Slashdot Mirror
Ask Slashdot: Will the NSA Controversy Drive People To Use Privacy Software?
Nerval's Lobster writes "As the U.S. government continues to pursue former NSA contractor Edward Snowden for leaking some of the country's most sensitive intelligence secrets, the debate over federal surveillance seems to have abated somewhat — despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata. Even so, will the recent revelations about the NSA cause a spike in demand for sophisticated privacy software, leading to a glut of new apps that vaporize or encrypt data? While there are quite a number of tools already on the market (SpiderOak, Silent Circle, and many more), is their presence enough to get people interested enough to install them? Or do you think the majority of people simply don't care? Despite some polling data that suggests people are concerned about their privacy, software for securing it is just not an exciting topic for most folks, who will rush to download the latest iteration of Instagram or Plants vs. Zombies, but who often throw up their hands and profess ignorance when asked about how they lock down their data."
no. People don't practically care plus they have the memory of a fish.
That's an easy answer, Mr. Betteridge: no, it won't. (People are way too much comfortable with not being careful about their privacy, otherwise the whole Facebook thingy would never have gotten off the ground. Now you're asking them to become techno-savvy just because of privacy reasons?)
Ezekiel 23:20
The NSA gets a great deal of information through metadata and traffic analysis, so how much does encryption really matter? It might even call more attention to yourself: If you are just somebody surfing an Islamist website or emailing your school friend in Pakistan, the NSA will note it but possibly ignore it, if there's nothing else suspicious to connect you to. But if you are sending streams of encrypted data to those same locations, wouldn't that raise red flags?
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
I made a tutorial designed to help non tech-savvy people set up usable email encryption and even with the best narrator and script it's still terrible.
There are way too many steps involved, and in spite of how radically the usability has improved over the last decade or so it's still not at all user friendly. Default values are set poorly; things that should be completely automated and happen transparently in the background, like keyserver operations, require manual intervention.
It's almost enough to make me suspect a consipracy to keep these tools out of the reach of the average user, but realistically I suspect (unproductive) laziness combine with a lack of empathy for non-experts is the real culprit.
I'm in IT and I can't figure out the gibberish that passes for documentation on open source security products. Without exception, they presume you already undrstand the issues, or they explain them badly...
On twitter recently #drm was trending over the ms new console. People might not think it issue 1 but somehow the eff have pushed in to people brains.
End to end encryption does not exist, a design flaw.
Ssl is tied to domain names, I had the recent experience of purchasing ssl on a site with no ssl. The irony of that statement i will let sink in
If all of the past disclosures and leaks haven't prompted them to do so, why would this one be any different? Did people really think the NSA put their toys away and went home after the Room 641A exposure? It's not like that was ancient history. It's the core of Congress' retroactive grant of immunity for warrantless wiretapping which was all over the news less than two years ago. And domestic spying was old news even before 641A.
Polls showed that more than 1/2 of American's weren't bothered by the spying..
51% also voted for Obama a second time..
Coincidence?
Meaningless, unless you show correlation between the two sets.
Sheesh, evil *and* a jerk. -- Jade
Most of the comments I have seen here have been depressingly (and unjustifiably, IMO) negative.
I think it is obvious that people are becoming more concerned about privacy, now that they see how much of it they have inadvertently allowed to be taken from them.
I only hope that when they start using "privacy protection measures", they don't forget to fight against the reason they need to: abusive assholes (at least half of whom seem to be in government).
um who do you think the "girls" are? This is the internet, everyone loves games and all girls are really government agents spying on you.
i thought once I was found, but it was only a dream.
It may speed up adoption of FOSS (or homegrown) by other countries.
Though OTOH, I can't imagine any of them would have been blind enough not to see this coming.
As for terrorists, didn't aQ switch from cell phones to couriers about a decade ago? Anyone who gets found out on the basis of the activities we now know about is either careless or stupid.
Sheesh, evil *and* a jerk. -- Jade
Almost no techies will, either.
I would fucking LOVE to make regular use of, for example, PGP/GPG. Unfortunately, there is no way my family, friends, acquaintances, or colleagues would do this -- rendering it fucking useless.
