Cleaning after defecation really requires the skillful application of wet paper towel, then dry paper towel, followed by a shower with a removable shower head set to the laser setting, with soap and disposable rag.
Having spent time in Japan, I found that a Toto washlet is inferior to the shower method. However, washlets are clearly better than only dry paper towel.
My process for American public restrooms involves wetting paper towels, preferably after defecating to maintain absorption of water in the clumped paper towels. It’s odd to me that bathroom stalls don’t offer the facility to wet paper towels. It must be obvious to all that dry paper towel (without soap nor water) cannot possibly clean fecal matter sufficiently, yet this seems to be the cultural norm.
Perhaps someone will invent a kind of washlet that works better than the current offering. I personally don’t need heating and gizmos, just a high quality and reliable cleaning on par with the shower method.
Okay imagine this. You finish taking a shit. And then there's a hole in the wall that you stick your ass in. Then your ass sealing the hole creates a vaccum where it can then flood the hole by violently shooting warm soapy water at your ass. It does this for 3 cycles with new recycled soapy water each time. Then it switches to the dryer mode and completely dries your behind.
Eventide’s classic DSP4000b has algorithms for phone call sonic simulation. The patches are highly modular (and thus can be inspected for analysis - at least down to the blocks used to construct the patch) and it would be interesting to see how that old school hardware DSP approach compares to the author’s design and implementation.
If you give E2EE to the masses, then the endpoints will need to remain vulnerable by design, or LE/IC won't be able to do their jobs fighting criminals.
If the endpoints are designed to be as free of vulnerabilities as possible (which isn't the case anyway - consumer phones and computers are still Mickey Mouse by design), and provide E2EE at scale, criminals will be able to operate with impunity at scale. This isn't a desirable solution.
I'd rather see a trend towards locking down endpoints, but allowing Exceptional Access for communications at scale. Allow the math to exist (code for encrypted comms can exist on GitHub, for instance) but disallow it to be distributed at scale (walled garden App Stores, large Social Networks for instance). Reduce the (growth of) entropy.
Guns aren't sold via the App Store, and Signal shouldn't be given to the masses.
The community here seems more or less unified in the belief that essentially unbreakable E2EE at scale, distributed by GOOGLE, FACEBOOK, and APPLE, is always a good idea. I don't agree with this at all.
Few people in this neck of the woods are willing to argue the counterpoint - the risks of E2EE at scale.
Somewhat related: I'd personally rather see a move towards better cooperation between social network service providers, internet service providers, government agencies, and device manufacturers. Apple, for instance, won't get involved at all if your device is hacked. Rather, it would be nice to see a trend towards designing devices to have automatic cooperation between the various parties to both prevent and investigate hacks.
> criminals will be able to operate with impunity at scale.
This isn't even remotely true. At some point criminals have to go actually commit crimes that leave a detectable impact in the real world. That is where they can be caught. There is no need to surveil the communication of everyone on the plant just to catch the small minority of people who commit crimes. The cost is not remotely worth the benefit.
They would disagree that the cost outweighs the benefit?
Of course, they are not the ones bearing the cost of having their privacy invaded despite doing nothing wrong. I'm talking about the cost/benefit to society as a whole, not one particular actor. We don't need to rearrange all of society to make life convenient for the SEC or any other single agency.
I'm sure it would also be convenient for law enforcement if they could conduct warrentless searches and detain suspects indefinitely without access to counsel, but you know there's a reason we don't allow that.
That argument kind of died when we found out we were being surveilled on mass, with all our communications being kept to be used against us at any point in a Stasi fantasy.
You can't claim trust when you've shown yourself to be totally and utterly untrustworthy.
Moreover if the public servants can get your communications so can organised crime.
Law enforcement can do their job without it. Because they've abused it so thoroughly they're going to have to.
Improving on the design of Exceptional Access systems isn't just about math, nor about considering the problems of key escrow. Rather, it's about considering how to reduce the risks for the issues you've raised.
