Slashdot Mirror
Time For X-No-Wiretap HTTP Header?
Freshly Exhumed writes "A security blogger, acknowledging that the NSA methodically ranks communications on the basis of their 'foreignness' factor to determine candidacy for prolonged retention proposes, is proposing '...an opportunity for us on the civilian front to aid the NSA by voluntarily indicating citizenship on all our networked communications. Here, we define the syntax and semantics of X-No-Wiretap, a HTTP header-based mechanism for indicating and proving citizenship to well-intentioned man-in-the-middle parties. It is inspired by the enormously successful RFC 3514 IPv4 Security Flag and HTTP DNT header.'"
Gay sex is a myth!
Had to do it after http://xkcd.com/1258/
The only way we are going to solve this NSA mess is to clean house...and the senate...
Someone can't set their date properly? :P
Yes, of course!
This is guaranteed to work almost as good as the Evil Bit, an extra field in IPv4 headers where senders of packets indicate malicious intent, so that people administering firewalls can discard such packets if desired.
(The problem in the first place was that the people wiretapping didn't give a shit about rules, etiquette, and being decent. More rules and etiquette aren't the solution to that problem.)
Rick
It'll certainly flag the packets to NSA as deserving of extra long retention!
You secure it by force.
What, is it April 1st again already?
I'm waiting for a header protocol that can tell when it's been intercepted or collected, and proceeds to blow up the TLA server on which it resides.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
prove otherwise.
Will be a header code that says "do wiretap me, I have something interesting to hide!"
No seriously... WTF?
How could this be anything other than a flamebait article Tim?
XML is a known as a key material required to create SMD: Software of Mass Destruction
Yeah. Because no one will lie about their citizenship.
So in theory, anyone who's good can set this HTTP header flag and the terrorists who will honestly declare themselves bad will make sure this setting is unchecked. It seems like a pretty good idea at least, it will be easy to *actually* monitor those who are evil due to honesty at heart! I can't wait for this great SECURITY solution to finally arrive!!!!!!!%$^&^%*&^(*&( CARRIER LOST^] exit
X-No-Wiretap = stoops!
X-Fuck-Me-In-The-Asshole-Because-I-Can't-Even-Recognize-That-This-Is-Complete-Shit = extra-true!
Christianity: All stand guilty before God. Release from guilt results from trusting Christ's work.
NSA: All stand guilty before the government. There is no release from guilt other than becoming an elite.
Perhaps this is why there is so much vitriol against Christianity in particular.
--
Another fine opinion from The Fucking Psychopath®.
It is always so irritating to see that this discussion turns into "I am USA citizen, do not spy on me, dear NSA!" What about rest of the world?? How come that in your US centric viewpoint it's all ok to spy on anyone else, just not on US citizens?? What about Europe? Other NATO allies? All ok to spy on everyone else, on your viewpoint!! Love that fat bellybutton of yours!
the ones that need spying on come from foreign sources? Seriously.
Attention Obama Supporting Slashdot Douchenozzles!
You stupid fucking dorks, you supported Obama here like stink on shit, you have absolutely no right to complain. Shut up and enjoy your anal probe.
You have butr yourselves to thank!!! Oh the joy of statism! Bend over douchenozzles and suck up the Obama socialism!!! Get in line for your food stamps, government cheese and a colonoscpy!
http://www.washingtonpost.com/world/national-security/obama-administration-had-restrictions-on-nsa-reversed-in-2011/2013/09/07/c26ef658-0fe5-11e3-85b6-d27422650fd5_story.html
"The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases, according to interviews with government officials and recently declassified material.
In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court. "
Tyranny!!! It's what's for dinner at Slashdot Socialist Central!
Few American commentators seem to be questioning the unstated assumption that spying on non-Americans is perfectly OK, even if there is no reasonable cause for suspicion. By that logic, it's perfectly OK for other countries to spy on all Americans.
Aren't we all entitled to a little privacy?
We should add a bit to IPv6 header which marks if the packet crossed international borders. Each edge router (both incoming and outgoing) if connected to an endpoint which originates from a source outside of the country must set the bit.
That way if the packet leaves the country before coming to you, you should know. If the packet re-enters the country (ie, it was set to 1 but the NSA turned it off to hide), again it should set it to 0.
This mean that that all inner-US traffic would have the bit set to 0. The NSA on receiving the packet must ignore it hopefully by court mandate. Of course, nothing really stops them, but, at least you as a citizen should be able to know in theory when a foreign government might also be snooping in addition to the NSA by knowing the packet left the domestic network.
Time for us all to take encryption seriously. To the ASCII table, and beyond!
We are expecting people who bend the rules to play nice.. Slick.. real slick..
In Wayland too.
This has got to be flame bait, because nothing about this guys blog screams SECURITY BLOGGER. Three whole posts tagged with Security....
