The anti🚫-derailment🚃 & thread🧵 hijacking🔫 thread🧵 ⁉

Yes, but this universe doesn’t have enough time and resources if you do it correctly.

Except for me cuz you just told me.

Okay sorry then, still, I do not see the usecase.
Just upload it to some CDNs or IPFS and download+decrypt.

That is never true for too long.

People used to say that in 1970’s about their state of the art encryption, which modern day computers take about 2 seconds to brute force.

as stated prior, this is in case you want to be paranoid.

I do not trust uploading/downloading for multiple reasons including but not limited to:

• someone might gain access to where my files are without my knowledge
• it’s easier to gain a judicial access to where my files are if I uploaded
• if I’m using someone else’s service, I do not trust it.
• if it requires a custom app that sets up encryption, I do not trust it.
• I like to collect NDAs and Security clearances and keep multiple files protected by those together. This creates a legal nightmare for anyone attempting to gain Legal access to any file in that storage. I can do that in a necessarily offline storage solution which I own but I’m not allowed to do that in a cloud based or shared storage solution.
• Having encrypted files in a storage solution will flag the case which @anon3825968 mentioned, where someone might demand you give them the decryption key while failing to do so would make you look guilty.

I’m talking about sensitive file storage as per Rosco’s example. Not about just storing your todo list.

All invalid due to crypto. It’s useless byte garbage to those people.

I’d be paranoid about bricking the chip with the only copy of my data.

Yes, maybe, but we’re at the point where we have crypto that can’t be broken even by the next TYPE of computer (quantum stuff).
I’ll happily lose this, but I bet we wont break modern crypto in my lifetime.

Who cares if you look guilty? If you give them a false password that deletes your chips data, does that look less guilty? How’d they know it’s your fata in the first place?

AFAIK all my NDAs would allow me to store data encrypted properly whereever I want.

Yes I’m too.

The only argument I see is: if it autodeletes on a wrong password, you can protect it from you being tortured.

Again, the whole point was based on rosco’s comment where if they know you have a file they might request the decryption key.
So I do not care if it’s garbage or not. they knowing you have files is already an issue.

Plus, let’s take your point…

• unless you use one single decryption key for each file, there are methods to narrow down how much time you need to brute force a file if you have enough files that share a single decryption key.
• there are encryption methods which we believe computing is unable to break… but it is a lie and there are (very few) places in the world which can. not true to all types of encryption but I wouldn’t roll my dice there.
• if anyone has access to the files they can still back them up and wait for a next step in computing where modern day cryptography goes from 10K years to brute force down to 10 seconds. All you need is for humanity to find a new semiconductor material or proper quantum computing becoming an actual commercial thing.

In either case, letting someone gain access to your sensitive files now just because “they cant break it yet” sounds like a terrible Idea to me.

Nobody said anything about that chip being the single place where you back it. it’s the place where you carry it.

But if that’s your argument, then…

I would be way more concerned about cloud storing my files. Because once anyone has access to them, then they don’t need a decryption key to delete it.
So if that’s the only place you keep that data, even more reason not to store it online.

How can you claim what something that does not exist is able to do?
If it’s yet to be invented then by definition it’s limitations are yet to be discovered.

That was the whole point of this exercise of logic.
If you don’t care to look guilty, then the use case is not for you.

There are many flavours of NDAs. they are an agreement.
This sentence seems the same as: “My Tenancy agreement allows me to have pets, so every tenant in the world is also allowed to have pets”

The NDA/clearance angle is basically “make sure someone else who has better lawyers and better resources than you do would also have a great deal of interest in protecting you in that case.”

No one believes torture makes anyone give information they wouldn’t want to give without torture.
Even torturers know that.

But just to honour this hypothetical scenario:
if you find yourself in a jamesbondiesque scenario where you are about to be tortured mate… you will be tortured.

• If you give them the password, they will torture you to find out if you have any more data somewhere else.
• if you delete everything, they will torture you to try and get you to dictate whatever was on that file.

Again, how’d they know? But okay I see the argument, kinda.

Not to me lol, because the “yet” is happening way after my death, but yes I see the risk.

This makes me think of these giant data centers that are just lots of XBOX hardware wired together haha.

That’s why I mentioned IPFS. You can also look at bulletproof hosting where all the criminals store their stuff.

Because maths and physics.

lol, you interpret something into this, just saying my NDAs don’t forbid it. Not saying every NDA is like this. But many NDAs care about not disclosing data and do not care if you have it on a USB stick, an implant or Dr. Googles servers.

I would spill every secret I know with my balls hooked up to a car battery. Just saying.

Not possible with most things I store. Because most sensitive things I have are like huge documents I haven’t read half of and loooots of code. And yes that doesn’t apply to everyone.

Yeah torture sucks but if it’s gone it’s gone, they can torture you more n more but if it’s gone it’s gone for good.

But you’re right with the torture thing, which makes the original idea even less useful imo.

Yes uploading encrypted data is not the same as not uploading it. But in my threat model it practically is.

EDIT: i missed you for things like this btw

• it’s much easier to gain access to an online server than to an offline asset (especially if it’s an implanted chip).
• if it’s hosted by someone else, they do have access. Therefore they know.

Oh, for sure! XD
Not putting words in your mouth, just anticipating what other readers might interpret and reacting accordingly.