Fighting on principle is fine, but if the laws are changed to require exceptional access for these systems, it would behoove everyone to work towards a better compromise. Otherwise, your concerns will remain.
> If you give E2EE to the masses, then the endpoints will need to remain vulnerable by design, or LE/IC won't be able to do their jobs fighting criminals.
I don't buy this argument. Law enforcement still has plenty of other ways of going after criminals. All the E2EE in the world won't stop an informant from turning over decrypted versions of communications to the cops. In fact, E2EE makes that evidence more valuable since it's harder for the person at the other end to claim they didn't send it when they're the only one with that private key.
> LE/IC will have a more difficult time fighting crime
I'm not even sure that's true. LE/IC will have to rely more on different methods of fighting crime, but it's not at all clear that those methods are less effective than snooping on everyone's communications. Snooping on everyone's communications sounds easy until you realize how tiny the signal to noise ratio is--that is, if you're actually trying to find real criminals instead of just finding reasons to mess with more people in general.
Hey, I looked at some of your other comments and your profile.
I'm sure you're not posting here wanting to pathologize you, but you really seem like you're having a hard time. I doubt my comment will help, but if I were ever in your shoes I'd want someone to at least try...
The idea there is a bright line between sane and not sane is a fallacy. Instead, all our beliefs about the world are approximations-- at best. We make up some line and say beliefs that are consistent enough with observations are sane and others aren't but the position of that line is largely arbritary. Some of these approximations are more helpful than others, some create feedback that can make us less healthy and happy then we could otherwise be even in the same situation.
It seems to me that you have found yourself surrounded by beliefs which make your life more difficult and you're having trouble escaping from them.
You can get help for your problems and you will be happier for it, almost certainly. I really hope you do.
It's unclear why you've chosen to respond to my comment about my personal situation (which I'm not hiding at all), but I suspect you're trying to conflate something about my credibility with my argument. If that's the case, please stop. In fact, I'd rather you not bring up off topic issues in response to my comment.
We likely have orthogonal life experiences, and I'm simply trying to share my experiences and views. I'd like to stay on topic in doing so for a particular comment. Thanks.
I don't agree with your argument, but I think that disagreement is really entirely unimportant compared to your personal challenges. You're entitled to your views.
HN doesn't have a mechanism for private messages, or I would have addressed you that way.
To the extent that I would want any public effect from my comment being here it would only be to remind other people that you're a human being and should be treated with a modicum of kindness. ... unlike that rude commenters who called you a FBI shill. :)
I think even you know the problems with the argument you're making. The problem with power is, it's only good for two things:
1. Using it
2. Using it to get more of it
And its mere existence will make humans do both of those things.
The only solution is not to have it. A weak government is by design, not an accident or an unfortunate side effect. Nothing in the US constitution (or any decently democratic constitution) makes or should make LE's job easy. Why? Because they'll use that power to get more power. That's what humans do.
I have lived in {} since the mid 2000’s. Stalking by strangers and acquaintances has gotten out of hand in (at least) the past five years. (Any such behavior against me has since calmed down in the past year, after reworking my digital devices, but the effects have had significant impact on me. I also dropped out and gave up on life this past year, which may make me a much less interesting target to harass.)
Such technologies are part of an ongoing increase in information and power asymmetries that can be abused to harass innocent competitors, as has happened to me. I’ve had strangers come up to me in public and discuss specifics of my private life, including non public details about my since failed startup, and personal/private comms. Concurrently, I was falsely accused of a serious crime and was put under the microscope and harassed on a regular basis by strangers regarding this. It became apparent that my life was completely owned at that point, digitally and publicly. It amounted to ongoing bullying which really pushed me beyond thresholds of learned helplessness already long since established.