They are already deliberately violating the law, with impunity. They compromise your security at every step. Adding un-encrypted metadata to your traffic will only:
1 - ID you for possible actions by later custodians of this information
2 - Acknowledge your silent submission to the fact of universal collection as a normative state
3 - Divert efforts from real crypto-countermeasures
People need not to give NSA their complicity and assent, but to resist, and applaud every time somebody manages to FUCK UP their mission.
"Flyin' in just a sweet place,
Never been known to fail..."
Where do I sign up for THIS new Trojan horse?
"Flyin' in just a sweet place,
Never been known to fail..."
When confronted with a government entity that believes itself to be above the law and is routinely breaking the law, yeah, asking them not to hold on to your data. That will work. Right?
Seven puppies were harmed during the making of this post.
Because no one would lie and terrorists are always foreign?
If we're going to solve this problem, let's state it clearly.
Small groups of people, with a limit now tending towards one, are acquiring the ability to inflict damage, now tending towards death, on larger and larger numbers of people, now tending towards everyone.
How can we stop them before they do that ? How do we need to arrange or change the things ion the world so that that never happens?
All of this Snvowden, NSA, War on Terror, WMD al Queda stuff flows directly from that basic fact.
We're never going to be in agreement on what to do until we're all on the same page as to what the problem really is. That's the problem.
Really, I don't see a solution outside of genetically engineering people so they don't want to do that. Religion doesn't work (fundamentalism of all kinds , Islamic and Christian) . Providing people with stuff and money doesn't work (bin Laden), education doesn't work (Pol Pot) democratic institutions don't work (Timothy McVeigh) . Maybe those things reduce the probability, the sheer availability of accomplices to a Pol Pot or a bin Laden. At best that buys us time.
I am not saying genetic engineering is what we should do. I can't even say that it will work, but that and making the creation of an equitable and fair world a top priority (as opposed to our current one- making small numbers of people very rich) are our best bet as far as we know.
Using an X-no-wiretap header is like putting your emergency flashers on when illegally parking. http://www.youtube.com/watch?v=CIcHXgY0KKo
Don't stop where the ink does.
X-Apple-Pie
X-NASCAR-Fan
X-NRA-Member
"Duhhhh, umm, OK."
Somebody check-mark the "Crazed Bomber" box just to see what they do.
Table-ized A.I.
The number of commenters failing to understand that the article is satire is staggering. Hell, look at the "department" the article is from.
If you're concerned about privacy and NSA can see your HTTP headers, then you're holding it wrong.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
If you're not tracked by the NSA, you're tracked by some other nation's spy agency.
Headers are only voluntary.
So what, precisely, does this "new header" gain anyone except a circle-jerk of self-congralatory "we did something"?
I do not fail; I succeed at finding out what does not work.
Remind me again where in the fourth amendment it says we only have protection against unreasonable search and seizures for information not crossing international borders?
And what on earth makes you think they'd honor these flags regardless? They've already proven they don't give a shit what the laws are, they're just going to keep doing whatever they want. Notice after a bunch of noise early on, the media and congress quickly moved on to Syria without so much as even publicly addressing the issue beyond saying "we expect them to follow the rules" - and by that they mean we expect they'll keep right on doing what they're doing.
When I saw that this proposal "deprecates all the SSL/TLS ciphers in favor of Double CAESAR’13" (a.k.a. ROT-13) I knew it was going to be great. BTW, a big shoutout to my friends over in the Caesarian section! Okay, so I needed to run some sandboxed tests first. After using Double ROT-13 everything was going perfectly, according to the spec, but I decided to gamble on TRIPLE ROT-13. Big mistake. Don't do it! All I ended up with was a bunch of gobbledegook that I couldn't work with anymore, so I had to just delete everything and start all over again. Don't use TRIPLE ROT-13!!!!!!!1
I wish I could have been FP to warn everyone. I'm glad this proposal sticks with Double!
I deny that I have not avoided attaining the opposite of that which I do not want.
Which is right up there with "think of the children!" as a strong symptom of frontal lobe disengagement.
Those people who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Oah yes, I am completely American, absolutely, you betcha! Mom and apple pie, verry good. Uncle Sam, hooray! I will be doing this for you every time, so you will be verry satisfied with this service.
Your comment is only testament to the fact that Slashdot readers do not RTFA.
Are there any unexpected negative outcomes of this?
Yup, but if you only skim the article, it's a blatant application of Poe's law.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Liberties going down the drain, secret laws, secret courts, secret prisons, killing people without any trial, but at least we still have stupid nerd jokes in the form of funny HTTP headers.
Haha, I'm so not laughing.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Header is read by smart switch/routers and they ensure that the associated packets do not get routed to any US-addressed (or US-puppet-addressed) host or router.
To do this one properly, an AVOID_US bit in the IPV6 packets should be used instead.
Where are we going and why are we in a handbasket?
