> Back in the day hackernews had some fire and resistance.
Most of the comments are fire and resistance, but they commonly take ragebait and run with the assumptions built-in to clickbait headlines.
> Too many tech workers decided to rollover for the government and that's why we are in this mess now.
I take it you've never worked at a company when law enforcement comes knocking for data?
The internet tough guy fantasy where you boldly refuse to provide the data doesn't last very long when you realize that it just means you're going to be crushed by the law and they're getting the data anyway.
> I take it you've never worked at a company when law enforcement comes knocking for data?
The solution to that is to not have the data in the first place. You can't avoid the warrants for data if you collect it, so the next best thing is to not collect it in the first place.
The technology exists to trivially encrypt your data if you want to. That's not a product most people want, because the vast majority of people (1) will forget their password and don't want to lose their data, and (2) aren't particularly worried about the feds barging in and taking their laptop during a criminal investigation.
That's not what the idealists want, but that's the way the market works. When the state has a warrant, and you've got a backdoor, you're going to need to give the state the keys to the backdoor.
There are some errors in what you write, and despite that, it is not clear to me what the supposed ‘realization’ would be.
1. The famous 2016 San Bernardino case predates Advanced Data Protection technology of iCloud backups. It was never about encryption keys, it was about signing a ‘bad’ iOS update.
2. Details are limited, but it involved a third-party exploit to gain access to the device, not to break the encryption (directly). These are different things and should both be addressed for security, but separately.
Evidently, after this case ended, Apple continued its efforts. It rolled out protecting backups from Apple, and the requirement of successful user authentication before installing iOS updates (which is also protecting against Apple or stolen signing keys).
Plenty of companies would do that if they could. The problem is it has become illegal for them to do that now. KYC/AML laws form the financial arm of warrantless global mass surveillance.
Where I live, government passed a similar law to the UK's online identification law not too long ago. It creates obligations for operating system vendors to provide secure identity verification mechanisms. Can't just ask the user if they're over 18 and believe the answer.
The goal is of course to censor social media platforms by "regulating" them under the guise of protecting children. In practice the law is meant for and will probably impact the mobile platforms, but if interpreted literally it essentially makes free computers illegal. The implication is that only corporation owned computers will be allowed to participate in computer networks because only they are "secure enough". People with their own Linux systems need not apply because if you own your machine you can easily bypass these idiotic verifications.
In Brazil, where I live, it's law 15.211/2025. It makes it so that the tech industry must verify everyone's identity in order to proactively ban children from the harmful activities. It explicitly mentions "terminal operating systems" when defining which softwares the law is supposed to regulate.
If you design it so you don't have access to the data, what can they do? I'm sure there's some cryptographic way to avoid Microsoft having direct access to the keys here.
If you design it so you don't have access to the data, how do you make money?
Microsoft (and every other corporation) wants your data. They don't want to be a responsible custodian of your data, they want to sell it and use it for advertising and maintaining good relationships with governments around the world.
> If you design it so you don't have access to the data, how do you make money?
The same way companies used to make money, before they started bulk harvesting of data and forcing ads into products that we're _already_ _paying_ _for_?
I wish people would have integrity instead of squeezing out every little bit of profit from us they can.
People arguably cannot have integrity unless all other companies they compete with also have integrity. The answer is legislation. We have no reason to allow our government to use “private” companies to do what they cannot then turn over the results to government agencies. Especially when willfully incompetence.
The same can be said of using “allies” to mutually snoop on citizens then turning over data.
> I'm sure there's some cryptographic way to avoid Microsoft having direct access to the keys here.
FTA (3rd paragraph): don't default upload the keys to MSFT.
>If you design it so you don't have access to the data, what can they do?
You don't have access to your own data? If not, they can compel you to reveal testimony on who/what is the next step to accessing the data, and they chase that.
Doesn't sound like it tells you now that it's default, but I'll see what it says next time. If they make the key-sharing clear and make it easy to disable, then it's fine.
> Too many tech workers decided to rollover for the government and that's why we are in this mess now.
It has nothing to do with the state and has to do with getting the RSUs to pay the down payment for a house in a HCOL area in order to maybe have children before 40 and make the KPIs so you don't get stack-ranked into the bottom 30% and fired at big tech, or grinding 996 to make your investors richest and you rich-ish in the process if you're unlikely enough to exit in the upper decile with your idea. This doesn't include the contingent of people who fundamentally believe in the state, too.
Most people are activists only to the point of where it begins to impede on their comfort.
Look around you. At least in my company half the programmers are H-1B Indians. They're not going to resist anybody with the risk of getting deported back to India.
This is such a lazy take and ignores that this is the only system that has the property of not losing data when users forget their passwords and lose (or likely never write down) their recovery key.
That's it. That's the whole thing. Whatever "secure system" you build will not have this property and users will lose their data, be mad at you, and eventually you'll have to turn it off by default leaving everyone's data in plaintext. It's a compromise that improves security for people who previously left their disk unencrypted. It changes nothing for people who previously did their own key management.
You won't be able to turn the first group into the second group. That's HN's "Average Familiarity" fallacy. The fact that basically every 2FA system has a means of recovering your account by removing it should tell you that even technical people are shit at key management.
Yep... I've seen exactly this happen. People losing data/access by their own fault and yet being extremely mad at the OS developer or the company they have an account with. And, no, it does not matter if you tell them 100 times that they are responsible for not losing their own keys/passwords, they will still be furious that you set up your system in (from their perspective) such a shitty way that it's even possible for a permanent lockout to happen.
