically fucking everyone but a minute rounding error does—there are alternatives that are better than others. And so it’s absolutely worth comparing those alternatives.
If you want to run Tails on RISC V, route all your traffic through Tor, and conduct all your transactions with Monero then more power to you.
I don't accept that, actually. Since you like exaggerated analogies, here's one for you:
Imagine a world where, in the past twenty years, big companies started making transparent bathroom doors. And thanks to marketing, media, celebrity endorsemets etc., transparent bathroom doors have become the new norm. It worked, and most bathroom doors are now transparent or translucent.
I'm one of the people pointing out that we can get doors made of wood, and it's pretty easy to do so.
And you're the guy saying "that's so weird! Basically fucking everyone uses some degree of transparency on their bathroom doors, therefore it's normal and good, and should continue to be encouraged. Besides, this one company makes translucent bathroom doors - that's better, right?"
It is a matter of perspective. Of all Mac users, no of people wanting to hide their app usage are practically 0 when compared to people downloading free wallpaper app or game that need to be protected from their own actions. For 2nd set an OS monitoring the activity and blocking potential harmful ones is more secure.
Where people stand on this question ultimately lies in whether they trust what Apple says. For example, Gatekeeper / OCSP, the service mentioned in the GP. Apple says the following:
> Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are using on their devices.
That's either true or it isn't. If it's true, then the GP comment is wrong about "Hey Siri who is using Tor", if it's not true, they are correct. Blocking the service using a hosts file works, and does not prevent applications from opening, a case can be made that this should be even easier with a system preferences setting, but we come back to the same question: if you trust what Apple says about the service, making it easy to disable (and blocking a DNS entry is not especially difficult) would be foolish, because the threat landscape does include malware, and does not include Apple sharing information (they claim that) they don't have, about what programs users open.
If Apple is lying, or one thinks Apple is lying, then the problems do not end with Gatekeeper. They could be logging every key I type, faking E2EE through some clever obfuscated code, and so on. Blocking the OSCP server will do nothing, they can exfiltrate anything they want from an operating system which they alone control.
I happen to believe Apple's privacy claims are honest. This is based on a couple of things: primarily, privacy is a valuable (to them) and emphasized part of their brand, and any discovered breach of trust would be hugely detrimental to their bottom line. Also, there's a dog which didn't bark, in the form of an absence of whistleblowers reporting on how Apple's privacy claims are bullshit and they actually pwn everything.
TL;DR there are OSes which claim to offer more privacy than Apple, but now you're trusting ~everyone who has contributed software to those operating systems instead. I also happen to think that e.g. Qubes and Tails do improve on privacy over the macOS etc. baseline, but I can't prove that, anymore than I can demonstrate that Apple isn't lying.
It is physically impossible to audit all the code we run personally. It just can't be done. So trust is a non-optional component of making decisions about privacy and security. It will always be thus.
I don't see metadata as a danger, I think it's a great compromise between police work and privacy.
Some of thi requirements I see here seem crazy. I want carte blanche access to the global network of other peoples computers and I want perfect privacy and I want perfect encryption...
Keep in mind that you don't decide who's a terrorist and who isn't. You might be "glad" about the NSA doing their job as long as your definition of terrorism aligns with the government's but what if that ceases to be the case?
I'm too young to truly appreciate this, but I have spent my time going through archives of the Cypherpunk mailing list.
The one thing I always think about on HN is what some of those guys would think (or presently think) about the cultural shift among nerds and otherwise techies such that this comment is even possible.
They all projected, correctly or not, such a potentially dystopian/utopian world. And they definitely didn't agree with each other. But there was still this sense of shared belief and shared cause of generally being, to say the least, skeptical and antagonistic to the state, of the kind of formal potential for liberation in code. That things could be different.
But here we are now. Computers and what they do are no longer a source of hope or doom. They either make us money, or they help us catch ambiguous enemies.
I wish I had been around for the golden era. All that is solid melts into air.
