• uis@lemmy.world
    link
    fedilink
    arrow-up
    112
    ·
    1 year ago

    Why the fuck “cash society” is backside? It means they care about privacy.

    • xChronoZerox@lemmy.today
      link
      fedilink
      arrow-up
      35
      ·
      edit-2
      1 year ago

      The post isn’t about privacy, if it was, faxing wouldn’t be on there. I’d wager a strong guess it’s about convenience on one hand while choosing to be inconvenient on the other.

      Edit: or maybe it’s more about high tech in some sectors and low tech in others, still not about privacy.

        • LwL@lemmy.world
          link
          fedilink
          arrow-up
          19
          ·
          edit-2
          1 year ago

          Fax is unencrypted. Encrypted versions apparently exist but that’s not what Japan and Germany use.

          And that aside my mom regularly gets sensitive patient data via fax at her workplace because the number is one digit off some doctor’s (bonus points for the inverse also happening, and her also working with sensitive data). Far less likely to happen with email. At most encrypted fax is equally secure.

          • Aceticon@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            It is however point-to-point plus doesn’t go over a public network and the routers of “random” 3rd parties (as IP does not necessarily route your packets always via the same path, and NNTP - the e-mail protocol - is even worse).

            Faxing is probably is inherently more private simply because generally there is just 1 company controlling the entire network it travels through (i.e. the phone landline network), though I would hardly call it secure.

            Properly encrypted e-mail is more secure with regards to the contents but it leaks metadata (that there was a message of a certain size from a certain sender to a certain receiver at acertain time) to a lot more 3rd parties than a fax would.

            • uis@lemmy.world
              link
              fedilink
              arrow-up
              7
              ·
              1 year ago

              doesn’t go over a public network

              Your fax just went over public telephone network.

              and NNTP - the e-mail protocol - is even worse

              Wow, I haven’t seen NNTP in ages. Who still uses newsgroups? And how they even use it for email?

              • Aceticon@lemmy.world
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                Yeah, you’re right - it’s SMTP not NNTP. Considering that back in the day I used to telnet to port 25 of my uni’s server to send e-mails portraying as one of my teachers to take the piss of my friends and hence knew at least some of the protocol, I must be getting old to confuse the acronyms.

                But yeah, the main point is not the network being “public” (in the sense that anybody can access it) it’s that - as I explained but you seemed to have missed - the intermediate hops for an e-mail travelling on the internet can be owned by just about anybody and, worse, not necessarilly in your country working under local laws - routing will often send things around in quite unexpected tours on a physical sense depending on network topology - whilst the nodes the fax data travels on a phone network are generally owned by just 1 company or 2 (the latter in countries with multiple landline providers if you send it from a phone in one to the phone in another, as the network topology is much simpler and all providers connect to each other directly).

                If your data goes over at most only 2 networks owned by very specific companies it is inherently safer from eavesdropping that if it goes over an unknown number of networks owned by an unknow number of companies. This is not the same as saying it’s “safe” - it’s just one relative to the other, rather than an endorsment of faxing.

                Also there are usually laws around eavesdropping on phone calls, from the old days, whilst it’s the Wild West out there when it comes to those operating intermediate nodes eavesdropping on e-mails.

                Frankly, if you can’t send the data encrypted, then faxing is probably safer from a privacy point of view (it would take a crooked telecoms operator risking their license, a Court Order or physical access to eavesdrop on it), but if encrypted e-mail is safer at least content-wise, though as I pointed out plain e-mail with unencrypted headers leaks meta data even if the contents is encrypted.

                • uis@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  to send e-mails portraying as one of my teachers to take the piss of my friends and hence knew at least some of the protocol

                  Nowdays client-server and server-server communication is ecrypted and signed, so no an issue now.

                  not necessarilly in your country working under local laws

                  Scary part when they do

                  • Aceticon@lemmy.world
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    edit-2
                    1 year ago

                    Yeah, those were the “good old days” before the openning of the Internet to the broader public when most protocols were all naive and innocent, with zero security consciousness, and SMTP servers didn’t even require a username:password pair from clients to send e-mails with specific From fields.

                    Mind you, it’s still possible to connect to most SMTP servers using the unencrypted protocol - as it sits on a different port than the stuff using TLS so can be enabled alongside the encrypted protocols - though it’s highly inadvisable to use the plain text protocols (the reason for which, by the way, goes back to my point about how IP can route packets through who-knows-were, so unencrypted stuff - most dangerously your password to access your e-mail - can be more easilly eavesdroped), but at least even the non-encrypted stuff nowadays requires a username and password.

                    As for your “point” about local law well, if you live in a coubtry next to those guys faxes will not go via there, ever, e-mails might very well go via there and end up in the modern equivalent of those tapes. Interestingly enough on this, when Snowden revelatiosn came out it was discovered that the UK surveillance apparatus (which is way more abusive than even the US) was eavesdropping on their side of the submarine cables that crossed the Atlantic from their coast and thus managed to eavesdrop on a significant proportion of the internet communications to and from all of Europe.

                  • Chobbes@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    1 year ago

                    Nowdays client-server and server-server communication is ecrypted and signed, so no an issue now.

