Protecting IM From Big Brother

holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."

Encryption

[nurb432]

Its time to implement encryption of ALL traffic from ALL applications. Perhaps even IPC encryption incase you have some sort of 'tap' installed on your computer.

Sure, it eats resources, but do you want others reading your information? I dont. Not even when its "we are out of milk, please pick some up on the way home", as its NONE OF THEIR BUSINESS.

Re:Encryption

[rainman_bc]

Check out SiMP-Lite

It's a fantastic product, I just wish it was multi-platform... Really nice for Windows though...

Re:Encryption

Honey, is that you? We are out of milk, please pick some up on the way home.

Re:Encryption

[Mantaar]

A woman on slashdot that addresses her husband as 'honey' and not with his screen name??

You're a faker, Mister, and not a good one!

Re:Encryption

[shikadi]

It's not just about encryption, it's about privacy too. Do you want instant messaging to be used as evidence against you in the future? The reason it is called OTR is because it really is off the record. Recording of conversations is not evidence that a conversation ever occurred, since it purposely lets anyone forge messages after the conversation is over. If the person you were talking to decides to record everything you say to them, it doesn't matter, since you can easily show that what you said could have been forged. In fact, tools are created specifically for this purpose.

Re:Encryption

[nurb432]

Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that..

And I do agree i have to trust the person at the other end not to divulge/record/forge that i need to get milk.

Re:Encryption

[AnyoneEB]

Although OTR and gaim-encryption (now pidgin-encryption) were originally for AIM (as far as I can tell), if you are using pidgin, I see no reason other than possibly some quirks in the plug-in why you could not use them on MSN or any other protocol. I think I have used pidgin-encryption on Jabber.

Re:Encryption

[jmcnaught]

I regularly use OTR in Pidgin with MSN and Jabber (Gmail chat) and have never had a problem. Adium X on the Mac also includes OTR support out of the box.

I try to use OTR as much as possible, all of the time. I figure if I only protect the stuff that needs to be secret, it sticks out like a sore thumb. And the more encrypted traffic on the internet in general, the harder it is for them to break it all even if they do have magic quantum computers.

Trying to get more people to use PGP/GPG with me over email for the same reasons, but it's a little harder to understand and get started so I'm not making as much progress.

Re:Encryption

[RaceCarDriver]

IANAL, but Encryption(in the USA at least) seems pretty pointless once the government/law is after you. As far as I know; if requested(with a warrant), citizens must turn over any keys or pass phrases or be held in contempt/whatever(bad)...

Re:Encryption

[glitch23]

Its time to implement encryption of ALL traffic from ALL applications.

If I was actually doing something questionable where I thought someone would care enough to listen to what I am doing or what I have to say then I might consider that. As it is, I don't worry about it and even if I was type where I'd worry about it on the principle of the matter, the fact is I won't ever see the person doing the sniffing (b/c I'm not doing anything wrong) so they can listen to my boring chats all they want. Just my opinion. By the way, out of curiousity, you don't think someone hearing you say "we're out of milk" is their business. You aren't the type of person to use your cell phone in public with an "outside" voice when you are inside so everyone can hear you, are you? I just want to make sure you are consistent with what is other people's business.

Re:Encryption

[VGPowerlord]

I can think of two reasons not to encrypt everything:

1. Encryption adds overhead.
   
2. A certain popular protocol's encrypted version's clients pop up all sorts of warnings if the server certificate is not signed by a known entity.
   
   Of the three most popular browsers these days, a site with a self-signed certificate shows the following:
   
   1. IE6
      
   2. Firefox 2
      
   3. IE7
      
   
   While the average person may know that this is not necessarily bad, mom and pop are probably going to avoid sites that bring up these errors, particularly if they're using IE7.
   

So, yes, there are reasons to not encrypt everything.

Re:Encryption

[epee1221]

The government probably has the computing resources necessary to break any encryption people are likely to use. Even so, those resources can't be allocated/used lightly, so they simply can't afford to run huge fishing expeditions. They are forced to only try to read messages they already have reason to believe contain evidence of wrongdoing. As for subpoenaing keys themselves, it's fairly common to discard keys used for communication once the communication is done.

Re:Encryption

[nurb432]

Actually, I dont use a cell phone in public anyway, so that isnt an issue. ( i think public use of cell phones is rude. And i try to not be a hypocrite )

As far as sniffing, It has nothing to do with my content, i just dont feel its anyone else's business what im talking about.

Re:Encryption

WHAT???? You think mom and pop know WTF those messages mean???

IE6/firefox: Everyone just click's "okay" except for nerds like us that know what it means.

IE7: Everyone clicks the "recommended" link a few times, until they figure out it doesn't let them view the website. Then they get conditioned to click the "continue to site". Note that at least this message works for a while, as long as it's not displayed a lot.

Re:Encryption

[QuantumG]

Blah, that's a load of shit. It's an academic answer to how to fix the problem of people logging your conversation with them.

When the log is presented in court the person who logged it will be asked "is this log an accurate representation of the conversation you had with the accused?" and they say "yes, it is" and the defense then has to show not that it is possible that the log was doctored but that person who has just sworn, under penalty of perjury, is lying. They typically do this by showing instances in the past where the person has submitted false evidence to a court, or they can try to show that the person has something to gain by changing the log and that they had the skills (if any special skills are required, which they wouldn't be). It would be a very tough sell and a jury is more likely to believe that the log is accurate because what kind of idiot would lie in court when the punishment is so severe.

Consider that email is so trivial to fake and yet emails are considered official correspondence in many many many court cases. It's not about the technology, it's about the people making the claims.

Re:Encryption

[thegrassyknowl]

The beauty of OTR messaging is that it claims to guarantee perfect forward secrecy. In other words, if you lose control of your private keys no previous conversation is compromised. This is a big plus, because even if they force you to turn over the keys they can't see the previous conversations.

It works (as I understand) by using your key pair to derive and exchange public session keys. The session keys then are used to do actual encryption and are changed frequently. The private key at each end is only ever stored in RAM and is discarded when the session ends or after a timeout.

It's neat because even listening in to the whole session and obtaining the public session keys isn't enough to compromise the session. Of course, having the public keys and obtaining the master private key may go a long way to helping with a mathematical attack of the algorithm.

Re:Encryption

[X0563511]

You make it sound like it is easy to just randomly break encryption. It isn't! Usually the way they are broken is brute-forcing keys, stealing keys, or comparing plaintext to ciphertext to extract the key. When it comes time for encryption to be in the way, it is usually far faster, easier, and cheaper to get around it. Think human intelligence, not signals intelligence.

Re:Encryption

[Kadin2048]

It works fine on all protocols. Since it handshakes with the other side by inserting some spaces in between words, it doesn't rely on the lower level of the protocols. As long as the IM service transfers text as typed (and doesn't reformat it or anything en route), it should work just fine. It's quite robust.

I've always been disappointed that Adium is the only IM client to build in OTR, so it's there for everyone who uses it without an additional install. If Gaim/Pidgin built OTR in too, it would mean a vastly expanded userbase; I think that would be getting close to the 'critical mass' that you need to push an encryption method into the mainstream (particularly if you could pick up Trillian and some of the other unofficial, multiprotocol IM clients from there).

As it is, having OTR in an additional download for all clients except Adium is a major stumbling block. It's awesome that it exists, but there are so many people around who only want security if they don't have to do anything to get it. Once you start asking people to install additional software or plugins, their eyes glaze over and you've lost them. (All except the people who really need security, and that's a situation you don't want, because now they stick out like sore thumbs. If you want security, you need to get the 'average folks' using it too, even if it's just for cover of whatever activities you're up to.)

Re:Encryption

[opticalmatrix]

There was a secure IM program out there. Seclude IM, but at the time there wasn't a big enough following for the group to keep it running. It supported 1024bit encryption and had 4 secured Ident servers provided by the personal working on it.

Re:Encryption

[Kadin2048]

Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that. Huh? OTR is specifically designed not to prove that the log is legit. It goes to a lot of work, actually, to ensure that there's a trivial way to fake messages after the fact, just not when a conversation is occurring.

That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.

OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.

The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.

Re:Encryption

[Kadin2048]

That's not quite the point either. OTR doesn't make your conversation totally repudiable, because you still have the same logs as a normal, unencrypted conversation.

It just avoids the problem of having the encryption dig you deeper into a hole, by creating a mathematical proof that you said certain things.

It basically gives you exactly the same 'wiggle room' as you'd have with a regular logged IM conversation. It doesn't, and can't, guarantee that the person on the other end isn't logging the chat somehow (and how would it? even if you had some sort of "secure computing" platform preventing them from running an IM client that logged, they could still point a camcorder at the screen if they were determined enough).

