undefined | Better HN

0 pointsbenreesman8mo ago0 comments

This is the killer eBPF usecase for the non-engineer user: getting underneath TLS and DoH (which have both been effectively weaponized at this point).

No means no, my computer my choice. sudo build a real product.

0 comments

JoshTriplett8mo ago

> getting underneath TLS and DoH (which have both been effectively weaponized at this point).

Only to the extent you are running software you don't trust. If you're running a user agent (e.g. a browser), rather than an app, you can easily do full ad-blocking much more effectively.

Calling TLS and DoH a weapon because apps you don't trust can use them to maintain integrity of their connections is like calling secure coding practices a weapon because they make jailbreaking harder.

benreesmanOP8mo ago

Yeah I'm just going to have to completely disagree at a militant volume. Keeping the contents of connections made on my behalf secure from my own inspection is fucked up and I want harm to befall those that do so.

I'm not a little angry about surveillance capitalism, I'm start a war angry about it.

JoshTriplett8mo ago

I agree with your frustration, and just fundamentally disagree with your attribution of blame. Security is a feature. Software that works against its user is an awful thing. Security features that help secure software for the benefit of users do not become bad just because they also help secure software that works against the user. The solution there is not running software that works against its user.

Eliminating buffer overruns across the entire industry will also make it harder to e.g. jailbreak game consoles or iOS devices. That doesn't make it bad to eliminate buffer overruns; the problem is with devices requiring jailbreaking in the first place, rather than serving their users.

If you believe that TLS and DoH do more harm than good, you may be in a bubble where e.g. things like pihole are common, rather than being obscure tools used by highly technical users who tolerate and debug breakage.

1 more reply

j / k navigate · click thread line to collapse

0 comments

JoshTriplett8mo ago

> getting underneath TLS and DoH (which have both been effectively weaponized at this point).

Only to the extent you are running software you don't trust. If you're running a user agent (e.g. a browser), rather than an app, you can easily do full ad-blocking much more effectively.

benreesmanOP8mo ago

I'm not a little angry about surveillance capitalism, I'm start a war angry about it.

JoshTriplett8mo ago

1 more reply

j / k navigate · click thread line to collapse