WingNews

idle_zealot|3 years ago

I strongly disagree. Personal computers are here to stay, and will only become more integrated into daily life due to the conveniences they afford. The fight now isn’t to keep computing out of daily life. Rather, we ought to be fighting to ensure that people have control over the computers in their lives.

There are two ways this ends up:

The future where everyone has to carry around a black box computing device controlled by its manufacturer and the privileged creators of the apps you’ve been allowed or compelled to install on it. The present state of iPads/iPhones and to a lesser extent Android phones make this future feel incredibly close.

But the future where everyone carries around an incredible communication and calculation tool that acts as an agent for them and expands every individual’s capabilities feels only just slightly out of reach.

The line dividing the two futures is thin and technical in nature. This leaves us with a tricky situation where most people wouldn’t be able to distinguish which they’re headed towards, or even which they’re living in. All I can do is hope that either legal tides go my way and grant users control over their computers (phones) by force, or that somehow tech literacy rises and people demand control.

Jimmy|3 years ago

I don’t really disagree. I’m not a luddite and I don’t advocate for turning off the internet. Computers are certainly here to stay. It’s an extremely complex issue, and I don’t have all the answers, or even know how to phrase all the questions.

I do think society needs to take a proactive role in deciding how it wants to interact with technology though. There’s a certain laissez faire, almost defeatist attitude that you see from a lot of the tech crowd, that goes something like “technology will do what it does, and it will change our lives how it sees fit, and we are powerless to stop it.” But if that was the case, we couldn’t have gun control laws, or environmental protection laws, or restrictions on nuclear technology. Technology may continue to develop, but it’s still up to us how we choose to use it.

pessimizer|3 years ago

There's absolutely nothing technical about this. It's entirely political, there's no technology that needs to be developed for this. All you have to do is create laws (or allow monopolies and cartels to impose "standards") that require people to carry their cellphones at all times. Make physical doorknobs illegal (as a security threat, and lack of accessibility for the disabled.) Done.

You don't even need cellphones. Just issue people hard to forge documentation and set up checkpoints. It's the difference between a fence and a shock collar.

Your dream seems to be to set up the infrastructure for universal command and control, then expect it to choose to regulate itself.

OJFord|3 years ago

I think you need to define personal compute as including mobile phones/tables for that to be true. I've had several even highly technical colleagues with no non-work 'computer' - they use an iPad or whatever, because that's sufficient for their non-work use of one.

Wowfunhappy|3 years ago

> “but desktops/laptops are already a necessity of life”

No they're not! You need either a desktop or a laptop or a tablet or a smartphone, but you don't need more than one.

I'm okay living in a world where everyone needs access to some type of computer, in the same way that everyone probably needs access to some type of writing utensil. However, people should be able to choose the form factor that lets them live their best life.

Teever|3 years ago

> However, people should be able to choose the form factor that lets them live their best life.

Especially when one particular form factor leads to surveillance of your location.

xdennis|3 years ago

> I'm okay living in a world where everyone needs access to some type of computer

Some people don't want any technology at all. What happens to them in your future?

throwawayboise|3 years ago

You don't need any of it.

I grew up without any of this mobile or home computing technology, and I don't see anything essential today that I cannot do without it. It's all about convenience.

roywashere|3 years ago

The article does not fully explain it, but the proposal is about using FIDO to sign in to services. The article simplifies this as signing in by unlocking your phone, but that is just one way to do FIDO (and possibly the most common way). If you prefer not to use your phone, you can also use a YubiKey or similar on your desktop/laptop; pushing FIDO as a standard would probably make it possible to use a YubiKey with much more services than today!

autoexec|3 years ago

FIDO weakens security by limiting authentication to just something you have (a device/USB token) and something you are (biometrics) while throwing out the requirement for something you know (a password). Something you have can be easily stolen, and biometrics cannot be kept secret, can be forged, and can't be reset/changed once compromised.

Having something you know (a password) is more secure because something in your memory that you don't share can't be taken from you by any means. Passwords aren't perfect (you can be tricked into sharing it, or tortured into giving it up) but there are solutions for being forced to hand over a password, and neither tokens or biometrics solve the problem of people being tricked.

No one can murder you in an alley, and drag your lifeless corpse to an ATM and clean out your bank account because the murderers have your face, and fingerprints, even your cell phone, but not your pin. Good security should always require a secret that you know.

Not having a password would be fine for logging into low risk sites like this website, where at worst someone might get your account banned or post comments under your username, but any site or transaction where the risk is greater should just always require a password.

rstuart4133|3 years ago

If there is an article that explains what's different about passkey under the hood, I've yet to find it. That's not entirely surprising as it's brand new. Still it's mighty frustrating when google searches just page after page of re-writes of fido/google/microsoft press releases, all saying little more than "hey! passkey replaced passwords (and it somehow involves phones and bluetooth)".

