On Delusions Of Digital Security

I am but mad north-north-west.  When the wind is southerly, I know a hawk from a handsaw.

Are you more delusional than Hamlet? Are you nuts enough to think you’ve got digital security down pat? Are your coins as safe as you think? After the past year of Snowden-driven brouhaha, I should hope not.

The MPi-funded, Stanislav Datskovskiy reminds us that we’re out-to-lunch if we’ve ever had delusions of digital security:

Every once in a while, journalists, activists, and political busybodies of all stripes descend into a self-pitying whining orgyabout the electronic escapades of spy agencies. Those dirty crooks, we are told, have the audacity to break codes, spread malware, and – as luck would have it – sabotage security products, open and closed-source alike.

The kind of shenanigans we’ve been hearing about lately aren’t the least bit new. Crypto AG supplied the entire planet with diddled cipher machines for decades – and continues to do brisk business! Microsoft’s crock of shit masquerading as an operating system was ham-handedly back-doored in the ’90s. People whose money, freedom, or even lives appear to depend on keeping snoops and snitches at bay continue to run Windows. If they don’t care, why should anyone else? Nations openly hostile to the United States eagerly run their defense industry (and, by some accounts, even weapons systems) on Microsoft’s turdware. They purchase silicon designed by American engineers, route their packets – often without bothering with crypto of any kind whatsoever – over American networks. They almost literally beg to be pwned. They demand, plead, wheedle:“Please, please intercept our email and telephone conversations! Please supply us with Trojaned operating systems and network hardware! Please sabotage our nuclear fuel refineries!” These words are not spoken out loud, but they are certainly heard – by the “walls that have ears.” And dollars speak louder than words in any case. They speak very loudly indeed.

Mr. Datskovskiy continues:

I for one am greatly surprised to see respectable men of science like Bruce Schneiercalling for lawsuits and parliamentary hearings to rein in the snoops. The very notion of limiting the authority of a secret police agency via laws and regulations is laughable. Quis custodiet ipsos custodes? Who is going to bring down the law upon these fellows? You? Your neighbor? Mr. Schneier? The Pope? The Grand Inquisitor?

On top of it all, I fail to grasp the public’s anger at our cloak-and-dagger friends. It is much like hating the Public Executioner for chopping heads. It’s what he’s paid for! If you don’t care to be separated from your head, take some measures. Said measures could be political (bow in eternal fealty to your beloved Führer) or technological. The one measure which is guaranteed not to work is whining.

Perhaps one day there will indeed be someone you can trust to pronounce – truthfully and competently – that a crypto-system is strong, that a protocol has not been diddled, that your computer serves only a single master. But don’t hold your breath; today’s digital shaman will not help you; he is on the king’s payroll, and will speak the words he was ordered to speak by his liege-lord. And no seal of confession seals his lips. So if you want security, you will have to achieve it on your own: by using systems which you actually understand. All the way down to the silicon. These do not presently exist, but could be made to exist.

Bringing the comprehensible computer into existence is no easy task – but it is surely a considerably-easier (and ultimately more rewarding) task than trying to persuade the headsman to put down his ax and leave your head on its shoulders merely from the kindness of his heart (or because a piece of parchment, written long ago, proclaims that your head ought to stay attached.)

Lest we think otherwise, let this serve as a reminder that we have exactly zero digital security rightsii handed down to us from on high. At best, we have trust in people,iii, not machines. So don’t go giving just give it up your human trust for nothin’.iv

 

 

 

  1. Still don’t know who MP is? Mircea Popescu owns and operates MPEx and is a backer of all securities listed thereon, including Stanislav’s S.NSA. You can read MP’s musings on Trilema and follow him on Twitter. He doesn’t just fund anyone, so Mr. Datskovskiy is worth paying attention to.
  2. Just as we have no rights that we’re not willing to die for.
  3. For in-person relationships, hopefully you’ve sorta figured out who you can and can’t trust. For on-line relationships, this is established through PGP, the Web of Trust, and one day, a little device called a Cardano.
  4. See The Wallet Inspector’s Promise.

21 thoughts on “On Delusions Of Digital Security

  1. […] then, are as intentionally gibbled as the rest of our our digital security. […]

  2. […] meet-uping or conference attending. If you want to be a part of Bitcoin, spending 6-12 months at Mircea Popescu‘s IRC Yeshiva2 really isn’t too much to ask. If you want to make an impact that will […]

  3. […] also the people who locked up Martha Stewart5. Recently, they knocked on the sovereign door of Mircea Popescu‘s MPEx exchange, which he was polite enough to […]

  4. […] So now we can just live with our parents, eating fast food, and buying ever-cheaper and ever-shittier digital gadgets. Sweet. Also, since when is Wikipedia any […]

  5. […] because of their delusions of digital security, Bitcoiners still aren’t making high-entropy paper wallets. It’s a lot of work, […]

  6. […] Steven knew what he was talking about, asciilifeform, the person to whom I delegate all matters of digital security, wouldn’t approve. […]

  7. […] is what digital security looks like. This is what open knowledge sharing looks […]

  8. […] a glorious, transcendent, and fantastical place that must be! No men’s rights activists, no digital rights activists, no one telling you that they have a right to not be […]

  9. […] Tzu (544-496 BC) For all the historical, technological, and Bitcoin-related readings that I do, trying to give context to our endlessly fascinating and […]

  10. […] it’s imperative that we educate ourselves on the finer points of digital security, there’s no replacement for networks of […]

  11. […] start. You stop. Now. Find something better, like, yesterday. Since you still maintain delusions of digital security, the rest of this PGP Guide will be directed at everyone else. Please to return when you’ve […]

  12. […] are a terrible idea for mass consumption – not only due to the irrevocable keys, but from the illusion of security (thanks, Hollywood) that they bring. A cheap biometric sensor is in fact worse than the state of […]

  13. […] smarter about how they store their coins. Heartbleed and Shellshock also raised awareness about our delusions of digital security and those intent on survival have responded accordingly. 4. Healthy skepticism: scams are raising […]

  14. […] practise, and any personal information stored thereon should be considered compromised. Bastions of digital security they’re most certainly not, but they still have their uses, even if it’s only as a […]

  15. […] Designed to replace the 767 while reducing fuel consumption 20%, the 787 is unique not only for its “environmental conscientiousness,” as if oil prices were high !, but also because an exceptionally large percentage of the plane’s component manufacturing was outsourced, which naturally led to project complications and delays, and equally naturally leads to some uncertainty as to long-term reliability (to say nothing of digital security !). […]

  16. […] I don’t even trust machines that much ! Wow, I must REALLY not trust people. [↩] […]

  17. […] covered in 2014’s On Delusions of Digital Security. […]

  18. […] and pruningi most every aspect of my life with engineered efficiency, much of it in the name of security in an ever-shifting world, it feels time to recapture life’s neglected beauty once more – to unearth the […]

  19. […] highly unusual behaviours, which is why the scam undoubtedly worked on many who don’t take digital security quite as seriously. […]

Leave a Reply to Know The Enemy And Know Yourself | Contravex: A blog by Pete D. Cancel reply

Your email address will not be published. Required fields are marked *