There seems to be no recourse against this behavior. If you have a digital “kick me” sign attached to your back, there’s little you can do to remove it, short of avoiding being in public. Or, as in my case, one can drop out of life, go homeless, give up all of your assets, and prepare for suicide. Strangers can verbally harass/own/gaslight others, maintain perfect plausible deniability, have perfect encryption to cover their tracks, and devastate people who aren’t equipped to deal with this behavior.
Evolution of survival going forward is trending towards resilience to increasingly sophisticated psychological violence and harassment, as well as the ability to accept being an unwitting voyeur in all public places.
One of the most difficult aspects to this was reporting these incidents (admittedly, under duress in the heat of the moment), and being told that I must be delusional and mentally ill. To me, the delusion is genuinely believing that technology is not used to stalk or harass people in public. As a counterpoint, I will say that being stalked repeatedly does increase your paranoia, so you’ll start to look over your shoulder at every turn. If you believe that all of your devices and accounts are hacked and being used to harass you, the complete lack of digital privacy can have a profound impact on sanity.
To this day, I’m utterly freaked out by the presence of personal cameras, to the point where I’ve nudged people in the community to be aware of the cultural impact of holding phones vertically in coffee shops or other public places. As most people are of course good natured, I’ve noticed a trend in the places that I frequent towards people being more prudent in this regard. I personally cover the public facing back camera on my phone with my index finger as a matter of habit by now, to avoid pointing it at strangers in public. Personally I believe responsibility amongst the tech elite would include immediate installation of physical shutters that open only when a camera is in use. Shutters can be colored blue or yellow, perhaps as a culturally standardized signal that the camera is “closed”.
There’s clear benefit to tech such as Clearview but the potential for abuse by irresponsible or immoral actors is tremendous. As someone pointed out, such tech can be rolled yourself. It seems that the problem is therefore out of control. Welcome to the age of unwitting voyeurism.
Edit: I did make a comment on the linked NYT article, including my real identity. In this comment, I called out at least one person involved in shenanigans against me. This person name dropped {} as someone who would recognize him, before he trashed my startup without seeing it, encouraged me to drop out of my continuing Computer Science studies at the local University (due to the bad rep I would receive for doing so as a middle age adult, so he said), and then threatened my career/reputation if I told the truth about specific stalking incidents, all in one conversation. Not long thereafter, I experienced a stalking incident in public by two men with walkie talkies who harassed me about said startup, mentioning non-public specifics about an engagement we were seeking. In retrospect, these men could have been using tech such as Clearview to more easily enable their stalking and harassment of me. The location of this incident was the playground of wealthy folks in my city’s most affluent public area. My comment on the NYT article was not approved by the moderators, understandably.
Yesterday, a fellow customer of one of the big US wireless telecom carriers received a spoofed call from my mobile number. He called me up thinking I had called him, and we started talking, and turns out he’s a Data Broker from the East Coast (I’m on the West Coast). He was very friendly and discussed specifics for how the mobile phone anonymous token works and how it’s supposedly a secure, anonymous arrangement.
I discussed with this gentleman the concerns from this article and he wasn’t too happy, naturally, given my disagreement with the practice of sharing such data due to such deanonymization concerns.
As I’m a bit of an activist regarding E2EE and voyeuristically supportive of certain disliked politicians, and against the described data sharing, I have to wonder if someone chose my number to play a prank. Of course, it could simply be an odd coincidence, which is the most reasonable base assumption. Still, I wonder why my number specifically was chosen to target this individual, who said he was the victim of substantial identity theft and yet has refused to change his phone number, likely due to the complexities in doing so.
I have a habit of consistently following up on such matters, and so perhaps someone was knowingly demonstrating to me that this wireless carrier can’t even stop in-network spoofed calls, aware that I would investigate it. Of course that’s a bit far fetched but who knows? If the offending party was able to cover their tracks then that says something about the absurd age we are in.
