Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
> APOLOGIES FOR GOING OFF TOPIC SOMEWHAT. SHOULD WE MOVE THIS DISCUSSION TO A > DIFFERENT THREAD? Perhaps we should, but this seems to be as good a forum as any other. > privacy. But for me, and probably many others, this rates fairly low in my > mind. What is more important, is security: security that your > communications have not undergone tampering, security that your money isn't > being stolen, security that no-one is fiddling with your online > accounts, etc. Privacy is also important, but only as a part of the overall > aim of achieving security. It depends on the place where you live and the conditions with regard to surveillance etc. there. If the government/corporation don't see you as a risk (which you can only guess, because you are not told or supposed to be told), then security from petty criminals is the major concern. If they do see as a risk (for whatever reason or some red flag raised by some algorithm or whatever else that is possible today), then it's a different matter and privacy is as important as security, if not more. In my opinion, privacy by itself is a basic right, like human rights. Even with human rights, what I said above applies. As long as your behaviour or profile or record or even credit rating (think of China, for example) doesn't make the powers that be unhappy, human rights don't matter. Otherwise they do. One always has the option to make oneself compatible with what the powers that be want one to be. Then there isn't much risk, in a way, except from petty criminals, because the definition of risk has been narrowed down. > these forums are dedicated to a particular piece of technology, and because > most subscribers are likely technology specialists. It's good to have > lateral experience of different domains, and also to bring-in people who > aren't technology specialists, so that their creative input can add extra > value to the discussions. I am from the technology domain by education and by profession/job, just not in the OS or Linux or network security domain. > One thought I've had is that changing business models, from closed-source, to > open-source, can sometimes be an effective security solution: if > you find people are stealing your software, just give it away for free, and > charge for customisation and support? That seems to be the best way, although as of today it is that successful. It goes back to politics etc. > Here in the UK, we have a pretty effective democracy where different groups > (including the general public) can lobby the government. As such, > the general public can lobby the government in order to get the government to > provide more effective cyber-security resources for the general > public. Not sure about America or India (India is perhaps where you are > based?). America are strong democracy advocates and India has the > largest democracy, but I don't know whether their democracies are in reality > broken systems I don't want to say much on this, but enough information is available online. All I can say is that, India, like in almost everything, is in a class by itself. It is also one of the most affected by the repeated states of exception, some global, some local, in the sense of Surveillance Capitalism, very closely tied to the state, across the political spectrum. In theory, privacy has recently been declared a fundamental right by the courts, but theory is just theory. Sometimes it furthers in practice the exact opposite of what it says, because you can always point to the theory and say everything is alright and the concerns are unwarranted etc. Now there is another unprecedented state of exception and the signs of what is to come are already there. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_H5D2zmTMEddoDL2H%3DU-XXLiQTAascf1s%2BUYvqnyzV%2Bw%40mail.gmail.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
APOLOGIES FOR GOING OFF TOPIC SOMEWHAT. SHOULD WE MOVE THIS DISCUSSION TO A DIFFERENT THREAD? On Tuesday, 5 May 2020 21:12:43 UTC+1, Anil wrote: > > > In usage, the words security and privacy are often assumed to be > synonymous. This is wrong by a wide margin. They are, in fact, quite > often in direct opposition to each other, depending on what kind of > security you are talking about. > Totally agree with you that the terms security and privacy are often conflated one with the other. Most of the popular public discourse focuses on privacy. But for me, and probably many others, this rates fairly low in my mind. What is more important, is security: security that your communications have not undergone tampering, security that your money isn't being stolen, security that no-one is fiddling with your online accounts, etc. Privacy is also important, but only as a part of the overall aim of achieving security. > ... It may be obvious, but the answers to the questions about these three > lie only partially in