We also have to consider some external limitations: * Not everywhere has the infrastructure necessary to upload large datasets to the cloud * Most cloud providers are in not-great jurisdictions for some threat models. * Lying to border authorities, even by omission, ends badly.
-
Show this thread
-
Fact is, the majority of "but why don't you just..." solutions in this space either require lying, reliance on infrastructure that may be non-existent or jurisdictionally compromised, or fails openly.
1 reply 4 retweets 31 likesShow this thread -
By fails openly I mean that if you get dragged into a room and are forced to disclose exactly how you protected your data then you lose. The Shatter Secrets approach is fail-closed, it's designed to trigger extra-jurisdictional oversight in the (likely) case you end up in a room
1 reply 4 retweets 21 likesShow this thread -
And "you" here is perhaps too broad, this solution was not designed to keep your vacation photos or text messages safe - the majority of your are low risk - it was designed with the priorties of journalists, activists and human rights defenders in mind.
1 reply 4 retweets 29 likesShow this thread -
It was designed under the explicit assumption that people will get pulled into a room, without a lawyer, and made to divulge every little detail - because sadly that is the state of your human rights at the border.
2 replies 6 retweets 38 likesShow this thread -
One issue we have when we approach funders with these technologies, is that they describe it as "high risk" - as if there was a lower-risk option available.
3 replies 2 retweets 15 likesShow this thread -
Carrying data across borders is risky, if you can avoid it you absolutely should -
@OpenPriv is also working on anonymous communication tech that can facilitate that - but for many people, in many circumstances, flying with an encrypted harddrive is the only option.2 replies 3 retweets 19 likesShow this thread -
So, given that we can't reduce the *risk* we look around and see how we can trying and *reduce the harm*. Which is where the success criteria comes from, we reduce harm by using technology to force the powerful to deny entry or comply to stronger jurisdictional standards.
2 replies 5 retweets 23 likesShow this thread -
We reduce harm by allowing the person at the center to be 110% truthful, upfront - they can provide their device unlocked to border guards and give them an entire tutorial on how Shatter Secrets works.
1 reply 4 retweets 25 likesShow this thread -
Shatter Secrets would change the dynamic from "X has refused to give us the key" to "X gave us a key and was completely compliant, but we need a warrant to access data from these N people and organizations" That is a different dynamic.
5 replies 23 retweets 67 likesShow this thread
So you encrypt the data with a public key whose corresponding private key is left safely at home? (Repeated N times.) (All credit to you if that's actually the technique; sometimes stating the problem is the main battlle.)
-
-
Replying to @NYarvin0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.