OTR just tries to not be an additional part of the problem.

That said, you're right in pointing out how troublesome it is that emails and other unencrypted, trivially-edited digital communications are routinely accepted as evidence in court. That this happens so regularly is a big problem, and I wonder how often people do a little doctoring here or there, since the evidentiary rules are so lax.

Re:Encryption

[cheater512]

If your paranoid about security with Jabber its better to simply run your own Jabber server.

Remember its a direct connection between your server and the person your talking to's server.
Nothing central to tap. Also inter-server connections are usually encrypted by default.

Re:Encryption

Blah, that's a load of shit. You don't do a good job of playing a lawyer.

Re:Encryption

[sporb]

Like he said: "Load of shit". Saturate the network with noise. Hide your message therein. -s

Re:Encryption

[xiphoris]

Email isn't trivial to fake in such a way that it would stand up to any kind of scrutiny whatsoever. Already there are simple authentication protocols that are becoming widespread enough to secure the average user. If the receiving domain has any kind of proper configuration, it will be able to validate whether a mail was sent properly using one of SPF records, PTR, DomainKeys, or any reputation system.

Try to fake an email that looks like it authentically came from Amazon.com to a Yahoo account -- even from the perspective of a naive user, you can't do it.

To a user smart enough to examine mail headers, no forged email is good enough to stand up to any inspection. It is an incorrect rumor that email is easy to forge. Certainly if the issue came up in court, an expert witness would lay the question of whether it was forged to rest by examining the mail headers. Any decent MTA can do the same automatically.

Re:Encryption

[QuantumG]

The typical email trail presented in a court case is completely intra-domain.

Ya know, "the boss sent me an email saying we should fire all workers who had signed the latest union agreement".

Re:Encryption

[Bert64]

Encrypted between client and server, and then decrypted on the server? You really need end to end encryption, encryption provided by the server operator is just a false sense of security, whats to stop you simply decrypting the data before reading it?

Re:Encryption

[TheRaven64]

Any half decent encryption algorithm is so hard to break that it's generally cheaper and easier to obtain the information some other way (e.g. installing spyware on one of the participants' computers).

Re:Encryption

[aliquis]

Do you know if these are the same kinds of encryption that Adium uses? It's based on pidgin atleast.

Re:Encryption

Has anyone considered the possibility that the "authorities" want everyone to encrypt all of their correspondence?
Encryption is a form of digital signature that can be traced back to the original author (through either legal or illegal means).
I think that has implications for both sides of the Orwellian (http://en.wikipedia.org/wiki/Orwellian) debate.

Re:Encryption

[JFitzsimmons]

This is a common encryption technique, called Hybrid Encryption. Off the top of my head, I know that SSH and TLS use this scheme.

Re:Encryption

[wirelessbuzzers]

This is a common encryption technique, called Hybrid Encryption. Off the top of my head, I know that SSH and TLS use this scheme. This isn't hybrid encryption. In hybrid encryption, you encrypt temporary, symmetric session keys with a fixed public key. If the public key is later compromised, the session keys can generally be recovered. In forward-secure encryption, a simple and common method is to make a temporary public/private key pair, sign the public key with your fixed key and send it over. You exchange the session key using this pair, then throw away the temporary key pair. That way even if your fixed key is compromised, the temporary key is still secure (it was only signed by the fixed key), and so is the session key.

Re:Encryption

[epee1221]

Even so, those resources can't be allocated/used lightly, so they simply can't afford to run huge fishing expeditions.

You make it sound like it is easy to just randomly break encryption.

If that's how you want to interpret it, I guess I can't stop you. The whole point is that breaking encryption is not a trivial task, so it would be impossible to try to read everything.

Re:Encryption

[WuphonsReach]

There's an old saying that is more or less "encryption is easy, secure implementation is bloody impossible".

Basically, the problem boils down to encryption keys and the management thereof. When you're connecting to friend X - how do you *know* that you're encrypting with their key? Maybe not-friend Y snuck his key in and you're actually encrypting stuff that goes through Y's hands and he then turns around and sends it to X. (Which is the Alice -> Eve -> Bob issue, where Eve performs a man-in-the-middle attack on the encryption chain. Eve can then listen to all traffic between Alice and Bob, who are non-the-wiser.)

Which is why GPG/PGP go to great lengths to discuss the issue of trust and signing. And why they have specific rules on how to hold a key-signing party. As well as providing key fingerprints that can be transmitted via another channel (telephone call) to make sure that the key you have is the key you think it is.

There's also the belief that no encryption is better then badly implemented encryption. That way your users don't get a false sense of security.

Re:Encryption

[mattwarden]

If you don't want people knowing you are out of milk, you probably shouldn't post it on /.

FYI.

Encrypted RAM and HDD Storage

[EmagGeek]

You can't have perfect secrecy unless your RAM contents are also encrypted. Wasn't there some case recently where the RAM contents of some server were subpoenaed in a court case? If your RAM is unencrypted, then your IM conversation is stored in plain text SOMEWHERE, even if it is encrypted on the network stack. Of course, having encrypted RAM would be a HUMONGOUS performance hit, but it could be done. Hmmm..

Off to the patent office I go..

Re:Encrypted RAM and HDD Storage

[idiotwithastick]

Encrypted RAM is pointless. If you want to read it, you have to unencrypt it anyways, so the key has to be stored somewhere that can be read by the computer. If your computer is subpoenaed, you would have to provide it's contents anyways. As if you could.

Re:Encrypted RAM and HDD Storage

[Cracked+Pottery]

Fine, let me get those chips out for you. Bring the back after you get the information off of them.

Re:Encrypted RAM and HDD Storage

[MichaelSmith]

Off to the patent office I go..

Have fun proving that you had the idea before Theo.

Re:Encrypted RAM and HDD Storage

[uofitorn]

Exactly. But you can take steps to limit the lifetime of sensitive data in memory.

See Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation http://www.stanford.edu/~blp/papers/shredding.pdf

Re:Encrypted RAM and HDD Storage

[EmagGeek]

Well, the idea of encrypting RAM would be obvious to the person skilled in the state of the art, and therefore on its face not patentable. However, there are invariable many novel ways to solve obvious problems that would be patentable. Whether or not I could obtain a patent on the method and apparatus would depend upon the novelty of said method and apparatus.

Re:Encrypted RAM and HDD Storage

[Cheesey]

Encrypted RAM would be very secure, but it would need hardware support. The key would be stored within a CPU register, having been generated from random noise on bootup. Hitting reset/power should be all the security you need. We effectively have this now in free software with encrypted swap space, and I think the TCPA spec says that bus encryption keys need to be negotiated using public key algorithms. The curious thing is that there doesn't need to be much access time overhead, because you do all the decryption to burst transfers on the RAM side of the instruction cache.

Re:Encrypted RAM and HDD Storage

[Ash-Fox]

Wasn't there some case recently where the RAM contents of some server were subpoenaed in a court case?

Yes, but it didn't help them at all.

Re:Encrypted RAM and HDD Storage

[M.+Baranczak]

Wasn't there some case recently where the RAM contents of some server were subpoenaed in a court case? No, there wasn't. That was just a really misleading Slashdot summary. Assuming we're actually talking about the same thing.

Re:Encrypted RAM and HDD Storage

[Kadin2048]

Encrypted RAM is admittedly hard, but you're creating a false dichotomy if you're assuming that just because you don't have encrypted RAM, it's not worthwhile to encrypt everything else.

Particularly if you have an encrypted swap file (which Mac OS X allows, and I assume Linux does too), just because a program was running wouldn't guarantee that a decryption key for it would be stored in memory. And even if it was, grabbing that key out of memory isn't trivial. (It means you have to keep the computer running and keep the data in memory while you extract it, for starters.)

A system where everything that's on the disk is encrypted, and all you have to do to secure the data is unplug the system and wait a few seconds for the RAM cells to discharge, seems like a big step over a system where you'd have to physically destroy the disks (big magnets? thermite?) in order to make sure that there isn't something incriminating there waiting to be found on casual inspection.

Even if all you have is a second or two of warning, it's not hard to hit a power strip or killswitch and turn the power off, and you've instantly bought yourself a decent margin of security -- if you've at least encrypted all the data stored in non-volatile media.

Re:Encrypted RAM and HDD Storage

[darkmeridian]

The ruling of that "subpoena the RAM" case is widely misconstrued. A guy was subpoenaed for IP logs, and he said that since he didn't log IPs, all the IPs were transitory and in RAM. The court said that he could be forced to log IPs, because the RAM already contained the information, it did not require the party to create evidence (in a legal sense). Basically, the wording of the ruling was meant as a side-step around civil procedure rules.