At the least, and unrelated to the original article, it’s clear that this major wireless carrier doesn’t even have the ability to prevent spoofed calls from within their own nationwide network from numbers associated with their own customers. I called their support and pointed out that, at least conceptually, it should be trivial to build a security feature to prevent this. And presumably shaken/stirred ss7 cert authentication for did’s should already cover in-network did authentication and prevent in-network spoofing. Is this a reasonable assumption? Have all the major carriers built these protocol upgrades to prevent spoofed calls?
There’s the outside possibility this gentleman lied to me about his carrier, dialed back the wrong number, or lied to me about the spoofed call but I gained the sense that he was being truthful to me.
Overall it seems that the cyber world is really quite a mess, whether with data sharing malfeasance per the article, insecure wireless networks, globally enabled ransomware, and ever-increasing data in the hands of private global entities that will exist beyond our lifetimes.
SHAKEN/STIR is rolling out very, very, very slowly. Interoperability is poorly defined and carriers seem to be sharing on an ad-hoc basis.
Anyone with a prepaid credit card can spoof numbers, make calls for < $0.005/minute, just by running apt-get install asterisk with a minimal configuration.
Leave whatever jurisdiction was attempting to force me to build something unethical, and after being safely out of that jurisdiction, disclose absolutely everything I can about the attempted coercion.
This is one of many excellent arguments against such backdoors. The US would like backdoors into everyone's communications, and doesn't want anyone else to have them. China would like backdoors into everyone's communications, and doesn't want anyone else to have them. Every country and jurisdiction would like backdoors into everyone's communications, and doesn't want anyone else to have them.
If it comes to pass that the department of justice insists on implementation of Exceptional access it would be who’ve the civil libertarians to work towards a better compromise. Hedge your bets.
Having exceptional access is important to keeping and improving society. It’s unethical to ignore and fight LE’s ongoing needs regarding such access. E2EE at scale, unchecked, is an extreme viewpoint with trade offs that I consider unethical at best, and fundamentally dangerous at worst.
As someone from ex comunist/socialist state, I am completely fine with LE not having too much power.
I think them being able to break all encryption in use is way too much power. Its not if, it's when it will be abused, and how many people die for it.
And LE's can do a lot more damage than all terrorist combined.
Current systems prevent most abuses, and many people are working on improving it to prevent more abuses.
As an excellent example, Certificate Transparency has almost completely mitigated the potential abuse of compromising a certificate authority and using it to MITM traffic. Similarly, "binary transparency" or "software transparency" will hopefully eliminate the abuse of delivering a "special binary" to just one person that others have not received.
Part of the threat model is the belief that any system with a backdoor has any hope of "preventing abuses". The backdoor is the abuse, leaving aside all the misuses of it that will happen.
It depends on whether the access is to be to encrypted data at rest or something like a realtime wiretap, and if there needs to be a way to prevent the spied-on party knowing they were being spied on or not.
One way to do data-at-rest (e.g. a locked phone) is to require physical access to the phone along with some kind of expensive, destructive procedure (e.g. an electron tunneling microscope and shaving away the housing of the secure enclave area).
Also, I'd assume that any competent target would just layer their own encryption on top of the existing stuff, so the whole system would only be good for catching unsophisticated criminals (and spying on the general public).
Or I'd just subpoena the iCloud backups and have Apple decrypt them, which they can already do.
>Programmer geniuses often can’t see the forest for the trees
Indeed, this is true. Likewise politicians often know nothing of how trees and forests actually work; and make absurd proposals which primarily serve their interests and pretend to care about a saving a few trees while endagering the entire forest.
Weakening everyone's security in order to weaken a small minority of criminals' security by default results in a net decrease in society's overall security
I find it interesting that the hn world is largely unified in beliefs about the trade-offs of exceptional access that aren’t necessarily true. Perhaps this is a cultural top-down tribal mentality borne of an adversarial arrangement between the billionaire oligarchs behind the startup scene and the government which serves to offer counterbalance against unchecked power.