Lol!!
We all would! but I doubt that would prevent a torturer from continuing!!
I mean… while he tortures you to gain information, it’s his job.
After you gave away everything you know… then it’s his leizure time!

The way tech grows… I bet we’re seeing this happen perhaps even a couple of times in our lifespan. but this goes beyond the scope of this debate.

LOL!
Yeah, just to add clarity to my point…
The whole “it would take the fastest computer 25 years to break this encryption” argument is looking solely at the bruteforce angle.
Someone might discover alternative methods other than bruteforce.
And let’s say one is to expect the best funded research into that kind of stuff to be done by entities which also don’t want anyone else to know they can do that. so we would never hear about that.

In a similar tone, just for a cool example… I’ve seen an AI detect with a fairly great deal of precision which messages contained a specific name, while monitoring a network where heavily encrypted messaging service was connected (think someone talking over signal or whatsapp through a router that wireshark was listening to).
It did not pick up all the messages with that name and the degree of certainty was inversely proportional to how log was the line of text where the name appeared… but that was just a test ran by uni students, so you can imagine what highly trained and funded professionals are able to achieve.

I just assume most of those are actually run by law enforcement/intelligence agencies. They just let the petty criminals store their stuff there because they gain more value from the info they gather than from arresting them.

It’s just like gun/drug darkweb stores.
It’s actually hillarious to see how many times one law agency tries to arrest someone just to discover they work for another law agency.

But those are also the ones where the companies behind them only care about scaring you or taking your money… the ones you want to watch over you would definitely be a lot more specific about that.

Never said they would be successful. just that they would probably still torture you regardless of they getting what they wanted or not getting it.

Not true.
deleting a file does not erase it. it’s still recoverable.
to do that you would need to shred the file completely (by setting each byte to a hard value). but that does take a lot of time for an implant to achieve… so if we’re talking jamesbond level stuff here, then Minime might figure out what’s going on and interrupt it before everything is gone.

Very fair point.

I know we’re only debating this for the sake of phylosophy.
But we are indeed discussing how to make a door lock no one could ever break into… only to install it on a house with windows.

Attack/Threat vectors are by far the most important element to be considered. Otherwise, if we try to implement too much security we’re only make it so that it’s more convenient for the user to bypass it.

Me too!!

It’s good to get a good old debate going every now and then! xD

How does this random server provider connect it to your identity is the question.

I know

I suggest you look at the Cyber Bunker thing that happened in germany. Very interesting. There are also servers on international waters. Bulletproof hosting is a crazy business.

I sadly only have german links.

When I say delete just assume I overwrite it with random data 5 times ok?
I’d be very interested to see how this could be recovered from an Apex, probably only with physical access. No idea how this actually works tho so maybe a malicious applet is enough.

True!

That’s a good question, which goes beyond this scope. (as in… my previous arguments were on the basis that whomever was the villain here would know)

Anyway, there are many ways:

• if you order pizza to your address from the same network/session
• if you have personal data on said files and they manage to decrypt it
• if the authority in question also controls the network’s exit and entry node used. (and we do know that intelligence and law agencies own most of Tor’s nodes anyway)
• if the authority in question is listening to your pre-entry traffic as well they can identify the packets making the requests in the server

Got curious now. Will check, thanks!

Germany is one of the few places in the world where I still have a tiny bit of faith on that kind of stuff…

Yep!!
Again, was just covering all bases from a third party reader’s perspective.

And also curious about how to recover data from an Apex. And you’re probably right: I bet Minime would need to cut the implant out of your hand to do that. You better hope Minime doesn’t realise the longer-than-expected retrieval time might be an attempt at self-immolation from the part of the chip.

I love philosophilcal discussions like this one, but since

I can only think of being bound to a solid steel bench while a dangerous looking red laser beam crawls towards me

I always giggle at how blurry are the lines between a superspy’s contraptions and next-door-Dungeon furniture…

True that, but if I ever end in a dungeon with a people-cutting laser beam, I think I might have met the wrong people…

Ah damn, hope I didn’t derail your discussion! It’s my secret superpower - derailing the derailing-thread

uhmmm… I think we have polar opposite definitions of “wrong people”

It’s a very appreciated super power!!

I mean, the part of being tied to a metal bench is totally okay (maybe I could get a blanket? just against the cold?^^), but a laser that wants to cut me in half is a bit too much for me

Well… not that I would want to die now, but if it’s to go, that sounds like a pretty great way to do that!
So… respect for whomever pulls that one on me!

Not if you ask me. We were mostly done I think.
Also, I was in a Meeting this whole time so it’s good we didn’t discuss any more.

This reminds me that I have to watch the new season of solar opposites!

Exactly the same here!!
Just jumped out of it.

Meetings are great for this kind of stuff… especially since I can’t actually use the time to code anyway… =P

Derailing is a cyborg specialty… And that’s why we like this forum.

What is that?

image500×669 59.4 KB

Alien brain hemorrhage shot

Start with 70% peach schnapps
Carefully flow a thin layer of blue curacao
Next carefully flow a thick layer of baileys Irish cream on top
Then aggressively drop a few globs of grenadine from the top, it will pull the baileys down, making it slightly curdle and clump, and mix with blue and red hues

Then drink the shot and remark how it’s still tastes like mostly peach schnapps

just a perfect description. XD