Hacker News new | past | comments | ask | show | jobs | submit | halJordan's comments login

Ah yes, 12/13 deaths were men (UNHRO). We must protect the women. Sexual violence is endemic between men. Especially in these patriarchal societies that physically separate men from women.

The answer is of course pki with trust rooted in the device. If it isnt your grandson's iphone attesting itself your iphone shouldn't believe it is your grandson.

Your answer already exists in almost every "E2EE" app. How many times does a person even access their convo partner's Safety Number/Security Code let alone verify it out of band?


>The answer is of course pki with trust rooted in the device. If it isnt your grandson's iphone attesting itself [...]

Hardware level attestation isn't even required, and would only marginally increase security. Phones are already heavily locked down. If you're in a position to extract from app data, you're probably in a position to compromise the chat app itself, rendering any attestation pointless.


The nice thing about hardware attestation is that the app might be compromised, but only for a few versions. That's enough to pop your private key stored on disc, and to impersonate you for a short while, but then control is returned to you. You might not even notice, if it's detected by the apps security managers at all.

On the flip side, the most common form of a compromise is going to be untrustworthy apps, because for some reason people still use WhatsApp


"I'm calling from a jail in Mexico, they took away my phone"

Believe it or not, it can be multiple things at once

To me reading this, I wonder if you also tell programmers they must avoid cache hits in L1/L2 because they simply dont need the performance, and because they don't need it they aren't allowed to use it.

My comment was specifically about this news site. What you brought up is completely different use case. I never said use my comment and apply everywhere caching can help.

First middle east flare up?

Nice an unsolicited pdf to download and open

Works on any device!

> demo is disabled on mobile


Yes. What no one here bothers to even mention is that APTs have been doing this very thing since the 2004 Athens Affair. It didn't feed into the sanctimony so it isn't mentioned.


I was just reading about the Greece incident linked on the wiki page. Absolutely staggering stuff - none of which I heard of before!


That is incorrect. While you're idea probably is interesting to them, they are indeed leveraging the infrastructure to "live off the land" doing their own collect. They are very much doing their own targeting.


How would their own targeting relate to "copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders"? AFAIK, telecoms enforcement requests subject to court orders in the US mean one thing, and one thing only: lawful interception of communication.


There is no known limit to the scope of what LE can monitor, and there is no public record to access or analyze in the case of sealed documents. So it could, for all we know, be anyone and everyone.

Remember, way back when, AT&T just gave the NSA full access to their network.


I'm not sure I'm following your argument in the context of this thread. Are you suggesting there were no surveillance court orders whose targets the Chinese found a d copied?


Trump has clearly and repeatedly said he will delete the dept of education.

I just don't understand why it's so hard for people to stay on top of trump's platform.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: