truecrypt.org · Domains · Slashdot Mirror

3 Reasons To Hate Mass Surveillance; 3 Ways To Fight It

Yro · Privacy · 2014-02-11 01:06 · posted by timothy · from the not-an-exhaustive-list dept. · 120 comments

This site's "Your Rights Online" section, sadly, has never suffered for material. The revelations we've seen over the last year-and-change, though, of widespread spying on U.S. citizens, government spying in the E.U. on international conferences, the UK's use of malware against citizens, and the use of modern technology to oppress government protesters in the middle east and elsewhere shows how persistent it is. It's been a banner year on that front, and the banner says "You are being spied on, online and off." A broad coalition of organizations is calling today "The Day We Fight Back" against the growing culture of heads-they-win, tails-you-lose surveillance, but all involved know this is not a one-day struggle. (Read more, below.) THREE REASONS TO HATE MASS SURVEILLANCE:

1) Because the Internet is nearly everywhere, it means the spying it makes possible has spread to match its footprint. 30 years ago, "on the internet" really was novel, because the public Internet simply wasn't. There were a few big military and academic sites around the world, and the concepts that make today's internet work were already embodied in running systems, but there was little reason for individuals to care about privacy invasion, or having their systems crippled by government malware, because their systems and their privacy weren't at issue. There wasn't a World Wide Web as a portal to nearly every resource online, no "Cloud," and no Blue Coat. Now, not only can individuals get on the internet, but the meaning of that phrase has moved, fast, over the last decade: now, getting on the internet is just a fact of modern life, a banal, automated background fact of the way we stay in touch with friends, deal with bills, find entertainment, get directions, and work. Online surveillance of all the signals we emit and receive (over home internet links, over cellular networks, on landline telephones, even on postcards) might be minimized and waved away as the collection of "mere" metadata, but in reality, if you're reading these words online, and even if you're doing your best to read them anonymously, it means you've almost certainly got a collection of data about you online already.

2) Because "online surveillance" is a slippery slope, and it will only get slipperier. Remember the Clipper chip's hardware-based encryption escrow scheme? Who and how often you email, chat with online, or call on the phone is the tip of the iceberg. Robert Bork didn't like having his video watching habits spied on, and that was before Netflix and competitors made the sorting and stacking of movie-watching habits not only possible but an never-ending exercise in deep data analysis. Maybe you don't care in particular about what the NSA, FBI, or anyone else thinks of your taste in entertainment, but you might prefer them to stay out not only of the information revealed by your current online activity, but also out of whatever things are revealed by future developments. Right now, a relatively small part of the online population uses crypto-currency like Bitcoin; a decade from now, it seems likely to be even more widespread than Netflix is today. Do you want your transactions to be public record, or even public-servant record? Beyond that, the era of ubiquitous, automated surveillance doesn't need you to mail an angry letter, or declare allegiance to an unpopular cause online: Just walking around means sooner rather than later you're likely to be captured on camera.

Access to your medical records almost certainly will be online, too, even more than it already is. Online and offline lives will only get blurrier: Your GPS (and increasingly, that means your phone, too) knows where you've been, and your should-be-private Google Maps page knows where you might have considered going. (Couple that with the cavalier attitude that dominates rules about data that you carry in your phone, laptop or USB data sticks, if you cross, or even come near, the U.S. border.) Think about the meta-data (or what the government might characterize that way) that your reading and viewing habits, your prescription medicine needs, your airline tickets, and your Amazon wishlist could reveal, and whether you'd want everyone's digital dossier to be up for ad-hoc scrutiny in 10 years any more than it already is. You don't want the equivalent of the TSA viewing rooms (for your own good, of course) attached to every stream of online communication.

3) Because you're paying for it. How much you're paying is hard to say, because of black budgets, overlapping programs, and the sheer number of systems that are or could be used to make widespread surveillance the new normal, but the mystery price tag starts out high. If you're an American, or an EU citizen, at least you can be grateful that you're likely only being spied on, rather than actively harmed in other ways; in other countries, the outcome can be far grimmer. How much do you want to pay to build an infrastructure for constantly surveilling yourself, your friends, and your family? Especially one that fails so miserably at even its stated aims?

