On Thu, Jan 5, 2023 at 2:00 AM Vittorio Bertola <vittorio.bertola=40open-xchange.com@xxxxxxxxxxxxxx> wrote: > > > > Il 04/01/2023 20:33 CET Eric Rescorla <ekr@xxxxxxxx> ha scritto: > > > I still think this was a big fail; in fact, this implies that counteraction against surveillance capitalism practices can only happen elsewhere, at the regulatory level, as the IETF community either does not know what to do about it, or does not want to do anything about it. > > > I don't think this is true at all. > > First, the IETF *is* working on issues around privacy and preventing various forms of surveillance capitalism. That's in part what initiatives like DoH, QUIC, TLS 1.3, ECH, OHAI, MASQUE etc. are about. > > Of course you will disagree with what I am going to say, but here is the common (though not unanimous) viewpoint from the technical policy community of a different part of the world - no offense implied. > > In Europe, "surveillance capitalism" is basically synonymous with a set of a few very big American companies that happen to be the ones promoting and deploying the standards you mention. So, it will be hard to convince people in Brussels or Berlin that those standards are meant to put the business model of their proponents under check. Actually, they are more likely to lead to the conclusion that the IETF is being used as an instrument to further that business model, and that the encrypted network architecture that it is promoting is meant to disempower end-users and any other party (including European law enforcement and privacy authorities) from checking what the endpoints do, which information they send and who they send it to, facilitating uncontrolled data extraction practices by the private companies that mostly control the endpoints, i.e. the above ones. > > There is a general feeling that the bigger threats to user privacy are now not in transit, but in or before the endpoints. So, the fact that the IETF does not want to consider threats in the endpoints is seen as additional evidence for the above. Not even threat, fact. It was bad enough when packets disappeared into proprietary firmware, nowadays you can't even take a packet capture directly from an iphone/android or chromebook, transiting inside the endpoint. dtaht@chromebook:~/git/sites/cerowrt$ traceroute -n 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 100.115.92.193 0.415 ms 0.039 ms 0.014 ms # first container 2 100.115.92.25 0.713 ms 0.611 ms 0.496 ms # can't get to this side 3 192.168.38.220 44.682 ms 44.628 ms 48.775 ms # my wifi hop 4 66.174.30.235 80.641 ms 69.758 ms 69.670 ms 5 * * * Would there be some way to express that users have a right to at least know what their devices are communicating with in some eu framework? > > > -- > > Vittorio Bertola | Head of Policy & Innovation, Open-Xchange > vittorio.bertola@xxxxxxxxxxxxxxxx > Office @ Via Treviso 12, 10144 Torino, Italy -- This song goes out to all the folk that thought Stadia would work: https://www.linkedin.com/posts/dtaht_the-mushroom-song-activity-6981366665607352320-FXtz Dave Täht CEO, TekLibre, LLC