Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

agnos.is Forums

  1. Home
  2. Europe
  3. It is no longer safe to move our governments and societies to US clouds - Bert Hubert's writings

It is no longer safe to move our governments and societies to US clouds - Bert Hubert's writings

Scheduled Pinned Locked Moved Europe
europe
29 Posts 23 Posters 143 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • nitefox@sh.itjust.worksN [email protected]

    It’s not like we don’t have datacenters and server providers in the eu. We have hetzner, OVH and Aruba (ew)

    B This user is from outside of this forum
    B This user is from outside of this forum
    [email protected]
    wrote on last edited by
    #19

    Yes, but there are even more smaller companies doing that and in the past a lot of companies did that themselves (if big enough) but "the cloud" is seems just so convenient, that they don't want that anymore.

    1 Reply Last reply
    0
    • 30p87@feddit.org3 [email protected]

      Which idiot is responsible for the "no longer"?

      jagged_circle@feddit.nlJ This user is from outside of this forum
      jagged_circle@feddit.nlJ This user is from outside of this forum
      [email protected]
      wrote on last edited by
      #20

      Biden literally was working on legislation to provide protections to EU companies (not to his own citizens) because they had been leaving silicon valley providers in droves for EU ones since GDPR

      R 1 Reply Last reply
      0
      • P [email protected]

        Care to elaborate?

        jagged_circle@feddit.nlJ This user is from outside of this forum
        jagged_circle@feddit.nlJ This user is from outside of this forum
        [email protected]
        wrote on last edited by
        #21

        See National Security Letter. Eg Lavabit and calyx

        1 Reply Last reply
        0
        • e8d79@discuss.tchncs.deE [email protected]
          This post did not contain any content.
          calavera@lemm.eeC This user is from outside of this forum
          calavera@lemm.eeC This user is from outside of this forum
          [email protected]
          wrote on last edited by
          #22

          So China was right in not relying on US big tech

          1 Reply Last reply
          0
          • L [email protected]

            Tried to explain that to the higher ups in my org for months.

            They introduced some proxy/VPN that pipes all of our traffic through a service that is not only breaking SSL, but also owned by a US corporation.

            That's enough red flags to make Mao blush, but nobody saw any problem in it....

            S This user is from outside of this forum
            S This user is from outside of this forum
            [email protected]
            wrote on last edited by
            #23

            Care to elaborate for someone that is not in tech? Does twingate fall in that category?

            L 1 Reply Last reply
            0
            • S [email protected]

              Care to elaborate for someone that is not in tech? Does twingate fall in that category?

              L This user is from outside of this forum
              L This user is from outside of this forum
              [email protected]
              wrote on last edited by
              #24

              Let's say you open Youtube (or any other site) in your browser. Normally, that connection is encrypted end2end, so only Youtube and you see what data is being sent. An outside observer (your employer, your ISP, etc) might deduce from the network traffic that you're accessing YT, and how long/how much data, but nothing else.

              This encryption is based on SSL/TLS, in a small nutshell, that works by having a chain of cryptographically signed certificates, that proof to you, that YT is really YT, and not someone else (your employer, for example). Attacks like this are called Man in the Middle (MITM). The certificate chain however, needs an anchor. Somewhere to start. These are called Root CA (certifying authorities). Typically these are dedicated companies or large ISPs. Their certificates (the public parts) are stored on your device from the factory (more or less). And thus your device can verify the entire chain of trust from the certificate YT send you down to the RootCA..

              Now, if someone would install a new RootCA certificate on your device, than that entity could become a Man in the Middle, it acts as a relay for all of the traffic going out of your device, can read everything send over the wire - and your device wouldn't even know it. If that entity would be part of a US company, they would be legally forced to hand over all their data to NSA, FBI, etc. even if the actual data transfer woud happen completely within Europe.

              This is exactly what Twingate seems to do. Crowdstrike and ZScaler are similar products.

              The underlying problem here is that IT security in large organizations doesn't mean "How can we be secure?", but "How can we make a legal argument that we did nothing wrong?". So security clusterfucks like this can be implementend, since the CTO can claim not to have been negligent.