THREE WAYS TO FIGHT IT:

The good news is, while you can't stop the entire octopus, you're not required to be a full-time victim of online surveillance or the offline surveillance that it seems to normalize. Instead, you can take some simple steps that at least fog the glass a bit. Readers will no doubt suggest better technologies and practices, but here's a short list to start with:

1) Encryption, more often and in more contexts. Encrypted hard drives are now easy to buy off the shelf, or to implement with software per-user. Use encryption when it makes sense, for documents, emails, file systems, or browsing; the more you do, the more normal this becomes — if it's perfectly normal to carry data encrypted, no matter how innocuous, it's hard for merely possessing encrypted data to be vilified. TrueCrypt might not be impregnable, but neither are the opaque envelopes you might put in a physical mailbox: making it harder to spy on you even in small ways beats indifference. Good news: not every layer of security takes much effort for you to take advantage of: Mozilla's move to HTTPS Everywhere is an example, as is the option that many OSes are embracing to offer the user full-disk or per-directory encryption.

2) Avoid standing in front of the biggest targets. If you don't yet, use an operating system like Linux or one of the modern BSDs, at least part of the time. The SCADA vulnerabilities exploited to cripple a key part of Iran's nuclear program exploited a well-known hole in a widespread operating system, and the same can be said of many attacks blandly characterized as "Advanced Persistent Threats." Even a cheap, adjunct laptop running an up-to-date Linux or OpenBSD could make you safer for some tasks online; cheaper yet, you can run an entire Linux system from a USB drive, and yank it when you're through. That doesn't stop a mid-stream listener (which is a very hard problem), but a compartmentalized system like that means you can do your online banking or anything else and be less vulnerable to common malware. (Besides, it's fun!)

3) Tell companies, politicians (for instance, by voting for or against), and the people around you, that you object to being spied on. You can't prevent malicious individuals, governments, (or Google, or Yelp, or your Facebook friends) from looking at some of the data that you emit; you might feel perfectly satisfied with lots of the transactions you take part in freely. But you can minimize the worst consequences by being mindful of what you do or don't mind putting out there, and spreading the word when you find abuses of trust that compromise your privacy.

Online spying didn't pop into existence with Edward Snowden's revelations about mass data gathering by the NSA on U.S. citizens. For Americans, having our communications tapped by government agents (even if by a government that has remained far more benign than have many others) extends as long as the history of the country; likewise for Europeans and others all over the world. It's much easier, now, though, for those agents to put an ear to your wall or an eye on your correspondence than it's ever been before. For those in many countries, taking practical steps to reduce your exposure is a sensible move for more than just aesthetic or philosophical reasons, though, and luckily the range of options for preserving privacy and private communications have advanced right along with the growth of the technologies that threaten them.

Security Researchers Want To Fully Audit Truecrypt

It · Security · 2013-10-16 01:30 · posted by Unknown · from the brought-to-you-by-the-makers-of-stuxnet dept. · 233 comments

Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"

Encryption? What Encryption?

News · Editorial · 2009-08-12 02:22 · posted by Soulskill · from the these-are-not-the-files-you're-looking-for dept. · 500 comments

Slashdot regular Bennett Haselton writes with his take on the news we discussed early this morning about the UK government's prosecution of two people who refused to disclose their encryption keys: "Is it possible to write a program that enables you to encrypt files without drawing suspicion upon yourself if anyone ever seizes your computer? No; a program by itself, no matter how perfectly written, couldn't do this because you'd still attract suspicion just for possessing the software. You'd need a social element driving the program's popularity until it gets to the point where people no longer look suspicious just for having the program installed. Here are some theories on how that could happen — but it would be a high bar to clear." Hit the link below for the rest of Bennett's thoughts.

Police in Britain have announced that two people have successfully been prosecuted under a UK law that forces defendants to give up their encryption keys and penalizes those who don't comply. Another UK woman's case had attracted attention two years ago, when the government demanded she give up her encryption keys after the police found encryption software on her computer, but the police say she was not one of the two defendant's charged. Is there a software solution to this problem — a way that people can encrypt files on their computers, without arousing the suspicion of law enforcement if the computers are seized?

File encryption, if properly implemented, is generally considered mathematically unbreakable. But to prevent suspicion falling on people just for encrypting files in the first place, requires a human solution as well as an engineering one. One way or another, some file encryption software would have to be in widespread use that has these two properties: (1) it's deployed on a large number of people's machines — not just a large absolute number, but a significant proportion of the total population, so that suspicion does not fall on people just for possessing the software — and (2) it should not be possible to tell the difference between machines where the users use the software regularly, and machines where the software has never been run. Then, and only then, would it be possible to use the encryption software on your machine, without anyone who seizes the machine having reason to think that you had ever encrypted anything at all.

(Of course, in a relatively free society, if law enforcement has probable cause to seize your machine in the first place, then they would presumably already have some evidence against you. But this would at least prevent police officers and judges from becoming more suspicious as a result of encryption software being present on your machine.)