Re:Encrypted RAM and HDD Storage

Your thing about encrypted RAM is completely irrelevant, non-sensical, and off-topic. At some point the data has to be decrypted to be shown on the screen - so your fictional attacker is more likey to install a hidden camera than try to use exotic techniques to pick up the EM radiation from your computer's bus. Note also that when they talk about recording conversation history, they're assuming the typical (with regards to cryptography) all-powerful malicious entity that controls the communication channel and is able to record & modify any and all messages any way they want.

Let me clarify some further important points for you.

This is forward encryption. Meaning if someone steals your private key, they can only decrypt future messages. Any encrypted messages that were recorded in the past (i.e. they had a tap on your line and only recently got the private key) are still secure.

All messages are as deniable as unencrypted communication - there's no way you can prove to a 3rd party who said what. Think of it this way - with PGP, being able to decrypt the message also means that you've proven mathematically what was said and who said it. With OTR, it's a bit more complicated, but essentially, after temporary keys expire (i.e. 1 hour), they are published in the clear so that anyone who is monitoring the stream can then generate any conversation they want for that hour and claim it is real (thereby making sure that the validitiy of all conversations is suspect).

There's also authentication which means that if you verify another party's fingerprint (i.e. ssh key), then you have a guarnatee that as long as you know that you didn't send the message, then the other party did. Notice how this plays in with the deniability - a third party can't be proven the same thing, so they can't know for certain who sent the message. Take for example a cop getting an encrypted communication log from an informat a day later. The cop can't be certain the informant didn't alter the log in any way. If the cop got it anonymously or through an unverified source, then they can't even be somewhat confident that the contained information is accurate in any way.

For instance - a terrorirst group or criminal organization might purposely provide an encrypted communication log that has disinformation. Would you want to rely on that information in any way? You'd need to verify every detail (and if you could do that, there would be no reason for needing the communication log in the first place).

OTR makes the following possible (assuming the protocol doesn't have design or implementation problems).

As long as A & B's private key's are really secret, no one can decrypt messages just by listening to the conversation.
If B's private key's is stolen, then only conversations from then on between A & B can be monitored (past conversations are safe).
If B becomes malicious (C steals his computer, B turns into a mole, spyware, etc), then there's no way to prove mathematically to anyone that messages are really coming from A or that they really say what A said.

Note however that in both cases of failure, it's still better than traditional assymetric encryption which makes future and past communications completely decryptable. Also, there's no need for B to become malicious in any way - simply obtaining B's private key means it is possible to mathemetically show that A really did say what the log recorded.

Wow this turned out to be a longer explanation than I thought. Anyways, watch the video - it's very informative and the protocol is interesting even thoug the presentation might be a bit dry.

Encryption is only part of the solution

[compumike]

This is a good step, and I wish that more people would use encrypted messaging systems. This includes IM, e-mail, and voice.

However, while encryption can protect against "big brother", you can never eliminate the risk from the other end of the line. What happens if the person you are talking to has a rootkit, or prints out the conversation, or otherwise compromises the data? There's no real way to protect your entire conversation.

--
Educational microcontroller kits for the digital generation -- great gift!

Re:Encryption is only part of the solution

[Z80xxc!]

Although someone could do those things, if it were something truly private, chances are the other person isn't going to want to print it out any more than you are. As for rootkits, well, then you're screwed, but if you've got a root kit, you probably have better things to worry about than someone seeing your IM.

Re:Encryption is only part of the solution

[Mantaar]

What happens if the person you are talking to has a rootkit, or prints out the conversation, or otherwise compromises the data? There's no real way to protect your entire conversation. Easy enough:

Don't speak with noobs.

Re:Encryption is only part of the solution

[caluml]

Jabber + PSI + SSL + GPG = Safe in transit, at least. However, there's no way you can be sure someone isn't logging everything at their end. It's the whole DRM problem, but just with messages, instead of videos/music.

Re:Encryption is only part of the solution

Off-the-Record Messaging offers deniability. Your privacy may be lost, but at least nobody (not even your conversation partner) can prove messages you sent originated from you.

Re:Encryption is only part of the solution

[TheRaven64]

Only if you do the PGP key exchange out of band. If you do it in-band (as Psi tries to do) then you are vulnerable to a trivial man in the middle attack. This is why I haven't bothered to implement PGP in my client yet; all of the current implementations are insecure by design and, until a standard is proposed that is not, there is no point giving users a false sense of security. The standards JIG retracted the proposed PGP XEP a few years ago, and no one implemented the IETF's one because it was too ugly. There's a new draft that's been proposed recently that is somewhat promising. If we didn't have to deal with NATs getting in the way, it would be much simpler to just negotiate a direct SSL connection between clients.

Re:Encryption is only part of the solution

[caluml]

If you do it in-band (as Psi tries to do) No it doesn't. It asks you which GPG key you want to use for contact X. Obviously, it goes without saying that you verify the public key OOB.

Re:Encryption is only part of the solution

If we didn't have to deal with NATs getting in the way, it would be much simpler to just negotiate a direct SSL connection between clients. How is this any more secure than in-band exchange of PGP keys?

Deniability may sound fine

[EdZep]

But, it WILL be hacked. Then, a user's smug denial could lead to obstruction of justice charges, or some such.

Re:Deniability may sound fine

But, it WILL be hacked. Then, a user's smug denial could lead to obstruction of justice charges, or some such.

"I do not recall." If it's good enough for the administration to use and get away with, it's good enough for me.

Re:Deniability may sound fine

[99BottlesOfBeerInMyF]

"I do not recall." If it's good enough for the administration to use and get away with, it's good enough for me.

Unless you're in the administration, that will get you tossed in jail. Normal citizens require plausible deniability. For hard drive encryption, this can be accomplished by saving dummy data accessible with a second password. For IM, perhaps we need something similar. If an IM client were to give a user the option of using a dummy password which would still initiate encrypted messages, but with a warning flag to the user on the other end, we might have parity.

Encryption technologies that provide plausible deniability are possible, but I doubt they will enter widespread use (or even encryption in general) until the big players champion them. Why one of the major IM providers has not jumped on this as a differentiating feature is beyond me. I guess I see why Google would not include it in GTalk, seeing as they want to use the data to target ads (ditto yahoo and MS), but why isn't it built into ichat yet?

Re:Deniability may sound fine

[pigscanfly.ca]

OTR actually has deniability built in to it. Once the conversation is finished it impossible to prove what the conversation text was. Its really cool. It even has a built in tool to help you forge the logs :)

Re:Deniability may sound fine

[99BottlesOfBeerInMyF]

OTR actually has deniability built in to it. Once the conversation is finished it impossible to prove what the conversation text was.

Which is pretty decent. The only item lacking is if the feds demand your password so they can impersonate you talking to someone else. A nice dummy password that will allow them to do that, but presage the first message with a warning that the channel is compromised.

Re:Deniability may sound fine

[Logic+and+Reason]

Unless you're in the administration, that will get you tossed in jail. Normal citizens require plausible deniability.

I don't know about where you're from, but here in the U.S. we still (for now, at least) have something called the Fifth Amendment. You just have to change your answer from "I do not recall" to "on the advice of my counsel, I respectfully decline to answer the question based on the protection afforded to me under the Fifth Amendment of the United States Constitution."

Re:Deniability may sound fine

[Goaway]

Deniability is based on the revelation of information, not hiding. How do you hack something so that it is becomes no longer known?

Re:Deniability may sound fine

[99BottlesOfBeerInMyF]

I don't know about where you're from, but here in the U.S. we still (for now, at least) have something called the Fifth Amendment.

The 5th amendment only applies if you in particular are charged with a crime. If you are subpoenaed or being sued and the court orders you to reveal the password, you will go to jail for contempt of court if you refuse to submit it. Even when charged with a criminal offense, not being testimony as to your actions, it may well hold up in court to charge you. Finally, in many parts of the world legislation requiring this has already been passed and at least three bills in congress have specifically required this, although to my knowledge none have yet passed.

Basically, unless you have a whole buttload of money to burn and are feeling lucky and are charged with a crime, don't count on the 5th amendment.

Re:Deniability may sound fine

[Logic+and+Reason]

The 5th amendment only applies if you in particular are charged with a crime. If you are subpoenaed or being sued and the court orders you to reveal the password, you will go to jail for contempt of court if you refuse to submit it.

Source? IANAL, but my understanding is that you may invoke the Fifth whenever your testimony could be used to convict you of a crime, whether the testimony in question would occur in a civil or criminal case, and whether or not you actually stand accused of a crime.

