Slashdot Mirror
Time For X-No-Wiretap HTTP Header?
Freshly Exhumed writes "A security blogger, acknowledging that the NSA methodically ranks communications on the basis of their 'foreignness' factor to determine candidacy for prolonged retention proposes, is proposing '...an opportunity for us on the civilian front to aid the NSA by voluntarily indicating citizenship on all our networked communications. Here, we define the syntax and semantics of X-No-Wiretap, a HTTP header-based mechanism for indicating and proving citizenship to well-intentioned man-in-the-middle parties. It is inspired by the enormously successful RFC 3514 IPv4 Security Flag and HTTP DNT header.'"
Had to do it after http://xkcd.com/1258/
The only way we are going to solve this NSA mess is to clean house...and the senate...
Someone can't set their date properly? :P
Yes, of course!
This is guaranteed to work almost as good as the Evil Bit, an extra field in IPv4 headers where senders of packets indicate malicious intent, so that people administering firewalls can discard such packets if desired.
(The problem in the first place was that the people wiretapping didn't give a shit about rules, etiquette, and being decent. More rules and etiquette aren't the solution to that problem.)
Rick
It'll certainly flag the packets to NSA as deserving of extra long retention!
You secure it by force.
What, is it April 1st again already?
I'm waiting for a header protocol that can tell when it's been intercepted or collected, and proceeds to blow up the TLA server on which it resides.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
prove otherwise.
Will be a header code that says "do wiretap me, I have something interesting to hide!"
No seriously... WTF?
How could this be anything other than a flamebait article Tim?
XML is a known as a key material required to create SMD: Software of Mass Destruction
Yeah. Because no one will lie about their citizenship.
So in theory, anyone who's good can set this HTTP header flag and the terrorists who will honestly declare themselves bad will make sure this setting is unchecked. It seems like a pretty good idea at least, it will be easy to *actually* monitor those who are evil due to honesty at heart! I can't wait for this great SECURITY solution to finally arrive!!!!!!!%$^&^%*&^(*&( CARRIER LOST^] exit
X-No-Wiretap = stoops!
X-Fuck-Me-In-The-Asshole-Because-I-Can't-Even-Recognize-That-This-Is-Complete-Shit = extra-true!
It is always so irritating to see that this discussion turns into "I am USA citizen, do not spy on me, dear NSA!" What about rest of the world?? How come that in your US centric viewpoint it's all ok to spy on anyone else, just not on US citizens?? What about Europe? Other NATO allies? All ok to spy on everyone else, on your viewpoint!! Love that fat bellybutton of yours!
the ones that need spying on come from foreign sources? Seriously.
Few American commentators seem to be questioning the unstated assumption that spying on non-Americans is perfectly OK, even if there is no reasonable cause for suspicion. By that logic, it's perfectly OK for other countries to spy on all Americans.
Aren't we all entitled to a little privacy?
We should add a bit to IPv6 header which marks if the packet crossed international borders. Each edge router (both incoming and outgoing) if connected to an endpoint which originates from a source outside of the country must set the bit.
That way if the packet leaves the country before coming to you, you should know. If the packet re-enters the country (ie, it was set to 1 but the NSA turned it off to hide), again it should set it to 0.
This mean that that all inner-US traffic would have the bit set to 0. The NSA on receiving the packet must ignore it hopefully by court mandate. Of course, nothing really stops them, but, at least you as a citizen should be able to know in theory when a foreign government might also be snooping in addition to the NSA by knowing the packet left the domestic network.
Time for us all to take encryption seriously. To the ASCII table, and beyond!
We are expecting people who bend the rules to play nice.. Slick.. real slick..
In Wayland too.
Oh I just love how you dorks can't help yourselves but to downmod me. Why is that you little jerkoffs?
This is *NOT* off topic. This *IS* truth.
You fuckwads get your little feelings hurt huh? Come on, one of you jack asses has to respond and tell me this is all BOOOSSSHEEESSS fault right? Come on jokers, BUSH=HITLER right?
RIGHT?
Fucking morons.
This has got to be flame bait, because nothing about this guys blog screams SECURITY BLOGGER. Three whole posts tagged with Security....
They are already deliberately violating the law, with impunity. They compromise your security at every step. Adding un-encrypted metadata to your traffic will only:
1 - ID you for possible actions by later custodians of this information
2 - Acknowledge your silent submission to the fact of universal collection as a normative state
3 - Divert efforts from real crypto-countermeasures
People need not to give NSA their complicity and assent, but to resist, and applaud every time somebody manages to FUCK UP their mission.
"Flyin' in just a sweet place,
Never been known to fail..."
Where do I sign up for THIS new Trojan horse?
"Flyin' in just a sweet place,
Never been known to fail..."
