I change my mind all the time

I believe you should have the freedom to change your mind as often as you would like, especially when new facts come your way. But also if you would like to experiment with something, even if you think it's bad or wrong. That's part of the reason I now have an instagram.

Yesterday I wrote a blog post in Bulgarian that I deleted less than an hour after publishing. It regarded the situation around the certificates of vaccination becoming a requirement for certain amenities in my home country. It was quite emotional and I decided that it's not worth it to put more fuel in the already fiery situation (although IRL I usually like doing that).

But I also removed it because I realized I disagree with my statements. More accurately - I was pointed out by a friend that my argument may require a bit more thought about some aspects that my monkey brain didn't remember when initially writing the post. I usually don't delete my posts - in fact, I still have about 20 or so that I want to transfer from my old Blogger platform to this self-built one. Even though I disagree with a lot of them now, I like them to be out there to show myself that I change, that opinions I hold can be discarded when better facts appear. I will put below the one from yesterday, making this post probably the first in both English and Bulgarian.

What did I disagree with?

As I said the situation in Bulgaria regarding the coronavirus is bad - barely 20% of the population is vaccinated as of October 2021. The wave that is currently hitting us is very deadly, hospitals are hitting capacity, trust in population is low - e.g. there will be third elections in less than a month for a government, failing to form twice already just this year and the prospects of the next one don't look so great.

In that environment the caretaker-minister for health announced that so called "green certificates" will be required going forward for access to malls, restaurants and other amenities. This measure went into effect merely 2 days later - i.e. today. Naturally a lot of people got shocked and many edge case scenarios were (and are not) clear enough for the population to follow. The minister had an interview in a popular Bulgarian morning show where the hosts asked him if the validators of the certificates will require the app to check it and also if it will require showing them the ID card of the certificate holder.

The minister said that they won't be required to do so. That was my grunt - the certificate is useless without the authentication part.

Security sidenote

Part of the reason I got frustrated maybe because I just transitioned to a new position at work - Security Engineer. I've been in the fields for maybe 3 years now and I spent the last 6 months intensively preparing for a potential internal transfer, which happened.

So that this post has some educational value, let me clear some confusing terms as well:

• Authorization (abbreviated as AuthZ to distinguish it from the next term) is the process of giving or refusing access based on certain criteria. For example - only holders of a green certificate are allowed to enter the mall. To authorize someone to do something usually you first need to identify who that someone is - and that is the process of…

• Authentication (abbreviated as AuthN) is the process of confirming identity. In cybersecurity this can involve entering a username, password (and lately, recommended second factor) that is known to be known and held only by the real-life entity or user. In the context of the certificates, this is showing the ID card.

We have laws in Bulgaria regarding processing of personal data. My post, as I said, was pretty emotional, jumping on the perceived incompetence of the minister that he wasn't informed that without an ID card, the hard work done by the "IT professionals" (my tribe) would be useless. I started defending my tribe that I recently became sort-of officially part of and also surely - I feel some impostor syndrome. I have way too quick reactions without thinking that (most probably) the minister is surrounded by some smart people and lawyers that almost necessarily have raised these concerns with even more details than I can possibly understand.

As my friend pointed out - showing your ID card to random people, multiple times a day can be somewhat dangerous because of potential identity fraud - meaning these people can remember your personal identification number, address or other details.

It's a valid concern. Maybe. Let's remember that alchohol cannot be sold to children (under 18), they usually cannot be allowed to bars and night clubs and as such people who are around the age of 18 and cannot be visually identified, are required to show a proof of age. Not give the ID card for scanning, but just show it.

Let's say that the scope is much larger now however - it's not just for some ammenities and only for people around ages 15-25 (or so) but for a lot of places and for everyone (above 18). This can be massive checks of identity documents which can be argued that could be ethically bad.

I still think that some workarounds can be had - e.g. show your ID card with the thumb covering everything but the name and your picture - this should be almost enough to authenticate you since the certificate shows the name and date of birth. On the Bulgarian ID card it's not easy to cover the personal identification number only (which I can argue is probably the most sensitive piece of data) without covering the date of birth. Also - the validators do not scan and copy your ID card, they look at it. So it would take a really dedicated or eidetic (photographic) memory person to be able to remember your details, together of hundreds of others passing by today.

And the minister talks about the issue briefly in the interview. In his situation, given the constraints of the pressing wave with now more than hundreds of deaths per day, knowing the vaccine is the only long-term out of the situation - that was probably the best decision he (and the administration) could have taken. Of course, maybe it would've been better to be taken months ago and not in the middle of the wave. We can't fix the past. We can blame him if that's what we want - we can say it was untimely and it should've been done earlier. But as the saying goes - "The best time to plant a tree was 20 years ago. The next best time is today".

