this post was submitted on 26 May 2024
87 points (98.9% liked)

Privacy

833 readers
6 users here now

Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
 

The US Department of Commerce is seeking to end the right of users of cloud services to remain anonymous.

The proposal first emerged in January, documents show, detailing new rules (National Emergency with Respect to Significant Malicious Cyber-Enabled Activities) for Infrastructure as a Service (IaaS) providers, which include Know Your Customer (KYC) regulation, which is normally used by banks and financial institutions.

But now, the US government is citing concerns over “malicious foreign actors” and their usage of these services as a reason to effectively end anonymity on the cloud, including when only signing up for a trial.

Another new proposal from the notice is to cut access to US cloud services to persons designated as “foreign adversaries.”

As is often the case, although the justification for such measures is a foreign threat, US citizens inevitably, given the nature of the infrastructure in question, get caught up as well. And, once again, to address a problem caused by a few users, everyone will be denied the right to anonymity.

That would these days be any government’s dream, it appears, while the industry itself, especially the biggest players like Amazon, can implement the identification feature with ease, at the same time gaining a valuable new source of personal data.

The only losers here appear to be users of IaaS platforms, who will have to allow tech giants yet another way of accessing their sensitive personal information and risk losing it through leaks.

Meanwhile, the actual malicious actors will hardly give up those services – leaked personal data that can be sold and bought illegally, including by those the proposal says it is targeting.

Until now, providers of cloud services felt no need to implement a KYC regime, instead allowing people to become users, or try their products, simply by providing an email, and a valid credit card in case they signed up for a plan.

As for what the proposal considers to be an IaaS, the list is long and includes services providing processing, storage, networks, content delivery networks (CDNs), virtual private servers (VPSs), proxies, domain name resolution services, and more.

all 13 comments
sorted by: hot top controversial new old
[–] Alexstarfire@lemmy.world 33 points 5 months ago (3 children)

The older I get, the less crazy those people who live off the grid are.

Also, if this proposal is really because of all the hacking that's been going on in not sure how this is supposed to help. But, they've never needed a great reason to try to take privacy away, have they?

[–] jol@discuss.tchncs.de 4 points 5 months ago

The amount of automated traffic we get for no apparent reason is insane. DDOS attacks are so common. It's super easy to find cheap or free computing power aparently. Not sure this law would help with that, but still.

[–] Anticorp@lemmy.world 3 points 5 months ago (2 children)

It's not intended to help, they just make random-ass claims when their real intent is perfectly obvious, yet millions of idiots believe them.

[–] hydroptic@sopuli.xyz 0 points 5 months ago (1 children)

Yeah it's the same here in the EU, with eg. the Regulation to Prevent and Combat Child Sexual Abuse which would effectively just have been mass-scale surveillance of all messaging and would have made e2e encryption illegal, and would have done nothing to prevent child abuse. It got struck down in Parliament and the European Court of Human Rights, but I think there's other similarly spooky surveillance laws in the pipeline. It's only a matter of time until one or more get implemented

[–] Anticorp@lemmy.world 6 points 5 months ago

Any time they claim it's to protect children or fight terrorism, it's always about more surveillance. They wrap unpopular legislation in either of those wrappers (children or terrorists).

[–] werefreeatlast@lemmy.world 1 points 5 months ago

Yeah but I need more income before I can do that. By the time I get to retire, the whole off the grid living will be over regulated. Like you can't read books that are not war novels past 75 years of age. Then at 80 they won't even let you live near bears if you're on blood thinners, specially Panda bears. Pandas don't have a clue on self preservation, so imagine one bleeding profusely. So it's very understandable.

[–] Veraxus@lemmy.world 9 points 5 months ago (1 children)

“What is a Fourth Amendment?” - Lawmakers

[–] soloActivist@links.hackliberty.org 1 points 5 months ago* (last edited 5 months ago)

Lawmakers have figured out they can circumvent 4A by forcing the private sector and external governments to do their surveillance. It worked for banking KYC and it worked for FATCA. The industry is apparently not worried at all about losing customers. And they won’t. To circumvent 4A, just outsource governance to a non-government entity.

[–] soloActivist@links.hackliberty.org 3 points 5 months ago* (last edited 5 months ago) (1 children)

Love the irony of being blocked from reading that article because I am anonymous and the #reclaimthenet hypocrits insist on using Cloudflare.

So I can only comment on the title and what the OP (apparently) copied. Judging by how the masses happily continue using banks who voluntarily abuse KYC by collecting more info than required, internet users will also be pushovers who give in to whatever KYC comes their way.

This policy will actually create victims. Just like GSM registration creates victims. In regions that require GSM registration phone theft goes up because criminals will steal a phone just for a live SIM chip. So KYC creates incentive for criminals to run their services from someone else’s PC.

[–] soloActivist@links.hackliberty.org 0 points 5 months ago* (last edited 5 months ago)

Replacement link to a privacy-respecting host:

https://www.blankrome.com/publications/us-department-commerce-publishes-proposed-rule-imposing-know-your-customer-and

This article seems to suggest the KYC rules only apply to foreign customers:

https://www.bankinfosecurity.com/commerce-proposes-rule-to-fight-foreign-cloud-cyber-threats-a-24219

but then you have to wonder how they will know you’re domestic without a bit of KYC on Americans as well.


BTW, a good way to find privacy-respecting links is to search using this service:

https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

That search tool will not return Cloudflare MitMd links.

[–] TechNerdWizard42@lemmy.world -1 points 5 months ago

Really this is already true because of payment systems. Now it's just another verification of end user against payee.