Today is a day in which I have had to come face to fact with how broken and weird I am yet again. This time, realizing that I am broken and weird even by infosec standards. (Thread.)
@hacks4pancakes, a hacker I very deeply respect, has been making the case that - and I'll see if I can compress this - "taking the term "Zero Trust" literally is stupid, because it is an aspirational goal that is virtually impossible to achieve".

This has caused much thinking.
What Auntie Leslie is driving at here - at least what I THINK she's driving at - is that fully implementing "Zero Trust" is effectively impossible, especially if you want things to actually work. But real-world implementations will vary based upon individual risk assessments.
From a purely infosec standpoint, I agree. We all make judgment calls about how much risk we are willing to accept, and this is true even in a zero trust environment. Segment your networks all you want, but things still have to communicate _somehow_ to actually function.
And then we get into practical considerations: "(micro)segment all you want" runs up against hard limits of "how many warm bodies do you have to do ongoing maintenance/management", and suddenly you start having hard limits to the level of complexity and control you can impose.
I think most infosec nerds would be in agreement with the above, and down to arguing about details. The broad strokes of this viewpoint aren't controversial. But some of the analogies @hacks4pancakes used in attempting to explain this view make me realize I'm broken.
The short version of the arguments is "people trust one another for little things every day, for example when they drive on roads or dine out at a restaurant". Another poster said essentially that we do these things because we have systems in place to ensure obedience with laws.
Except...I don't trust people in these situations. And I sure as all fuck don't have ANY faith in the law. If 2020 has proven anything to me it is that the law isn't universally applied, that every level of authority is utterly corrupt, and, well...something far, FAR worse...
Literally TENS OF MILLIONS of people on this continent would happily watch me die an agonizing death if it meant they could get a haircut. They've already murdered 26% of every human being I've met whose name and face I can remember through their apathy, ignorance, and greed.
I can't unknow that. I can't trust them. I can't trust the cope, or any layer of government. I can't trust corporations or committee. I can't trust ANYONE who has not personally, individually EARNED that trust. Not someone selling me food, not someone driving a car, NOBODY.
And 2020 didn't do this to me, although it's made it much worse. Every time I go to the USA I assume I'm going to die. I put my affairs in order. I make sure my wife knows where my insurance papers are. I make sure that, if I die, my family has the best chance of making it.
Why? Because I don't trust them down there. Far less even than I trust "them" up here. Because I see things every day when I go there that stab me in the heart, and every night I'm there I have to find time alone to cry because of what I see. That's been true for over a decade.
2020 has made this worse. Before 2020 I mostly could convince myself that selfish, apathetic, EVIL people were exceptional. So rare that they weren't a concern. But the numbers don't lie. The TENS OF MILLIONS that voted for people like me to die. Tens of millions who still would.
If I am understanding it right, @hacks4pancakes's argument is effectively that an unbroken person - even an unbroken _infosec_ person - 's trust mechanism is a blocklist: trust by default, excepting these individuals/orgs/hits on our heuristic badness list.

But I am broken.
Trust is an allowlist for me, not a blocklist. I trust noone and nothing excepting that they have proven themselves trustworthy. Sometimes I have no choice but to accept risks I feel are unpalatable. Then that is true I always make sure that I double-check my affairs beforehand.
But what is the most damning in all of this is that I not only don't trust by default, I not only _don't even understand how someone can trust by default_, the very idea of it creates a straight-up, full-bore panic attack.
I so completely can't understand how trust like that is even possible that I want to run screaming from anyone who professes to be capable of it. It's terrifying. Trusting others is how so many have died. It's why so many suffer. It's why we almost lost the US to Nazis this year.
Now I know that there are probably a bunch of people with hot takes about "man, that's not healthy you need to trust more", as though it were somehow a switch I could flip. Honestly, hottakebro, I am not sure I'd flip that switch even if I could. I don't get the value behind it.
Going out into the world where I have to trust people who make me food, drive me places, fly planes, interact with me at conferences, etc...that's _terrifying_. It's beyond stressful. It's _torture_. Torture I endure because if I don't, I can't be employed, then my family dies.
Understand that if I didn't have a family, I would *never* go into the US. Not for conferences, not for work, nothing. I wouldn't regularly do these things that terrify me, put me into stimulus overload, and generally make me feel like I've been hit by a train _every time_.
I participate in society because if I don't then I can't provide for people who rely on me. But I am so terrified of them that, if it were only about me personally, I'd straight up rather die freezing on the streets than do them. Trust is _that foreign_ to me.
I keep wanting to be wrong. Begging. Praying to gods I don't believe in. I want all my pessimism and crippling inability to trust to be proven wrong. Desperately. More than anything. I want solid proof - real, hard evidence - that trust doesn't lead inevitably to betrayal.
But then 2020 happened. And I spent an entire year loudly being Cassandra, and I don't know how to unfuck the part of my brain that deals with trust. It was broken BEFORE all of this, and now it's got a year of absolute crazy to chew on as evidence that trust leads to betrayal.
If there's ever something where @hacks4pancakes and I disagree, then it's safe to say that I'm wrong, and Leslie is right. So normal people should probably be trusting. But I...can't. I can't even understand the logic behind it anymore.
I can no longer construct an evidence-based argument for interpersonal trust that isn't based upon substantial evidence of trustworthiness by both parties. I am broken.
You can follow @cakeis_not_alie.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.