So I applaud him. And I apologize for my rash judgement.

Still: it was probably too rash. People weren't ready. But then again - how much time should've been given? Give a month warning? Probably would've been better. However it's in our culture to wait until the last possible moment to do something so the month in advance would've been mostly wasted. Also remember that usually two jabs are required (unless with the J&J) and the certificate is not officially valid until 2 weeks later. So if you get your first jab today, wait 6 weeks, get your second and then get the certificate, it would be a month and a half until you will be able to get all the benefits. With the J&J you get it in two weeks. Ironically had officially a few more risks but now Bulgarians are exclusively looking for it despite that, cause we want the pubs more than our "concerns about the safety or testing".

The situation is still somehow interesting to me now from a psychological or societal perspective. I still hold my opinion regarding my last sentence's frustration as to how my nation values the pubs more than our health. How did we end up with such a value system!? How come we applaud and believe in woo healing powers of a cross or an icon but not in medicine? How come all the "vaccine is dangerous" opinions started disappearing from our minds once the malls would be closed unless we got the jabs? Did our fear of death suddenly disappear in the face of the inconvenience we may experience if we can't go to the gym tomorrow? Surely the "vaccine is not safe" is a pretense to something deeper, some trust issues within the nation - there is no way we stop being afraid for our life if youwereally thought that these vaccines are not tested enough etc. only because now we won't be able to go to a concert.

I ain't no psychologist or sociologist. But this vaccine situation has created so many interesting cases within our society. As I've shown in this post, when judging other people, I don't exclude myself - I am part of the society. I am as dumb, irrational and emotional as the next person. I've postpones my own second jab for a couple of weeks this summer, partly because of digging into conspiracies, partly because of my girlfriend at the time (which prompted me to dig into them). I write blog posts rashely without considering all the angles. So I'm trying not to stay too morally high. And I fail sometimes. Mia culpa.

As promised, here is my post from yesterday.

===

КонспЕрация за сЕгурността

Оф, не исках да пиша повече за коронката. Ама не мога, уиндоуса в двата чипа на ръката ми пощурява като чуе зверската некомпетенция на определени хора...

В интервюто по бТВ за Тази Сутрин министърът на здравеопазването се опита да разясни ситуацията със зелените сертификати. Интересният въпрос започва от около 10:40-та минута:

Репортер: "А контролът става само и единствено с това приложение, което отчита дали сертификата е реален?"

мин. Кацаров: "Може и визуално, може и да не е с приложение, аз мога да видя вашия сертификат и визуално... Това не изисква специално умение да провериш дали някой има зелен сертификат"

И после, веднага след това:

Репортер: "Как може да удостоверим дали сертификатът е автентичен и имаме ли право ние да изискваме лична карта, за да удостоверим, че човекът който ни предоставя сертификата и чието име фигурира там е същия?"

мин. Кацаров: "Не, те не са разследващи органи... Те трябва да осигурят, че има такъв сертификат. Държавните контролни органи са тези, които могат да установят дали сертификатът е автентичен, те могат да му изискат. Но това е нарушение и този, който извършва това нарушение ще си понесе последиците. Не е работа на културните институти да установяват това нещо"

Какво означава това?

Всеки може да си генерира и принтира QR код на каквото и да е и да го покаже. Ковид сертификата, по идея, е едно от най-добре разработените по последни стандарти за дигитална сигурност приложения - ето например техническата дефиниция за Швейцарското приложение. QR-кодът е просто бърз механизъм за трансфер на тази информация, която може да се ползва от приложение. По дизайн, сървърите имат само списък от ключове за дигитални подписи, които удостоверяват истинността на данните пренесени от QR кода, а цялата лична информация е кодирана в самия код. Въобще, използват се истински крипто и прайвъси технологии, а факта, че дори веднъж не се споменава блокчейн го прави класи над много други идиотски крипто-неща, които съм виждал в последните години.

Но язък за всичкия труд на стотици специалисти работили по тези идеи, ако министърът на здравеопазването не е информиран, че всичко зависи от последната стъпка - от правилното имплементиране на целия протокол, което включва правилната проверка от реални, джвакащи хора. А тя е ясна - инсталиране на официалното приложение за проверка, сканиране на кода и проверка с личния документ на държателя, че данните съвпадат. Язък за всички сървъри и код писан за приложенията, които ще го проверяват. Взимаш си най-мощната кола на света, но вместо да използваш ключа, за да я запалиш използваш огнехвъргачка.

Дори не ни трябват хакери, които да "разбият" сигурността на сървърите, приложението, Гугъл или Бил Гейтс. Трябва ни министър на здравеопазването.