Also, what does it matter? It might make retroactively gathering data on me (the new thing where a wire tap warrent doesn't just cover newly monitored communications but everything you've done -- ever), but if they really want to target you, they'll just find a way to infect your system and capture the data prior to the point of encryption.
several non-tech folks have stopped communicating with me except for face-to-face, simply because they don't want the government to read our conversations. my text and emails have gotten very matter-of-fact ever since the snowden revelations leaked.
as a result, i've been researching the available encryption resources out there so we can actually have private conversations without worry. there aren't many that are really simple to use and actually effective. i'm talking with a friend about setting up a home server we can VPN into for chat sessions until there's a workable solution for non-tech types.
i've wanted to do this for a while, but no one else around me cared. now they care.
Why would the average person give a fuck about their privacy? Most people have nothing to hide, and unless they are a fanatic or a hobbyist, they could not care less who reads their stuff.
This security stuff is NOT about the average guy, though. It's about movers and shakers... politicians, lawyers, businessmen, members of the media... people who have power in some ways to affect change, and who communicate in ways which REQUIRE privacy.
Likewise, the NSA monitoring the average person does not matter in the least. It is about them monitoring movers and shakers. It's about people who could potentially upset the powers that be.
So cut me a break with the ruminations about whether Joe Six Pack or Susy Soccer Mom is going to encrypt their email. The real question will be, will the next candidate for high office, who aims to shake things up, and who thinks the current Republicratic overlords need to GTFO... the question is... will he us it, and will he continue to be monitored.
Mod down people who tell people how to mod in their sigs
I think the whole fiasco is going to convince a lot more companies located outside of the U.S. to stay away from U.S. based cloud-providers and SaS. As a Canadian, I'm looking for a Canadian cloud provider that guarantees data is located in Canadian data centres, is Canadian-owned (U.S. law treats subsidiaries of U.S. companies as U.S. companies), and is only subject to Canadian laws.
I suspect many non-U.S. companies are going to do the same- I'd rather be subject to laws I have some influence over.
you get the idea.
Answer so far is no.
https? no way, i'm too lazy living off my fat slashdot editor salary.
And also, how is any Privacy software going to help if the OS itself has the back-door or whatever?. It doesn't make any sense unless you use an OS that's Open Sourced. And like you say, even then you might as well just unplug your Internet. Even if the OS is secured, you still need to worry about services like the Cloud.
This is going to take more than Software to resolve.
You want me to trust some company? I trust Stallman. End of list.
How inappropriate to call this planet Earth, when clearly it is Ocean.
Doesn't matter if you are on the "up and up". Things can be taken out of context. Might as well not give them ANY ammo to use. They say to always exercise your right to be silent. This is a preemptive way to do that.
I think you would be stupid not to try and keep your personal information away from strangers. Also make sure to kill your RFID chips in your credit cards. But for the rest of you, ignorance is bliss. Enjoy.
Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security: "The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear." (See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf p31)
VKh
It stops trawling. Even if they have or will have enough computing power to break encryption, it's not going to be cheap - even the NSA doesn't have an infinite money cheat. Encrypting everything means they'd be forced by simple practicality to only snoop on people they have some grounds to suspect, rather than just collecting anything and everything they can get hold of for analysis in the hope they'll stumble upon something they can use.
The more people that encrypted trivial bullshit, the more they need to store and the longer it'll take them to crack it at any point in the future. And the less likely it is that they'll be able to pay attention to everybody.
Remember, the time it takes them to crack thousands of LOL cat videos is time they don't have to crack things we actually care about.
To be fair, if the NSA had competent security measures in place, this wouldn't have happened. It was a pretty substantial breakdown in policy that let him get to Hongkong with the data.
...despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata.
Really? Maybe the submitter needs to learn to use the Internet better.
http://www.buzzfeed.com/ellievhall/40-best-signs-from-the-restore-the-fourth-rallies
My classes in Internet Security at http://www.freegeek.org/about/classes/ were pretty well packed yesterday.
There is nothing wrong with yr Internet. Do not attempt to adjust the picture. We are controlling the transmission - NSA
Considering how many people on this site are pirates, then yes, NSA monitors Slashdot more.
Just because we know how and don't subscribe to DRM and other crap doesn't mean we're "pirates".
The cesspool just got a check and balance.
There's no way 2) will happen at goggle. The problem isn't the NSA: It's that Google's business model is based around their ability to process your information for marketing purposes. If google can't read it, they don't get paid, they can't run the service.