                    This is probably true, but in a very unsatisfying way. It’s not accurate to say this is not an issue now because mail servers talk to each other with opportunistic encryption — if both ends say “hey, I support TLS” they’ll talk over TLS, but if either end claims to not support TLS they’ll default to plain text. This is deeply concerning because it’s very possible for somebody to mimic another server and get the connection downgraded to plain text, bypassing TLS altogether. There are standards to deal with this, like DANE, but most large e-mail providers don’t support this… The other more recent standard to address this is called MTA-STS, but it’s much weaker than DANE and can potentially be exploited (but at least gmail and outlook support it, I guess). E-mail security is in a weird place. It’s slightly better than the “completely unencrypted” situation that people seem to think it is… But it’s also pretty much impossible to guarantee that your e-mail will not be sent over plain text.

          • ours@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Most emails are unencrypted. And indeed, in the medical profession, they were widespread. Nothing can protect from the sender putting in the wrong number or email address. I’ve received some seriously sensitive emails not meant for me because the people made typos and the recipients had the same family name as me (not sure how the email server decided it was close enough and delivered them to me).

            I’ve also read for some businesses, it was critical to get an instant receipt that the fax has been properly received.

            Now, I’m not defending using obsolete fax machines, it just had one advantage over email but today there are much better alternatives and dedicated platforms.

            • friendlymessage@feddit.de
              link
              fedilink
              arrow-up
              11
              ·
              1 year ago

              Most emails are unencrypted.

              No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

              Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.

              • Chobbes@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

                This is true AND untrue at the same time! It’s true that most e-mail providers will talk to other e-mail providers with TLS, but it’s trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say “hey, I’m the e-mail provider you’re trying to talk to, I don’t support TLS, talk to me in plain text!” and the senders will probably oblige. There’s a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there’s a good chance that your e-mail is reasonably well secured, but it’s absolutely not a guarantee.

                • friendlymessage@feddit.de
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the “in most circumstances” line, my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all. If not for their users’s privacy, then at least to combat spam.

                  • Chobbes@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    edit-2
                    1 year ago

                    That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not.

                    Why would TLS 1.3 prevent this kind of downgrade attack? The issue is that TLS has never been a requirement for e-mail servers, so for interoperability they only do TLS opportunistically. Even if you configure your own e-mail server to only talk over TLS, nobody else knows that your server only speaks TLS (or speaks TLS at all), so if somebody is pretending to be your mail server they can just claim to only speak plain text and any sender will be more than happy to default to it. If you support DNSSEC you can use DANE to advertise that your mail server speaks TLS, and even fix the certificates that are allowed, but senders will actually have to check this in order to make sure nobody can intercept your e-mail. Notably both outlook and gmail do not support this (neither for sending nor receiving!), they both instead rely on the weaker MTA-STS standard.

                    my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all

                    They absolutely do :).

                    I highly doubt the “in most circumstances” line

                    That was maybe too strong of a statement, at least with the recent adoption of MTA-STS this is at least less trivial to do :). The intent of this statement was more “if you are in the position to be a man-in-the-middle between two generic e-mail servers it is trivial to downgrade the connection from TLS to plaintext”. I wouldn’t be surprised if it was hard-coded that gmail and outlook should only talk to each other over TLS, for instance, which should prevent this for e-mails sent between the two (I also wouldn’t be surprised if this wasn’t hard-coded either… There’s sort of a bad track record with e-mail security, and the lack of DNSSEC from either of these parties is disappointing!). Ignoring special configuration like this, and without MTA-STS or DANE these downgrade attacks are trivial. Now with the advent of MTA-STS you’ll probably have a reasonably hard time downgrading the connections between some of the large e-mail providers. Though notably this is not universally supported either, iCloud supports neither MTA-STS nor DANE for instance, and who knows about all of the various providers you never think of. This is a bit of a tangent, but a good talk about how large mail providers might not be as well configured as you’d hope: https://www.youtube.com/watch?v=NwnT15q_PS8

      • Hello Hotel@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Because a piece of highly debated governance structure, manifest as a piece of technology was put on the “bad” list, (by accedent?) implying the old way is out of date and switching is as much of a “you dont need to think, its just better” (no brainer) as switching your floppy disks and CRTs for USB sticks ano OLEDs. Tech advancing is usually but not a definite good thing.

    • TauZero@mander.xyz
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Question: do the Japanese actually care about privacy? I know I do, but if you were to ask a Japanese person why does their country use cash, would they say “We have considered a system of payment cards and decided against it for privacy reasons” or would they just shrug and say “I dunno, I’m not in charge of payment systems, I use what I have”?

    • arc@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Not necessarily. It might be privacy but it could also be a combination of other reasons too - a cultural aversion to paperless transactions, a lack regulation for electronic payments, lack of a decent indigenous payment system, lack of financial safeguards, prevalence of fraud / skimming devices etc.

      Some European countries were more into electronic transactions than others but with stuff like SEPA, chip & PIN, contactless payments I think most people are just fine using electronic payment unless they have reason to control the transaction in some way. For example I usually pay pretty much everything electronically but I still pay taxis and most restaurants with cash. Also tradesmen if they’ll give me a discount for cash.

      • CurlyMoustache@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I used to work in a shop when I was younger, and the older generation always asked for “cash discount”. Why on earth would we do that, my boss said to me. We need the money to be in the shop’s bank account, not laying around somewhere and not being used.

        I remember carrying several 100k of our money, late at night, to our banks night safe and drop it in. That sucked. And they charged us for this too

        • arc@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Cash is off the books so there is an incentive for certain kinds of businesses like tradesmen to take cash because it still works out cheaper since they don’t have to declare it to the taxman.

    • Aux@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Cash is traceable in most countries for decades now. Cash doesn’t mean privacy.