[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read



On Tue, Dec 31, 2019 at 7:46 AM Matt Harris <matt at netfire.net> wrote:

>
> On Tue, Dec 31, 2019 at 10:34 AM Royce Williams <royce at techsolvency.com>
> wrote:
>
>> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris <matt at netfire.net> wrote:
>>
>>>
>>> The better solution here isn't to continue to support known-flawed
>>> protocols, which perhaps puts those same populations you're referring to
>>> here at greatest risk, but rather to enable access to open technologies for
>>> those populations which ensures that they can continue to receive security
>>> updates from a vendor that doesn't have a big financial motive to deprecate
>>> devices and force users to purchase upgraded hardware instead of just
>>> receiving security updates to their existing devices.
>>>
>>
>> Unfortunately, this is the high-tech privilege equivalent of saying "let
>> them eat cake" - because of upgrade friction on mobile in under-resources
>> areas (including, I might add, specific sub-populations of US consumers!)
>>
>
> Perhaps more unfortunately, the other option - to continue supporting
> known-flawed protocols - is simply saying "let them be victimized."
>

With the rise of state-level disinformation at scale, I see your point.


> Accepting that we should instead support technologies that place those
> very same populations at risk is coming from a place of privilege for the
> reasons I mentioned previously: you live somewhere with relatively
> peaceful/democratic governance, usually have at least some ISP choice, and
> are likely not otherwise under the thumb of an oppressive regime at some
> level of another - so when your browser makes a TLS1.0 connection, you
> probably don't even think about it, much less worry about it, because you
> don't have to. The populations we're discussing here, on the other hand,
> all too often do.
>
> What it comes down to is a question of whether we want to solve what we
> know today is a real problem or let it fester until abuse reaches an
> untenable level in some big, news-headline-making way. One way we can
> combat this specific issue is to make open technologies accessible. But
> that requires major investment on our side of the world, and prior attempts
> to do so (Ubuntu's open source phone OS for example) have largely been
> commercial flops.
>

Indeed. Though a non-commercial (grass-roots, sponsored, or legislative)
solution seems similarly unlikely.

Royce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191231/21a0ef8c/attachment.html>