Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ferrouswheel 3 hours ago

It's interesting how many comments these days are like, "well of course".

Back in the day hackernews had some fire and resistance.

Too many tech workers decided to rollover for the government and that's why we are in this mess now.

This isn't an argument about law, it's about designing secure systems. And lazy engineers build lazy key escrow the government can exploit.

Aurornis 3 hours ago | parent | next [-]

> Back in the day hackernews had some fire and resistance.

Most of the comments are fire and resistance, but they commonly take ragebait and run with the assumptions built-in to clickbait headlines.

> Too many tech workers decided to rollover for the government and that's why we are in this mess now.

I take it you've never worked at a company when law enforcement comes knocking for data?

The internet tough guy fantasy where you boldly refuse to provide the data doesn't last very long when you realize that it just means you're going to be crushed by the law and they're getting the data anyway.

thewebguyd 2 hours ago | parent | next [-]

> I take it you've never worked at a company when law enforcement comes knocking for data?

The solution to that is to not have the data in the first place. You can't avoid the warrants for data if you collect it, so the next best thing is to not collect it in the first place.

direwolf20 2 hours ago | parent | prev | next [-]

"Good" companies in the old days would ensure they don't have your data, so they don't have to give it to the police.

matheusmoreira 2 hours ago | parent [-]

Plenty of companies would do that if they could. The problem is it has become illegal for them to do that now. KYC/AML laws form the financial arm of warrantless global mass surveillance.

direwolf20 2 hours ago | parent [-]

KYC/AML is luckily still confined to the financial sector. There's no law for operating system vendors to do KYC/AML.

matheusmoreira an hour ago | parent | next [-]

There is no law yet.

Where I live, government passed a similar law to the UK's online identification law not too long ago. It creates obligations for operating system vendors to provide secure identity verification mechanisms. Can't just ask the user if they're over 18 and believe the answer.

The goal is of course to censor social media platforms by "regulating" them under the guise of protecting children. In practice the law is meant for and will probably impact the mobile platforms, but if interpreted literally it essentially makes free computers illegal. The implication is that only corporation owned computers will be allowed to participate in computer networks because only they are "secure enough". People with their own Linux systems need not apply because if you own your machine you can easily bypass these idiotic verifications.

an hour ago | parent | prev [-]
[deleted]
morshu9001 22 minutes ago | parent | prev | next [-]

That's not the point. Microsoft shouldn't be silently taking your encryption key in the first place. The law doesn't compel them to do that.

smt88 12 minutes ago | parent [-]

It's not silent. It tells you when you set up BitLocker and it also allows you to recover the drive.

nemomarx 2 hours ago | parent | prev [-]

If you design it so you don't have access to the data, what can they do? I'm sure there's some cryptographic way to avoid Microsoft having direct access to the keys here.

t-3 2 hours ago | parent | next [-]

If you design it so you don't have access to the data, how do you make money?

Microsoft (and every other corporation) wants your data. They don't want to be a responsible custodian of your data, they want to sell it and use it for advertising and maintaining good relationships with governments around the world.

NegativeK 22 minutes ago | parent [-]

> If you design it so you don't have access to the data, how do you make money?

The same way companies used to make money, before they started bulk harvesting of data and forcing ads into products that we're _already_ _paying_ _for_?

I wish people would have integrity instead of squeezing out every little bit of profit from us they can.

caminante 2 hours ago | parent | prev [-]

What are you talking about?

> I'm sure there's some cryptographic way to avoid Microsoft having direct access to the keys here.

FTA (3rd paragraph): don't default upload the keys to MSFT.

>If you design it so you don't have access to the data, what can they do?

You don't have access to your own data? If not, they can compel you to reveal testimony on who/what is the next step to accessing the data, and they chase that.

futuraperdita an hour ago | parent | prev | next [-]

> Too many tech workers decided to rollover for the government and that's why we are in this mess now.

