Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.
In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the ’90s. The flaws remained unknown publicly until their disclosure, because ETSI refused for decades to let anyone examine the proprietary algorithms.
[…]
But now the same researchers have found that at least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping. The encryption algorithm used for the device they examined starts with a 128-bit key, but this gets compressed to 56 bits before it encrypts traffic, making it easier to crack. It’s not clear who is using this implementation of the end-to-end encryption algorithm, nor if anyone using devices with the end-to-end encryption is aware of the security vulnerability in them.
[…]
The end-to-end encryption the researchers examined recently is designed to run on top of TETRA encryption algorithms.
The researchers found the issue with the end-to-end encryption (E2EE) only after extracting and reverse-engineering the E2EE algorithm used in a radio made by Sepura.
These seem to be deliberately implemented backdoors.
I'll start with the tl;dr summary to make sure everyone sees it and then explain further: As of September 1, we will temporarily be forced to block access to Dreamwidth from all IP addresses that geolocate to Mississippi for legal reasons. This block will need to continue until we either win the legal case entirely, or the district court issues another injunction preventing Mississippi from enforcing their social media age verification and parental consent law against us.
Mississippi residents, we are so, so sorry. We really don't want to do this, but the legal fight we and Netchoice have been fighting for you had a temporary setback last week. We genuinely and honestly believe that we're going to win it in the end, but the Fifth Circuit appellate court said that the district judge was wrong to issue the preliminary injunction back in June that would have maintained the status quo and prevented the state from enforcing the law requiring any social media website (which is very broadly defined, and which we definitely qualify as) to deanonymize and age-verify all users and obtain parental permission from the parent of anyone under 18 who wants to open an account.
Netchoice took that appellate ruling up to the Supreme Court, who declined to overrule the Fifth Circuit with no explanation -- except for Justice Kavanaugh agreeing that we are likely to win the fight in the end, but saying that it's no big deal to let the state enforce the law in the meantime.
Needless to say, it's a big deal to let the state enforce the law in the meantime. The Mississippi law is a breathtaking state overreach: it forces us to verify the identity and age of every person who accesses Dreamwidth from the state of Mississippi and determine who's under the age of 18 by collecting identity documents, to save that highly personal and sensitive information, and then to obtain a permission slip from those users' parents to allow them to finish creating an account. It also forces us to change our moderation policies and stop anyone under 18 from accessing a wide variety of legal and beneficial speech because the state of Mississippi doesn't like it -- which, given the way Dreamwidth works, would mean blocking people from talking about those things at all. (And if you think you know exactly what kind of content the state of Mississippi doesn't like, you're absolutely right.)
Needless to say, we don't want to do that, either. Even if we wanted to, though, we can't: the resources it would take for us to build the systems that would let us do it are well beyond our capacity. You can read the sworn declaration I provided to the court for some examples of how unworkable these requirements are in practice. (That isn't even everything! The lawyers gave me a page limit!)
Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat. And because we're part of the organization suing Mississippi over it, and were explicitly named in the now-overturned preliminary injunction, we think the risk of the state deciding to engage in retaliatory prosecution while the full legal challenge continues to work its way through the courts is a lot higher than we're comfortable with. Mississippi has been itching to issue those fines for a while, and while normally we wouldn't worry much because we're a small and obscure site, the fact that we've been yelling at them in court about the law being unconstitutional means the chance of them lumping us in with the big social media giants and trying to fine us is just too high for us to want to risk it. (The excellent lawyers we've been working with are Netchoice's lawyers, not ours!)
All of this means we've made the extremely painful decision that our only possible option for the time being is to block Mississippi IP addresses from accessing Dreamwidth, until we win the case. (And I repeat: I am absolutely incredibly confident we'll win the case. And apparently Justice Kavanaugh agrees!) I repeat: I am so, so sorry. This is the last thing we wanted to do, and I've been fighting my ass off for the last three years to prevent it. But, as everyone who follows the legal system knows, the Fifth Circuit is gonna do what it's gonna do, whether or not what they want to do has any relationship to the actual law.
We don't collect geolocation information ourselves, and we have no idea which of our users are residents of Mississippi. (We also don't want to know that, unless you choose to tell us.) Because of that, and because access to highly accurate geolocation databases is extremely expensive, our only option is to use our network provider's geolocation-based blocking to prevent connections from IP addresses they identify as being from Mississippi from even reaching Dreamwidth in the first place. I have no idea how accurate their geolocation is, and it's possible that some people not in Mississippi might also be affected by this block. (The inaccuracy of geolocation is only, like, the 27th most important reason on the list of "why this law is practically impossible for any site to comply with, much less a tiny site like us".)