I personally find it reprehensible that large trillion dollar tech corps wash their hands of responsibility for the safety of citizens by offering strong encryption to the masses.
I’m personally okay with secret police, but such things work better in secret. The calculus has indeed changed. Checks and balances within such secret societies do need to exist. I’m hopeful that tech geniuses will help to solve the problems regarding technical and social trade offs and risks behind exceptional access, instead of conforming to the often strict libertarian mentality of the sv community.
Yes, it’s serious (in response to your handle). I don’t think it’s necessary to create a throwaway to respond and is also against hn policy.
I’ve been downvoted to oblivion simply for stating my view; also not necessary.
Secret police worked when criminals were put away with parallel reconstruction, for instance. (This being borne of limitations with the anachronistic constitutional notions of civil liberties in the rapidly evolving digital age). I’m all for reducing abuses of surveillance systems, but frankly it’s tech oligarchs who own us, not as much the nsa.
“You can’t stop math.” Not true, strictly anyway. You can ban tech oligarchs from using unbreakable E2EE which slows it down and reduces the proliferation of digital entropy.
Backdoors are an antiquated way of implementing exceptional access. The proper way is to provide third party access that is truly exceptional (living up to the name), and not based on flaws that a malicious actor or rogue nation can break. Instead of E2EE, how about building E2E2EE. Doesn’t need to be measurably weaker.
> I’ve been downvoted to oblivion simply for stating my view; also not necessary.
I personally downvoted because I believe your statement is wrong in fact and problematic in opinion.
> Secret police worked when criminals were put away with parallel reconstruction, for instance.
Parallel construction is a morally dubious method of hiding illegal and unconstitutional activity on law enforcement's part. What crime was truly committed to warrant law enforcement's action is therefore hidden.
Using the idea of parallel construction to support secret police is likewise dubious.
> “You can’t stop math.” Not true, strictly anyway. You can ban tech oligarchs from using unbreakable E2EE which slows it down and reduces the proliferation of digital entropy.
When you outlaw guns, only outlaws will have guns.
It's illegal for citizens to download and distribute music and movies too, but illegality doesn't stop them from doing it. You might block tech oligarchs from using it, but you won't be able to block citizens from using it.
Likewise when you outlaw math, only outlaws will have math. Banning tech oligarchs from using unbreakable E2EE won't undo the fact that that encryption has already been created and disseminated in open source repositories.
> The proper way is to provide third party access that is truly exceptional (living up to the name), and not based on flaws that a malicious actor or rogue nation can break. Instead of E2EE, how about building E2E2EE. Doesn’t need to be measurably weaker.
I have yet to see even a single idea which isn't open to abuse by someone, whether it's law enforcement or citizens. And, frankly, the constitution's goals are fairly clear: citizens have rights and law enforcement is prohibited.
> Secret police worked when criminals were put away with parallel reconstruction, for instance.
It wasn't the secret police which worked. It was the parallel construction.
> “You can’t stop math.” Not true, strictly anyway.
You can't stop math.
> Backdoors are an antiquated way of implementing exceptional access. The proper way is to provide third party access that is truly exceptional (living up to the name), and not based on flaws that a malicious actor or rogue nation can break.
This statement is a fantasy. There is no way to provide third party access that is "truly exceptional" that a malicious actor or rogue nation can't break.
> Instead of E2EE, how about building E2E2EE. Doesn’t need to be measurably weaker.
Anything weaker than E2EE is measurably weaker than E2EE. E2E2EE is measurably weaker than E2E2EE.
You can stop math. Legally stop fb from using E2EE. You’ve stopped math. You haven’t stopped some people from using it. But you’ve prevented common people from having default usage of that math.
Disagree. Don’t use key escrow. Find a better way. Two parties or three parties; three doesn’t have to be significantly more susceptible than two
Apologies on the wording. Significantly weaker, not measurably. My mistake.
