[brianbarker]

No. A backdoor is considered to be deliberate and obfuscated from easy discovery, with the intent to be secret access.

If every system flaw or coding bug is a backdoor, then defects like OpenSSL's Heartbleed would be deemed backdoors, and they're not.

Unless you're wearing a heavy tin foil hat and think the coding mistake for Heartbleed was intentional. I guess I can't dissuade you from that train of thought.

[ht85]

> Unless you're wearing a heavy tin foil hat and think the coding mistake for Heartbleed was intentional. I guess I can't dissuade you from that train of thought.

Are you addressing me personally? What does that have to do with what I said?

> A backdoor is considered to be deliberate and obfuscated from easy discovery, with the intent to be secret access.

Isn't that the case here?

[brianbarker]

- Not you personally. I have experience with HN comments. Just covering my bases.

- No, it's not the case here. Unless you can prove it. There's no evidence it was done intentionally.

[ht85]

When I say it was done intentionally, I mean opening an authentication-less was intentional.

It could be disguised as an access for their own service and the real purpose be mass surveillance, or it could be a simple mistake in a big codebase, but the "door" is definitely not a bug.

Even though nowadays we keep hearing about nefarious backdoors, they used to simply refer to hidden service entrances for software creators, a completely legitimate use.

[linkregister]

Indeed, this is a valid definition of backdoor.

[0x0]

Why is it that everything either has to be a blatant backdoor or an innocent mistake or tinfoil hat territory? I find it hard to believe that nobody ever wrote a backdoor and took the time to conceal it as an innocent, plausible mistake.

[brianbarker]

Alright, I'm burnt out and I don't want to think about work for a few mins, so:

I tire of the logic such as "well...what IF...someone...did that intentionally!" Then people think they're smarter than everyone else, using words like sheeple and such.

Shit happens. Merges fail. Teams miss stuff. I once randomly discovered a hole in a web app where data was being leaked from an ajax call without logging in. No conspiracy.

Yes, if I were a 1337 haxxor and I wanted to disguise a commit to, say, Linux for my backdoor I would disguise it as a mistake. Totally right, that would be smart and awesome. I'd have something to say on the next HN post of "What makes a Senior Software Engineer", because a junior engineer would not be this smart.

As an aside, long before the NSA reveals of 2013 there had been reports of back doors in skype. My clock skew causes me to forget how many years ago that was, but I'm gonna say somewhere 2005-2008. As 2013 passed, I thought back on that and laughed.

So yeah, Skype is backdoored. Is this one of them? Perhaps. Or it's yet another big corp fail. Orrrr...getting crazy now....it's a bug, but then it was discovered long ago by smart people and has been exploited. So it wasn't internal conspiracy, just a good find by some NSA dude.

Anyway. Back to my code.

[Kalium]

I agree! It's absolutely possible that a clever person would disguise an intentional backdoor as an innocent mistake.

As the two can't be distinguished at first blush, the wise approach is to adopt an innocent-until-proven-guilty approach. Which is to say assume it's an accident until it can be proven intentional. This way, both possibilities are taken seriously without jumping from zero all the way to tinfoil at the drop of a hat.