I didn't mod you but I'm guessing people are taking issue with your inflammatory phrasing, not your core points.
When confronted with a government entity that believes itself to be above the law and is routinely breaking the law, yeah, asking them not to hold on to your data. That will work. Right?
Seven puppies were harmed during the making of this post.
Because no one would lie and terrorists are always foreign?
If we're going to solve this problem, let's state it clearly.
Small groups of people, with a limit now tending towards one, are acquiring the ability to inflict damage, now tending towards death, on larger and larger numbers of people, now tending towards everyone.
How can we stop them before they do that ? How do we need to arrange or change the things ion the world so that that never happens?
All of this Snvowden, NSA, War on Terror, WMD al Queda stuff flows directly from that basic fact.
We're never going to be in agreement on what to do until we're all on the same page as to what the problem really is. That's the problem.
Really, I don't see a solution outside of genetically engineering people so they don't want to do that. Religion doesn't work (fundamentalism of all kinds , Islamic and Christian) . Providing people with stuff and money doesn't work (bin Laden), education doesn't work (Pol Pot) democratic institutions don't work (Timothy McVeigh) . Maybe those things reduce the probability, the sheer availability of accomplices to a Pol Pot or a bin Laden. At best that buys us time.
I am not saying genetic engineering is what we should do. I can't even say that it will work, but that and making the creation of an equitable and fair world a top priority (as opposed to our current one- making small numbers of people very rich) are our best bet as far as we know.
Using an X-no-wiretap header is like putting your emergency flashers on when illegally parking. http://www.youtube.com/watch?v=CIcHXgY0KKo
Don't stop where the ink does.
X-Apple-Pie
X-NASCAR-Fan
X-NRA-Member
Oh do you think so genius?
I'll take a guess here, you have never asserted a conservative position here on Slashdot the echo chamber of socialism have you? No? Trust me, you get endlessly attacked and called names, derided and told to shut up. Oh and not just told to shut up but you will be modded out of posting privliges whatsoever.
Socialists and hard core libs are all the same, free speech only for those who agree with the socialists. Rights? Only for those who agree with the regime. Laws? Only apply to those who actually support the Constitution and not to the elites and the government. IRS? Fool, that is a tool of political opression not a tax collection agency.
The socialist lot are pissing on the Constitution and have done so for generations. Socialists support theft of my money, my healthcare and my civil liberties and rights, and all the while they mock and attack and parade their paper mache busts of GWB=HITLER signs.
And then Obama and the leftist cabal starts banging the war drum preparing to attack Syria, with NO STATE SECURITY INTERESTS AT ALL, and threatens to do so without the approval of congress and we call them on it this message is also ignored and shut down.
So, no, I am not in a polite fucking mood and I will not hold back my inflammatory phrasing thank you very much.
I hate socialists. And cowardly intellecually dishonest socialists are the worst fucking kind.
"Duhhhh, umm, OK."
Somebody check-mark the "Crazed Bomber" box just to see what they do.
Table-ized A.I.
The number of commenters failing to understand that the article is satire is staggering. Hell, look at the "department" the article is from.
If you're concerned about privacy and NSA can see your HTTP headers, then you're holding it wrong.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
If you're not tracked by the NSA, you're tracked by some other nation's spy agency.
Headers are only voluntary.
So what, precisely, does this "new header" gain anyone except a circle-jerk of self-congralatory "we did something"?
I do not fail; I succeed at finding out what does not work.
Remind me again where in the fourth amendment it says we only have protection against unreasonable search and seizures for information not crossing international borders?
And what on earth makes you think they'd honor these flags regardless? They've already proven they don't give a shit what the laws are, they're just going to keep doing whatever they want. Notice after a bunch of noise early on, the media and congress quickly moved on to Syria without so much as even publicly addressing the issue beyond saying "we expect them to follow the rules" - and by that they mean we expect they'll keep right on doing what they're doing.
It's difficult to understand your rant.
... LOL!
So, you hate socialists. Fine. That's your opinion.
But then you go on about Obama and "leftist cabal" and "the socialist lot are pissing on the Constitution".
To me, this means that you are talking about USA politics and name-calling the USA Democrat party as "socialist".
That doesn't make sense in the normal way the word "socialist" is used. The USA Democrat party is very right-wing. The USA Republican party is "bat-shit crazy" extreme right-wing. We outside the USA almost never hear about the left-wing or socialist parties and politics of the USA.
I have heard that you have a Green Party, used to be chaired by the famous Ralph "Seat Belt" Nader, now run by a lady named Cynthia McKinney. She's probably left-wing.