If your IP address is identified as coming from Mississippi, beginning on September 1, you'll see a shorter, simpler version of this message and be unable to proceed to the site itself. If you would otherwise be affected, but you have a VPN or proxy service that masks your IP address and changes where your connection appears to come from, you won't get the block message, and you can keep using Dreamwidth the way you usually would.
On a completely unrelated note while I have you all here, have I mentioned lately that I really like ProtonVPN's service, privacy practices, and pricing? They also have a free tier available that, although limited to one device, has no ads or data caps and doesn't log your activity, unlike most of the free VPN services out there. VPNs are an excellent privacy and security tool that every user of the internet should be familiar with! We aren't affiliated with Proton and we don't get any kickbacks if you sign up with them, but I'm a satisfied customer and I wanted to take this chance to let you know that.
Again, we're so incredibly sorry to have to make this announcement, and I personally promise you that I will continue to fight this law, and all of the others like it that various states are passing, with every inch of the New Jersey-bred stubborn fightiness you've come to know and love over the last 16 years. The instant we think it's less legally risky for us to allow connections from Mississippi IP addresses, we'll undo the block and let you know.
August 23 is WWdN’s official birthday. It was 24 years ago last week that I finished building a website from scratch (in notepad, using raw html), after about 6 weeks of intensive study, and many late nights of trial and several errors, and turned the lights on here, for the first time. Sadly, the earliest capture I can find at the Internet Archive is from 2002, but this is pretty much what it looked like for most of its first decade:
You’ve come a long way, baby.
Almost a quarter of a century, man. Twenty-four years. And to think that it had only been a few weeks earlier that I used Geocities to make my first website that I called Where’s My Burrito? I started my blog with this:
So the votes are officially in. Out of the total of 4 votes I got, all of them said it would be cool to have an online journal, so here it is.
Extra special thanks go to loren who directed me to blogger, a website that will hopefully make this whole weblog (the cool kids call it a “blog”) easy and painless.
I’m off now to make dinner for the family. You know what we’re having tonight?
Burritos. No shit.
I could have sworn I made my first posts in 2000, but it wasn’t until 2001, a few days before my birthday.
“The cool kids call it a blog.” Heh.
What a journey, huh? From there to here, in so many ways, even if I did have total access to the part of me that puts words together, I don’t know that I could fully communicate what it has all meant. I guess it’s a quarter century of growing up, becoming who I always wanted to be, and all the joys and sorrows along the way. I mean, I don’t have to tell you; a lot of you reading this today were also reading that, all those years ago.
I’m going to pause a moment to clearly and loudly say thank you to everyone who supported and encouraged me, then and now and in between. It’s been about 8300 days since I cut the ribbon here, and looking through my archives, I saw that I wrote this in on my blog’s birthday in 2019, after about 6500 days:
28 year-old me was struggling so much, in those days. He was trying so hard to be a good husband and stepfather with pretty much no support from his narcissist parents who weren’t thrilled about him marrying a woman with children. He struggled with undiagnosed depression, Anne’s vindictive and destructive ex-husband, and not meeting the extremely high expectations he had for himself. He has some real painful days ahead, but he gets through them with the love and support of his phenomenal wife, who he still can’t believe picked him, out of all the humans on the planet. He doesn’t know it, yet, but writing this blog is going to change his life, save his life, and make it possible for him to find his own dream, instead of trying (and failing) to live someone else’s.
I have grown and healed so much since 2019, in spite of the chaos, trauma, and cruelty we have all been subjected to since 2016, and I’m almost as proud as I am grateful.
I wanted to write something last week to mark this moment, but just couldn’t find the words, so I celebrated the moment quietly, which is how I’ve been doing basically everything for the last couple of years, while I am intensely focused on my own recovery. I don’t think I even mentioned to Anne that the date had passed.
That’s kind of where I’ve been, creatively and energetically, for this entire year. I mentioned in an Instagram reel that I haven’t had access to my creative self all year, I think largely because of the shock and trauma of America’s dumbfucks voting to put a fascist tyrant and his administration of incompetent criminals back into power, after we all saw how incompetent, evil, cruel, destructive, and violent they are.