Note that this is similar to the kind of problem that is normally solved with steganography, but by my reasoning, I don't think that using stego would actually gain anything in this situation. Whether you're talking about encryption software or stego software, if it's a program that not a lot of people have installed, then just by virtue of having it on your machine, you'll attract suspicion if your machine is seized. On the other hand, suppose you've cleared that hurdle and the software is installed on a lot of people's computers, so that just having installed it is not by itself grounds for suspicion. If it's stego, then you can embed the hidden data inside other images or videos, so that an intruder can't tell whether you've been using the software to hide anything (assuming the stego software is good enough that the intruder can't tell the images have been tampered with). But you could achieve the same thing with straight encryption software: just have every installation of the program create a "storage volume" file, where encrypted files will be stored. As long as a storage volume file with files embedded in it, is indistinguishable from a storage volume file that has never been touched, the presence of the storage volume file won't give you away.

I'm not actually aware of any encryption program that has that property: that for a given machine with the software installed, it's impossible to tell whether the software has ever been used to encrypt data. This is probably because this would normally not be a useful feature of an encryption program. The whole point of making it impossible to tell whether someone has used the program or not, is that people who have used the program would not attract undue attention to themselves as a result. But if the encryption program is only used by one thousandth of one percent of total Internet users anyway, then just the fact that a user has the program installed, would be enough to draw suspicion to the user if their computer is seized, so there's no benefit to concealing the fact that the program has been used. On the other hand, if the encryption program is installed on a significant proportion of users' machines anyway, then simply having the program installed is no longer grounds for suspicion. And that's when it would become a valuable feature for it to be difficult to tell whether the owner of the machine actually uses the encryption program or not.

This may be hard to implement correctly, and there are some tradeoffs that will have to be decided. For example, if the program creates a default "storage volume" file when it's installed, how big should that initial volume be? The problem with creating a small storage file initially and then letting it grow as encrypted files are added, is that this now makes it easy to tell who is using the program and who isn't — anyone whose storage file has grown beyond the default size, is using it to encrypt files (and is therefore a terrorist movie-downloading child pornographer, etc.). In order to avoid suspicion falling on people who use the program, the storage file would have to be the same size on everyone's computer. If you make it 1 GB, that wastes a lot of space on people's machines who aren't using it. On the other hand, if it's only 1 GB, it also means that users will only be able to store up to 1 GB of encrypted data — any more than that, and they'll have to expand the size of the storage file, thus calling attention to themselves if the machine is ever seized. And then, what about the fact that a large file which is created all at once, is normally not fragmented very much, but if the storage file is frequently modified, it is likely to become more and more fragmented — thus giving people a way to tell if the encryption program is being used frequently. (So you'd either have to deliberately create a very fragmented storage file by default on the first install, or create an unfragmented file on first install but then make sure to read and write from the file in a way that doesn't fragment it further.) I don't want to get too bogged down in implementation details. The point is just that you'd have to block all the possible ways that an intruder would be able to tell whether the software is used frequently — forget one thing, and you've given an intruder a way to identify people who are actually using the software to encrypt files.

A program called TrueCrypt achieves something close to this — TrueCrypt allows you to encrypt a storage volume with two different passwords, so that one password provides access to "innocent-looking" data, while the other password provides access to the data that you really want to keep secure. If someone is compelled to give up their password, they could provide only the password that unlocks the "innocent-looking" data — and there's no way, from examining the encrypted file, to tell that there is a second password guarding even-more secret data. (Of course, the "innocent-looking" data can't be truly innocent-looking, because it has to look like the kind of thing that someone would believe you might want to encrypt — so it should look suspicious enough that you would genuinely want to hide it, but not bad enough to get you in real trouble if you're forced to reveal it!) The Achilles heel of this scheme is that just having TrueCrypt on your computer in the first place, would at least signal to an intruder that you're encrypting files. And even if they can't prove that you might have another "super-secret password" guarding more private data on your encrypted volume, they would certainly suspect it, if they already had grounds to be investigating you and if they knew anything about how TrueCrypt works. To provide true plausible deniability of any encryption at all, you need a program that already exists on lots of people's machines, so that an intruder doesn't suspect anything when they find it on your computer.

(The same objection also applies to many other non-solutions to the problem, like using a Linux distro that encrypts your entire file system. Even assuming this would be within the technical means of the average person who wanted to do encryption, it's still going to look suspicious as long as the vast majority of people are not doing it.)

