Maybe if they keep making it worse and worse it will kind of circle back to good.

Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.

And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.

Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.

It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.

And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.

It’s not unsubstantiated. Push for government-sanctioned client-side spyware already happened years ago with the intent to scan all content and keeps happening every other year, each time with more support, inefficient laws about age control have been pushed in many countries and other are following suits, there’s constant harassment to tech company for them to create backdoor for spying on demand, device manufacturer are threatened for allowing custom software that can be used to circumvent such provisions, etc.

If you haven’t seen any of this, then sure, be surprised that a ban on general public encryption is not unthinkable.

Anyone who thinks a government can ban VPNs without destroying economy is deluded

Anyone who thinks government would never do something as utterly stupid as shooting itself repeatedly in the everything out of spite is deluded. Banning all form of encrypted traffic would be insane. Now tell me, how many insane things have we witnessed in the recent years from our collective governments?

Anything encrypted is blocked. Boom, done.

Is it stupid? Yes. Never stopped lawmakers.

It’s E2EE alright. Just, don’t ask what “ends” we’re talking about.

The drunk dude that’s always sitting on the ground near the park entrance and sell weird tissue dolls with curly hairs is more trustworthy, I’d say.

I can’t wait for a moment where he slip, jumping from the last thing to the next, and use the epstein files as a distraction for something else out of sheer stupidity.

This could be good, except that one move is shooting its own country in the everything.

No need. It seem it got fixed along the way. But that’s the point; I tried this a year ago, and it would not work, either under the default configuration with DRM enabled, or after disabling most of the privacy features, so I just gave up on it.

Firefox, for all the flaws regarding the direction Mozilla is taking, just worked out of the box. And for adoption, working out of the box immediately is kind of a requirement.

Both are completely unrelated to the discussion. TPM sometimes have issues regarding their security, but you can certainly use Secure Boot with your own signing keys to ensure the kernel you run is one you installed, which improves security. And you can use TPM to either keep your FDE keys, or only part of them combined with a PIN if you don’t fully trust them to be secure, so you keep strong encryption but with a bit of convenience.

Without a (properly configured) Secure Boot startup, anyone could just put a malware between the actual boot and your first kernel. If the first thing that happens when you boot is something asking for a password to be able to decrypt your storage, then an attacker can just put something here, grab your password, and let you proceed while storing in a a place it can be retrieved.

Is this scenario a concern for most people? That’s unlikely. But every computer sold these last five years (at least!) can be setup to reduce this risk, so why not take advantage of it.

Just update a W10 local install. It won’t even try to ask you to add a microsoft account.

Sure. It’s not anyone. It’s anyone that can get a warrant. Or anyone that have enough power/underhanded influence to ask them nicely. Or any admin that have access to cloud storage at MS (remember they where caught with some exec having full access to that a while ago). Or any big leak that could exfiltrate these data. And probably a handful of other people, like, someone getting access to your MS account for whatever reason (which kinda happen, seeing how people lose their mail account to phishing/scams all the time) suddenly having access to your keys from there.

If your keys are in a DB somewhere, there’s a lot of way they could get out. Would these ways coincide with someone actually having your drive at hand? Probably not. Still, the key not existing in plaintext in some third party storage close all these holes.

Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer’s TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).

And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That’s the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.

Note that there are relatively safe way to protect these keys even if they are backed up in “the cloud”, by encrypting them beforehand using your actual password. It’s not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn’t chose this way. I don’t know if it’s because of sheer incompetence, inattention, or because this feature is claimed to be here to “help” people that lose their key, and as such are likely to lose their password too, but it is what it is.

Don’t worry, I’ve heard they limited this wonderful feature to paid accounts.

That’s assuming the setting is respected server-side, of course. With the track record of company doing AI training, respect of rules and law isn’t really part of their actions.

Open netflix. Even with a lot of features turned off and DRM enabled, it will regularly fail to load any content.

And, yes, the general user will want sites like netflix to work.

This shows how unhinged the whole recent hate on Firefox is. Turning off GenAI is literally one single setting

We heard of that “kill switch” way, way after the general outrage. Also, other software and services have an “AI killswitch” that conveniently fails to work from time to time, and is fixed only when people notice it.

It’s not unhinged to point finger at someone doing something that, from experience, as always turned bad. Also, if you think the hate (I use your word, I’d say distrust) for Firefox is only related to the recent “AI” push, you’re severely misinformed.

Yeah? That’s kinda the plan? Do you see a particular problem with a mostly renewable (to the scale of our species’ lifetime) source of energy, that can be implemented in various way to accommodate different situations, locations, and use, while trying to make things more efficient?

Because I don’t.

Because batteries are a point of tension in the adoption of some electricity-centric techs. Electricity production can be done in many different ways already (unless you suddenly decide to 100x the demand for shit and giggles), but a lot of applications requires batteries, which makes them some sort of choke point for adoption. Making them better, more accessible, cheaper, more friendly on the environment ease that.

The comparison is also on one end of the world focusing on the dying down side of things, while the other end is (allegedly) looking forward.

That’s why they’re compared.