But if you want to see real socialist parties in action (4.5 % of the parliament), read here:
http://www.guengl.eu/group/delegations (I was going to send a link to SYRIZA.gr but my Greek is so poor I couldn't even find an english language link)
Oh yeah, and "Slashdot the echo chamber of socialism"
To be, or not to be: isn't that quite logical, Slashdot Beta?
When I saw that this proposal "deprecates all the SSL/TLS ciphers in favor of Double CAESAR’13" (a.k.a. ROT-13) I knew it was going to be great. BTW, a big shoutout to my friends over in the Caesarian section! Okay, so I needed to run some sandboxed tests first. After using Double ROT-13 everything was going perfectly, according to the spec, but I decided to gamble on TRIPLE ROT-13. Big mistake. Don't do it! All I ended up with was a bunch of gobbledegook that I couldn't work with anymore, so I had to just delete everything and start all over again. Don't use TRIPLE ROT-13!!!!!!!1
I wish I could have been FP to warn everyone. I'm glad this proposal sticks with Double!
I deny that I have not avoided attaining the opposite of that which I do not want.
Which is right up there with "think of the children!" as a strong symptom of frontal lobe disengagement.
Those people who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Oah yes, I am completely American, absolutely, you betcha! Mom and apple pie, verry good. Uncle Sam, hooray! I will be doing this for you every time, so you will be verry satisfied with this service.
Your comment is only testament to the fact that Slashdot readers do not RTFA.
Good grief I really don't have the patience to explain this to you. Socialist - big government, statist, collectivsm.
Democrats (US) = big government, progressive taxation, wealth redistribution, socialized medicine. Democrats are socialists, it's a fact. If you do not understand this I don't know how to help you. Ignore the Repiublicans, they are just liars and exist essentially so as to allow Democrats to maintain majories. They sometimes talk a good talk, but never support the conservative nor the constitution.
Not try and stay on topic, the people that suported Obama did so more out of Bush hatred than anything else, and vocally told us this Bush hatred was largely oriented on the war in Iraq. Now this was all a lie, but any Obama supporter who does not vocally and agressively denounce the statist war on Syria is a fool and a liar. This is my point.
Any questions?
Are there any unexpected negative outcomes of this?
Yup, but if you only skim the article, it's a blatant application of Poe's law.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Liberties going down the drain, secret laws, secret courts, secret prisons, killing people without any trial, but at least we still have stupid nerd jokes in the form of funny HTTP headers.
Haha, I'm so not laughing.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Header is read by smart switch/routers and they ensure that the associated packets do not get routed to any US-addressed (or US-puppet-addressed) host or router.
To do this one properly, an AVOID_US bit in the IPV6 packets should be used instead.
Where are we going and why are we in a handbasket?
If it's on by default we won't know who doesn't want to be wiretapped. The only way to make this work is if the user has to turn it on.
Mod parent Plus 1 Swoosh.
Sig Battery depleted. Reverting to safe mode.
The time has come to sharpen up our prime number and encryption pad generators and use them.
in soviet russia papers please might be something like this: (via google translate)
!!!!
Cyrillic text doesn't work on slashdot, OMG
The State Security service is not there to protect the people, it is there to protect the State. ... and in the past East Germany. The practice is exactly the same, except the US state security has far more rech than the East German State Security coud ever have dreamt of.
That makes us all potential enemies, if you Americans think you are considered any less of a threat than us dodgy foreigners, then you are deluded. You have the means and opportunity, the motive is all around you. As for the rest of the world, well, the motive is all too obvious, that is why the State watches us all. The same motivation as China, Russia, UK, Iran, Syria, Egypt,
At the risk of continuing your flamebait session, I think we can summarize your post by quoting the first two words of its last line:
"I hate"
Where are we going and why are we in a handbasket?
Every once in a while I get a less than "brilliant" new idea for an April fools RFC.
Last night a new idea come to me in a vision where one time pads would be required for all Internet communication with a humerously implausible N(users) x N(sites) scheme of filling OTP pools before any communication may take place on the Internet.
So yea well um prior to using google one first drives down to a local OTP filling station, using a google kiosk upload your codebook. Daily data collection vans representing each site would stop at each terminal daily, collect codebooks aggregate and apply to each site entirely out of band of the Internet.
Once the process is completed users would be able to use a service online normally for as long as their codebooks last. Once exhausted they would have to drive back to the kiosk and refill.
One could inject all kinds of complexity including BGP extensions to assist routing of collection vans, site collection aggregators and anticipated supporting outlay of businesses and services to facilitiate all the craziness.
Security considerations section would allow a priceless array of considerations loaded in a way that makes the overall concept seem even less secure than no security at all.
While X-No-Wiretap is funny part of what makes April 1 RFCs stand out is technical detail in specification. I'm not sure there is much that can be done with just a single header as funny as it is.