Не казвам, че трябва някой да злоупотребява или лъже. Министърът на здравеопазването го казва. Защото ако провериш личната карта на човека е "нарушение и този, който извършва това нарушение ще си понесе последиците".

Нека да се опитам да съм обективен - после министърът говори, че ако някой си направи фалшив документ и бъде хванат от "контролните органи" (Това би било... полиция? Не става ясно) ще си носи наказателната отговорност - която може да стигне и до затвор или солени глоби. Разбирам, че има Закон за защита на личните данни. Вероятно това е юридическата спънка, която спира барманът да ти провери, че личната карта и сертификатът са на едно и също лице. И тъй като нямаме парламент да ъпдейтне закона, това е положението. Имаме рънтайм правителство, нямаме дивелопъри (които в момента се интервюират от българския народ и ще бъдат назначени след месец, компетентни или не) и така беклога се трупа.

Иначе, радвам се, че българинът се събужда и забравя за всякакви конспЕрации, чипирания и контрол, щом има шанс да не може да ходи в кварталната кръчма. Е, тва е, баце!

Наздраве!

• Оги, Оги, ваксината е най-голямото спасение за човечеството. Сложи си я за..
• За кво да си я сложа?!
• За здраве
• Да бе, за здраве!
• За другите хора
• Да бе, за другите хора!
• За мола
• За мола може.
• Бах мааму!

Online security

Last week I wrote about a hypothetical Facebook messenger and Whatsapp breach which would give the world access to everyone's chats - including yours, your friends', your parents, everyone you know or don't - indexable, searchable by everyone. A truly privacy is over type of situation. I argued that this is what people really cared about - a personal hit, not bombs and terrorists or some unknown John in a three-letter agency reading your chats. Someone you know - or everyone you know - reading your personal communications with other people.

Scale it down

Alright, maybe leaking all of Facebook's chat would require literal trucks and months of unmonitored leakage due to the sheer amount of data. Text is not so big - the whole of English Wikipedia is merely 20 GB which can be stored in a 32GB ~10$ microSD card with storage to spare. More difficult would be the multimedia - images, audio, clips. If we are talking just about the content of text messages (which would be a non-trivial amount of communication, except maybe the more and more frequent voice-messages on many platforms) with the right tools and access, these can be exfiltrated compressed similarly to how Ed Snowden did it with the NSA.

But let's scale it down from "worldwide breach" - say it just happens to you. Who could target you? Ex-boy/girl-friends frequently have access to your password or physical phone(s) and computer(s) for some critical time right after the limbo separation. Roommates or party invitees, some of whom may not like you. Forgotten phones in a bar. What if all your chats get exported and shared publicly, easily searchable? Do you have anything to hide then?

Parents tech support

A few paragraphs one the side - I want to explain that these stuff may be technical but to implement them and use them you don't have to be tech savvy. It will be a little inconvenience (few minutes to an hour) while you set them up but then not much will change for your day to day life.

Last time I visited my parents I did the normal tech support games. I'm proud that since I left Bulgaria about 10 years ago my parents have been running a Xubuntu flavor of Linux without almost any issues on multiple different laptops that they changed over the years. Never dealt with anti-viruses or viruses, random slow-downs or driver updates. Almost any screw ups have been my own. One time after a remote access support I was able to screw up the update on the machine and resulted in the bootloader not being able to find the OS. My parents are not too tech-savvy but this resulted in my biggest achievement to date: be able to get my mom through a grub rescue console over a video chat. So I don't know - maybe they are secret hackers after all :)

So I checked everything with the OS is all right, update packages, no randomly installed software (although with Linux that would be super difficult - yet, just to be sure) and was fairly happy. But while doing that there were tons of annoying notifications from Facebook and news websites that kept popping up on the right. I asked my parents and they said they don't pay attention but decided to be a good citizen and remove all those XXI-st century toolbars.

But the bulk of the support was on passwords. Chrome has become more and more aggressive towards password management - which is good. (It has also become extremely easy to allow all websites to run service workers and so random notifications were popping up so I had to remove all of them and dissalow new ones). It reds-out passwords on non-https websites but almost none of them are anymore on non-https - which is also nice, yey let's encrypt. It also prompts you to use the password manager. I took the leap - but I wanted to lock it a lot. So I set them up with pretty much best practices these days. If my parents can do it, you can do it! What are these?

What can be done?

• Enable strong two-step verification: The best thing you can do on a personal level protection is to enable 2-step verification. Best is to have a special hardware key - there are now open-source versions as well. Next best is an app. Last is SMS - not best as it is fairly easily hackable but still better than nothing. I set my mom with a strong password and equipped her with the Google Authenticator on her phone, wrote down the recovery keys and told her to keep them safe. Took a picture and encrypted it in my own password manager myself for recovery purposes.

