this post was submitted on 23 Feb 2025
353 points (99.2% liked)

Europe

2565 readers
1188 users here now

News and information from Europe ๐Ÿ‡ช๐Ÿ‡บ

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in [email protected]. (They're cool, you should subscribe there too!)
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)

(This list may get expanded when necessary.)

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the mods: @[email protected], @[email protected], or @[email protected].

founded 8 months ago
MODERATORS
[email protected]
[email protected]
[email protected]
353
It is no longer safe to move our governments and societies to US clouds - Bert Hubert's writings (berthub.eu)
submitted 1 day ago by [email protected] to c/[email protected]
23 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 16 points 1 day ago* (last edited 1 day ago) (1 children)

Tried to explain that to the higher ups in my org for months.

They introduced some proxy/VPN that pipes all of our traffic through a service that is not only breaking SSL, but also owned by a US corporation.

That's enough red flags to make Mao blush, but nobody saw any problem in it....

[โ€“] Sirius006 1 points 11 hours ago (1 children)

Care to elaborate for someone that is not in tech? Does twingate fall in that category?

[โ€“] [email protected] 4 points 10 hours ago (1 children)

Let's say you open Youtube (or any other site) in your browser. Normally, that connection is encrypted end2end, so only Youtube and you see what data is being sent. An outside observer (your employer, your ISP, etc) might deduce from the network traffic that you're accessing YT, and how long/how much data, but nothing else.

This encryption is based on SSL/TLS, in a small nutshell, that works by having a chain of cryptographically signed certificates, that proof to you, that YT is really YT, and not someone else (your employer, for example). Attacks like this are called Man in the Middle (MITM). The certificate chain however, needs an anchor. Somewhere to start. These are called Root CA (certifying authorities). Typically these are dedicated companies or large ISPs. Their certificates (the public parts) are stored on your device from the factory (more or less). And thus your device can verify the entire chain of trust from the certificate YT send you down to the RootCA..

Now, if someone would install a new RootCA certificate on your device, than that entity could become a Man in the Middle, it acts as a relay for all of the traffic going out of your device, can read everything send over the wire - and your device wouldn't even know it. If that entity would be part of a US company, they would be legally forced to hand over all their data to NSA, FBI, etc. even if the actual data transfer woud happen completely within Europe.

This is exactly what Twingate seems to do. Crowdstrike and ZScaler are similar products.

The underlying problem here is that IT security in large organizations doesn't mean "How can we be secure?", but "How can we make a legal argument that we did nothing wrong?". So security clusterfucks like this can be implementend, since the CTO can claim not to have been negligent.

PS: The description above is obviously very simplified, the Wiki articles for SSL/TLS are much better.

[โ€“] Sirius006 2 points 8 hours ago

Wow, thanks a lot for the detailed explanation. More than enough for me for the moment, but it seems I'll have more changes to make than I thought, and a lot more research.