It's no mistake that the rise of cyberpunk and postmodernism coincided with the collapse of competing ideologies to market capitalism. As Capital killed its enemies, you see belief in humanity and its ideals in art go up in smoke.
Personally, I find computers to be harbingers of doom. Not essentially, of course, but it's pretty clear at this point we're not going to see the potential of the technology we already have realized within my lifetime, but we will see a good deal of the predicted use to abuse people. Hell, we already see much of it.
Blaming capitalism doesn’t make any sense because it’s a different axis. The security vs privacy debate is quite old and different societies handle the trade completely independently of how capitalistic their economy is.
Is it really a hypothetical at this point? I was under the impression that relevant cases have already been explored ( to the extent that one can given the nature of IC ). In cases like these, the moment it is actually a problem, it is likely already too late to make sensible adjustments.
Transparent HTTP caching as a way to avoid leaking metadata is not pro-privacy. It only works because the network is always listening, to both metadata and message content. The reason why people worry about metadata is because it's a way to circumvent encryption (and the law). Metadata is holographic[0] to message content, so you need to protect it with the same zeal content is protected.
But letting everyone have the message content so that metadata doesn't leak isn't helpful. Maybe in the context it was deployed, where pervasive deep packet inspection was only something China wasted their CPU cycles on, your proxy made sense. But it doesn't make sense today.
[0] X is holographic to Y when the contents of X can be used to completely reconstruct Y.
How it metadata holographic? Sure, you can know when I communicated to a particular individual, and even the format and size of the message, but it doesn't include the exact message, right?
Gordon Welchman first productionized “traffic analysis” in WW2 at Bletchley Park.
When in his retirement he tried to write about it, it was his work on traffic analysis more than his disclosing that the allies had cracked enigma that most worried the NSA who tried to stop him publishing.
Traffic analysis is in many ways more valuable than the contents of the messages.
I won't say that metadata isn't valuable, but I still don't think it's holographic. You can tell I WhatsApp my friend every day around noon, so we're probably talking about lunch, but you don't know that today I had a tuna sandwich.
Old thread but I think there’s a wood and trees thing here.
Traffic analysis is king because who you communicate with is a low noise signal and what you communicate is usually noise.
This is well known for police work and military intelligence etc.
It’s also true for ad sales. Ad networks want the trackers on sites so they can build up a profile of you based on metadata not the content of the pages you visit themselves.
Yeah, that's all fine, but the original claim was that:
> Metadata is holographic[0] to message content
...
> [0] X is holographic to Y when the contents of X can be used to completely reconstruct Y
To say something is holographic is a claim about data, not of value. I totally buy that metadata is valuable, it could even be more valuable than the contents, but it's not a means to reproduce the message content. My ISP can tell where I bank, which is certainly valuable to observers, but it can't tell my password or the contents of my accounts, all of which I transmit. That's not a holographic reconstruction.
The problem isn't about the big corporations themselves but about the fact that the network itself is always listening and the systems the big corporations build tend to incentivize making as many metadata-leaking connections as possible, either in the name of advertising to you or in the name of Keeping You Safe™: https://en.wikipedia.org/wiki/Five_Eyes
Transparent WWW caching is one example of a pro-privacy setup that used to be possible and is no longer feasible due to pervasive TLS. I used to have this kind of setup in the late 2000s when I had a restrictive Comcast data cap. I had a FreeBSD gateway machine and had PF tied in to Squid so every HTTP request got cached on my edge and didn't hit the WAN at all if I reloaded the page or sent the link to a roommate. It's still technically possible if one can trust their own CA on every machine on their network, but in the age of unlimited data who would bother?
Other example: the Mac I'm typing this on phones home every app I open in the name of “““protecting””” me from malware. Everyone found this out the hard way in November 2020 and the only result was to encrypt the OCSP check in later versions. Later versions also exempt Apple-signed binaries from filters like Little Snitch so it's now even harder to block. Sending those requests at all effectively gives interested parties the ability to run a “Hey Siri, make a list of every American who has used Tor Browser” type of analysis if they wanted to: https://lapcatsoftware.com/articles/ocsp-privacy.html