• Only one password: Have one single password which is hard to guess and easy to remember. Definately nothing on this list. This one single password is to your (preferably offline and definitely encrypted) password manager (which can also be protected with a two-step verification). Then on all other websites - facebook's, Google's and so on - you wouldn't know your password. It will be 20-30 or even 60 random characters long, full of small, large letters, numbers, random symbols like ^%\*)~\_+\_\\$#*&^)[]! - you wouldn't care because your password manager will store it. If your password manager is offline and encrypted, even if someone steals it they wouldn't know the password; even if they do - they wouldn't have your key or your phone and if they do - well, then you are kind of sloppy. But you can still get notified about logins. Then you can revoke a login and change your password quickly. It seems like a single point of failure, but in fact research has shown that this is much better than trusting yourself to remember tons of passwords for different websites - people tend to reuse so a hack on one service means hack on other services.

• If you don't want to manually manage your offline and encrypted password manager, next best thing is to probably use Chrome/Firefox password managers. They come with optional encryption passphrase so that even these companies won't be able to know your password, even if somehow they get hacked. I set up my mom with this and changed most of her passwords on most used websitess.

• Phishing - this one is the hardest. People are extremely likely to fall for some of the scams even when they say it won't happen to them. In any case went through the common themes with my mom - she said she never uses online payments anyway which is almost good enough. Reminded her to never ever ever give any hints to any pretend caller or emailer regarding password (although she now doesn't even know it) PIN codes or even names, date of birth, national numbers, address or anything. If someone calls or emails pretending to be bank support - hang up, find the official bank number and initiate the call instead.

There are many more ways to stay secure and protect your privacy these days, depending on your use case. There is no absolute security without usability, it's always a tradeoff but following the above 3-4 things should greatly help you stay safe online these days.

Pobody is nerfect, it can happen to all of us. That's why best these days is so called defense in depth - even if some part gets breached, there should be other controls that stop it. In a similar way to multiple physical doors for security. For example, I (almost) got pwnd by a friend that used my computer at home, logged in one of my firefox profiles which I used for some websites and thus synced some of mine and all of her passwords for months before realizing it.

That's a scenario that is too concrete, yet I implemented some more guards for similar situations. You don't have to go that far - using these simple rules above will get you a long way to being pwnd by someone who doesn't like. In this increasingly (some may say distopic) electronic world, a little privacy can go a long way. Do it if you can, it doesn't cost much!

Privacy is over: Everyone's chats on Facebook and Instagram have leaked online

A massive trove of data has leaked online in one of the most exhaustive data dumps in the last decades. Facebook's chat application Messenger and image sharing service Instagram have been breached this Monday following multiple worldwide outages and controversies brought forward by whistleblowers in the past month.

More than 2.6 billion people's conversations, including the text, photos, videos and voice messages for the past two years are organized in a collection of torrents that are circling dark web forums such as 4chan and reddit.

The Guarrdian has verified that chat history seems to end a week before the accident - namely until 28 Septmber 2021. The leak data frame spawns between September 2019 and end of September 2021. Chats between journalists, political officials, celebreties as well as spot checks of friends and colleagues of editorial staff have been confirmed as legitimate in the hours after the leak.

Hacker group, calling themselves "S3cr3ts_r_0v3r!" (read as "Secrets are over") claim responsibility for the leak as they "wanted to show what people really care about in a surveilance state".

No official statement from Facebook has been issued regarding the leak and they have not responded immediatly on our request for comment.

Web applications designed to freely search the data are already starting to emerge as part of an organized effort by the claimed leakers to "move fast and break the privacy of all people", a word-play on the company's ex-mission statement to "move fast and break things".

"If you had a conversation on Facebook's properties - be it in a group or one on one with your friends or family, colleagues, current or ex-partners in the past two years - it's now public information." the group further says.

"S3cr3ts_r_0v3r!" explain that the data was obtained during last week's unprecedented almost 6-hour long outage which affected all of Facebook's Internet properties including Whatsapp and Instagram. However no Whatsapp messages have been found in the leak. "Whatsapp is safe from these kinds of leaks due to its design called 'end-to-end-encryption' meaning that messages are not centrally stored on Facebook's servers" explain the hackers. They warn that metadata (data about who chats with whom) is still available on the servers and remind the public that metadata is enough to get arrested or even killed, as ex-NSA director Michael Hayden has previously said.

Further details on the leak are to follow but the group says that they were able to obtain the chats due to this carefully planned outage through unmonitored backup systems and complex security meassures that have been affected internally by the outage. "S3cr3ts_r_0v3r!" claim that critical details the security protocols for the chat backups have "been neglected for years which created vulnerability loopholes" that the hackers have been able to exploit. The identity of the people behind the group is still unknown although there are speculations in the forums that these are current or recently departed employees of Facebook.

