this post was submitted on 17 Aug 2023
207 points (100.0% liked)
Technology
37727 readers
689 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Even if everything is encrypted when powered off, and decrypted while running, if you get raided while everything is running, it's irrelevant. If you're logged in and someone can just sit down at your computer and see everything, all the security in the world is meaningless.
Unless you have a giant electromagnet in your server rack, remote connection only from your local machine to that rack, and a panic button that fries the whole damned thing should your door be busted down, I'm not sure what else the answer is.
Even if your security is perfect, they can waterboard your ass until you give up the keys, and no court will ever call it misconduct, because they can just declare you a domestic terrorist or an enemy combatant, giving them carte blanche.
Problem #1: and this has been the prime problem for 22 fucking years: The Patriot Act. Every. Single. Bit. Of. It. Must. Be. Repealed. The harm it's caused and the power it's given the government is incalculable.
Problem #2: the rising tide of fascism
Problem #3: general apathy, and general lack of understanding of how computing works. We are rapidly accelerating backward in the general public's understanding of computing principles. Hell, even just how to navigate a file system. The proliferation of locked down devices and walled gardens has driven our collective computing knowledge into the fucking stone age. You won't get most people to adopt gpg since most mobile mail clients don't support it. You won't get people to encrypt their computer's filesystem because they either don't have a general purpose computer anymore, can't be bothered to do so, or the idea of installing an OS that supports it is just fantastical.
Problem #4: third-party privacy services (encrypted chat apps, VPNs, etc) have a profit motive that will eventually override any other motivation.
Problem #5: cloud computing is just someone else's computer that you don't control.
The FBI are going to copy your data before it's re-encrypted but these hill-billy sheriffs would unplug them and haul them off.
It's not meaningless.
I know that it's pretty easy to pick the lock on my front door. Or to break the window and get in. But still, there are a non-zero number of burglars who would be stopped by that lock. Same with my bike lock, which is a bit harder to pick but still possible. Nevertheless, the lock itself does deter and prevent some non-zero number of opportunistic thefts.
There are a non-zero number of law enforcement agencies that would be stopped by full disk encryption, even if the device is powered on and the encrypted media is mounted. There are a non-zero number of law enforcement agencies that would be stopped by all sorts of security and encryption strategies. And I'd argue that simple best practices would stop quite a few more than you're seeming to assume: encrypt any data at rest on any devices you control, and then use e2e encryption for any data stored elsewhere.
You don't even have to be that technically sophisticated. For Apple devices, turn on FileVault (as it is by default if you log into an Apple account when you set up the device), turn off iCloud. For Windows devices, use Bitlocker. For Android, turn on the "Encrypt Phone" setting, which is on by default. If you're messing around with your own Linux devices, using LUKS isn't significantly more difficult than the rest of system administration.
Well, you can hit the power switch. The local constabulary isn't gonna be smart enough to plunge the computer into liquid nitrogen and work on extracting the symmetric key from the frozen memory (although, federal authorities might be).