Really great work, everyone. Especially everyone who was really worried about the cost of living, you know, the milk and eggs crowd? How’s that working out for you? And all the Walk Away people must be sleeping so well these days. Just fantastic fucking work all over the place, you fucking chuds. They are planning to ban the Covid vaccine, so those of us who want to protect ourselves from all the stupid conspiracy theorist dipshits who think bullshit and science are just “opinions” are just fucked, now. You’ve doomed us all to the world you alone deserve. I, for one, will never forget what you did to us, and I will never forgive you. I hope you spend the rest of your miserable lives ostracized, alone, and afraid. May you never know a moment of peace. May you wear your support for this petty little tyrant like a scarlet letter, so everyone knows who you are and what you did.
Anyway, as you can see, I’ve been distracted and preoccupied with all of this endless horror. I’m just exhausted by ten in the morning every day, and try as I might to find other things for my attention and time, I keep getting drawn back to the news, hoping I’ll see The Headline, or some indication that the entire Republican party, its punditry, and its media echo chamber have finally stopped being singularly focused on protecting and covering up for a pedophile rapist and his child sex trafficking pals. And I haven’t even touched on the endless attacks on innocent people who have been declared Enemies of the State because of who they love or the color of their skin. It’s fucking disgusting, deplorable, infuriating, and has ripped the mask off of much of America. It’s been really hard for a lot of us who grew up reciting and believing “liberty and justice for all”.
That’s my head, every day. I’m worried for the people I love, I’m sick to my stomach as I watch six unelected, transparently corrupt, Christian Nationalists issue unsigned decrees that overturn the will of the voters as they hand more and more unchecked power to a criminal and his criminal organization.
It is so hard to tell stories, to find the joy and release in creative writing, when I feel like the world outside my window is on fire. Sure, my privilege currently protects me, but Timothy Snyder pointed out that if we have to remind ourselves of all the ways we are currently safe from political lawlessness, we are already living in an autocracy. That’s scary as fuck to me.
For a lot of us who are survivors of abuse, every day with this motherfucker making everything about him and his fragile little ego is jabbing a finger into a deep bruise that can’t ever fully heal. For a lot of us who have worked so hard to leave and overcome our abusers, to live our lives as fully as possible in spite of our experiences, it is an endless struggle of flashbacks and nervous system dysregulation, while we remind our bodies that we aren’t trapped with our abuser anymore. Thank god for EMDR. Thank god I can afford regular mental health care. Thank god he’s going to die and hopefully soon.
I haven’t wanted to write anything in my blog because what I just wrote is all I have been able to write. When I want to tell a fun story about playing Mysterium with my family, taking my son axe throwing for his birthday, celebrating my son earning his Master’s Degree and starting his PhD, or any of the things I couldn’t wait to write Before All This, I stare at an empty document while I write and erase ten words over and over again, hoping these will be the ones that grant me access to my Creative Self. And the harder I try to find them, the more effectively they hide from me.
I have also felt like I shouldn’t write in my blog, while I have been struggling to write and turn in two pieces that I agreed to write last year. One is an introduction to a book, and the other is a short piece of fiction. Last week, I finally broke through on the introduction. After almost a full year of struggling and failing, I found it. It was so much fun to work on, so deeply satisfying to finish, and such a relief to turn in. I have never been this late on anything. I hope I’ll never be this late on anything again. I hope nobody notices that I’m writing in my blog when I haven’t finished the other thing, which I have started and abandoned too many times to count. I have probably written ten thousand words or so, trying to find the approximately 700 or so I committed to assembling into a story. I’ve tried to come at it so many different ways, from big ideas to small ideas, from limited points of view to omniscient points of view, and nothing is sticking. It just feels like I’m writing with someone else’s hands that don’t fit quite right. Maybe writing here today will help me find my own fingers again.
Maybe I needed time away, and that’s why I didn’t write anything in my blog for over a month, not even on the day that was a cause for celebration, the anniversary of the moment I took my first big step into the world that had always been hidden from me, or made inaccessible, by my dysfunctional family and abusive parents.
And I know that it is weird to hear a 53 year-old man talk about his parents and his childhood so much. I see pretty cruel commentary about that online, and while I don’t take it personally, I do compassionately hope that the kids who are saying it only do so because they haven’t experienced what I have, so they can’t understand. I get it; in a lot of ways, I feel like I’ve only been living my own life since I quit drinking in 2016 (hell of a year to start rawdogging reality, wil), and I’ve only been doing the work to recover from and manage CPTSD for a couple of years.
I don’t know how to do any of this, but I’m trying to figure it out. I know that writers get stuck and find their way out of it, and I’ve been doing my best to give myself patience and grace and space to figure it all out … I’m just growing impatient, is the thing.