Expect further details as this story unfolds.

Now what?

This is of course a fake article as can be seen from the poor journalistic writing skills of the author of this blog.

But what if it wasn't?

We have seen so many breaches - usually leaking hashes of passwords or messages between celebrities or emails of public officials, including this years' massive Pegasus Project that revealed governments' espionage on journalists, opposition politicians, activists, business people - that we care not to think of our own, most precious private conversations, assuming that this thing will never happen to us.

"I have nothing to hide" is a mantra repeated ad nauseum from everyone when confronted with the reality that few large companies and state agencies are monitoring and recording our most intimate thoughts and conversations. Sure, you probably don't make bombs or plan to take over the government. Your "secrets" and private thoughts are probably as mundane and typical as any human's.

But what if all of that leaked? We know that almost everyone badmouths, has secret crushes or affairs, slacks off work, talks behind someone back, can be racist or sexist with the right friends - but these are all roles and masks we have in order to survive and thrive live in a complex society. What if these conversations can now be indexed by free to access web applications and searched by your mom, your manager or boss, by your closest and not so close friends and acquitances? If I wanted to know what my best friend really thinks of me in front of other people - just search that person and pull out all the chats. Or who my girlfriend is secretly writing with, even if I claim I trusted her. Or even more mundane - what is that shop assistant I see every day really into, who is she not just by what puts on her facebook or instagram profiles, but in front of her friends?

Imagine everyone's private lives, including yours, your friends' and family's, are up for grabs, freely available to everyone out there.

Still think it's impossible? Try to browse through this list of data breaches or this list of security hacking incidents. Thought the Facebook outage last week was unique? Just look through this list of outages. Internet is becoming more centralized and thus more prone to single points of failures. And while user's data is probably extremely guarded by multiple levels of controls, including layers of encryption of live data and backups, monitoring of exfiltration attempts, physical keys stored in multiple separate geographical centers making the scenario of the descibed leak near impossible, run that scenario nevertheless in your head every time you are prompted to say "I have nothing to hide".

What can be done?

• Have a backup plan.: Last week Telegram saw a surge of more than 70 million new accounts as people scrambled to continue their conversations with their friends, family and customers. Signal and plain old-SMS has seen a surge as well. Having a backup conversation channel is a must - don't put all your eggs in one basket.

• Use encrypted services: Facebook's Messenger and Instagram use company's servers to relay messages but they also store these messages on their servers. There is a way to forward messages without knowing the content of the messages themselves - this is usually known as "end-to-end encryption". Whatsapp (which is also owned by Facebook) is one such service that is using the same protocol as a more independent service Signal has developed.

• Move towards decentralized (federated) services - Signal and Whatsapp still suffer from a form of centralization and opaqueness - i.e. you don't really know what the servers are running and how they may be using the metadata they gather. Telegram is not end-to-end-encrypted by default but many people think that it is. Services such as Matrix are decentralized and you can run a server yourself, allowing you to chat with anyone else running a server - thus creating a federation. You can even buy a small hardware device that you can plug into your router and with a little bit of setup create all that you need to have a safe, encrypted and controlled conversation with anyone you want. Additionally, Matrix allows you to create and run bridges which allows you to chat from the same application to people using Messenger, Whatsapp, Telegram and many other popular chat platforms.

I have a lot more to say on the topic and if I'm not lazy to write it all out, I may share it in the coming months/years.

I want to walk naked!

Walking naked is natural. Putting clothes on a person is a form of fascism. Today if I try to just walk naked, outside of my bathroom, my flat (if I live with roomates) or some very small beaches - I will be told off and potentially arrested. How come?

Clothes have an obvious primary purpose - the human body is not too well adapted to live in the extreme colds in some areas of the world. But for some complicated historical, theological, anthropological and/or societal reason almost all of the world's people and civilisations have decided that wearing clothes has at least the secondary purpose to cover mainly our primary and almost always - secondary reproductive organs.

It has reached a stage where not wearing clothes in public space is a sign of some sort of craziness or activism for some cause. Even though it can be argued that not wearing clothes is the more natural way of handling the human body, especially on the summer hot days. (I will ignore the issue with sunburn for the moment.)

So not wearing clothes can be argued it's more natural but mostly socially unacceptable. We all do things that may not be the most comfortable for the individual but beneficial for other people - even the most contrarian, anti-social and anarchistic among us.

Try to walk naked everywhere in the hot days if you are idealistic enough. In the most public places in most squares of "western" big cities I bet you will be arrested within 15-30 minutes. Not hitting or even saying anything to anyone, not hurting or abusing - just going through your day, walking on a big street, maybe entering some shops, browsing, behaving the most normal you can with the only difference of being completely naked.