technology. Regardless of technology, the > critical parts of the answers lie outside the domain of technology. On > forums like this, we tend to ignore them, because there is little we > can do about them. Very true that security is about much more than simply technology. Non-technology issues are probably mostly ignored in these forums, because these forums are dedicated to a particular piece of technology, and because most subscribers are likely technology specialists. It's good to have lateral experience of different domains, and also to bring-in people who aren't technology specialists, so that their creative input can add extra value to the discussions. One thought I've had is that changing business models, from closed-source, to open-source, can sometimes be an effective security solution: if you find people are stealing your software, just give it away for free, and charge for customisation and support? ... One more thing. Businesses and governments will usually find the > solutions they want because they can afford them, whether they are > right or wrong. It is individuals who need solutions from places likes > this forum and from developers of open software/hardware. ... Here in the UK, we have a pretty effective democracy where different groups (including the general public) can lobby the government. As such, the general public can lobby the government in order to get the government to provide more effective cyber-security resources for the general public. Not sure about America or India (India is perhaps where you are based?). America are strong democracy advocates and India has the largest democracy, but I don't know whether their democracies are in reality broken systems Kind regards, Mark Fernandes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25fc2e96-de19-4b7a-a166-7f905dccef84%40googlegroups.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
> I think it's important to think about these things in the context of 'threat > models'. In my non-business related activities, I often just don't care > >whether people are spying on me, and also whether they steal intellectual > property from me. Sometimes, such illicit activities may even work to >my > favour (in a round-about way). Matching security to such a threat model, can > mean that you only need very low security. On the other hand, >for my > business activities, especially in respect of legal requirements, security is > very important, both for my business, and my clients. IMHO, there are not two, but three things: security, privacy and comfort/convenience. Security is a highly ambiguous term.It can take very different meanings.Privacy and convenience, however, are much less ambiguous. In usage, the words security and privacy are often assumed to be synonymous. This is wrong by a wide margin. They are, in fact, quite often in direct opposition to each other, depending on what kind of security you are talking about. Privacy often becomes the victim of security and it is very easy to justify that when it happens. Technology affects all three, but perhaps it affects convenience the most, as in surveillance capitalism. For security and privacy, technologies has a very mixed bag of effects to offer, which are not like each other at all. It may be obvious, but the answers to the questions about these three lie only partially in technology. Regardless of technology, the critical parts of the answers lie outside the domain of technology. On forums like this, we tend to ignore them, because there is little we can do about them. Here, at least. Ultimately, the answers are going to depend on such external factors - Law - Enforcement of law - Censorship - Cultural ideas - Ethical standards - Regulations - Ideas about individuality and solidarity or about freedom and rights/duties - Political inclinations of the powerful people as well as of the general population, whether we are living in a state of exception - Human expectations and aspirations etc. - Acceptable compromises to the powerful and the majority (fortunately or unfortunately) One more thing. Businesses and governments will usually find the solutions they want because they can afford them, whether they are right or wrong. It is individuals who need solutions from places likes this forum and from developers of open software/hardware. But then, as things stand, the sustainability of solutions depends on use by businesses and governments, who will then like to get their wishes enforced on the technological implementation. Or even inhibit certain kinds of innovations or repurpose them. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_5Z8RviHf-4jFMCwV9cXeV%2BM7ipr%2B8CWU-xZysgX-uiA%40mail.gmail.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