> You can stop math. Legally stop fb from using E2EE. You’ve stopped math. You haven’t stopped some people from using it. But you’ve prevented common people from having default usage of that math.
No, you haven't "stopped math". You've enacted a law and stopped Facebook from using end-to-end encryption.
Math is universal. Math is something that should never be outlawed. Math is a fundamental right, an irrevocable truth based solely in fact. You can sooner stop alcoholism by outlawing alcohol than you can stop encryption by outlawing math. The idea of outlawing math would put us hundreds of years behind today; to enact a truth based on the church's "do this because I tell you it's true" instead of "understand this for yourself, I cannot tell you what is true". Outlawing math is dangerous and I cannot believe you are trying to make such an argument in good faith.
> Find a better way.
I do not believe there is a better way. You don't understand the math behind it. Instead of even trying to understand the math which is already widely understood by many, you instead want to make that math illegal and create your own. You don't even want to spend the mental effort to do that much: you demand others to do it for you.
> Two parties or three parties; three doesn’t have to be significantly more susceptible than two
This is factually false. The third party is a moving party which changes every moment. You can not meet that and still be "secure". It is antithetical to the very notion of encryption.
Semantics aside, if FB isn’t allowed to use the math behind E2EE, they’ve effectively been stopped from using math. Just trying to avoid getting into the weeds.
Similarly to you questioning my faith in the matter, you’re ignoring my argument, ostensibly not in good faith, either. I’m suggesting to build a better mousetrap. It may not be perfect but might help maintain and improve civility in society.
Alcoholism and alcohol aren’t really a great analogy.
I understand math better than you may realize. You said that you don’t believe there’s a better way. You’ve effectively conceded that the existing key escrow solutions with the known risks are the best that can be done. I’m suggesting to do better. Find a better compromise.
Three party access in current incarnations may have flaws but the statement isn’t factually false. It’s simply undiscovered.
The part about tech geniuses being able to solve a problem that can't be solved without violating principles of mathematics.
You probably don't think you said that though, because you missed the point yourself. It's a common mistake. You're in good company, plenty of smart politicians and national leaders have the same misconception. It's often stated in terms like "if we could put a man on the moon, all the smart people in Silicon Valley should be able to put their heads together and figure this out." But it doesn't work that way.
Aside from being wrong, which in itself doesn't deserve a downvote, it's also poorly thought out and a seductive yet destructive line of thinking, which arguably does deserve one.
I’m suggesting to rethink the problem fundamentally. Minimize abuses of an exceptional access system. The problem with purely technical folks is often an inability to socially transcend from their techno libertarian ideals
And my statement wasn’t entirely wrong. You can legally prevent large entities from using strong E2EE thus “stopping” the math to some degree - or minimize/isolate the usage of those munitions.
It might be more accurate to say “you can’t stop everyone from trying to use the known math”. And this is likely an acceptable compromise to LE. Reduce the entropy.
Still not clear what I’ve said that’s false.
And, as per another comment, you can claim that the problem isn’t solvable when a compromise aims to minimize the abuses not necessarily eliminate them (although that would also be acceptable).
As it’s possible this will be legally required it makes sense to work towards a compromise instead of arguing on principles that may be strictly true (3>2, how to trust the 3rd wheel, for instance)
Any (yes any) exceptional access aka backdoor scheme will be a magnet for bad actors. So here's a rethinking for you: rethink the notion that privacy needs to be subject to compromise.
The article you linked is an example of why offering access to employees who aren’t properly vetted, don’t have security clearances is a bad idea. Further, a proper exceptional access system, in my view, will aim to reduce abuses as described in the article you’ve linked, perhaps even using a design that offers technologically enforced checks and balances against abuses.
I wonder if @Snowden’s disclosures have largely led criminals away from phone/text (to encrypted apps), and whether the lack of ongoing utility of this surveillance program resulted in part from his disclosures.