Is this censorship? It can be argued that it is. On the other hand, imagine being a shop owner and a naked dude or dudette enters - it may scare the rest of your customers until they start complaining to you or just leave. You may lose customers and business until you take action.

Now imagine this becomes a trend - not too impossible given the idiotical trends we've seen in the past decade sparked by Internet platforms with portmanteau words and clock sound names. There will be fierce opposition by more conservative folks and some businesses may put labels such as "clothes necessary to enter shop, owner can refuse service and call the authorities for violators".

Is that a violation of human rights? Sort of - but if you are a business owner you want to serve customers and their interests and until it becomes socially acceptable you can refuse service to violators, unless of course you are not an activist yourself and you want to see a change happen.

Until that happens though, the country, governments, municipalities, corporations, schools, hospitals can impose rules that may not be necessarily explicitly stated anywhere but are socially acceptable - such as a necessity to wear clothes, not being abusive, sing or scream loud, not smoke, not litter, not smelling or be unclean and so on. They can check this explicitly and refuse service, fine you and even arrest you when you don't follow the common rules. In some areas such as bars and clubs, they can even check your ID to confirm you are of a certain age to serve you or refuse to serve you alcohol, cigars or strippers.

Societies are built upon these written and unwritten rules. Some are in constitution, laws and decrees of human rights on an international level. Some are signs and labels, a guard in front of the business, the word of the owner or nothing at all to indicate what the rules are unless you learn them yourself by trial and error.

We are in a very transitory position of another rule coming to force in certain countries and areas of the world sparked by a situation that is not unheard of in human history - situation that has occurred many times before and many of the current issues we speak about now daily has been in public discussion any time the situation arises. The personal freedoms vs. societal interests.

Should you do something that may not be completely natural or beneficial to you individually but will help society? Can other people decide what rights you have based on your decision to be a member of the society by following the rules or can they kick you out if they decide you are not a "good person" based on their own interpretation of "goodness"? Is it fair that a small percentage of people refusing to follow a certain rule can unproportionally affect the rest of the people?

Again, try to think of all the other rules, not just this one that is now argued every day. Think of graffiti for example - one person, one night can deface a building or a cultural object that may take days or weeks to repair. On the one hand - it's a form of personal expression and freedom. On the other - you are creating an unpleasant experience for a huge population. Same for smoking in a crowded restaurant, smelling of poo in the public transport or walking naked. It is not necessarily always abusive physically, mentally or intended to be bad. Sometimes it's just unfair - why does everyone need to follow the rules but this one person or small group of people can do whatever they want?

Same for the issue of the day. A small percentage of people that express their right of personal freedom can influence the economy and rules of the whole city, country or (in a globalised world such as today) the whole world. And it becomes unfair to the people who have made some, even small, sacrifices to follow the rule - as small as feeling a bit sick one day or as big as being at the edge of your physical and mental energy for almost two years now. It's unfair to all the people that may suffer and maybe even die as a result of a refusal for extremely tiny self-sacrifice.

Sure, the world is unfair as a whole. Sure, for some people the "tiny self-sacrifice" may not be so tiny. And also sure - this will create some sort of divisions and refusal for certain services from various areas in life, some people will suffer more, some people will benefit immensely from the situation.

But yeah - you have the right to try to walk naked!

Няма пък!

Наясно съм, че следното няма да убеди никого, който вече не се е убедил. Пиша си го за мое успокоение и 'щото блогът си е мой. Вместо да водя едни и същи разговори, пиша пост и пращам линкове на хора, които ми твърдят неща, които, както казва един приятел "просто не са така". Може би щеше да е добре да е на английски, ама мисълта ми тия дни тече на български по тая тема и ще разчитам на компанията-майка за преводи.

Какви са основните аргументи?

