Q&A: Security Through Obscurity
Added 2024-09-25 17:00:11 +0000 UTCQ&A196: Is "Security Through Obscurity" actually bad? If we could help draft privacy regulation, what would we want to include? Can regulation help protect mainstream users??
Video Version: https://youtu.be/bNp-DrMcyiI
00:00 Introduction
01:08 Security Through Obscurity
04:19 Privacy Regulations Wishlist
10:06 Does Regulation Matter?
---
π Go ahead and leave some questions below for us to look at for SR197 this weekend! (Note: We record on Friday nights in the US, so it's highly recommended to leave all questions by noon on Friday in the US)
It can be about a specific story, a general question about privacy/security, a question about the world, a question you tried last week, or anything else. Due to time restraints we can't promise that we'll get to yours, but we appreciate all of them!
To receive these posts via RSS, get your own custom link using these instructions.
Comments
Personally, I don't require top-tier security; I simply want to avoid being monitored by every company and government.
Jared
2024-09-26 18:22:43 +0000 UTCAlso, what about Threema? I see they market towards companies but I'm unfamiliar with them. Could you keep us listeners updated if you find a good E2EE teams app?
Jared
2024-09-26 18:21:05 +0000 UTCIn Q&A195, the topic of an end-to-end encrypted, zero-knowledge alternative to Slack was raised, and Henry mentioned that he hasn't found any decent options. Have you tried out diode.io? I've tried it, but my concern is that it's closed source, even though the network it operates on is open source. I thought it'd be interesting to hear your thoughts on it and if I should trust it even without it being fully open source.
Jared
2024-09-26 18:19:13 +0000 UTCA couple of top3-style questions: What would be your top 3 privacy arguments for switching to Signal from WhatsApp/FacebookMessenger and other popular E2EE messengers by big-tech/surveillance-capitalism companies to use on nontechies? In other words; those who can appreciate the implications of nuances in cryptographic implementation are likely convinced already, while those who can't may not appreciate how the implications of barely graspable abstract intellectual points justify making the non-trivial effort to switch themselves and their contacts? What are your top 3 favorite techniques to obtain compliance with your request when requesting data/account removal from non-data-broker companies that do not have a pre-made interface for it? In particular, doing so in the US (so GDPR doesn't apply) as a non-Californian (so CCPA does not apply) adult (so COPPA does not apply). That is, what do you think are top 3 techniques to use when you frame the request to make sure they actually comply with it and neither ghost you nor say they did delete your data while the only thing they did was send this untruthful response to you? In other words, what top 3 carrots and sticks are available for compliance with such a request, and how do you wield them? That is, what are the best approaches to frame such requests in order not to come off either as a supplicant who feels he has no leverage at all, or as someone gutsier but clueless as to what his rights are and how to assert them? If you feel like answering one more minor question, and somewhat of a derivative of Apricot's question from last week: what would be your top 3 privacy rights that GDPR already actually offers that you would most like to see US-wide?
David Johnson
2024-09-26 09:28:02 +0000 UTC
![J.A.X [Ai art]](https://xaiju.com/istorage/100248.jpg)
