Got a van Moof bike? Worried that you might not be able to unlock it if the company goes bust completely (it relies on their servers to unlock the bike). Fear not, have an open source tool to unlock your bike https://github.com/grossartig/vanmoof-encryption-key-exporter
@quixoticgeek Thats something you should always have on your mind with such smart products, what happens if company behind it goes bankrupt. Thanks for the hint with the tool.
@bjoern I think this is an area where the EU should be taking action on orphan products, and key escrow.
@FlorianTischner @bjoern oh. That's useful to know. How would you handle this sort of problem ?
@FlorianTischner @bjoern that makes perfect sense. I stand very corrected. Thank you.
Glad to be of service. :)
If you want to dig deeper, the EFF maintains an archive: https://w2.eff.org/Privacy/Key_escrow/
@quixoticgeek
@bjoern
Mandate handling out the keys to the customer at time of purchase. Mandate open APIs. Mandate being able to set the server the bike communicates with to a URL of the customers choice.
Any of those three. Mandating key escrow would severely weaken encryption against the state, as it is an obvious target for both covert (secret services) and open (police) surveillance, and an obvious high value target for adversaries.