• Ваксината не е тествана достатъчно - Над 3 млрд. (3 000 000 000) човека са ваксинирани с пълен курс на ваксинация. Това е повече, отколкото населението на света през 1960та. Почти 6 млрд. единични дози са поставени. При такива огромни числа неща, които се случват с честота 1 на милион ще се случат хиляди пъти (примерно 3 000 x 1 000 000 = 3 000 000 000). Това също е най-наблюдаваната ваксина. Ако имаше огромен брой случаи със странични ефекти никаква световна конспирация не би могла да ги скрие.
• Не ме интересуват другите, гледам си моя живот - Съгласен ли си ако заболееш от корона да си с най-нисък приоритет, ако имаш проблеми и усложнения? Също, понеже основният проблем е капацитет на медицинските лица, ако заболееш от каквото и да е - си с най-нисък приоритет. Независимо колко пари имаш. Съгласен ли си да си плащаш напълно за лечението, ако въобще се доредиш? Вместо да си сложиш безплатна ваксина?
• Не знаем какви са дълготрайните ефекти от ваксината - Нито пък знаем какви са на короната. Но знаем, че вируса ако те хване в кофти момент може да се размножава чрез клетките ти и да разруши много органи докато вирее (хах, вирее…), което може да си доведе до странични ефекти, сред които и смърт. Ваксината не може да се размножава - най-много да вдигнеш температура, главоболие за ден-два и си готов. Идеята ѝ е просто да даде инструкции на тялото как да се бори. А всъщност, за короната вече знаем някои дълготрайни ефекти и хич не са приятни.
• Може да се ваксинираш и пак да се разболееш - Да, но говорим за шансове тук. Коланът в колата не те спасява от всякакви катастрофи. Виж първата точка за 1 на милион случаи - а ваксината НЕ те предпазва в по-скоро нещо като 3-5 на 100 - тъй че със сигурност ще има много, много варианти, където хората са ваксинирани и въпреки това хващат ковид. Но проучванията показват, че все пак го изкарват по-леко, а дори и да е тежко числата вече приличат повече на ситуацията с нормална настинка - може да хванеш пневмония или други усложнения, но няма да поставим под огромно напрежение здравните системи на света.
• Да те карат да се ваксинираш е фашизъм, тялото си е мое! - Участваш в общество и разчиташ на други хора да ти отварят ресторанти и нощни клубове, да те лекуват, ако се разболееш. Ако ти не искаш да предпазваш обществото, защо обществото да ти е длъжно да те забавлява или лекува?
• Аз познавам/чувал съм/чел съм за Х хора, които са умрели, преживели ужасни неща след ваксинацията и нищо след короната - Selection bias. Също виж първата точка - ваксината не те предпазва на 100%, нищо не те предпазва на 100% и гадни неща винаги могат да се случат, но с много по-малък шанс.
• Ще изчакам - Колко? Има ли някаква времева граница, която да ти е в главата? 1 година? 5 години? След това ще си поставиш ли? Сами си сметнете от графиката колко хора колко месеци вече си живеят с ваксината - някои от декември насам, което е около 9 месеца, освен естествено тези, които още от експерименталните данни си живеят вече повече от година.
• Не, ще изчакам да ме задължат - В някои държави вече се прави и хората излизат на протести. По-скоро определени привилегии ще ти бъдат отнети - да пътуваш свободно, да посещаваш заведения, ресторанти, концерти, мачове и прочие. Никой частник не ти е длъжен да се съобразява, че си решил да не се изкъпеш, въпреки че си е твое право. А в повечето случаи трябва да си направиш или тест, или да се ваксинираш.
• Ще си правя тестове - Предпочиташ бъркане в носа до мозъка всеки ден, през ден или няколко пъти в седмицата вместо едно-две боцкания? Как това е по-лесно или по-безопасно? Как това не ти усложнява живота повече? За сега още са безплатни, това не вярвам да продължи дълго.
• То ще има и още ваксини, до кога така?! - вероятно до (поне края на нашия) живот, освен ако не намерим нещо по-постоянно. Не виждам да се размине с две или дори три ваксини. За сега не се вижда края откъм herd immunity, а изглежда ваксините отслабват. Но за тези неща има още време - ще видим.
• Аз съм млад/мене не ме ловят настинки и пр. - Ок. Значи сигурно няма да имаш и главоболие или температура от ваксината - какво те плаши? Но все още можеш да го разпространяваш и проучванията до сега показват, че с ваксината имаш по-малък шанс да го разпространиш.
• Аз си правя превенция / се лекувам с Витамин Ц / слънце / рейки и пр. - Нищо, от медицинска гледна точка, не работи освен може би Ремдесивир за облекчаване по време на лечение. Пробвали сме всяка съставка, която може да се сетим.
• Аз съм прекарал вируса - Това е може би единствената точка, с която съм съгласен. Тук трябва експерти и много рисърч да се каже дали естествена имунна реакция е по-добре/по-зле от ваксина. Точката да се ваксинират хора, които вече са го изкарали е по-скоро политическа, икономическа, психологическа, социална - вместо да се разводнява съобщението с "...освен ако не си го изкарал" се казва "всички". Но бих се съгласил с това, че ако си доказано прекарал ковида (т.е. си се тествал и пр., не просто "Кашлях гадно една седмица, ама не отидох на лекар") може да си изключение.
• Не съм съгласен с приоритетите, трябва първо да се ваксинират най-податливите, после другите - аргумента е валиден, ако нямаме достатъчно ваксини и имаме огромен наплив на желаещи. Това не е случая.
• Нямам лична полза да се ваксна - мене и да ме хване, ще е леко - Директна лична полза е ясна, че за много хора няма. Обаче индиректна и с по-голям времеви интервал е "връщане към нормалност на икономика, живот и пр" което е малко като изборите - капка в морето на индивидуално ниво, ама ако всеки си каже че няма смисъл - проблем за цялото общество.
• Не искам големите фармацевтични компании да печелят, тва е гаден капитализъм - Добре де, още една точка, с която съм донякъде съгласен. И аз не искам някакви компании да печелят гигантски пари на гърба на милиони жертви. Отивай на въстание и предложи нещо различно от капитализъм (или комунизъм), което да работи за света. Ама междувременно се ваксинирай.
• Ваксината ми променя ДНК-то - Сигурен ли си, че знаеш точно какво е ДНК, каква е разликата с РНК или въобще с молекула или други думи като протеини и рибозоми, и от какво може да бъде променяно? Можеш ли да държиш на аргумент и разговор за Обратна транскриптаза? Ако да, върви прави докторантура, ама междувременно не всявай паника за неща, които просто не са така.
• Не вярвам на WHO / CDC / Министерство на здравеопазването - това не са една или две организации, това е само представителната част на милиони лекари по света, в почти всички държави, с почти единодушен консенсус, че ваксината е единствения начин, ако искаме някаква стара "нормалност" да дойде по-бързо. Няма превенции, няма лекарства, няма да изчезне от самосебе си, освен ако наистина всички не сме готови да се изолираме за месеци. Но вече много добре знаем какво е да се изолираш и е достатъчно един-двама да не спазят мерките на 100% и пак сме си на същото
• Що си мислиш, че в България ще ни дадат истинските ваксини!? - България е на средно ниво по почти всичко в света. Българите си мислим че сме последни по всичко, но статистиките обикновено говорят за Европа. Забравяме, че има над 200 държави - провери по каквито искаш класации и почти навсякъде сме средни на световно ниво. Не сме чак толкова зле, а какво да говорят другите държави, които са по назад или наистина последни - на тях какво "им пращат"?! Проблемът с короната не знае граници, в която и държава да остане следа от вируса ще е проблем.
• 5G / чипове / контрол над населението и други - Може би е по-добре да не се ваксинираш, да си сложиш шапка от фолио, да отидеш да живееш в отдалечена къща в гората, да си отглеждаш леща, да си пиеш пикнята и да не участваш в обществото. И да не разпространяваш откачените ти идеи на хора податливи към такива неща.

