I am also not quite ready to concede that a Chrome/Blink base is the only way a browser can be successful. I'm sure the day is coming, and I'm not sure that we can ever go back when it does.
It seems the issue lies in tech companies preempting privacy legislation with proposals that are largely toothless. While the EFF sought to add amendments that would make the bill more robust, ACLU WA sought to quash it all together which makes me wonder what the reasoning was for not attempting to amend the bill.
What a bizarre situation. I'm wondering what the motivation would be to just apologize and dump decryption keys.
>Kaspersky Lab's Sergey Golovanov told BleepingComputer that he was able to confirm that the keys are valid and was able to use them to decrypt a test machine.
If it's no longer making them money (they've shut down), I see why they'd do this. Even if you getting money is worth more than others' data, their data probably still has some positive value in your ethics system. (Otherwise your malware would wipe everything once you were done.)
While I don't work on a red team, it does seem to me that an organization should vet software used by their red teams via the same processes that they use to make risk determinations regarding any other software run on organization systems.
Is it a trend to just "let red teams go to town" without their strict compliance to existing security processes? Are software titles to be used usually included in a statement of work or when negotiating the scope of an engagement?
Or they were aware, and they conclude that someone's behavior as a homeless 17 year old has little if any bearing on their aptitude in running a company 30 years later.
"But although the cliche says that power always corrupts, what is seldom said ... is that power always reveals. When a man is climbing, trying to persuade others to give him power, concealment is necessary. ... But as a man obtains more power, camouflage becomes less necessary.”
You expect them to go through 30-year old records on their creditors? Have you ever gotten a loan that required interviews with the people you went to high-school with?!?!
If a company's investing 100m in a company where directors likely need security clearances etc (I mean, I don't know if they do, but given the industry I would assume so), then, er, yeah, I'd expect a pretty thorough background check.
I don't necessarily disagree, but can one do anything that puts them past a point where society should afford them a chance at redemption? Does an individual always deserve to be given a second chance?
These are great questions. When I look at religious institutions (I'm thinking of the Catholic church, or the LDS church that I grew up in) there are formal ways to achieve absolution. I wonder if we need a secular version of that, other than "prison time"? (And even "prison time" typically carries life-long stigma, rather than absolution).
When I read your comment, I realized I intuitively view open access to surveillance systems like this as more desirable than limited access, and I don't know how to articulate that feeling.
I'd consider myself privacy-conscious, however it is clear that this sort of open access further limits my "privacy." I wonder if privacy advocacy is more about aversion to certain power imbalances rather than privacy as an end itself for many folks.
While having everything be open would probably reduce double standards along the "government and people with influence" vs "non-government and people without influence" lines I am not sure it would be a net positive, or at least not enough to prefer an open approach to dragnet systems over not having them in the first place.
I would be very worried about "tyranny of the majority" type situation where a (large and or powerful enough) local majority uses the system to the detriment of some local (small enough or powerless enough) minority either under color of law or with a blind eye and/or tacit approval from the local powers that be. With a large enough majority vs a small enough minority government's hands may effectively be tied when it comes to preventing abuse and intervention from next higher level up level of government is not always forthcoming. We've all seen the way online communities engage in witch hunts. If the past is any example I don't think we can trust municipalities in possession of dragnets to not do the same if the contents of those dragnets are open to the public.
I think we can all agree that gay bar patrons in rural Alabama and gun shop patrons in urban Massachusetts, to name a couple examples, might not do too well under an "all the location data the local government has out in the open" type of surveillance scheme.
Privacy as a constraint on government action, yes. Aren't all constraints on government action essentially concerned with addressing the power imbalance?
But privacy itself is also a claim against your neighbor: not only is it illegal for them to blackmail you, it is impermissible to obtain the grounds for that blackmail.
I'm perhaps more afraid of my neighbor than I am the government. Rapists are more often people you know, and all that.
I'd wager that there's vanishingly few people who don't have some thing they do, some demographic they belong to, some association with something, that some vocal minority would crucify them over while the apathetic majority stand idly by. The government can't always protect you from this kind of threat. Being a subject of controversy is not a protected class, your employer can fire you (in most states), people can refuse to do business with you, etc. etc for no reason other than because they don't want to be involved. As we've seen with online witch hunts, people's lives can be ruined, or at least set back years or decades by controversy that stems from private information getting into the wrong hands.
Urban areas have privacy by blending into the crowd. Rural areas have privacy by density, there simply aren't enough people to observe everything. Technology is making both those obsolete.
>people's lives can be ruined, or at least set back years or decades by controversy that stems from private information getting into the wrong hands
Private information "getting into the wrong hands" often seems to be an issue of misplaced confidence in the confidentiality of that information. In an era where "surveillance is democratized," how we think about the existence of "private information" might radically change. In your example, the words, actions, and ideas that would have generated controversy might not have ever been spoken or acted upon in the first place, or there would be such an apparent abundance that the "controversy" wouldn't hold ground. More of a fringe position here, but maybe certain ideas and actions wouldn't even be conceived of in a post-privacy world, as the result of the loss of an expectation that those ideas or actions could be kept confidential.
It certainly feels like the cat's out of the bag when it comes to mass surveillance. Facial recognition, for example, isn't going away, and there doesn't seem to be enough political / institutional momentum to counter the value that is provided to organizations by the data that one might view as an invasion of privacy. There doesn't seem to be a meaningful debate about maintaining personal privacy, so maybe the discussion should be who has access to these tools, systems, and institutions moving forward.
This article is a follow up, as Kaspersky has developed a tool to allow ease of decryption.
Previous article of the team closing up shop: https://www.bleepingcomputer.com/news/security/shade-ransomw...