It's easier to insert an X-Copyright-2013 header; if the NSA decides to infringe on any of our literary works, it'll be $150,000 a pop. Not that they can't afford it...
When the copyright term is "forever minus a day", live every day like it's the last.
I presume this is a joke.
And this is relevant to what exactly? Socialists hate people that want to keep the money they earn, so what? We all know this.
No wonder you lot avoid honest dicsussion and debate so often, you haven't got shit when it comes to logic and reason.
My arguments cannot be beaten and I can prove it.
All you fucks are left with is "you said hate".
Dipshit.
Oh and speaking of socialists who continue to be proven wrong by facts and science how about this shit-for-brains?
http://www.telegraph.co.uk/earth/environment/climatechange/10294082/Global-warming-No-actually-were-cooling-claim-scientists.html
" There has been a 60 per cent increase in the amount of ocean covered with ice compared to this time last year, they equivalent of almost a million square miles.
In a rebound from 2012's record low an unbroken ice sheet more than half the size of Europe already stretches from the Canadian islands to Russia's northern shores, days before the annual re-freeze is even set to begin.
The Northwest Passage from the Atlantic to the Pacific has remained blocked by pack-ice all year, forcing some ships to change their routes.
A leaked report to the UN Intergovernmental Panel on Climate Change (IPCC) seen by the Mail on Sunday, has led some scientists to claim that the world is heading for a period of cooling that will not end until the middle of this century. "
Gwan dumbass, please commence with your explanation of how this is all BOOOOSSSSHEHHEHEEEESSSS fault.
Cause it's actually Obamas fault. All the constant bullshit that comes out of his mouth has actually gone and caused hell to freeze over, Got it?
Well, then, I suggest we invoke the other Poe's law: Nevermore!
http://www.rootstrikers.org/
He'll be force choking underlings in no time!
Nope, no questions... only a statement:
You obviously have *no* idea what the word "socialism" means.
You might want to actually look it up in something politically neutral, like say a dictionary, and read the definition.
Obama isn't a 'socialist' at all. Nor is he particularly "left wing", he's right-of-center (just "lefter" than the republican party which has gone extreme right). We haven't had a true "left wing" mainstream political party in over 40 years.
You are marking your traffic that you are an American Citizen and don't want to be monitored. What do you have to hide? That sounds like something a terrorist would say. Time to monitor every piece of traffic with this header, thanks for flagging when you have something to hide.
You and your friends don't have enough guns to outgun the NSA (who are typically not armed), much less the FBI, Pentagon, and Copyright police. If you want your data not to get wiretapped, you need to use crypto, end-to-end, and use various traffic analysis obfuscation services in the middle, and get enough people doing it to have some actual cover traffic (because being the one person using an anonymity service doesn't do the job.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Look, you right-wing trolls like to talk about how liberals and progressives want big government, but we're dealing with Bush's Homeland Security Mafia here, and the right-wing Drug War, and the right-wing Big Military-Industrial-Complex which goes conquering other countries on behalf of Big Oil and Hating Foreigners. And you guys talk about "Intellectual Property" like it's as sacred a thing as owning real dirt property that we stole from the Indians, so the Copyright Police are as much your fault as they are the liberals' fault. And if Obama were actually a liberal, we'd have some Hopey Changey Stuff and the warrantless wiretappers and Gitmo torturers would be in jail, instead of him telling his Justice Department to defend the Bush Administration policies.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yeah, that'll work.
Protecting your messages with crypto is a start, and using traffic mixers like Tor and Mixmaster to resist traffic analysis, but it's a hard job when the Bad Guys have Moore's Law on their side and unlimited unaccountable budgets and politicians who want to keep it that way.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Wouldn't it be too easy then for services like Hulu to filter out non-Americans even when connected via VPN?
Is there such a thing (this is a rhetorical question) as a "well intentioned man in the middle party?
Just added this to my client's AJAX function for fun :)
They are already deliberately violating the law, with impunity. They compromise your security at every step. Adding un-encrypted metadata to your traffic will only:
1 - ID you for possible actions by later custodians of this information
2 - Acknowledge your silent submission to the fact of universal collection as a normative state
3 - Divert efforts from real crypto-countermeasures
People need not to give NSA their complicity and assent, but to resist, and applaud every time somebody manages to FUCK UP their mission.
www.expressvoyance.fr
How do we know they're violating the law? We have no dea what the secret security courts may have given them permission to do.
If I were running NSA the first people I'd look at would be the ones including the header.
Secret security courts are themselves, illegal.
Fact on the ground? Yes. But? You cannot vote simple laws to violate Constitutional violation. That requires the Amendment process. Yes. This extends to Congress delegating their powers of coinage and exercise of war. Not legally possible without Amendment.
"Flyin' in just a sweet place,
Never been known to fail..."