Even when charged with a criminal offense, not being testimony as to your actions, it may well hold up in court to charge you.

Insofar as the act of producing the password to an encrypted document can be used to establish the authenticity of the document, I believe it can indeed constitute self-incriminating testimony. See United States v. Hubbell.

Re:Deniability may sound fine

[99BottlesOfBeerInMyF]

Source? IANAL, but my understanding is that you may invoke the Fifth whenever your testimony could be used to convict you of a crime, whether the testimony in question would occur in a civil or criminal case, and whether or not you actually stand accused of a crime.

All the prosecutor has to do in such a case is invoke "use immunity" which says they won't use that evidence itself in a future criminal trial. Here's a discussion of the general topic. If you're not under threat of prosecution for an actual crime and they agree not to pursue such, then your testimony can be compelled.

See United States v. Hubbell.

That's pretty interesting if it is a criminal proceeding against you, it does allow you to indirectly apply the 5th amendment. Cool.

Re:Deniability may sound fine

[JoelKatz]

So what? They'll just grant you immunity. You'll be forced to divulge the key or spend the rest of your life in jail. They won't be able to use the fact that you knew the key or what the key is against you, but they can use the documents that the key decrypts -- even against you in a criminal prosecution.

It's the same with documents. If you have documents they want, they can compel you to produce them. If you plead the fifth, they'll grant you immunity from them using the fact that you had the documents against you. They can still use the contents of the documents against you.

The fifth amendment does not protect the contents of documents in any place other than your head.

Re:Deniability may sound fine

[CastrTroy]

Didn't that OJ Simpson cop (Mark Ferman??) plead the 5th when he was put on the stand during the OJ Simpson trial? He wasn't the one being tried, but because he knew what he said would incriminate him, he chose to take the 5th? Seems to me that if you're not required to give evidence against yourself, you could just argue that the encrypted data could hold evidence against you, and therefore, you should not be required to give them the key.

Re:Deniability may sound fine

[MyDixieWrecked]

Encryption technologies that provide plausible deniability are possible, but I doubt they will enter widespread use

One really interesting project that I've been keeping my eye on and trying to come up with an excuse to use is Phonebook; a FUSE-based deniable encryption application. If I had the skill to implement such a plugin based on his sourcecode, I would make something like OTR... hell, even extend OTR so that every IM is of a specific size and contains the message inside it. It actually shouldn't be that difficult to implement. Such an implementation would add a large amount of deniability to your IMs and also have the ability to store several payloads per message.

Speaking of OTR... it's a great little plugin, but it's poorly executed, imho. Fingerprints are transported between the parties too easily. They should have a paranoid setting where it requires that you manually add a fingerprint file for that user and a way of saving out your own fingerprint so you can email/IM/SFTP the file to the person on the other end for manual entry. I realize that it's got a menu where you can see your current privacy status, but I don't know how comfortable I am that everything negotiated properly all the time; especially during the initial transaction.

Also, the OTR plugin is a little fragile. At my job, we have some kind of IM security system that not only logs all conversations, but also looks for spim (IM spam for the uninformed) and viruses, and if it thinks it finds something like that, it will send a challenge question across the line. When that happens during a private conversation, it totally whacks out OTR and requires me to restart the IM app (be it adium or Pidgin... pidgin flakes out more often) since simply refreshing OTR doesn't fix it. OTR needs better facilities for detecting that.

Re:Deniability may sound fine

[Kadin2048]

No, I think it's you who are mistaken. Take a quick look at U.S. v Hubbell; that was an entire indictment that was thrown out because the contents of the documents produced were incriminating, and the person in question hadn't been allowed to use the 5th to prevent their disclosure. It's exactly the opposite of what you're claiming.

Summary:

The Supreme Court ruled in favor of Hubbell. The Court held that the Fifth Amendment privilege against self-incrimination protects a witness from being compelled to disclose the existence of incriminating documents that the Government is unable to describe with reasonable particularity. The Court also ruled that if the witness produces such documents, pursuant to a grant of immunity, the government may not use them to prepare criminal charges against him.

The prosecutor in the case argued pretty much what you stated, that only the act of producing the documents is protected under the Fifth Amendment, but not the contents of the documents themselves. The Supreme Court apparently found this uncompelling.

Justices Scalia and Thomas go even further, making it clear that they believe that compelled production of evidence is akin to other types of testimony:

The Fifth Amendment provides that "[n]o person ... shall be compelled in any criminal case to be a witness against himself." The key word at issue in this case is "witness." The Court's opinion, relying on prior cases, essentially defines "witness" as a person who provides testimony, and thus restricts the Fifth Amendment's ban to only those communications "that are 'testimonial' in character." Ante, at 6. None of this Court's cases, however, has undertaken an analysis of the meaning of the term at the time of the founding. A review of that period reveals substantial support for the view that the term "witness" meant a person who gives or furnishes evidence, a broader meaning than that which our case law currently ascribes to the term. If this is so, a person who responds to a subpoena duces tecum would be just as much a "witness" as a person who responds to a subpoena ad testificandum.

So, while prior to the late 90s what you said might have been true, in light of that case becoming the law of the land via the USSC, the rigid 'act of production doctrine' has been substantially affected.

OTR is classy

OTR is a really cool program, I just wished more people used it.

Re:OTR is classy

[pigscanfly.ca]

I don't know about you, but I find a lot of people use it. That could be because I'm at the University where Professor Goldberg is from :P.
Continuing your thought however, I think OTR, and other encryption programs like it, could receive a substantial boost in usage if we could get popular distributions like Ubuntu to include and enable them by default. You and I may think about the security of our conversations, but the majority of people probably do not bother. I can't see much of a good reason to not make this the default.

Terrorist collaborator?

[tommyhj]

How long until this guy gets the attention of the government and is brought down as a terrorist collaborator? And if people actually start using this kind of software to make private conversations, how long until the presence of it on ones HD can be used against you? Wasn't there a case where the presence of an "Eraser" program on the defendants hard drive was used against him, because then he "Must have had something to hide"?

Re:Terrorist collaborator?

[WindShadow]

Eraser programs are legitimate business tools, used to protect corporate IP. Both file erasers, such as the shred program included in many Linux distributions, and disk erasers like DBAN are well within "best practices."

Note: the laws on keeping private information confidential is generally interpreted as exposing you to legal liability if you don't use encryption. Face it, if the government wants to frame you they have the technology, using honest facts there's no problem with business privacy tools.

In the meantime...

[ceeam]

... I hate to say it, but the most practical secure kind of IM right here right now is probably Skype. Well - you read that story about German police and Skype's chat traffic (like other kinds) is carried over the same encrypted p2p transport as its voice traffic.

Re:In the meantime...

[Cheesey]

Skype isn't very trustworthy. My favourite link about Skype security. You can't necessarily trust a closed source app with confidential information.

If you need a "ghetto" works-almost-anywhere free secure instant messenger to talk to Alice or Bob, create an account for your friend on your Linux machine and let them SSH in using PuTTY. Then use "write" to talk to each other, or if you're really fancy, use "talk". SSH is great for this because it (a) uses strong crypto, (b) lets you check for man-in-the-middle attacks with it's "host key", and (c) destroys the session keys after use. Get Alice and Bob to reboot from a Knoppix CD and you're secure against Windows spyware as well.

Re:In the meantime...

[CastrTroy]

You could probably also boot into a VM and run Linux from within there, possibly off a LIVE CD, which would mean that you could still maintain a secure channel without having to reboot your computer. A windows virus could still spy on the VM, but if would have to be pretty advanced, and not your standard run of the mill spyware to spy on the contents of a VM.

Re:In the meantime...

[Bert64]

Or it could just keystroke you, as a lot of windows spyware already does.
Doesnt matter that your running a vm, your keystrokes are still being processed by windows and thus fair game.
Spyware also already takes screenshots, you'd need the vm on screen to interact with it so your screwed there too.

Join the Encryps

[Mitchell+Bogues]

It's like a Cypherpunk, but more likely to get shot (perhaps by the NSA).

AIM encryption

[br00tus]

We use AIM for communication at my company. One problem is half the people use GAIM, the other half use Trillian, and each have separate standard encryption plug-ins which are incompatible. Of course it is free software and I could jump in and work on this but I am too busy. The main reason we had encrypted conversations was to send passwords to one another.

Re:AIM encryption

[Bert64]

You use a third party service for internal communications? That's utterly ridiculous!
Set up an internal jabber server, and force it to use SSL for client communications, that way nothing travels over your internal network without SSL and nothing leaves your internal network at all.

