Slashdot Mirror
GNU Carnivore With Perl Data Lookup
Kallahar writes: "Inspired by the FBI's DCS1000: Carnivore is a networked art project in two parts. The first part is Carnivore Server, an application which performs packet-sniffing on a specific local area network and serves the resulting data stream via the net. The second part consists of an unlimited number of client applications which tap into this data stream and interpret it in creative ways."
On November 17th, a draft version of a review of Carnivore, the FBI tool for monitoring Internet traffic, was made available to the public. This review was performed by members of the ITT Research Institute in Lanham, Maryland and is 127 pages long. In the Executive Summary, the review makes several recommendations for ways in which Carnivore must be improved, in order to protect individual privacy and assuage concerns about the potential for unauthorized use.....
....
.....
In other words, they found a flawed product, which can currently be easily manipulated to gather information beyond that authorized in a court order. They believe the flaws are fixable and have made recommendations as to what needs to be done, including eventually releasing the source, but not until some glaring security problems have been fixed first.............
Read on here:
http://www.lwn.net/2000/1207/security.php3
Cruise TT
I have to say, I am severely disappointed that they don't have a Matrix-style display. To have a realistic matrix display that contains real information about network data would just rock. Warm and fuzzy all over.
Dacels Jewelers can't be trusted.
Carnivore Server is a set of Perl scripts running on top of tcpdump
You know, sadly, this is probably far more sophisticated than the actual Carnivore system.
Good grief.
--
What happens when you outlaw guns
Remember "The Prisoner"? In one episode they briefly mentioned "jamming" to disrupt the activities of the warders. A later episode, "Hammer into Anvil", showed awesome jamming in practice.
"Prisoner" style jamming would be stuff like secretly passing (real) grocery lists, abruptly changing your well known hobbies, getting a post office box that you only use for two of your four magazine subscriptions, etc. Makes the warders think you're up so something so they expend effort trying to figure it out.
So what would "Carnivore" style jamming be? It can't be just randomness, and it has to be at least semi-legitimate. Posting signed and encrypted random streams won't count, because it's not real. And it can't get you in real trouble. One idea: create a PGP key for "Anonymous Coward", and sign all of your AC posts to Slashdot with it. Another: always use a signature tag composed of 26 randomly selected letters, all lowercase.
The key to getting jamming to work is for all the jammers to respond appopriately to other jammers. When one jammer sends you a PGP signed grocery list, send him or her your chocolate cheesecake recipe.
A Government Is a Body of People, Usually Notably Ungoverned
Of course. The question is, why make it easier for them? Half of why we want open source is to make our programs better. We don't want these privacy invading programs to be better and easier to use! That's quite different from our goals on most packages.
We do want to be sure that they aren't snooping on us improperly, and some feel that if they are open source, that means we can check for that sort of thing. But in fact, that's possibly a big mistake.
We can verify that the open source version is OK, but as you point out, there are people who can modify the code. And it's a lot easier to take the open source snooper and add patches to it to take out the safeguards than it is to write one without safeguards from scratch. This is really quite different from the goals of open source.
The people who take out the safeguards won't tell you they did it, nor will they contribute their patches. Nor will they follow the GPL.
When the FBI shows up with a DCS1000 Carnivore, they just attach a black box to your ethernet. They claim it's even wired so it can read, and not write, to your ethernet. But you don't get to inspect it, or check MD5s on the binaries to assure they were inspected to behave well.
Now, I like the idea of a free tool for ISPs so they can install it to comply with warrants and thus refuse the police black box. But what advantage is gained by that being open source. It would be nice if it's free to the ISPs, with source available if you sign a contract, but that's about it.
I'm also concerned that since secuity at ISPs is not super high (some run IIS for chrisakes) that it's not that hard for anybody, even a script kiddie to break in to a machine on my ISP's ethernet, and then get another script based on this open source snooper you want to snoop me. Forget the feds, these guys are worse.
So I want to work to encrypt all my traffic but I can't yet, so I hope to not make it easier for the snoops.
Not that it should be illegal or anything to release this package. I just want to argue that it's not a great idea. It doesn't match the reasons we like open source.
Has it been over a year since you last donated to the Electronic Frontier Foundation
I did this better in webcollage years ago. But of course I didn't call myself an Artist Collective, and I didn't put out a press release, so no article in the Times for me, darn. I guess that's why webcollage is a ``hack'' rather than an ``art project.''
I swear, one of these days I'm gonna apply for a federal grant to hack on xscreensaver . I've seen people get money for worse things . All you have to do is swallow your sanity and gag up an artist statement of some kind, and the literati will take you seriously: if you cloak it in pretentiousness, the most trivial piece of eye candy can become a Serious Work, full of Insight And Meaning!
The problem with art is artists. My goal has long been to eliminate the artist from the creative process.