Related but India has been on a slow march to becoming a totalitarian surveillance state. Recently, we got public confirmation on govt. having backdoor access to WhatsApp to surveil on citizens when the FM talked about the Income Tax dept. scanning WhatsApp messages to catch offenders: https://m.economictimes.com/wealth/tax/is-the-government-alr...
That article doesn't confirm an Indian government WhatsApp backdoor?
> Due to WhatsApp’s end-to-end encryption, messages sent between two users are only readable by them; even the service provider cannot decrypt the contents of the messages. This prevents any third party, including service providers (WhatsApp, Telegram), from accessing the messages
> no verified evidence to suggest that the government is directly accessing private WhatsApp chats
> WhatsApp itself does not store message content, and it explicitly states that it cannot and does not produce the contents of user messages in response to any government request
Reading between the lines, it sounds like they're getting encrypted chat content directly from the phones (and also metadata from providers).
I can't comment on what they're doing or not doing. But if they're getting chat content directly from the phones, say for example by having arranged with the app to cooperate with that exfiltration, then that is, by definition, a back door.
You must admit the way GP framed it strongly implies Meta gave the Indian government carte blanche access to intercept decrypted messages. That is a massive, order-of-magnitude different story than the Indian Gov't hacking phones (installing spyware, etc.) to exfiltrate messages decrypted on device. They are very different stories with very different implications.
>But if they're getting chat content directly from the phones, say for example by having arranged with the app to cooperate with that exfiltration, then that is, by definition, a back door.
Keyword being "if". There's no indication such backdoors exist, as opposed to something like malware being placed, or the phone being physically being tampered with.
A backdoor would be a feature of the service (be it on server or clientside) that'd explicitly allow for data exfiltration. The service provider complying with metadata requests and having vulnerabilities in their software are not backdoors, unless you can demonstrate that the metadata are oversharing info, or that the vulnerabilities are intentional.
I mean, right above the stuff you quoted, there is mention that govt. does now have the provision to access under exceptional circumstances:
> However, as Ashish Mishra, Partner-Cyber Security, NangiaNXT notes, “As of now, the government has the provision to access the encrypted messages under certain exceptions such as legal request, court matters, surveillance, and criminal investigations. The DPDP (Digital Personal Data Protection) Act, along with the Telegraph Act and IT Act, gives the government power to request such data from service providers.”
Given the general attitude towards digital privacy from the govt, I think it’s safe to assume they do have means to request.
It's unclear whether the government actually have the ability to read/intercept e2e messages, or merely declared they have the right to. That's an important distinction, because the government can declare it has the right to access such messages, without the service providers (ie. whatsapp) being able to follow through with it. We've seen something similar in uk, where a bill passed a few years ago gave the government the right to access encrypted data, and forced tech companies to provide access, but Apple didn't actually implement a backdoor. They instead decided to (very loudly) disable encryption entirely for the uk market.
The problem here is the govt/courts here downplay/ignore even the most straightforward RTI public (Right to Info) requests on many of these matters, the pegasus one still ongoing in courts even after all this time. Meta (FB’s) track record on these situations is spotty at best. WhatsApp is pretty much central to everything happening in India, whether for chatting with close ones, running businesses or amplifying political propaganda. IDK what WhatsApp looks like outside India but every govt. org, political party have verified accounts and directly message folks like me using the Biz APIs even though I’ve NEVER given them consent to do so before and AFAIK, there’s ZERO controls from user’s end to stop these.
I’d also have given WhatsApp a fair pass but Meta/Zuck has never shown any concrete proof that they stand by their users and not the ruling govt’s desires.
That along with all these events, quotes from ministry should suffice to have a reasonable assumption to not put trust on these platforms for private messages.
Majority Indian citizen understand this but this is a risk they are willing to take against the pervasive corruption (almost 60 years). Whether it actually leads to reduction in corruption is of course debatable.
Giving the people responsible for corruption more power to suppress speech and communication will not stop corruption. It just gives them new tools to entrench themselves.
> Giving the government more unchecked power reduces corruption?
It's a weirdly-effective pitch! ("Drain the swamp.")
The stupidity of it is compounded by the fact that it's often not about giving the government unchecked power, but a subset of the powerful unchecked power.
Do you honestly believe that ? Almost all government adjacent people (politicians/ civil servants) own land holdings way beyond their means. Everyone knows that everywhere. If the government wants to crack down on corruption there is extreme low hanging fruit that doesn't require big brother watching you.
Not sure from where you’re drawing out that conclusion from, esp with the “60 years” point which is a timeline where none of this tech existed. Majority of the population I’d think is grossly uneducated on aspects of privacy and security in the digital realm.