Re:AIM encryption

[TheRaven64]

MOD PARENT UP. Trusting a third party IM network for internal communications is negligent and, since you can't do server-side logging, may well put you on the wrong side of regulatory compliance.

Re:AIM encryption

Competition is good, but there needs to be compatibility. PGP, S/MIME/, Ciphire, etc. all need to speak each other's language; additionally it needs to be transport agnostic (work across, AIM, Jabber, SILC, IRC, etc.) The same with IM encryption, any time I try to get anyone else to use IM encryption, either it is too inconvenient to set up the PKI, or they use X, but someone else uses Y but I use Z and no one is willing to change...
That is why skype has accomplished something. It is common, strongly encrypted, on by default, cannot be turned off, and painless, unfortunately it is also closed, etc.

As for opportunistic encryption http://en.wikipedia.org/wiki/Opportunistic_encryption check out the wikipedia article.

Zonealarm's IM security

[danwat1234]

I have the Zone-Alarm Security Suite software (software firewall, anti-virus, anti-spyware, Ad blocking, Cookie control, Identity protection), and it comes with "IM Security". It encrypts all IM conversations when both sides of the conversation have the software installed. I don't know how strong the encryption is, but it is something.. Makes me feel secure when I am talking about government conspiracies...

Re:Zonealarm's IM security

[the_brobdingnagian]

Most crypto will sign your messages. So now the government can take your friend's computer and mathematically prove you signed the messages talking about conspiracies. OTR provides encryption and authentication without the ability to prove to anyone else what you wrote. And talking about government conspiracies: I would not trust closed source crypto if I where you.

Re:Ok

[sethawoolley]

d41d8cd98f00b204e9800998ecf8427e

Just days before...

[mattdev121]

This slashdot story, just days before a talk about how the csclub servers handled slashdot the last time.

The real problem is U.S. government corruption.

[Futurepower(R)]

Quote: "With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important."

The real problem is U.S. government corruption. See this example from Cooperative Research, a complete 911 Timeline of 3962 events: U.S. Government corruption TimeLines.

The government should serve the people, not spy on them.

Re:The real problem is U.S. government corruption.

[joshuaobrien]

As a foreigner the U.S. government owes me no duty of service and some could argue that it is expected to spy on us, as far as it benefits its own citizens. No, us foreigners who have little control over U.S. govenment spying should encrypt (and provide deniability as OTR does) by default.

1984

[dotancohen]

I find it fitting that someone named Goldberg is warning us about Big Brother.

Re:1984

[mordejai]

Wouldn't it be funnier if it was someone named GoldSTEIN?

Oh, I get it, all ashkenazim are the same to you... ;-)

Re:1984

[garbletext]

I find it ill-fitting that someone named Ian is not teaching us about Debian.

Re:1984

[saibot834]

The person you are talking about was actually Emmanuel Goldstein

Re:1984

[dotancohen]

Stein, Berg, what's the difference at 3am? I guess I had better just take a break and watch some old Spielstein movies. He hasn't done Frankenberg yet by chance?

Pfft. Don't talk to me, I log all my IM sessions

[NotQuiteReal]

They are sitting in plain text on my HDD.

Anyone who is IM'ing with super-secret encoding and hoping that they are safe better not be IM'ing me, or someone like me who checks the "log" button...

Sorry, sometimes I like to refer back to them, and that is the way they are kept. I am too lazy to do anything about it.

I always assume I am just part of the noise in the s/n ratio that "they" are listening to.

What's the opposite of tin-foil hat?

What's the problem?

[Junta]

I use Gaim OTR, and my buddy used Trillian OTR (without him even realizing it incidently). There was a Gaim encryption plugin before the OTR plugin, but I don't know anyone using that anymore.

I downloaded the ogg

[gQuigs]

The Presentation in the video appears completely blank to me. Anybody else see this?

Re:I downloaded the ogg

For me too.

Too bad, because I am really interested.

Re:I downloaded the ogg

[keeboo]

Yup, the projection area is saturated.
I don't know about the ogg version, but you may adjust the video and get better results with avi version.
I was only able to see there was some text there, unfortunately it was unreadable.

Re:Pfft. Don't talk to me, I log all my IM session

What's the opposite of tin foil hat?

You, bent over, assuming the position.

Semi-random (webcam of the CSC office)

[pigscanfly.ca]

The organization that is serving the talk has a wecbcam ( http://csclub.uwaterloo.ca/office/webcam.html ) in there office. Despite serving an avi file linked directly from the slashdot page, there doesn't seem to be fire :P

Re:Semi-random (webcam of the CSC office)

[metaoink]

The organization that is serving the talk has a <a href="http://csclub.uwaterloo.ca/office/webcam.html">wecbcam ( http://csclub.uwaterloo.ca/office/webcam.html )</a> in there office. Despite serving an avi file linked directly from the slashdot page, there doesn't seem to be fire :P I think you meant to say: The organization that is serving the talk has a wecbcam ( http://csclub.uwaterloo.ca/office/webcam.html ) in there office. Despite serving an avi file linked directly from the slashdot page, there doesn't seem to be fire :P

This is easy with jabber!

Jabber is an open-source, cross-platform and well-documented instant messaging solution.

Jabber is easy to use with strong SSL certificates.

Problem solved.

Shared Secret FTW (no more finger print checking)

[metaoink]

One of the really cool things I think with the new versions of OTR is the shared secret. How many people actually bothered identifying the hash fingerprints? I'd bet almost none. However, with a simple shared secret it becomes very easy to protect against man in the middle attacks.

goldberg is a kike name

what a fucking zionist jew. Don't trust it and use it. Chances are he is working under the U.S. ZIonist occupied goverment.

Re:Pfft. Don't talk to me, I log all my IM session

They are sitting in plain text on my HDD.

Anyone who is IM'ing with super-secret encoding and hoping that they are safe better not be IM'ing me, or someone like me who checks the "log" button...

Sorry, sometimes I like to refer back to them, and that is the way they are kept. I am too lazy to do anything about it.

I always assume I am just part of the noise in the s/n ratio that "they" are listening to.

What's the opposite of tin-foil hat?

An asshat by the sound of it (sorry, couldn't resist :-)

Re:Pfft. Don't talk to me, I log all my IM session

[the_brobdingnagian]

I log all my IM messages too. But you can not prove those messages are written by some specific person. They are plaintext and everyone can edit them. The "problem" with most encryption protocols is signing. If I write a message to you and I sign it, you can prove I wrote it. OTR provides encryption and authentication that can't be used to prove to anyone else you wrote it. I suggest you watch the video for more information.

Re:Pfft. Don't talk to me, I log all my IM session

"What's the opposite of tin-foil hat?"
- paper slippers?

Re:Ok

[Ash-Fox]

d008960fa6b395dca1c8362165bb31be!

Your "!" was not hashed and you should start sentences off with a big letter. In your case, a large "F".

Re:Shared Secret FTW (no more finger print checkin

While it would certainly be better if everyone verified fingerprints, there is still a benefit even if you don't -- unless the MiM attack happens in your first conversation, the fingerprint won't match the cached version when they start attacking.

Shared secrets are a bad idea anyway. If you're willing to do the work to communicate securely out-of-band with your contacts then they buy you nothing extra. In fact, they are actually somewhat harder to use because each contact pair needs a different secret (otherwise it's not a secret), whereas the fingerprint is not secret and can be published shared between contacts. Moreover, most people would be unwilling or unable to securely communicate out-of-band for the initial key exchange, and would simply disable encryption entirely, or email/IM the unencrypted key before starting their first encrypted conversation, which puts us right back in to the "secure only if the first connection is not monitored" boat, except in the shared secret case only passive monitoring is needed, rather than an active attack, to compromise any future conversations.

how to boil a frog

[CranberryKing]

Isn't EVERYONE very upset that we need these types of applications these days? Why does it seem reasonable that EVERYONE needs to hide their communications from their own governments? Shouldn't we be more upset that things have gotten so out of hand?

Re:how to boil a frog

[b1scuit]

Dude, move, you're blocking the TV.

Re:how to boil a frog

[Eighty7]

It's not necessarily that you need them. Surely if you're posting on /. you've seen analogies eg in the Principle of least privilege, or that you never trust the client. Call it building fault tolerance. When someone has power over you, do you just sit there & hope he's not incompetent?

Re:how to boil a frog

[JSlope]

It's been a long time since people are sending physical mail instead of postcards.

Re:Pfft. Don't talk to me, I log all my IM session

Soap, pillowfill and lampshades.

HR 1955

[CranberryKing]

If this bill passes, you won't be able to use OTR without being carted off. Call your senator and tell them to vote NO.

