1. 70
  1.  

  2. 18

    My favorite quote in this article:

    US providers may leak less customer data, but to compensate, they flat out sell it.

    It made me chuckle. Not because it was funny, but because chuckling is one of my coping mechanisms when I see something I know is true and ridiculous.

    1. 17

      The more and more I read about it and think about it, the change to the way we’ve operated our economies over the last 30 years is appalling. Outsourcing millions of jobs to China and India for the profit of the rich has decimated the working and middle class, and outsourcing critical infrastructure and critical privacy-sensitive data handling as explained in the article should simply be illegal.

      Communication networks are critical infrastructure. They should be manufactured, owned, operated and serviced by the government like any other critical infrastructure.

      1. 13

        Outsourcing millions of jobs to China and India for the profit of the rich has decimated the working and middle class

        Outsourcing millions of jobs to China and India has also pulled hundreds of millions of people out of abject poverty. The “decimated“ working classes in the West haven’t fallen nearly as far as the poor in China have risen. We ought to be cheering, if we value all human life and opportunity equally.

        To quote the Wikipedia article on poverty in China:

        decades of economic growth have largely eradicated urban poverty.[1][2][3] The dramatic progress in reducing poverty over the past three decades in China is well known. According to the World Bank, more than 850 million Chinese people have been lifted out of extreme poverty; China’s poverty rate fell from 88 percent in 1981 to 0.7 percent in 2015

        Don’t disagree on the national security part of your comment: we ought to be very concerned about the Chinese government and their influence

        1. 4

          China could have industralised without us outsourcing jobs to them. Who was outsourcing jobs to the UK when it industralised? Nobody. China didn’t even have to invent the bloody technology. It was already well documented. The idea that without outsourcing, India and China wouldn’t have industralised is just silly.

          1. 11

            The UK industrialised on the backs of its colonial possessions. It extracted great wealth from them, wrecked their native industries and forced them into being captive markets for British goods.

            1. 2

              The UK would still have industrialised with that. Germany industralised without having any significant colonial possessions.

              1. 8

                Togo, Namibia, Ghana, Tanzania, Cameroon, and Papua New Guinea would probably dispute the significance of the genocides and resource theft that Germany committed during colonialism.

                https://en.wikipedia.org/wiki/Shark_Island_Concentration_Camp

                1. 1

                  Perhaps. And I do agree that China and India could have industrialised without western outsourcing.

          2. 4

            Communication networks are critical infrastructure. They should be manufactured, owned, operated and serviced by the government like any other critical infrastructure.

            Right on. It will take a major event to shift this mindset. Unfortunately the security industry is split between snake oil solutions and black hat mentalities. I believe there’s more to it; specifically, robust, trustworthy infrastructure that is rigorously verified, free of unnecessary dependencies, and as user-friendly as possible. It’s not glamorous but it is necessary.

            1. 1

              They should be manufactured, owned, operated and serviced by the government like any other critical infrastructure.

              Yes. Let Flint, Michigan be responsible for their Telecom hardware. They definitely have not made any mistakes with their infrastructure that lead to major problems for their citizens. That they are not the only responsible party is not adequate defense.

              1. 3

                They aren’t a responsible party. There’s no reason I can think of to make that kind of infrastructure locally controlled. The whole advantage of being America is you have the best and biggest economy of scale the world has ever seen. Infrastructure is a national security issue and should be a national concern.

                1. 1

                  Infrastructure might be a national concern, but it’s a local problem. You can’t possibly have a single contractor do all the work to maintain a system, there is no way for the government to afford to maintain such a system, and it will end up coming down to local municipalities no matter what.

                  1. 3

                    Why would a contractor do it? That’s what the government is for.

                    there is no way for the government to afford to maintain such a system, and it will end up coming down to local municipalities no matter what.

                    Two things.

                    Firstly, how you allocate resources between national and local governments is totally up to the national government, which is sovereign. Allocating all the national resources to local governments and then saying ‘the national government can’t afford to do infrastructure’ is silly.

                    Secondly, if any first world national government can afford to maintain infrastructure, the USA can. People that say ‘oh but the USA is huge so it’s different’ really annoy me. Yeah, it’s huge. There’s 325 million people to provide infrastructure for, sure. There’s also 325 million people to pay taxes. It scales linearly…

                    1. 1

                      sublinearly actually

                2. 2

                  and the private interests in flint get a pass?

                  1. 1

                    whoosh

                    1. 1

                      what your entire comment was sarcastic?

