nanog mailing list archives
Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read
From: Royce Williams <royce () techsolvency com>
Date: Tue, 31 Dec 2019 07:49:23 -0900
On Tue, Dec 31, 2019 at 7:46 AM Matt Harris <matt () netfire net> wrote:
On Tue, Dec 31, 2019 at 10:34 AM Royce Williams <royce () techsolvency com> wrote:On Tue, Dec 31, 2019 at 7:17 AM Matt Harris <matt () netfire net> wrote:The better solution here isn't to continue to support known-flawed protocols, which perhaps puts those same populations you're referring to here at greatest risk, but rather to enable access to open technologies for those populations which ensures that they can continue to receive security updates from a vendor that doesn't have a big financial motive to deprecate devices and force users to purchase upgraded hardware instead of just receiving security updates to their existing devices.Unfortunately, this is the high-tech privilege equivalent of saying "let them eat cake" - because of upgrade friction on mobile in under-resources areas (including, I might add, specific sub-populations of US consumers!)Perhaps more unfortunately, the other option - to continue supporting known-flawed protocols - is simply saying "let them be victimized."
With the rise of state-level disinformation at scale, I see your point.
Accepting that we should instead support technologies that place those very same populations at risk is coming from a place of privilege for the reasons I mentioned previously: you live somewhere with relatively peaceful/democratic governance, usually have at least some ISP choice, and are likely not otherwise under the thumb of an oppressive regime at some level of another - so when your browser makes a TLS1.0 connection, you probably don't even think about it, much less worry about it, because you don't have to. The populations we're discussing here, on the other hand, all too often do. What it comes down to is a question of whether we want to solve what we know today is a real problem or let it fester until abuse reaches an untenable level in some big, news-headline-making way. One way we can combat this specific issue is to make open technologies accessible. But that requires major investment on our side of the world, and prior attempts to do so (Ubuntu's open source phone OS for example) have largely been commercial flops.
Indeed. Though a non-commercial (grass-roots, sponsored, or legislative) solution seems similarly unlikely. Royce
Current thread:
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read, (continued)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Constantine A. Murenin (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Mike Hammett (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Peter Beckman (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Matt Harris (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Mike Hammett (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Matt Harris (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Royce Williams (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Josh Luthman (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Royce Williams (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Matt Harris (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Royce Williams (Dec 31)
- Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read Jared Mauch (Dec 31)