This is just misinformation. The Govt just gave officers from income tax department the power to access records through any means, whether breaking open locks and doors, or gain access to devices overriding access codes.
Such fantasy stories unfortunately fly in the country. There was one such false claim widely spread earlier, that facebook had provided the ruling party with access to directly block any posts on facebook they wanted gone.
I disagree mainly because there is a big lack of transparency from the govt/courts on these matters even when pressed with RTIs unless you have sources that say very explicitly otherwise from the mouths of govt/FB.
The trick the government has found is, just saying that gov can access messages is enough to make 99% of the whatsapp users to believe it, and make them scared of using tech for any goofy stuff. Why take risk? - wins always.
YOU'RE A LEGEND! I just managed to ADD (somewhat of) TOUCHSCREEN SUPPORT, better movement, enemy spawning and damage mechanisms in the space that freed up because of this! Genuinely, thank you, made my month :)
Adam was a very prominent Chrome DevRel and top voices of the web platform. I personally owe to his content (blog, snippets, podcast, talks, youtube, social media etc.) to stay up-to-date on things.
It’s a bit of a shock to me that he of all people is getting laid off and that too in such an ugly way.
DevRel is unfortunately something that’s going the way of the dodo though now that interest rates are up. A position that doesn’t directly contribute to the bottom line of a company, so it’s easy to justify getting rid of.
A company will often try and avoid letting a candidate know that they are being considered for firing, or that the decision has already been made, until the trigger is pulled.
That's normal. What's uniquely ugly/American is conveying those firing decisions by locking the fired employees out of their email at 6 PM on Friday. In most countries this is illegal.
I suppose organizing departure in an adult manner (Offer some time to finish task, pass on knowledge, etc... AND let the people leave earlier if they prefer - you know, the whole "think about the team" thing) would also violate someone's meritocratic free speech ?
Do you really need to make it a freedom of speech issue? can't it be recognized as a human as a pile of shit to rug pull someone like that and not let them at least cancel their own talk?
- If Caddy has not already generated a local root certificate:
- Generate a local root certificate to sign TLS certificates
- Install the local root certificate to the system's trust stores, and the Firefox certificate store if it exists and an be accessed.
But is this an unconstraint root, or does it use name constraints to limit it to localhost domains/IPs? And how does it handle/store the private key associated with that root?
What's your threat model here? The way this works is that on your development machine, localias (through caddy/mkcert) generates a root cert and the per-site certs and installs them to your development machine's trust store. All of the certs live entirely on your device and never leave. You have full control over them and can remove them at any time.
The certs and keys live in the localias application state directory on your machine:
The whole nicety of localias is that you can create domain aliases for any domain you can think of, not just ".localhost". For instance, on my machine right now, the aliases are:
> Install the local root certificate to the system's trust stores
I really wish there was a safer way to do this, i.e. a way to tag a trusted CA as "valid for localhost use only". The article mentions this in passing
> The sudo version of the above command with the -d flag also works but it adds the certificate to the System keychain for all users. I like to limit privileges wherever possible.
I don't think a project's core security concerns should be left up to my charity.
I get why they need the permission to implement their cutesy drag and drop interface.
But I'd like to hear why these apps can't continue to hide menu icons after you've revoked the permission. Ice and Bartender at least require you to grant it at all times last I looked a few months ago.
As far as I understand it works by grabbing screenshots of your menu bar and redrawing overtop of it. It can't do that if it doesn't have the permission to do screengrabs.
Unless we're just waiting on someone to figure out another genius workaround, that's the case, yes. Macs are not Linux, for better and for worse.
To be honest it seems crazy at this point an overflow for menu bar items isn't built into macOS, especially now that all their laptops have this notch that can hide menu bar items if you have too many. Plus it competes with space with the dropdown menu items on the left since if an app has too many they'll wrap to the other side of the notch.
Maybe I can redeem myself by clarifying that the real frustration here is with bad macOS UX, not people trying to hack around it. I barked up the wrong tree.
Thanks for adding much-needed cool things to Windows lately — the Terminal and PowerToys and now this, all super appreciated. Do you see command palette evolving and becoming a core part of Windows itself in the future? :)
What's interesting about this vs. PowerToys Run is the "extensibility" aspect. Developers can create custom extensions that users can add using winget/MS Store. This feels very similar to Raycast and is something I miss whenever I switch to Windows. I know Raycast team is working to add Windows support but it's nice to see some competition.
I have visited this temple. The security inside the premises is handled by regular police, but the temple also has a strict dress code.. so you get to see shirtless men in dhotis carrying badges and pistols in cloth holsters. It's really funny to look at.
reply