Don't Wait for the Government to Save Us

February 11, 2022

After seeing the State of Password Security article from Bitwarden and Purism's latest article about the IRS using ID.me, I think it's time to be honest with ourselves.

We can't wait for any Superman-like entity to save us. Not to be a paranoid freak, but I'm well aware that NIST has been backdoored by the NSA for back tracked cryto-analysis, i.e. kleptographic backdoor, — much like how the CIA backdoored Cryto AG in Switzerland.

Side note: the AMS (American Mathematical Society) even wrote about the NSA's backdoor in NIST for 2014.

Despite the moves Signal Foundation is making for its long term longevity, I think the Signal app is infinitely better than even the web browser version of Facebook's Messenger (which is out of scope for this post) and the Signal protocol shows us how cryptography should be done (which is in scope).

(At least it isn't as bad as Firefox...)

Coupled with the fact that legally Signal only knows the phone number used for registration, the Unix time you first signed up for Signal, and the last time you sent a message (or the network equivalent, such as updating your bio); I think it's fair to say that this is what a messaging platform should be like at the very least.

The U.S. government didn't grant us that.

Meanwhile, the U.S. government is trying to make EARN IT come back for some reason. Well, I guess Nate from the New Oil has the best response: call, don't e-mail, your federal U.S. senators to tell them that you oppose the EARN IT bill. Nate said don't quote him on this, but the congressional assistant (if any human even picks up) only needs your ZIP code. Hey, if you still have your IRL identity on voter registration records, you might as well use it to tell your elected officials what to do.

Well, before Anatomy of the State finally takes over...

Anyways, I was going to write two posts, but I realized I hate writing on my AlphaSmart 3000 and need to clear out my AlphaSmart Neo.

Additionally, a library near me is definitely not following the NIST recommendation of requiring a password of at least 8 characters in length and definitely isn't following the NIST recommendation of 64 characters in length.

Yeah, I should probably have some experience doing responsible disclosure.

And no, JFK: ask what your country can do for you, because it's worse than jack crap.

So much for asking what you can do for your own country, only to be assassinated...