Re:HR 1955

[iminplaya]

`The Congress finds the following: ...

The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens.

Uuuh huh.

Re:HR 1955

[DirePickle]

I gave the bill a read over, but I don't see where it does what you say it does. Could you offer a quote or a line number or something?

Re:HR 1955

> I gave the bill a read over, but I don't see where ...

section 899B FINDINGS (3)

http://thomas.loc.gov/cgi-bin/query/F?c110:4:./temp/~c110dwH98a:e2349:

Re:HR 1955

[kindbud]

I looked at the text of the bill, and can't find anything that touches on the use of encryption. You sure you got the right bill?

Software freedom gets you software you can trust.

[jbn-o]

Except that it's completely untrustworthy because it's non-free software. If a major feature of the software is that you can trust it to keep your secrets or protect your privacy, you should be able to trust that it's only going to do what you want it to do. Non-free software inherently doesn't work this way, so none of it is useful for encryption. This program disallows modification, so if you discover that it doesn't do what you want you have no permission to make it do what you want. Forget about helping your community by distributing improved versions of the program: distribution is only allowed gratis and if one distributes the software they distributed to you in its original (software) packaging.

The license for the program is so over-the-top in its restriction it's laughable. It claims to prohibit talking about the software (section 3.a.iv). Users are prohibited from any translation or localization of the software as well (section 3.a.i), so if the interface isn't in your language you're out of luck.

The solution is simple: use only free software, relish your software freedom, help your community by distributing free software, and encrypt your communications to your heart's content. This way only your limitations keep you from fully understanding what your computer is doing with your data and you can draw on the talents of other trustworthy people to help you whenever you need their assistance.

Thank you, Captain Obvious

[Logic+and+Reason]

However, while encryption can protect against "big brother", you can never eliminate the risk from the other end of the line. What happens if the person you are talking to has a rootkit, or prints out the conversation, or otherwise compromises the data? There's no real way to protect your entire conversation.

Uh, no shit? Obviously you're screwed if the other party is untrustworthy, since the whole point of the communication in question is to transmit your sensitive information to that party. Keep in mind, though, that a plaintext log or printout doesn't prove you said anything; one of the neat things about OTR is that it preserves this deniability while still allowing the other party to verify during the conversation that you are who you say you are.

Re:Thank you, Captain Obvious

[Logic+and+Reason]

A voice recording don't prove anything either, unless you can prove that your recording isn't forged. But in any case, you are correct that OTR cannot prevent the other party from intentionally incriminating you, given sufficient planning (for example, having an FBI agent present during the conversation). That's not the point. OTR instead tries to make it impossible for someone who gains access to one of the parties' private keys after the fact to prove that the conversation in question actually happened. From the OTR FAQ:

How is this different from the pidgin-encryption plugin?

The pidgin-encryption plugin provides encryption and authentication, but not deniability or perfect forward secrecy. If an attacker or a virus gets access to your machine, all of your past pidgin-encryption conversations are retroactively compromised. Further, since all of the messages are digitally signed, there is difficult-to-deny proof that you said what you did: not what we want for a supposedly private conversation!

Ian Goldberg

..lectures to me Tuesdays and Thursdays. I'm in his undergraduate course "Computer Security and Privacy". Cool to log on Slashdot and see your prof on the front page.

-Ryan

Or, technology for terrorists

This technology is likely to be illegal (already) in Burma, China, Cuba, Venezuela and other regimes beloved of the Left. It won't help democracy and human rights activists who say, want Chinese citizens to have a voice in their own government or Cubans who don't want hereditary rule by the Castros.

Meanwhile, it's a bonanza for terrorists who need ways to communicate in secret on how to kill thousands or millions of people. IM and PGP encrypted emails as well as Moussoia's (spelling) laptop (containing encrypted files) allowed the 9/11 plotters to communicate and carry out the murder of 3,000 people. [Moussauie's laptop was not searched by the FBI due to privacy concerns.]

Now, you might be of the opinion politically that your civil liberties absolutism is worth 3,000 lives (or more, next time) but that's not likely to be practical. Most people expect in the real world their government to do what it takes to prevent the slaughtering of masses of their fellow citizens.

The real threat is not consensual, PC-fearful, queasy-liberal Western governments eavesdropping on your comments about getting together for a beer run. It's Google or Yahoo selling out your personal data to China or other bidders, or those companies selling out Chinese/Burmese democracy activists. Meanwhile you'll see these tools used to kill people.

INEVITABLY, this encryption will be used to kill people. Lots of them. Let's not delude ourselves.

Re:Or, technology for terrorists

[ChameleonDave]

In amongst all your right-wing smearing and ranting, I discern one valid point: that the most repressive governments are likely to declare encryption illegal and punish all encryptors as harshly as they punish people caught openly opposing them. This would render encryption useless.

However, few governments are quite that bad. Most will punish encryptors less harshly. Furthermore, most governments (such as the Western ones that we are able to put political pressure on) can be forced not to criminalise encryption. Encryption can then help to avoid government interference in certain protests.

Note that it is these very governments that kill thousands, and more. If you are worried about the almost negligible amount of private terrorism in the West, then you ought to be trying to stop the killing that fuels it.

Re:Or, technology for terrorists

INEVITABLY, this encryption will be used to kill people. Lots of them. Let's not delude ourselves.

Toss toss. Everyone keeps bringing up that piss-ant September 11 event. 3000 people is not a lot in the grand scheme of things. How many people has the Farce on Terror killed? How many died in Vietnam or Hiroshima? How many people die of cancer or AIDS related problems each year? Let's stop and look at how many people die on the roads or from gunshot wounds (non war) annually around the world.

Encryption can certainly be used by the bad guys, but the bad guys are used as an excuse by the government for reigning in civil liberties and spying on the citizens. The book should have been called 2014 because that's about how far I see we have left at the current rate before they listen and log everything you do in your shitty little life to use against you.

If the government (particularly the US gumbiment) were serious about saving lives wouldn't they implement stricter gun control laws? Wouldn't they spend more money on cancer and HIV research instead of blowing it all on a farce against some unknown army of people who don't actually exist. Can't they build safer roads and find ways of solving problems that don't involve invading other countries shooting up the place and taking what they want.

There are so many things that kill more and regularly than a couple of planes crashed into a couple of buildings. This continual using it as an excuse for all the bullshit that governments are doing is just frustrating. We all know that pollies have small cocks. When the two American penises were leveled the pollies all got together and needed to find new ways of proving the enormity of their willies. It shits me!!

We have a very US friendly government here. It's also election day and people have the shits with all of the things our current government has done to bring us more in line with the US. There's workplace reform, terrorism legislation that really means nothing, copyright reform, free trade agreements that actually impede more on our rights and give the US whatever they wanted, etc. At least the people here haven't bought into the "we'll keep you safe" arguments that I heard from the current government during the campaign. It'll be interesting to see who actually wins the election and what the new evil overlords of the country do in their first term toward reversing some of the anti-terror rules that have come about and dont' really add anything to security.

End rant!

Now, don't get me wrong; I don't support extremists killing innocent people for whatever reason it is they dream up. There needs to be some law allowing control and prosecution of people like that. I just don't believe that the government needs far reaching and sweeping authoritarian power to do it.

It's enough in many places to simply say "we think you're a terrorist" and get someone. If they can't catch you in the act of planning or committing some event (with actual written plans, explosives, weapons, etc in your possession) then they shouldn't catch you.

Re:Or, technology for terrorists

[swokm]

I call troll.

Although there does seem to be a REMARKABLE metal disconnect for an amazing number of brownshirts in this country. Ones that will say at first, "If you outlaw guns, only outlaws will have guns!!!111oneone!" then turn around and say, "If you outlaw encryption, daddy president will make us all nice and safe and happy from terrorists". Unbelievably deluded. (Of course, as crypto is digital, you can't even restrict by physical means or material cost).

Terrorists funded by $10 billion (well a shitload more, now that American pumped up the price of oil) rich oil or ancillary industry magnates is hardly going to be deterred. They weren't then, they aren't now.

WTF does restricting encryption accomplish? SPECIFICS please. A suicide bomber on American soil will be deterred suddenly becuase they found out the encrypted messages they were using results in a $1000 fine and a year in jail? What, the gonna scrape up the giblets and put them in a bucket in a prison cell? I'm sorry, but you are either a troll or f'ing retarded.

It's like outlawing baseball bats to prevent death-by-Slugger-to-skull. The tool itself is not the problem here, or there, nor is it the only means to accomplish the undesired behavior.