The engineers who developed this developed it to a spec so that microsoft demanded that allows them to get into the system at any time. There was nothing lazy about it. This would be easily found by anyone who has the impetus to encrypt their drive. Don't put things on your work laptop that you don't want Dom down in IT reading all of it or Phil the police forensics dick
it the natural results this site catter not just to tech nerds but one chasing venture capital money. its an inudustry that has never seen a dark patern it didn't like. we have gone from "don't be evil" to "be evil if makes the stonks go up"
And too many tech workers decided to rollover for the big companies too. Accepting and advocating whatever they do. Even when it is tricky, can find the way to defend the big names, because they are big names, they know the way, they became big!
> Back in the day hackernews had some fire and resistance
Hackernews is a public forum, and the people here change constantly. "Back in the day" there were mostly posts about LISP and startup equity. It's obviously not the same people here now.
> Too many tech workers decided to rollover for the government
Again, not the same group of people. In the 2000s "tech workers" might have mostly been Californians. Now they're mostly in India. Differing perspectives on government, to be sure.
> lazy engineers build lazy key escrow
Hey you should know this one, because it's something that HAS stayed constant since "back in the day": The engineers have absolutely no say in this whatsoever.
Saying "of course" doesn't mean we agree with it or fail to try to resist it. It's simply not surprising that this happened.
When you get high up in an org, choosing Microsoft is the equivalent of the old "nobody ever got fired for buying IBM". You are off-loading responsibility. If you ever get high up at a fortune 500 company, good luck trying to get off of behemoths like Microsoft.
It's why tech loves young engineers who just do what their told, of old engineers only as long as they can't say no. Once you dig into the system and see how all the pieces fit together, you can't ethically or morally continue to participate any longer. Learned that the hard way. In the middle of an attempt at midlife career change because of it to maybe free myself to write software that needs to be written instead of having to have a retained lawyer on hand to wrangle employment contract clauses to keep my work belonging to me.
I agree with you, but also think this is only true because we as an industry have been so completely corrupted by money at this point.
In the 90s and 00s people overwhelmingly built stuff in tech because they cared about what they were building. The money wasn't bad, but no one started coding for the money. And that mindset was so obvious when you looked at the products and cultures of companies like Google and Microsoft.
Today however people largely come into this industry and stay in it for the money. And increasingly tech products are reflecting the attitudes of those people.
I don’t see that at all. Instead, I think tech workers, including the engineers and the product managers, are correctly prioritizing user convenience over resistance to government abuse. It’s honestly the right trade off to make. Most users worry about casual criminals, not governments. Say a criminal snatching your laptop and accessing your files that way. If you worry about governments you should already know what to do.
> Too many tech workers decided to rollover for the government and that's why we are in this mess now.
It isn't really about the government. It's about a bunch of people trying to convince you that the locked-down proprietary closed source corporate crap that they use isn't in and of itself a security risk, no matter what the quality of the code that you've never seen is. Apple, Microsoft, Google etc. aren't your friends; no matter how brand loyal you are, they'll never care whether you're alive or dead.
FOSS isn't your friend either, but they're not asking you to trust them. Any exposure to these world spanning juggernaut military and intelligence contractor companies is a security hole. It's insane that people (thinking of Europeans now) get fired up to switch from this stuff because Trump but not because of course you should. Instead they're busy calling being suspicious of Microsoft old and hatred of Apple's customer corral stuck up and the desire to own your own machine fanatical and judgemental. Have you ever considered that you've been programmed to say and encourage dumb stuff that is completely against your own interests and supports the interests of the people who sell things to you?
You're convinced by the argument that people dumber than you have to be protected from their own machines (by corporations who have no interest in or obligation to protect them) - have you ever thought that people are saying the same thing about you? That you have to be protected from writing things you shouldn't write or talking to people you shouldn't be talking to? And the world isn't a meritocracy: the people on the top are inbred creeps. You've given up your freedom to dummies with marketing departments.
I used to be a principled freedom fighter. But others defected(thinking mostly about Apple users...). I promoted open source software, even dealing with the pains.
So now I just use whatever I want. Someone else can be a tech moralist.
The median user's threat model doesn't include the government, but does include data loss, forgetting the password, or a thief stealing your laptop. Microsoft struck the right balance.
I'm glad the knee-jerk absolutists are marginal, for one. A world run by you people would be much worse for anyone who isn't you.
The median user would be better off in a society where computers are not needed for daily life. The median user doesn't understand computers. In their life, computers only manfiest as a tool of control imposed by the people who understand computers over those that don't.
This is one such example.
This sort of utilitarian nitpicking over the convenience of a "median" user is like maximizing the happiness of a cow on a factory farm. The cow would be better off if it did not exist at all. It is a matter of freedom and dignity.
Today the median users threat model absolutely includes the government! They are snatching people up left and right, including their electronics.
I don’t get how people like you trust the corporation or the government that much. If we were all more cognizant of security and privacy, it would be much harder for large orgs to break our society the way they are doing today.
A world one by "those" people would lead to a less abusive and exploitive world, our current world is one based on suffering if you aren't extremely wealthy. I think I know which world I would rather join.
Back in the day hackernews had some fire and resistance.
Too many tech workers decided to rollover for the government and that's why we are in this mess now.
This isn't an argument about law, it's about designing secure systems. And lazy engineers build lazy key escrow the government can exploit.