[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt sources.list

On Sun, Apr 16, 2023 at 3:06 PM Tim Woodall <debianuser@woodall.me.uk> wrote:
>
> On Sat, 15 Apr 2023, Greg Wooledge wrote:
>
> > Now, personally I don't feel this is a threat model that I need to
> > worry about.  I just use plain old http sources at home, and if "They"
> > learn that I've downloaded rxvt-unicode and mutt, well, good for Them.
>
> The thread model I'm most concerned about is local stuff *exporting*
> data elsewhere.
>
> I do understand that there are people in some parts of the world that
> want to do things that they ought to be allowed to do but their
> repressive governments are preventing. HTTPS is a useful tool to make
> that repression harder - but doesn't actually make people safe - if
> doing something is illegal then it's still illegal even if it's harder
> for the authorities to detect it.
>
> But it's pretty much impossible nowadays to have a "safe" environment at
> home. Phones, TVs, almost everything, now tries to establish outgoing
> connections.
>
> ESNI, and DNSoHTTPS are on the way to making it almost impossible to
> keep tabs on this and restrict what is allowed to egress.
>
> The only redeeming point is that corporates *need* to do egress
> filtering - so at the moment the browsers cannot totally block it - and
> if they did try, there would be the financing to provide a browser that
> corporates could use that, at least, allowed SNI sniffing and regular
> DNS.

Corporations don't need browser cooperation for Data Loss Prevention
(DLP) (but they already have it). Corporations just run an
interception proxy, like NetSkope. The NetScope Root CA is loaded into
every browser trust store. The application will terminate all traffic,
inspect it, and forward the request if it looks innocuous.

The W3C and Browsers have already decided "interception is a valid use
case." That boat has already sailed. The browsers claim authority
comes from Priority of Constituencies under the Web Design Principles.
I argued against it until I was blue in the face. Also see
https://www.w3.org/TR/html-design-principles/#priority-of-constituencies.

The conspiracy runs even deeper. App developers cannot ask a WebSocket
for the certificate or public key used to setup the secure channel. If
an app/JavaScript could get the info, then it could determine the
connection was intercepted. The browsers don't want app authors
knowing that because "interception is a valid use case." So the W3C
and Browsers have baked interception into the model, and then
neutered/crippled the technologies to ensure the agenda is moved
forward.

Jeff
Reply to: