Looks interesting, as others have pointed out this seems very similar to iCloud Private Relay. Curious who is providing the blind relays for Obscura, I didn’t see the info on the website.
If you assume state actors can compromise the supply chain with impunity your Yubikey is the least of your concerns I would think. Why wouldn’t they just place a hardware implant in your computer :).
There is no potentially detectable 'implant' required in these cases, it can be sufficient to capture a factory initialized private key.
The width supply chain of computers is enormous, and only a tiny fraction of computers available are interesting to compromise. This would make it astronomically expensive to compromise a significant fraction of all computers that are useful to compromise and the risk of detection would be fairly high. The market of security keys is relatively small and a significant portion are worth compromising, compromises there are much more effective.
If state actors do not completely compromise the manufacture of these keys then they are extremely incompetent and derelict in their duties.
Put another way, if the {pick your boogeyman state} government started issuing hardware cryptokeys and suggesting you use them as a single factor access to your servers, what would you think of that?
Would your opinion be improved if they just didn't announce that they were the boogeyman state and instead did business under a cover company?
Do you have any realistic means of determining that this isn't happening?
"I let someone else generate my secret keys for me" is a failure at the most basic level of security, and that failure isn't removed by them also putting the secret keys in a potted, opaque, and unauditable hardware device.
Yubikey as a second factor is a fantastic improvement-- it's a quite strong protection against attackers who couldn't compromise the keys.
Yubikey as a single factor is simply key escrow with extra steps.
Claiming that trusting the devices own 'fingerprint permission' is two-factor is deceptive since an attacker which has compromised the device's construction, design, or confidentiality of its state only faces one-factor security.
I was also a bit surprised by the simplicity of course 1, but then remembered that the course as a whole is designed for folks with no experience. Looking through the descriptions for the other courses (the actual material isn't out yet) I'm hopeful they will have the level of depth I think we're all expecting.
Yeah you definitely want to keep in mind that this cert, and especially Course 1, has to be accessible to anyone. So it's building a foundation of common knowledge for the other courses which absolutely go into much more details.
Sometimes I wish the gov't would just come out and say what everyone is thinking:
Yep we are spying on you, (insert name of foreign leader), just like you are trying to spy on our leaders.
There are good arguments to be made against mass surveillance of the internet at large, but expecting that countries will stop spying on each other anytime soon is plain stupid.
Hands down one of the best interfaces / UX I have ever used. It's about time someone made sending money really simple and free. Can't wait to see how this service matures.
If you have not watched at least that first 30 minutes of Engelbart's talk, I would recommend you stop what your doing and watch it right now.
In an hour and 40 minutes Englebart demonstrates input via mouse, video conferencing and collaborative editing among other things. This was before the internet, before UIs, before the idea of personal computing. Incidentally the most profound thing about this demo is not the technology demonstrated but rather the introduction of the concept of personal computing. At a time where computers were reserved for number crunching Englebart envisioned a future where they would be a part of our daily lives not controlling us but enhancing our abilities.
A quick side note, it is worth noting that while Englebart was certainly the visionary, his partner Bill English brought Englebart's visions into the world.
As long as Uber is proving a useful service in a lawful manner, not ripping people off, the the city should let the consumers decide whether they should stay in business.
If they are such a threat to the DC cab industry the cab companies would do well to adopt some of the techniques that are making Uber so successful.
The problem is that the DC cab industry was so corrupt that they ended up heavily regulated. Now those regulations do not allow them to do things that Uber does. The fix isn't to outlaw Uber, but to allow the taxis to compete in the same way.
