| ▲ | sgc 10 hours ago | |||||||
Can somebody explain to me how backdooring every app does not lead to the real risk of an entire population's bank accounts being emptied, or similar more hidden but widespread attacks that absolutely cripple any country doing this? Almost immediately, enemy State actors will have almost as complete access as the government passing the law; blackmail will become trivial; they could just subtly weaken adversaries nonstop over the years for a more patient return, etc? It just seems ridiculously dangerous. How is having a single point of failure (or handful of points of failure) for an entire country or continent defensible simply from the perspective of opsec? | ||||||||
| ▲ | boltzmann-brain 4 hours ago | parent | next [-] | |||||||
Maybe it's a good idea for the ones pushing this because that is the intended state. Don't forget, Russia has trillions of dollars for bribes. | ||||||||
| ||||||||
| ▲ | zer00eyz 10 hours ago | parent | prev | next [-] | |||||||
> Can somebody explain to me how backdooring every app does not lead to the real risk of an entire population's bank accounts being emptied, or similar more hidden but widespread attacks that absolutely cripple any country doing this? We already had this debate once before: https://en.wikipedia.org/wiki/Clipper_chip The answer is that it is a bad idea. This also recently came up when huntress exposed what it could do with its tool: https://news.ycombinator.com/item?id=45183589 and then failed to understand why this might be a bad thing. Or you know crowdstrike getting rolled in a supply chain attack: https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hi... The government wants a back door to spy on its citizens, not realizing that any back door you build is rife to be exploited by anyone. | ||||||||
| ▲ | wmf 10 hours ago | parent | prev [-] | |||||||
Why haven't those things already happened? Many messaging apps including SMS and Telegram are centralized without E2E. | ||||||||
| ||||||||