[saagarjha]

Well it’s twofold: one is that security researchers will use bad passwords and click in shady links just like anyone else, and the second part is that even people with state-level adversaries that are actively trying to avoid getting hacked (journalists, whistleblowers, the like) get hacked anyways because they…carry an up-to-date flagship. There really doesn’t seem to be actual protections against a determined state actor short of not using computers…

[i_am_proteus]

"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFI-NITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them."[0]

[0]https://scholar.harvard.edu/files/mickens/files/thisworldofo...

[tialaramex]

I feel like James had the deadline wrong in his calendar and this article is what "Right, sorry, I'll get it over to you by the end of the day" looks like when there is not in fact already a pretty much complete piece that just needs some polish but instead an empty Word document and half an idea in your head.

Like so many people, James is pretty confident that anything he doesn't understand (including apparently elliptic curve cryptography) is probably unimportant, and that the solution to his pressing problems is just to make something he knows isn't possible easy (remembering a separate strong random password for every site) so the people who are working on stuff James doesn't understand ought to work on that instead.

This piece was written, I think, slightly before BCP 188 ("Pervasive Monitoring Is an Attack") but to me it feels as though that's the answer to it. Yes, the NSA (or Mossad, but realistically the NSA) could definitely win if that's what it came down to, you or them. But that's very rarely the situation. Their budget, though large, is finite, and your value, even if large, is also finite. If snooping every word said on the telephone by an American costs 5¢ per citizen, why wouldn't the NSA do it? Worth a shot. But if it costs $5000 per citizen that's gonna blow their budget, and for what? So that's what BCP 188 is about, the question isn't whether you're dealing with "Mossad or not-Mossad" it's whether you are the Protagonist or just another extra. We can't make it impossible for a sophisticated and resourceful adversary to succeed, but we can make it very expensive so that they are obliged to choose their shots.

[buran77]

> But if it costs $5000 per citizen that's gonna blow their budget

The end result is that they split the type of surveillance between "cheap" blanket surveillance, and targeted surveillance for the targets that are deemed valuable enough, while also striving to drive the "per target" price down.

Mass surveillance offers a good opportunity for economy of scales, and gives you a very granular estimate of how valuable a particular target is.

[saagarjha]

I mean, it is pretty clear the piece is supposed to be burlesque, right? Do you actually think James is trying to write about how cryptography is totally useless and we should just give up?

[tialaramex]

It's certainly busking, which, I dunno if this is a regular column he did, but if so as commissioning editor I'd be pretty unhappy with that. I was serious that this feels like it was churned out at pace.

I can't see a way to interpret this that doesn't come back to, fix passwords and stop bothering with this other stuff. In some forms (e.g. satire) you are supposed to sneak in an actual point you wanted to make (e.g. Swift's "Modest Proposal" lists the things Swift thinks would actually work, pretending to dismiss them as inferior to eating babies). But I believe in Burlesque it is considered satisfactory just to point and laugh. I didn't laugh, maybe that's on me.

[saagarjha]

So, just for context, he wrote a number of these: https://mickens.seas.harvard.edu/wisdom-james-mickens. They're joke articles meant to satirize some field of computer science; cryptography isn't the only topic he discusses.

[tialaramex]

Six articles like that :( Worse, it appear this is his style everywhere, including live in person. Perhaps somewhere in amongst this James is actually an expert on something who has useful knowledge to impart to Harvard's students, but perhaps not? Maybe you really can go to a "lecture" in which a tenured Harvard professor expects you to laugh at jokes which even by the already woeful standards of Computer Science jokes, are not funny. Ouch.

One of these articles proposes that the problem with smartphones is that they aren't very good phones. In this "satirical" form it proposes a pyramid shaped "hierarchy of needs" for phones with "Make phone calls" as the most important element at the bottom.

Perhaps in 2014 that felt like an insight, to James Mickens or to his readers. I don't think so, but maybe 2014 is longer ago than I think it is, and maybe nobody had noticed back then that (and I apologise if this is an amazing insight to you now):

Calling them phones was an excuse. People aren't very good at figuring out what they actually want, so telling people we're going to offer them Network capable handheld computers wouldn't work, they don't realise they want those. So you say these are "phones" and then let them gradually figure out that actually they have never wanted to make a telephone call in their life but they did want a handheld computer to access the Network.

The form factor makes no sense for a phone. Clearly a rectangular sheet of glass isn't the right shape for a phone. But it is a good shape for a handheld computer. Which, again, is what you actually wanted anyway.