One idea would be to have the client include the public key in all emails sent, as a header. That way only the first email each way between two users would be sent unencrypted. It's entirely transparent... until something goes wrong.
Which brings us to another problem: My mother. A typical example of a user. When she forgot her mail password, it took her two weeks to figure out how to reset it. The typical user has no idea what a key is, and there's a good chance they'll lose the private part at some point (drive failure, thrown away old laptop after upgrade, uninstalled email client to use another). Putting them in a situation where they can't get any emails until they explain to everyone they know what happened - and they won't do that, because they won't know what the problem is, only that their new computer can't get emails right.
Never underestimate the ignorance of users.
Considering how many people on this site are pirates
I don't know, how many Somalians are here?
Ezekiel 23:20
What is this article on about? Who the fuck is SpiderOak, Silent Circle? GPG, pgp, gnuPG are standards of encryption, not some un evaluated service, or new software.
And there are *literally* people taking to the street:
http://news.cnet.com/8301-1009_3-57592368-83/san-francisco-protests-the-nsa-spying-program-in-july-4th-march/
http://rt.com/usa/nsa-protests-july-4-700/
http://mashable.com/2013/07/02/restore-the-fourth/
And these are just the top 3 google news articles. I agree that the software solutions are terrible, and hard to use. And I agree that the news media are doing a good job of shifting the focus to: "Edward Snowden for leaking some of the country's most sensitive intelligence secrets". Which is agonizing to watch, but not half as agonizing as stupid articles like this couched in the voice of the people, but in actually spinning the story away from the truth.
People are angry, there are secure solutions, it has to be open source and on your own computer under your direct control to be secure. Open source software development is notorious for flubbing the user experience, but that is the bad news. We do care about privacy and personal security, we can fix the software to be easier to use, and we are actually fighting for our rights. So STFU with your crap message about our doomed future, and stupid populace. Of course it's not easy, but people like Snowden keep coming along and reminding us to be more vigilant.
We are the problem not the end user.
We have failed to provide basic communication infrastructure that protects the end user.
Expecting people to use optional add-on technology requiring x additional software and y additional knowledge is obviously not going to happen regardless of how small x and y can be made.
The only way to fix the problem is wholesale replacement of existing bullshit (e.g. SMTP) with a solution that is secure by default. Users simply must not have the choice of skipping rational and meaningful key exchange steps before communication. It can be made easy or hard to give users control of the security tradeoff but it must not be optional.
So we should call this the "Seagate" ?
two words: television, facebook.
With the exception of a few people, American's just don't care about anyting-- unless it interrupts their viewing pleasure.
Very sad and very true.
Stupid distractions like television, facebook, and sport are rendering entire generates hopeless and pointless. Few people do anything anymore and everyone hates everyone else.
Imagine a world where people spend just some of their free time doing socially useful things. There would be no litter in the streets, no potholes in the roads, the elderly would not be alone and issolated, the hungry would be fed and waste space would become parks or food growing areas. There would be no need of stupid things like television shows or any of the other distractions from living.
"but realistically I suspect (unproductive) laziness combine with a lack of empathy for non-experts is the real culprit."
Reality is no one predicted the internet and that the human mind never evolved defense mechanisms for electronic and invasive spying. If you follow someone around with a camera, they get upset and/or call the police. Do even worse electronically and the human mind for many doesn't give a fuck.
It just comes down to the fact the human brain did not evolve mechanisms to safeguard oneself in this kind of environment.
Have you seen reddit? It is generally younger people and nearly all of them are anti-NSA. Meanwhile the mainstream press (newspapers, TV) has covered little to none of the unconstitutional NSA spying and seems to be taking the NSA position and calling for Snowden to be tried and hanged for treason. This is the medium of older viewers.
That tells me that the younger, more technical generation cares more about privacy and liberty than the older generation. I still read the newspaper and I haven't seen a single article calling for an investigation into NSA practices, and they haven't published any anti-NSA editorials (in fact, the entire editorial staff said his fleeing to _China_ and then Russia invalidated anything he said, showing their ignorance of the semi-autonomous island of Hong Kong). Again, an older generation media and again completely biased toward the government's position. They even called the act espionage, again agreeing with the government's position, which tells me they agree with the Espionage Act of 1917 which makes whistleblowing on any secret government activity, including illegal or unconstitutional ones, treason (yeah, it is that broad).