You are still assuming

that encryption has not been cracked. Want to really hide the data? Use steganography. Why? Encrypted streams say that you want to hide. If the algo has been cracked, then you just pin-pointed what to examine. OTH, if you expand the search space by embedding in a stream, well, then you will make it difficult to know what and where.

Re:Software freedom gets you software you can trus

[Brian+Gordon]

From the readme:

This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation.

??

Re:Pfft. Don't talk to me, I log all my IM session

[SonicRED]

What's the opposite of tin-foil hat? Dunce cap.

Re:Pfft. Don't talk to me, I log all my IM session

[Jeian]

What's the opposite of tin-foil hat?

Sane?

Re:Pfft. Don't talk to me, I log all my IM session

What's the opposite of tin-foil hat?

Autotrepanation.

Testing out IM spying

[LilGuy]

A friend of mine recently questioned whether all our IM conversations were being watched by the NSA. I said most likely it all runs through a computer of theirs at some point thanks to AT&T. He decided the best way to find out was to say everything that we could think of that might throw some red flags and see what happened.

Needless to say neither one of us vanished in the night, and neither of us received any unwanted visitors.

Re:Testing out IM spying

[JoelKatz]

You don't know any of the keywords they would be searching for.

Re:Testing out IM spying

[spikedvodka]

that you know of...

They might have carted him off, and be impersonating him, waiting for you to incriminate yourself :-p

Re:Testing out IM spying

[PReDiToR]

How about just sticking 250 keywords into every /. post?

PGP 5.0i b9 csystems Bugs Bunny NAWAS DUVDEVAN NMS D-11 Cohiba emc JRB detonators JTF ITSDN GRS SIG credit FSK UFO GGL CDMA buzzer Bluebird VOA card MP40 TDYC FCIC CTP gorilla Tajik explicit Golf EODC CIDA CCC toad EODN AC detcord SUR 877 Delta SCIF Kiwi Mayfly white noise NLSP Forte Pesec PLA Vanuatu wetsu GRU fritz snullen SADMS ESN ACC rsta Mafia NSO SAMF OAU Spoke Halibut jaws NSG WID JASSM Cable & GEBA Satellite phones NAVWAN O/S SADRS mjtf Macintosh Firewalls LDMX HK-GR6 CANSLO Spall HAMASMOIS EAM CICAP B61-11 Capricorn GCHQ Keyhole ninja NVD FKS AGT. AMME market CIA Anonymous MITM Analyzer SIN SARD NSV composition b Threat LLNL SHA Taiwan PRF LF l0ck NFLIS ISG DDPS XS4ALL LEETAC Magdeyev SLI 64 Vauxhall Cross 22nd SAS resistance Blacknet 3B2 SM CMS Kyudanki DERA Infowar tax 2.3 Oz. FAS government bet AHPCRC IS secure shell INSCOM Secert wire transfer SEL burned KLM schloss Merv PARKHILL Standford SURVIAC ISACA Kosovo FN-MAG WORM subversives S/Key JCET delay mechanism HoHoCon afsatcom Rewson NIOG RIT USSS Leitrim Dolch EPL CIO Kilderkin radint CIA-DST NAVSVS ICE nowhere agencies AIMSX Service varon Firewalls thermite EKMC 737 IDF SAMCOMM E.O.D. RL Kosiura quiche DDP JICS BTM Rewson Kwajalein BX 2E781 ANZUS csim VNET forschung Paperclip Locks RAID NABS assassination Chicago Tools Enforcers Tyrell FIPS140-1 OTP LASINT ASIC erco Goldman EKMS TDM. SUKLO claymore MOIS JITEM 355 ML counterintelligence Indigo Soros GQ360 N5P6 SATCOMA AOL FSB DRM DSNET3 NSAS NAVCM Stephanie AMW Toth NAVWCWPNS SISDE rednoise Guppy Kilo NTTC Tarawa Jasmine secops Emerson shrapnel hate 5ESS FLETC VIP Protection HAHO DSD Mossberg chameleon man
Generated by www.EchelonSpoofer.com

Like that?

Of course, you could just add a few, unless you're talking about blowing up the President or selling cocaine, then you might want to keep quiet, and not attract their attention to harmless posts.

Click around, you might want to alter your .SIG to screw them up =)

Wikipedia has a good article on ECHELON.

Re:Testing out IM spying

[PReDiToR]

Oh listen ... Sirens and S.W.A.T. teams.

I'm popular today.

12 minutes response, I must be the Anti-Christ lol

Re:Testing out IM spying

[Bert64]

Because someone will have read your conversation, seen what you were trying to do and discarded it.

Re:Testing out IM spying

[TheRaven64]

Or, a shocking and novel thought, the people at the NSA actually aren't idiots. Their automated system just flagged you for closer attention. I would very much doubt that typing a few keywords into an IM conversation would do more than just flag you with a higher probability of a 'random' baggage inspection next time you fly.

Re:Software freedom gets you software you can trus

Read the grandparent, he was replying to the availability of another encryption package.

Pidgin w/encryption

[sdhoigt]

Maybe a bit off topic (I haven't watched the lecture yet either) but anyone using Pidgin with the Pidgin-encryption plugin?

I've used it for about a half a year (via Jabber's servers), and it has been a great experience.

However, I only use it w/one of my other nerd IM contacts. There's just no way I could get everyone else to get this set-up. That's the problem.

Same goes for encrypted email. Encryption just needs to be baked in from the get go.

Re:Pidgin w/encryption

[skeeto]

I use pidgin-encryption with Jabber every day. The Jabber connection is secure to the server (SSL/TLS I think? maybe just for login?), but this provides end-to-end privacy on top of that. I have convinced three friends (three different operating systems total), including my fiancee, to use it. It works very well and transparently once you have the keys set up. Initially, we checked the key fingerprints over the phone.

However, nobody I communicate with by e-mail uses PGP. :-(

https://mail.google.com/mail/

[sdguero]

Encrypted chat. Case closed.

Re:https://mail.google.com/mail/

[Jason+Pollock]

Jabber is only encrypted on the wire, not end to end. Google can read and archive the conversation. However, using this, or other plugins, it's encrypted from your machine to the destination, man-in-the-middle attacks are prevented.

For a reason why, google "hushmail subpoena"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Hmm

[ILongForDarkness]

Nice how a Canadian researcher is looking into solutions to a mostly US problem, at least it is always US media talking about wiretaps. Perhaps if ~21% of the US budget wasn't blown on the military and God knows how much more on espionage, everyone wouldn't have to be as paranoid. My solution: if big brother gets the brillant idea to tap innocent people for no reason, big brother should invest in a gun and blow his brains out.

Nearly all ssh clients have built-in SSH proxy

[blumpy]

Putty and openssh clients can act as a SOCKS proxy server.

Simply ssh to your machine at home... direct Pidgin / GAIM / MSN (or any SOCKS capable app) to use your new local proxy server and your traffic is hidden from corporate big brother.

Once traffic leaves your machine to the internet, it's goes out unencrypted as usual... only useful to not let the boss know you've got to pick up milk on the way home.

Also, careful this doesn't hide DNS traffic.

Re:Pfft. Don't talk to me, I log all my IM session

That good sir would be a hat made of pie!

Re:Nearly all ssh clients have builtin SOCKS proxy

[blumpy]

err.. oops, typo I meant SOCKS proxy.

Re:Here's My Big Question

[SagSaw]

I want the government watching you just in case you're one of the bad guys. I'll gladly give up a bit of my own privacy to make sure they don't have any.

Here's the thing: "Bad guys" are rare. As a result, the majority of people the government would end up watching are "good guys". Let's say that 1 in 100 users being watched is a "bad guy", and the government gets the "good guy/bad buy" decision right 99% of the time. That implies that about 1 "good guy" is incorrectly labeled a "bad guy" for every "bad guy" correctly labeled a "bad guy". I'd rather minimize the information the government might use to incorrectly label me a "bad guy", even if it means increasing the very slight risk that one of the "bad guys" will hurt me or someone I care about.

Or, in Franklin's words: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

Why does it use a separate keyring?

[Grendel+Drago]

I have four sets of keys on my machine--keys for SSH, for PGP, for WASTE and for OTR. Why does every app using encryption insist on using its own wrappers for public keys? What's wrong with the infrastructure already present in the OpenPGP standards?

Re:Why does it use a separate keyring?

[swokm]

That's a good question. Even with Apple the supposed queen of usability, when walking a friend through some instructions for using their $100 .Mac certificate for email, Apple has suddenly pulled the rug out and insists that that cert is only for iChat, not email now. Plenty of evidence around the net that this was not always so. WTF?