If it's on by default we won't know who doesn't want to be wiretapped. The only way to make this work is if the user has to turn it on.
Mod parent Plus 1 Swoosh.
Sig Battery depleted. Reverting to safe mode.
The time has come to sharpen up our prime number and encryption pad generators and use them.
in soviet russia papers please might be something like this: (via google translate)
!!!!
Cyrillic text doesn't work on slashdot, OMG
The State Security service is not there to protect the people, it is there to protect the State. ... and in the past East Germany. The practice is exactly the same, except the US state security has far more rech than the East German State Security coud ever have dreamt of.
That makes us all potential enemies, if you Americans think you are considered any less of a threat than us dodgy foreigners, then you are deluded. You have the means and opportunity, the motive is all around you. As for the rest of the world, well, the motive is all too obvious, that is why the State watches us all. The same motivation as China, Russia, UK, Iran, Syria, Egypt,
Every once in a while I get a less than "brilliant" new idea for an April fools RFC.
Last night a new idea come to me in a vision where one time pads would be required for all Internet communication with a humerously implausible N(users) x N(sites) scheme of filling OTP pools before any communication may take place on the Internet.
So yea well um prior to using google one first drives down to a local OTP filling station, using a google kiosk upload your codebook. Daily data collection vans representing each site would stop at each terminal daily, collect codebooks aggregate and apply to each site entirely out of band of the Internet.
Once the process is completed users would be able to use a service online normally for as long as their codebooks last. Once exhausted they would have to drive back to the kiosk and refill.
One could inject all kinds of complexity including BGP extensions to assist routing of collection vans, site collection aggregators and anticipated supporting outlay of businesses and services to facilitiate all the craziness.
Security considerations section would allow a priceless array of considerations loaded in a way that makes the overall concept seem even less secure than no security at all.
While X-No-Wiretap is funny part of what makes April 1 RFCs stand out is technical detail in specification. I'm not sure there is much that can be done with just a single header as funny as it is.
It's easier to insert an X-Copyright-2013 header; if the NSA decides to infringe on any of our literary works, it'll be $150,000 a pop. Not that they can't afford it...
When the copyright term is "forever minus a day", live every day like it's the last.
I presume this is a joke.
Well, then, I suggest we invoke the other Poe's law: Nevermore!
http://www.rootstrikers.org/
You are marking your traffic that you are an American Citizen and don't want to be monitored. What do you have to hide? That sounds like something a terrorist would say. Time to monitor every piece of traffic with this header, thanks for flagging when you have something to hide.
You and your friends don't have enough guns to outgun the NSA (who are typically not armed), much less the FBI, Pentagon, and Copyright police. If you want your data not to get wiretapped, you need to use crypto, end-to-end, and use various traffic analysis obfuscation services in the middle, and get enough people doing it to have some actual cover traffic (because being the one person using an anonymity service doesn't do the job.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Look, you right-wing trolls like to talk about how liberals and progressives want big government, but we're dealing with Bush's Homeland Security Mafia here, and the right-wing Drug War, and the right-wing Big Military-Industrial-Complex which goes conquering other countries on behalf of Big Oil and Hating Foreigners. And you guys talk about "Intellectual Property" like it's as sacred a thing as owning real dirt property that we stole from the Indians, so the Copyright Police are as much your fault as they are the liberals' fault. And if Obama were actually a liberal, we'd have some Hopey Changey Stuff and the warrantless wiretappers and Gitmo torturers would be in jail, instead of him telling his Justice Department to defend the Bush Administration policies.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yeah, that'll work.
Protecting your messages with crypto is a start, and using traffic mixers like Tor and Mixmaster to resist traffic analysis, but it's a hard job when the Bad Guys have Moore's Law on their side and unlimited unaccountable budgets and politicians who want to keep it that way.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Wouldn't it be too easy then for services like Hulu to filter out non-Americans even when connected via VPN?
Is there such a thing (this is a rhetorical question) as a "well intentioned man in the middle party?
Just added this to my client's AJAX function for fun :)
They are already deliberately violating the law, with impunity. They compromise your security at every step. Adding un-encrypted metadata to your traffic will only:
1 - ID you for possible actions by later custodians of this information
2 - Acknowledge your silent submission to the fact of universal collection as a normative state
3 - Divert efforts from real crypto-countermeasures
People need not to give NSA their complicity and assent, but to resist, and applaud every time somebody manages to FUCK UP their mission.
www.expressvoyance.fr
How do we know they're violating the law? We have no dea what the secret security courts may have given them permission to do.
If I were running NSA the first people I'd look at would be the ones including the header.
Secret security courts are themselves, illegal.
Fact on the ground? Yes. But? You cannot vote simple laws to violate Constitutional violation. That requires the Amendment process. Yes. This extends to Congress delegating their powers of coinage and exercise of war. Not legally possible without Amendment.
"Flyin' in just a sweet place,
Never been known to fail..."