It has nothing to do with the state and has to do with getting the RSUs to pay the down payment for a house in a HCOL area in order to maybe have children before 40 and make the KPIs so you don't get stack-ranked into the bottom 30% and fired at big tech, or grinding 996 to make your investors richest and you rich-ish in the process if you're unlikely enough to exit in the upper decile with your idea. This doesn't include the contingent of people who fundamentally believe in the state, too.

Most people are activists only to the point of where it begins to impede on their comfort.

egorfine 2 hours ago | parent | prev | next [-]

> This isn't an argument about law, it's about designing secure systems

False. You can design truly end-to-end encrypted secure system and then the state comes at you and says that this is not allowed, period. [1]

[1] https://medium.com/@tahirbalarabe2/the-encryption-dilemma-wh...

direwolf20 2 hours ago | parent | next [-]

Another one: https://www.theguardian.com/australia-news/2024/nov/05/sessi...

al_borland 2 hours ago | parent | prev [-]

I'd love to see companies stop service in countries that request things like this, to put pressure on the governments to not be scumbags.

p0w3n3d 42 minutes ago | parent | prev | next [-]

yeah, every time someone says 'good, government must protect us from terrorists', they need to remember that sometimes

  govt := new_govt
  terrorist := you
fzeroracer 12 minutes ago | parent | prev | next [-]

Unfortunately there's a loud contingent of incredibly proud idiots that post here as well that really like to pretend they know what they're doing.

The people going 'well of course' or 'this is for the user' drive me insane here because as said, there are secure ways you can build a key escrow system so that your data and systems are actually secure. From a secure design standpoint it feels more and more like we're living in Idiocracy as people argue insecure solutions are secure actually and perfectly acceptable.

heresie-dabord an hour ago | parent | prev | next [-]

> Too many tech workers decided to rollover for the government

s/workers/Corporations/

smegger001 3 hours ago | parent | prev | next [-]

it the natural results this site catter not just to tech nerds but one chasing venture capital money. its an inudustry that has never seen a dark patern it didn't like. we have gone from "don't be evil" to "be evil if makes the stonks go up"

hmokiguess 2 hours ago | parent | prev | next [-]

I actually understood that as in “of course . . . because Microsoft”

salawat 2 hours ago | parent | prev | next [-]

It's why tech loves young engineers who just do what their told, of old engineers only as long as they can't say no. Once you dig into the system and see how all the pieces fit together, you can't ethically or morally continue to participate any longer. Learned that the hard way. In the middle of an attempt at midlife career change because of it to maybe free myself to write software that needs to be written instead of having to have a retained lawyer on hand to wrangle employment contract clauses to keep my work belonging to me.

CodingJeebus 3 hours ago | parent | prev | next [-]

It’s not about engineers being lazy, it’s about money.

Trying to resist building ethically questionable software usually means quitting or being fired from a job.

conception 2 hours ago | parent | next [-]

No this is lazy. Microsoft shouldn’t have access to your keys. If they do, anyone who hacks Microsoft (again) also has them.

kypro 2 hours ago | parent | prev [-]

I agree with you, but also think this is only true because we as an industry have been so completely corrupted by money at this point.

In the 90s and 00s people overwhelmingly built stuff in tech because they cared about what they were building. The money wasn't bad, but no one started coding for the money. And that mindset was so obvious when you looked at the products and cultures of companies like Google and Microsoft.

Today however people largely come into this industry and stay in it for the money. And increasingly tech products are reflecting the attitudes of those people.

thinkingtoilet 2 hours ago | parent | prev | next [-]

Saying "of course" doesn't mean we agree with it or fail to try to resist it. It's simply not surprising that this happened.

When you get high up in an org, choosing Microsoft is the equivalent of the old "nobody ever got fired for buying IBM". You are off-loading responsibility. If you ever get high up at a fortune 500 company, good luck trying to get off of behemoths like Microsoft.

kccqzy 2 hours ago | parent | prev [-]

I don’t see that at all. Instead, I think tech workers, including the engineers and the product managers, are correctly prioritizing user convenience over resistance to government abuse. It’s honestly the right trade off to make. Most users worry about casual criminals, not governments. Say a criminal snatching your laptop and accessing your files that way. If you worry about governments you should already know what to do.