Marcos MaradoMarcos Marado - 2013-09-06T11:45:07+0100 - Updated: 2013-09-06T11:45:07+0100
Originally shared by Jan WildeboerGood to see that Bruce Schneier fully agrees with what I have been preaching (as Evangelist ;-) for years.

- Centralization makes abuse cheap
- A free society must set a high price for abuse to protect freedom

Hence it follows that we must drive up the cost of abuse. How to?

- Decentralize, decentralize, decentralize
- Mesh networks, mesh networks, mesh networks
- Private certificates, private certificates, private certificates
- Open Standards, open standards, open standards
- Free Software/Open Source, Free Software/Open Source, Free Software/Open Source
- Simple to use solutions that Just Work.

Most importantly: Don't become paranoid but change the trust model from looking up to authorities to looking sideways to your peers.
Shared with: Public, Marcos Marado, Ricardo Proença, Rui Seabra
+1'd by: Pedro O. (Dissidente), Rui Seabra, André Esteves, Pedro Ângelo, Ricardo Proença
Reshared by: Rui Seabra
Ricardo Proença - 2013-09-06T12:03:24+0100
But for being mostly free of abuse don't you agree that software and hardware must meet those conditions cumulatively?

Because as per this NYT article and Snowden Leaks (http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&_r=0) even open standards (ie, standards adopted by ISO, I'm not discussing the openness of the process) can be used as trojan horses.
Marcos Marado - 2013-09-06T12:27:00+0100 - Updated: 2013-09-06T12:27:28+0100
+Ricardo Proença Well, I really need to discuss the "openness of the process" in order to reply: the "standard" discussed in that article is not an open standard (NSA being its sole editor is reason enough for it not to be), and what the initial post says is that you must rely on open standards (and the definition of open standard isn't "everything ISO adopts"). But it is relevant to add that "open standards" aren't enough an answer, you can trust its implementation if it is free software.
Rui Seabra - 2013-09-06T12:48:11+0100
Many, if not most, ISO standards are not open by any sane definition...
Ricardo Proença - 2013-09-06T15:00:08+0100
+Marcos Marado and +Rui Seabra   my thinking about ISO standards setting process is the same as yours, specially if a specific one is authored by one institution or by several that belong to the same group of interests, moreso after the debacle of OOXML.

I've choosen standards because:
- Some ISO standards are used in open source software (eg ODF)
- The definition of open standards as per Open Source Initiative (http://opensource.org/osr) is probably not sufficient to deter that type of wrongdoing (although it's common sense there's no provision for preventing the approval of standards as such if they are authored by one institution)
Marcos Marado - 2013-09-06T15:04:19+0100
+Ricardo Proença See the 4th item of FSFE's definition: http://www.documentfreedom.org/openstandards.en.html
Ricardo Proença - 2013-09-06T15:20:20+0100
+Marcos Marado  Thanks for the hint. That is much more reasonable. I don't understand why OSI doesn't has the same principle.

This new article from Falkvinge adds new light on the issue:
http://falkvinge.net/2013/09/06/with-the-nsa-the-gchq-the-fra-inserting-crypto-backdoors-into-infrastructure-they-are-now-the-enemy-of-all-mankind/

And I recommend this article about standards as means of economic warfare:
http://www.infoguerre.fr/matrices-strategiques/normes-et-standards-informatique-etats-unis-sont-maitres-du-monde/