Certificate maintenance is a pain for normal users and can be hard to understand. Both usability of the apps AND infrastructure need to be maintained. Why can't all ISPs give me a good cert and manage it along with my email address? Or one for email, one for chat, one for software updates, etc. Am I missing something?

Re:Here's My Big Question

[th3rtythr33]

These %s sound made up to me.

nice and selective there

Good to see you faithfully preserved the OP's spelling and grammatical errors!

Re:Here's My Big Question

[rprycem]

87.2% of all statistics are made up

Trivial

[a1mint]

Simple encryption added to IM, and a professor claims to have created/co-created this. Pick a coder and coder, very trivial stuff. Arrogant bunch of people those professors over there in Waterloo.

Live Free or Die

[CranberryKing]

An all powerful, tyrannical government is far and away more dangerous than terrorism. If we didn't have the former, we wouldn't be experiencing the later. Citizens must control their governments, not the other way around. Period.

Class Project: Explain why America is called 'The Land of The Free' & give examples.

But what if everyone is a 'Bad Guy'?

[CranberryKing]

That is an incredibly unimpressive statement. Ugghh. Please study more history & well thought out science fiction. Maybe Patrick Henry or Philip K. Dick. Try perusing the Anti-Federalist Papers. Stop parroting these talking heads on network television. You really need to work your brain somewhat or we are all in trouble.

some solutions...

[mariuszbi]

Correct me if I'm wrong, but I think that jabber can be turned into an encrypted protocol. In other news, if you want your IM to be kinda "secure" meaning hiding it from you employers, you could use Tor + Privoxy . I know Tor was in a bad light recently because of some misuse, but, then again, IM is not for transmitting top secret information. For passwords i use an SMS or other not-TCP solution . Just an idea.

Kopete

[boldie]

Well, I know that at least Kopete have PGP-encrypted chat. It automagically encrypt/decrypt messages using public-key/private-key. I think it's DSA or RSA keys, pretty secure...

So whats the difference..

[Bigbowser]

.. between OTR and simp lite?
I've been using simp for ages, and it even encrypts the logs (in a sense that the logs appear as gobbledegook).

Oh wait.. I guess its only for msn messenger / yahoo / icq /jabber / google.. its not like anyone uses those clients.

Re:So whats the difference..

[kantier]

1) widnows-only
2) can I see the source code, please?

somebody else pointed that out

Re:Here's My Big Question

I miss my wife, but my aim is improving.

Overkill

Unless you really have something to hide, this is major overkill. The sheer number of messages that go over the wire is protection enough. You're high on yourself if you think anyone cares about what you have to say. If the net-criminals really want to negate what the government can do, they need to fill the wires with random "hot" messages that would be caught by the government spy computers and overload them with leads until they are unpractical.

Re:Overkill

[base3]

That's a fallacy that assumes that storage, network bandwidth, and search CPU time cost what they did in 1980. Whether one has anything to hide or not, knowing that an IM with a high school friend could be dredged up forty years later in a political contest or a lawsuit should scare the beejezus out of anyone.

Comment removed

[account_deleted]

Comment removed based on user account deletion

No oversight of watchers? Don't give up privacy.

If privacy wasn't a fundamental requirement of democracy, why is voting secret?

Seriously, think about that. Why do citizens vote in secret instead of allowing everyone to see their vote?

The answer is obvious. People in power, whether the government or your employer, might retaliate against a voter if they are corrupt.

Does your government shows signs of corruption, or have utter lack of oversight against abuse of power, or have a documented (video-taped) track-record of lying, or is it willing to retaliate against a whistle-blower's family with utter disregard for national security? If so, then maybe sacrificing privacy to such a government isn't really a bright idea.

By the way, why is there no discussion about using water-boarding techniques to interrogate people suspected of outing a CIA operative responsible for preventing the spread of WMD's if they damaged national security and is found guilty of obstruction of justice? Think about it. It is because Scooter's expensive lawyers would prove and clearly demonstrate that anyone waterboarded will say anything in order for the simulated drowning to stop and that waterboarding is completely useless for obtaining factual information. (But it might be useful when you need to justify BS by pointing to someone else as the source of the BS.)

And why is there no discussion about "legally" wiretapping all of the executive branch, congress, senate, and suprememe court so that anyone with proper security clearance can examine the communications for corruption?

If you still think privacy is not important, then why keep your social security number secret? Why not post it online for all to see? After all, you have nothing to hide so you shouldn't be afraid to do that, right?

IRC + SSL

[pyite69]

Seems like a good way to go, just make sure your server isn't hax0red.

Re:Here's My Big Question

[SagSaw]

These %s sound made up to me.

You're right, the numbers are completely made up. The point, though, is that there are so few "bad guys" that, unless the government is extremely good at determining who is a "good guy" and who a "bad guy", the government is going to catch as many "good guys" as "bad guys".

I suggest reading Bruce Schneier's "Beyond Fear" for a much more detailed analysis of the problem.

Re:Pfft. Don't talk to me, I log all my IM session

The problem with OTR is it makes false promises about denyability. Nothing can prove you didn't say something, and when you're up against corrupt government officials, it's not up to them to prove that you said something, it's up to you to prove you did not, and OTR isn't going to help you there. There's still going to be a record that your conversation took place, and that conversation will be whatever the bad men say it was.

OTR is fraud.

HR 1955 is just a study-and-report bill

[unixan]

This bill says nothing about encryption. At most, there is a bullet-point in the findings section (899-B, item 3) that suggests how the internet is used may be part of the study.

On the other hand, in about 18 months after passing this bill, the study is supposed result in a report. Everyone set their alarms - we'll have to see what the study says about privacy and encryption.

FYI: This bill is known as S.1959 in the Senate.

how about messenger plus scripts?

[Pax681]

messenger plus live scripts securePLUS 1.0 securePLUS can encrypt your chat messages so a Messenger sniffer can't read it and CryptoPack 1.01 This script makes it possible to encrypt text with various encryption types. (SHA1, MD4, MD5, Base64, Binary, Hex and URL-encoding) crYpt 1.0 Encrypt/Decrypt which enables you to secure your messages from sniffers and such using an advanced 128+ bit encryption engine. three flavours of encryption for MSN messenger at any rate.

Re:how about messenger plus scripts?

Yes, this I too suggest! Text encrypted with SHA256 will definitely be concealed form any form of exposure.. friendly or not!

Broken

[bluefoxlucid]

OTR exchanges the keys when done, okay. It also does the public key hand-shake on conversation start-- with new keys (no PKI or anything), so a MitM attack works great (heh yeah). Jabber's TLS is horribly broken too, if a MitM happens it doesn't detect it (it can, it should, it won't, sorry, Pidgin doesn't alert you for crap; I filed a bug on Trac though).

A lot of people think encryption == secure; it doesn't.

Re:Ok

[cachimaster]

You sir, wins 2 internets.

Maybe even you don't agree with what you said.

[Futurepower(R)]

Joshua O'Brien,

I suggest you give that a little more thought. I don't think you actually believe that what you said is adequate.

It's true that email communications should all be encrypted. There may be people who are spying on other people; encryption stops some of the spying.

But the U.S. government is not just spying. The U.S. government has killed, or contributed to killing, about 11 million people in 24 countries since the end of the second world war. The U.S. government is using its power to do harm to other people.

The only way someone can have the opinion that U.S. government activities are not important is if the people he or she knows are not directly affected, and he or she takes a position of not caring about other people. If one of the people who was killed was a member of your family, I think you would be more concerned than just thinking encryption is a remedy. The U.S. government has been breaking its own laws and doing harm throughout the world.

The U.S. government has 737 military bases, about which we are allowed to know. Here is a map of the bigger ones: Large U.S. military bases.

Encryption is not a complete answer to adversarial behavior. Something terrible is happening in the world. Mentally ill people with power are using violence and corruption to make more profit in oil and weapons. We cannot allow ourselves to imply that we are not concerned about the bigger picture. I'm guessing that you are concerned, but you didn't express that in what you said in your parent comment.

Re:Here's My Big Question

[WindShadow]

I want the government watching you just in case you're one of the bad guys. I'll gladly give up a bit of my own privacy to make sure they don't have any.

I have no problem with you giving up your privacy, I have a big problem with you giving up my privacy!

It doesn't have to say anything about encryption

[CranberryKing]

Jesus. Don't you get it? This is a blank check for hauling away ANYONE who may be deemed hiding something. Christ! Duhh.. This doesn't say anything about encryption, so it must be okay?.. Duhh...

Open your f'n eyes!

http://retroshare.sf.net

Use this encrypted Instant Messenger and you are done

http://retroshare.sf.net/