Which leads to the other half of the problem, which is getting the software widely deployed enough that it would not look suspicious for someone to have the program installed in the first place. Best of all for the purpose of avoiding suspicion, of course, would be for the program to come installed by default with a popular operating system. Windows XP and Vista have the built-in ability to encrypt folders, but anyone who seizes the machine can still see that you encrypted a folder, so this don't have the undetectability factor. Built-in deniable encryption of the kind that I'm describing, doesn't instinctively feel like the sort of thing that Microsoft would start bundling with its operating system. (Among other things, they might say that while companies often have business reasons for encrypting files, it's harder to think of a business case where employees would need to encrypt files and hide the fact that they were encrypting anything.)

Perhaps instead it could be bundled with a popular free software program beholden to no for-profit corporate masters. (My first thought was Firefox, but I was quickly told that Firefox was created specifically to strip out many of the features that had caused bloat in the original Mozilla project, and that any bundling of unnecessary tools would go against the whole ethos of the project.) Maybe a good place to include something like this would be the Google Pack — it's installed by lots of people, and currently doesn't have a file-encryption tool in the bundle. Beholden to for-profit corporate masters, yes, but ones that frequently declare "Don't Be Evil" and often seem to do cool stuff just to see what would happen.

Another possibility would be for a next-generation P2P program to bundle this capability with their software. This provides a nice dovetailing of interests — P2P users might want a way to hide the files that they've downloaded, while at the same time, intruders who seize the computer and found the P2P application installed, wouldn't necessarily suspect the owner of anything more than a little copyrighted file trading. "Well, he's got this NiftyP2P program installed, which comes with 'plausibly deniable' encryption, but most people use just NiftyP2P to download mp3 files and movies anyway. And I can't tell if he was actually using the encrypted file storage volume, because that's how 'plausibly deniable' encryption works. Is this the same guy who uploaded those subversive anti-government documents? I dunno."

Anyway, if you actually want to give people a way to run encryption software on their PCs, while ensuring that anyone who seizes their machine cannot tell that any encryption has been going on, these are the hurdles that you'd have to clear. I'm not sure whether this is better viewed as a blueprint for how to achieve this goal, or an argument for why it will probably never happen. There are lots of almost-solutions, like TrueCrypt with its ability to encrypt different sets of data into the same storage volume. But you still can't actually hide the fact that you're doing encryption in the first place.

(If you're willing to store your encryption software away from your computer, you could keep a steganography program on a CD or USB drive hidden in your house, and then whenever you need access to the encrypted data, plug in the program and use it to extract data that has been hidden in a large number of image or video files. That would achieve the goals I've outlined in the article: the ability to encrypt files, while still ensuring that anyone who seizes your computer won't be able to tell that you've encrypted anything. The problem is that it would require enough self-discipline to always return the CD or USB stick to its hiding place when you were done with it — and still, you'd have to hope that whatever authorities seize your computer, don't also search your house and find the CD or USB stick where you keep your stego software.)

Finally, risking the wrath of my civil-libertarian allies, I'll admit it may not actually be a positive thing for every citizen to be able to hide the fact from their local law enforcement that they're encrypting files on their computer. Many times if the police in a mostly-free country like the US or the UK seize a person's computer, they're trying to prevent real harm, and not every person with an encrypted file volume is a good guy. For some of the people who have left enough of an evidence trail that their computers get seized, it would be perfectly rational to view them with suspicion because of an encrypted volume found on their computer. But if you assume it's a worthwhile goal for people to be able to encrypt files without attracting suspicion, my argument is that the prerequisites in this article are necessary for that to work. At the moment it seems a long way off. But if someone created an encryption program with "deniability" — so that it was impossible to tell whether the program had ever been used after it was installed — and someone at Google thought "Hey, that's cool" and added it to the Google Pack, everything would change very suddenly.

Tips For Taking Your Laptop Into and Out of the US?

Ask · Storage · 2008-10-09 07:30 · posted by timothy · from the hug-a-tsa-agent-with-fervor-and-passion dept. · 940 comments

casualsax3 writes "I'm going to be taking a week long round trip from NYC to Puerto Vallarta Mexico sometime next month, and I was planning on taking my laptop with me. I'll probably want to rip a few movies and albums to the drive in order to keep busy on the flight. More important though, is that I'm also going to be taking pictures while I'm there, and storing them on the laptop. With everything in the news, I'm concerned that I'll have to show someone around the internals of my laptop coming back into the US. The pictures are potentially what upsets me the most, as I feel it's an incredible violation of my privacy. Do I actually need to worry about this? If so, should I go about hiding everything? I've heard good things about Truecrypt. Is it worth looking into or am I being overly paranoid?"

TrueCrypt 5.0 Released, Now Encrypts Entire Drive

2008-02-06 01:52 · posted by ryuzaki0 · from the wear-a-condom-people dept. · 330 comments

A funny little man writes "The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac version is at last available too."