              PS: The description above is obviously very simplified, the Wiki articles for SSL/TLS are much better.

              S 1 Reply Last reply
              0
              • jagged_circle@feddit.nlJ [email protected]

                Biden literally was working on legislation to provide protections to EU companies (not to his own citizens) because they had been leaving silicon valley providers in droves for EU ones since GDPR

                R This user is from outside of this forum
                R This user is from outside of this forum
                [email protected]
                wrote on last edited by
                #25

                Protections and laws don't stop anything. The NSA, CIA, FBI and whatever other three letter agency will still have their fingers deep into any cloud, any software and any hardware from the US.

                jagged_circle@feddit.nlJ 1 Reply Last reply
                0
                • R [email protected]

                  Protections and laws don't stop anything. The NSA, CIA, FBI and whatever other three letter agency will still have their fingers deep into any cloud, any software and any hardware from the US.

                  jagged_circle@feddit.nlJ This user is from outside of this forum
                  jagged_circle@feddit.nlJ This user is from outside of this forum
                  [email protected]
                  wrote on last edited by
                  #26

                  Nah, see Church Committee

                  1 Reply Last reply
                  0
                  • L [email protected]

                    Let's say you open Youtube (or any other site) in your browser. Normally, that connection is encrypted end2end, so only Youtube and you see what data is being sent. An outside observer (your employer, your ISP, etc) might deduce from the network traffic that you're accessing YT, and how long/how much data, but nothing else.

                    This encryption is based on SSL/TLS, in a small nutshell, that works by having a chain of cryptographically signed certificates, that proof to you, that YT is really YT, and not someone else (your employer, for example). Attacks like this are called Man in the Middle (MITM). The certificate chain however, needs an anchor. Somewhere to start. These are called Root CA (certifying authorities). Typically these are dedicated companies or large ISPs. Their certificates (the public parts) are stored on your device from the factory (more or less). And thus your device can verify the entire chain of trust from the certificate YT send you down to the RootCA..

                    Now, if someone would install a new RootCA certificate on your device, than that entity could become a Man in the Middle, it acts as a relay for all of the traffic going out of your device, can read everything send over the wire - and your device wouldn't even know it. If that entity would be part of a US company, they would be legally forced to hand over all their data to NSA, FBI, etc. even if the actual data transfer woud happen completely within Europe.

                    This is exactly what Twingate seems to do. Crowdstrike and ZScaler are similar products.

                    The underlying problem here is that IT security in large organizations doesn't mean "How can we be secure?", but "How can we make a legal argument that we did nothing wrong?". So security clusterfucks like this can be implementend, since the CTO can claim not to have been negligent.

                    PS: The description above is obviously very simplified, the Wiki articles for SSL/TLS are much better.

                    S This user is from outside of this forum
                    S This user is from outside of this forum
                    [email protected]
                    wrote on last edited by
                    #27

                    Wow, thanks a lot for the detailed explanation. More than enough for me for the moment, but it seems I'll have more changes to make than I thought, and a lot more research.

                    1 Reply Last reply
                    0
                    • foni@lemm.eeF [email protected]

                      What the hell is a government doing using someone else's cloud? I have a small business and I bought a Synology NAS years ago. How is it possible that a government does not have its own servers?

                      b_tr3e@feddit.orgB This user is from outside of this forum
                      b_tr3e@feddit.orgB This user is from outside of this forum
                      [email protected]
                      wrote on last edited by
                      #28

                      What the hell is a government doing using someone else’s cloud?

                      Fucking up everything. Thar's what governments do for a living,

                      1 Reply Last reply
                      0
                      • U [email protected]

                        you don’t have to post your own IT

                        Now you’re paying for devops…

                        F This user is from outside of this forum
                        F This user is from outside of this forum
                        [email protected]
                        wrote on last edited by
                        #29

                        Not necessarily. Standard services like chat and mail and office usually come in standard packages. You do need an admin for standard services too but one admin can easily take care of dozens of users across dozens of services. The devops team is something you only need if you're running custom cloud applications which I would imagine a lot of companies don't do at all.

                        1 Reply Last reply
                        0
                        • System shared this topic on
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • World
                        • Users
                        • Groups