*Quoted quoted reply: Ulrich Windl (on Mon, May 04, 2020 at 09:50:31PM +0200)Quoted reply: Sven Semmler (on May 04 06:37PM -0500)* ... > I severely doubt you can convince the typical Windows user to use QubesOS > for daily work. "Security" is not a product you can buy, and "security" is > the "is the opposite of "comfort". > Security and comfort are more like two opposing poles of a continuum. Personally I do think Qubes does a rather excellent job of > demonstrating "reasonable security". ... The terms 'security' and 'comfort' (IMHO) are not so closely related as you both imply. You can have high security whilst at the same time maintaining comfort, especially when security runs in the background without the user having much involvement. It should be noted that even Windows (supposedly designed for 'stupid people') does have a certain level of security. Whilst QubesOS may never be widely adopted, the research artefacts produced in the development of QubesOS may end-up being incorporated in other popular operating systems (including Windows). From this perspective, QubesOS may be a very worthwhile endeavour. > > People want comfort not security. Why else would they use Alexa or > Google assistant or Siri, dubious password managers, etc.? > ... People also want security. In fact, they want security in respect of real security needs. It just depends on how much security is acceptable. I think it's important to think about these things in the context of 'threat models'. In my non-business related activities, I often just don't care whether people are spying on me, and also whether they steal intellectual property from me. Sometimes, such illicit activities may even work to my favour (in a round-about way). Matching security to such a threat model, can mean that you only need very low security. On the other hand, for my business activities, especially in respect of legal requirements, security is very important, both for my business, and my clients. > ... Qubes for private use without the user recognizing the need is unrealistic. ... > > Qubes for private use without the user recognising the need may still be realistic. Users are often completely oblivious to the functionality of OEM software. Manufacturers may choose to pre-install QubesOS regardless of whether users recognise the need for security. Kind regards, Mark Fernandes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9948f2e-9b65-424e-9209-868d541ebd83%40googlegroups.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, May 04, 2020 at 09:50:31PM +0200, Ulrich Windl wrote: > Sorry, the problem with Windows is that it was designed for stupid people, > just to sell more copies. I'll simply assume this is more a statement of frustration then a serious attempt to explain anything. > I severely doubt you can convince the typical Windows user to use QubesOS for > daily work. "Security" is not a product you can buy, and "security" is the > "is the opposite of "comfort". Security and comfort are more like two opposing poles of a continuum. Personally I do think Qubes does a rather excellent job of demonstrating "reasonable security". It is rather unrealistic (at this point) to expect the average user to install and configure Qubes correctly - agreed. However I can imagine it being used by average users in a government/business context with a normal amount of training (they would received for any other newly introduced solution too). Actually once installed and configured correctly there isn't much difference at all. You'd have to teach them to - pay attention to the color of the window frame - how to use copy/paste - how to move files between domains - how to attach USB devices and when that's OK and when not* *e.g. webcam/mic for conferencing = OK, USB stick to confidential domain = Not OK etc. > People want comfort not security. Why else would they use Alexa or Google > assistant or Siri, dubious password managers, etc.? Sure. This is all about context. Qubes for private use without the user recognizing the need is unrealistic. And even with the ones recognizing the need Qubes in it's current from might not be there quite yet. However, efforts like the preconfigured Privacy Beast are a very encouraging step in that direction. /Sven - -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6wpyMACgkQ2m4We49U H7ZTuw//d9HRr3in3+O6qPaFCu9peYftsx1eFGDc2WpYoabfuYJwk/lOyUk1hCgN NkjYZ1ggHTqQbh7OZjD4lkm/0AcUYjMKwTNT3UhHs9dxvBTBiLjt8O/tRkdteBKm bf2yT4T0h7OgaHvEU8eYClH6sRgNIF+fiVk3pgLsAvM2JRF1VHaRak1/6Df3mD8i mlmpekTnfn/fmOfgjG2+ciXx/s0D0GRtidOwm3sgSBOhaD6GLQmlBURaRSMNoqR0 6U6S31ax51cIBTaGXYMLh0rVvE2ell/YUp+KFNgaFeGvWrTLkP/NoI2adwc49U+w hwo5Wp1Mwheh7td2QJMijFIV9xNeoP+WgKeYGddUf8E/uMzDKCIiKBKfbOypZ7ED bkZiDGmzzKHZb1/X81pFk+docmSBJqbB6cMSWCwvc38qj0Gsjz/4tHESzoQ5N+Xz pofk8k9GR/u832wnWE/b0n139ZWJOAmDDukwojrDyIA2nu9V4+NTXwWMoap30xhb DNb7/dIdXnk9GV2h/9HZvVcSpQEhQo8vzdw76GoUfSNilJ/QApqUflKNmrShhgeK xjLYXgInuhog2MsW5DotVZ+fhz9XXc6936oWJk+lKALoGuJUjA83ypD++4xBJEti 5zoIfwm36Ec1szMM1ak2H+DBAy1ouzPLq/JdQDA3ObMAcpYXnFw= =uv1a -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200504233707.GC3029%40app-email-private.