I have a great story just sitting here, inches away from my fingertips, and I can’t figure out how to grasp it.
So I guess I’ll remind myself that I’ve been putting words together in public for about 8500 days, I’ve written a bunch of books — including a New York Times bestseller! — and that whatever it takes to do it is in me. It’s just doing a very good job of Not Being Seen.
But this feels like something of a start, anyway. I forget that it’s okay to make short, silly, 50 word posts here. I forget that I don’t have to follow up every long absence with something profound and carefully edited.
I’ve been doing this for almost 25 years, and I still forget. But today, I remembered.
A few weeks ago, my friend invited me to come to an amusement park with her. If you are an Ohioan or even in the neighboring states, you know that we are top of the game in the rollercoaster world. We were heading to Kings Island, which we both have gold passes for, so it was no trouble to drive a little south and ride some coasters.
The night before going to the park, I looked at the weather forecast and saw that it was going to be a brisk 90 degrees outside. Obviously, I would need to wear shorts and a t-shirt. However, it had been like, two weeks since I last shaved my legs, so obviously I was going to have to do that beforehand. But truth be told, I really didn’t feel like it. I didn’t want to shave my legs, but I had to if I was going to wear shorts the next day.
This thought process made me uncomfortable. Why was I so convinced that it was something that I had to do, a qualifier to meet if I wanted to wear shorts? Why was I telling myself that it was unacceptable to wear shorts unless I did something that I really didn’t even feel like doing?
For as long as I have been shaving my legs, which has been about fifteen years, I have always felt that it was something that I wanted to do. I don’t like having body hair, and I’ve always said that it’s just a personal preference for myself. Not having hairy legs is what makes me more comfortable in my body, and that’s just how it’s always been. So shaving my legs always made sense to me because it was something that I wanted for myself and for my body.
This was the first time I had thought to myself that I didn’t want to do it. And it was immediately met with, “well, I have to.” I do not like how that sounds! I don’t like my brain telling me that, because it made me question if the decision to shave was less of a personal choice than I thought all along. I also started to fear that everyone at the park would see my two-week-unshaven-legs and think I was some disgusting beast, some radical hippie that didn’t shower, all sorts of negative things.
I had been convinced that I had been shaving for me, not for others, but I don’t think that’s true anymore. I think I was, in fact, shaving for society. I do still think that I was shaving for me, too, because I really meant it when I said I don’t like body hair on myself, but how much of that “personal preference” is bias from society in the first place? Would I dislike body hair on myself even if the societal views on women having hairy legs was completely different? How many of our choices are really just society’s choices that we’ve convinced ourselves are our own ideals? Who’s to say?
I didn’t like that I felt obligated to do something, so I decided the best course of action was to not do it. Off to Kings Island I went, in shorts, with unshaven legs.
It made me uncomfortable. It was genuinely difficult to move through the world in a way that I felt was going to cause me to be judged by others. All day, I kept looking down at my legs, thinking I should’ve just shaved and then I wouldn’t feel so bad. But that’s not right, and I knew it.
I had to keep telling myself that it’s not my problem if other people are bothered by my leg hair. It’s not my responsibility to shave to make strangers more comfortable. If someone doesn’t like looking at me, they can avert their gaze.
I do not have to make myself uncomfortable to make others more so.
Having leg hair is harmless. I’m not hurting anyone by having it. In fact, it comes naturally on just about everyone. And we would never expect a man to not have it, or to shave it to make others more comfortable, so why the fuck should I have to? If men can walk around in their too-many-pockets-cargo-shorts with leg hair longer than their head hair, so can I.
Even though I just said all that, I think the hardest part for me is that I don’t actually want to have long leg hair, I don’t want to dye my armpit hair, or anything “radical” like that, I just want to feel okay with myself if I haven’t shaved for a week or two. I just want the option to not have to, without the self-consciousness that comes with it. I want to wear shorts when it’s hot and have stubble and not feel like there’s something inherently wrong and disgusting about me. I want to shave for me. Actually for me.
It’s not easy to change over ten years of mindset, thinking, and habits, but now’s a good time to start. Won’t you join me?
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
bruce_schneier_feed
![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
A few weeks ago, my friend invited me to come to an amusement park with her. If you are an Ohioan or even in the neighboring states, you know that we are top of the game in the rollercoaster world. We were heading to Kings Island, which we both have gold passes for, so it was no trouble to drive a little south and ride some coasters.