              2. 4

                As someone who is working in the telecom industry, I can assert, mobile network operators have become less composed of technical experts creating and doing their own things and more about managing and juggling multiple vendor solutions. It has become rare to encounter mobile operators that know what they are doing without relying on consultants hired for specific projects and delegating everything to the cheapest third party that fulfills the RFP written by that consultant. Even more absurd, sometimes the consultants have no idea what they are talking about and MNOs are buying things they have no clue about and will never use just for the hype of ticking a box on a sheet.
                Let’s add that the field is hard to get into, the documentation is fierce to dive in. That leads to many security vulnerabilities, which are in a lot of cases not really vulnerability but features and configurations that haven’t been set properly because no one had any idea what they were doing.

                1. 1

                  How much did the complexity of the standards contribute to this disaster? Why is the world still hooked on this mobile crap instead of having good public Wi-Fi coverage everywhere?

                  1. 8

                    The Wi-Fi standard is not well-suited for medium-distance communication. The frequencies only work on short-distance. The mobile crap is like this because it is complex to build a good network with some distance between the nodes. Using Wi-Fi instead would not make it magically better, you’d have complex addendum to the Wi-Fi to make it minimally viable.

                    Funnily, the frequencies for 5G will also favor short-distances, meaning only high-density cities will have proper coverage.

                    1. 1

                      In many many countries that’s just not possible, while upgrading the existing infrastructure is easier to do and is almost invisible to the end-user.

                      1. 1

                        The standards are amendments over amendments over amendments, all stacking one over the other and referencing one another. You literally have to jump between 10-20 documents all the time. So I think that yes, the standards being convoluted has pushed mobile operator away from implementing them and letting third party handle the complexity. As for Wi-Fi, you’d need a brand new infrastructure to cover everything, which costs money, time, and legal approval in many countries. Mobile has the premise of being seamless. Let’s also not forget the players here, sim card manufacturers are manufacturing credit and debit cards, passports, and sometime even cash money for countries. They are very big. Same for core network equipment manufacturers. There’s a whole ecosystem of actors that benefit from this.

                    2. 2

                      Seems like a ton of hgih level similarities here to the Boeing 737 MAX: ‘capitalist’ (shareholder/financial/board-level) pressure driving decision making, government control/regulation/awareness losing out to lobbying and financial interests, last person anyone cares about is the consumer who has no visibility of issues until they are critical.

                      1. 2

                        This is not just an EU thing, exactly the same has happened in Australia.

                        I don’t believe this will be fixed until we are forced to by some geopolitical upheaval. It is important developers actively assume the communications network is hostile to prevent harm to users.

                        1. 1

                          It is important developers actively assume the communications network is hostile to prevent harm to users.

                          Harm from whom? The service provider itself, for whom the user traffic is a valuable recurring revenue stream?

                          The domestic government, who may be interested in preventing crime, tracking dissent, or other uses of “lawful intercept”?

                          Or a foreign government, who may use backdoors to spy on the domestic government or on industry?

                          1. 5

                            The network is always hostile. There are many public 0-days currently affecting hundreds of mobile operators and millions of customers around the world, and most of them are not patchable. Some operators don’t verify source addresses for custom SMS senders, leading to easy phishing attacks as the SMS will be listed along with legit ones. Some operators are state owned and can tap on any form of 2FA using SMS. etc.. There’s a lot of cases like this, so it’s better to assume the network is like a clear-text channel unless it is wrapped in another layer of security.

                        2. 2

                          Ericsson has offices in all over the world, including China, but most of the major decisions still happen in Sweden/Europe.

                          1. 3

                            Doesn’t mean much if technical implementation is developed someplace else.

                            1. 3

                              a lot of technical implementation is also in Europe, but sometimes in cheaper labor european countries. Also, they usually work with very “waterfall” style of development, where smaller offices just implement some big vision of a big office

                            2. 2

                              Same for Nokia.

                            3. 2

                              There are other problems with 5G, like major health concerns.

                              1. 12

                                The main problem with 5g is that 4g already provides way more bandwidth than customers can actually use, because of the fucking obscene price-gouging that goes on when you go over your low monthly cap. There’s zero incentive for customers to GaF. 4g is fast enough to stream video to a mobile device, and if you’re tethering you get enough bandwidth in good reception areas to chew up your monthly limit in 10 hours.

                                1. 5

                                  fixing it for germany:

                                  to chew up your monthly limit in 10 hours minutes.