Yes, I know uses FIDO under the hood. But the there are very few ELIA5's for FIDO either. One's that start with "It starts with a super secret private key the FIDO device creates and never leaves the device, so no one ever can learn it. In fact, the security and cost effectiveness of the system rests on the fact that it's near impossible to extract that secret from a piece of cheap silicon. The system works because it's possible for the device to prove it knows that one thing only it could know, without ever revelling what the secret is. ..." From there it goes on to explain the techniques use to ensure despite using the same secret for every server, no two servers (from different domains) will know the same key was used to log into each. And on it goes with mutal auth, and immunity to MITM attacks and on and on. Now I think about it, maybe 5 is a little too young.

Then people say disturbing things about Passkey, like https://www.hanko.io/blog/on-passkeys : "Passkeys = (synced) WebAuthn credentials". Hang on. Is that saying this super secret key never escaped the FIDO token is now synced???

And were is this super secret key stored on the phone? Storing it in a hardware token that receive a backdoor'ed firmware upgrade is one thing. Storing it in a device that accepts firmware upgrades, when governments such as Australia's have passed laws allowing them to compel manufacturers to backdoor firmware upgrades is quite another. But storing that secret on an Android or iOS phone, that are so complex they have proved impossible to make them secure, which we know because many can still be root'ed today - surely that's insanity?

But who knows maybe that's all been thought of and mitigated. Given Google's involvement, that almost seems likely. But you could never learn if it was true from dumbed down to the point of uselessness "hey! we've invented (ye another) replacement for passwords" press releases I've seen so far.

la6472|3 years ago

First thing that comes to my mind is “What happens if your phone is suddenly dead”? Will this FIDO alliance guarantee alternative means of access or that they will send someone down to your house to identify you positively and restore access to your online mail and documents?

tjr225|3 years ago

What if I lose my phone or forget it at home? Can I no longer do my personal banking on my laptop or workstation?

ghaff|3 years ago

That's true today if you use a password manager, no? And it's true of any site that uses 2FA (unless the site supports multiple authenticators and you have a backup token).

ghaff|3 years ago

Desktops/laptops aren't a necessity of life for many people. In general, I'd say smartphones were a far more universal necessity today.

Jimmy|3 years ago

Sorry, that may have been poorly worded. I wanted to preempt the objection of “well, you say you don’t want to be dependent on smartphones, but then you’ll just be dependent on some other type of computer”. I wanted to make it clear that the problem is about rethinking our relationship with computing in general, not just with smartphones.

dandanua|3 years ago

The problem is not with the technology itself. The problem is that technology is increasingly trying to control you and not vice versa. Humans are becoming slaves of a system, that has only "profits" in its mind.

650REDHAIR|3 years ago

I’ve been thinking about going phoneless, but had a realization that I have used this number for far too many accounts to even remember.

I basically need to port this number to a cheaper carrier and cover the cost…forever

drewmol|3 years ago

You can port to google voice for cheap, but you definitely can’t count on google offering that service forever.

TedDoesntTalk|3 years ago

> We need to be actively thinking of ways to roll things back

Although I agree with you, it is not realistic.

Do you think kids who are 3 right now will feel the same when they are your age?

Reminds me of the US General who, in WW II, insisted cavalry still had a place in warfare. Can’t remember his name.

peoplefromibiza|3 years ago

The 10th Mountain Cavalry Reconnaissance Troop of the 10th Mountain Division, while not designated as U.S. Cavalry, conducted the last horse-mounted charge of any Army organization while engaged in Austria in 1945. An impromptu pistol charge by the Third Platoon was carried out when the Troop encountered a machine gun nest in an Italian village/town sometime between 14–23 April 1945.

anyway the point is not to go back to soldiers riding horses, but to not reduce the authentication options, because it also reduces security.

After all we still use keys to unlock doors and not our phones (because it would be stupid)

vkou|3 years ago

Cavalry absolutely had a place in WWII.

That purpose wasn't doing pike-and-lance charges into panzer lines. Just like most motorized units, WWI and WWII cavalry didn't fight from horseback - it would use horses to get to where they were going to fight, and dismount to fight.

The Eastern Front had a lot of terrain that was not conductive to wheeled travel.

Cavalry is also far more cost-efficient at hunting down partisans, and terrorizing civilians. It doesn't need petrol, you can just steal horsefeed directly from the people you are occupying.

xdennis|3 years ago

> Reminds me of the US General who, in WW II, insisted cavalry still had a place in warfare. Can’t remember his name.

Cavalry still had a huge role to play in WW2. You didn't ride them into battle (you didn't do that in WW1 either), but they were used for transport. Germany and Russia used 6 million of them.[1]

[1]: https://en.wikipedia.org/wiki/Horses_in_World_War_II

mistrial9|3 years ago

strongly agree

(no title)

discuss