И накрая, не разбирам, какво очаква един такъв човек? Половината свят да измре и този човек да каже "Хаха, аз ви казах, ама вие не слушахте, на ви сега!"_ Искаме пак България на три океана ли като всички неваксинирани българи се смеят над тъпия останал свят?

Разбирам инат и твърдоглавие, аз самия съм огромен. Инатът е малко детинска работа - някакъв вид търсене на внимание. За мен един от големите признаци на интелигентност е способността човек да си промени мнението при нови факти.

Добре, разбирам и страх от неизвестното. И страх не се бори с аргументи като горните, а с още и по-голям страх. Може би вече сме изтощени от медии да ни плашат с безумни неща, така че когато има реална заплаха вече сме имунизирани от поредното плашене какво може да ни направи короната. Не е като чумата да виждаме трупове и болни под път и над път. Но само числа не помагат - те са статистика. Защо няма повече репортажи в болници и издъхващи, борещи се за живот заради ковида? Първоначално имаше, сега вече явно хората не искат да гледат това - щото си е гадно.

Аз си направих "моя рисърч". Бях с възможно най-отворения ум към възможността да има нещо скрито-покрито и не намерих, но открих всички други сигнали на хора, които се опитват да разпространяват дезинформация и да спечелят от това. Не открих нещо, което да ме убеди, но чух достатъчно мнения като горните и колкото и да съм търпелив, почти не мога да открия нещо, за което да се хвана, че съм съгласен да не се ваксинира човек (освен, може би, както казах - ако доказано си изкарал вируса).

И особено не мога да разбера хора на отговорни позиции като лекари и учители. Искаме децата да ходят на училище, усетихме че ученето отвкъщи не е добре. Учителите са авторитети в живота на много деца - какъв пример даваме, когато те не се ваксинират? Ще ми се отговора да беше "да се научат да мислят за себе си", но знаейки българската образователна система, това е последното, което за жалост се толерира. А лекарите - колко сериозно може да говорим за ваксинация, ако най-авторитетните хора за медицина не са ваксинирани. И дали е добре да изгубим дори един лекар при положение, че това е ресурсът, който е в най-голям недостиг?

Айде, със здраве!