You might want to be more specific about the meaning of "between" here. It's not a cryptographic MITM attack, and if it ever facilitated someone else in performing one, that should be detectable.
> It was never a reasonable goal of the WebPKI to authenticate entities
The confusing thing is that this goal nonetheless appeared in some original marketing and explanations about the web PKI from the late 1990s when it was first introduced. There was another smaller burst of this when people were arguing over the formalization of DV certificates and of Google's UI changes that stopped treating EV specially (as some people found both of those changes objectionable).
I agree with you that the goal of authenticating entities was impractical, but the mental association and expectation around it still hasn't been completely dispelled. (I think I saw some form of this when doing support on the Let's Encrypt Community Forum, as people would sometimes complain that a site shouldn't have been allowed to have a certificate, either because it wasn't the organization they expected, or because it was malicious somehow.)
Right, and when people who haven't paid that much attention to the machinations of the WebPKI (who could blame them) talk about how weird it is that the browsers killed EV, this is an important part of the backstory: EV was mostly a failed attempt to make the WebPKI do this kind of "do-what-I-mean" entity authentication.
The problem as I see it is: there simply isn't one coherent global notion of what entity authentication means. It's situational.
I think you're right that this consensus was clearly emerging then (I remember Firesheep in 2010 as another big identifiable contributing factor), but I remember actively asking smaller sites to enable HTTPS in that era, and they would often refuse. So I think Snowden also contributed to the spread of the norm.
It is possible that there's a retcon element, because it's not always clear in my memory exactly what year various sites became more favorably disposed towards the request to use HTTPS. So I could be misremembering some of them as agreeing post-Snowden when they'd actually agreed one year before, or something.
I think it would be a stretch to say that Snowden did nothing to accelerate the uptake; for better and worse he clearly did. But he didn't set it into motion; we were going to have an all-TLS Internet within a decade with or without him.
> No human regards it as a tragedy that there are only 9 billion of us instead of 90 billion.
I have met some transhumanists and longtermists who would really like to see some orders of magnitude increase in the human population. Maybe they wouldn't say "tragedy", but they might say "burning imperative".
I also don't think it's clearly better for more beings to exist rather than fewer, but I just want to assure you that the full range of takes on population ethics definitely exists, and it's not simply a matter of straightforward common sense how many people (or horses) there ought to be.
We also don't technically have proofs for some of the computational hardness assumptions that popular "real" ZK proof constructions rely on!
This might feel different because those assumptions were chosen in part because people had studied them and they certainly seem to be right, whereas perhaps here nobody has really studied this particular random number theory topic one way or the other.
But in some sense, there isn't a proof that regular ZK proof methods are actually completely zero-knowledge (against a computationally bounded adversary).
Maybe! In that case there would be no contingent universe, only the necessary one. You can see how this would appeal to theists like old Kurt. A buddy of his had a saying about dice...
It's not clear what they mean by that in the threats they've made in multiple places but it's clearly a threat, and they're already lying about us. Therefore, we're leaving France including leaving OVH and not hiring people in France without them relocating first. Our most sensitive infrastructure is local but we don't want a state taking over our website and network services. We don't trust France and OVH to respect rule of law and human rights at this point. It's not a safe country for open source privacy projects and French companies cannot be trusted to even host a static website without hijacking it for French law enforcement.
French law enforcement is conflating companies making products with GrapheneOS code with GrapheneOS itself. They're presenting it as if those companies are working with us and that we're responsible for their actions selling devices using our code. Most of those are using forks of GrapheneOS with features we don't have which are repeatedly incorrectly referred to as being GrapheneOS features. GrapheneOS users can read the many articles and see many references to non-existent features. They similarly refer to non-existent distribution methods and marketing which are actually about these products they're conflating with us. Since they're conflating products and actions by other people with ours, that makes their threats very concerning.
GrapheneOS doesn't even currently bundle an end-to-end encrypted messaging app as we don't have our own and leave choosing third party apps up to users. We plan to make an RCS app with MLS to replace people using Google Messages via sandboxed Google Play but that's no different than what Apple and Google are working towards providing earlier. Even if Chat Control was already the law, we don't have Signal or a similar app bundled with the OS and don't currently distribute a hardened build via our App Store despite plans for it. We do distribute the sandboxed Play Store and Accrescent via our App Store which have end-to-end encrypted messaging apps available...
> We don't trust France and OVH to respect rule of law and human rights at this point. It's not a safe country for open source privacy projects and French companies cannot be trusted to even host a static website without hijacking it for French law enforcement.
Probably the former. SkyECC, Encrochat, etc, were found to be deliberately sold to nontechnical drug lords for large amounts of money - as in, the project leads went out searching for drug lords and selling phones to them individually and offered to sell them 100 phones for $200 per month per phone. Drug empires have that sort of money. And they didn't sell to anyone else since nobody else has that sort of money.
It seems unlikely that GrapheneOS is the same way, since it's free, but you never know - maybe it is made for drug lords, and giving it away to the rest of us is just for plausible deniability.
By 2065, we should be in possession of a proof that 0+0=0. Hopefully by the following year we will also be able to confirm that 0*0=0.
(All arithmetic here is over the natural numbers.)
reply