On Tue, Dec 31, 2019 at 7:46 AM Matt Harris <m...@netfire.net> wrote:
> > On Tue, Dec 31, 2019 at 10:34 AM Royce Williams <ro...@techsolvency.com> > wrote: > >> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris <m...@netfire.net> wrote: >> >>> >>> The better solution here isn't to continue to support known-flawed >>> protocols, which perhaps puts those same populations you're referring to >>> here at greatest risk, but rather to enable access to open technologies for >>> those populations which ensures that they can continue to receive security >>> updates from a vendor that doesn't have a big financial motive to deprecate >>> devices and force users to purchase upgraded hardware instead of just >>> receiving security updates to their existing devices. >>> >> >> Unfortunately, this is the high-tech privilege equivalent of saying "let >> them eat cake" - because of upgrade friction on mobile in under-resources >> areas (including, I might add, specific sub-populations of US consumers!) >> > > Perhaps more unfortunately, the other option - to continue supporting > known-flawed protocols - is simply saying "let them be victimized." > With the rise of state-level disinformation at scale, I see your point. > Accepting that we should instead support technologies that place those > very same populations at risk is coming from a place of privilege for the > reasons I mentioned previously: you live somewhere with relatively > peaceful/democratic governance, usually have at least some ISP choice, and > are likely not otherwise under the thumb of an oppressive regime at some > level of another - so when your browser makes a TLS1.0 connection, you > probably don't even think about it, much less worry about it, because you > don't have to. The populations we're discussing here, on the other hand, > all too often do. > > What it comes down to is a question of whether we want to solve what we > know today is a real problem or let it fester until abuse reaches an > untenable level in some big, news-headline-making way. One way we can > combat this specific issue is to make open technologies accessible. But > that requires major investment on our side of the world, and prior attempts > to do so (Ubuntu's open source phone OS for example) have largely been > commercial flops. > Indeed. Though a non-commercial (grass-roots, sponsored, or legislative) solution seems similarly unlikely. Royce
