Slashdot Mirror
Snowden Seeks To Develop Anti-Surveillance Technologies
An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."
Can't wait for an app that would allow anyone to be completely anonymous, even from the almighty Goog'lord.
And I'm sure Russia will have absolutely no influence over what Snowden is working so hard to bring us too!
NSA will always be MITM. it's going to be challenging :)
Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.
Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.
Hero
Edward Snowden certainly has name recognition in the security space, which in branding terms equals big money. He's got his share of wild and crazy times overseas doing various hijinx not always on the up and up, sorta just like other security specialists of an earlier generation. Sure, in terms of branding alone Snowden could easily become the next McAfee, and he's still very young!
And isn't as if they weren't both wanted on international warrants either; and street cred. does sell sneakers.
You can't be ahead of the curve, if you're stuck in a loop.
Don't be a police state fan boy, and learn to spell "cretin", cretin.
Scruting the inscrutable for over 50 years.
If making people realise that their basic rights are being trampled makes me a traitor, then I'd want to be a traitor any day...
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Ain't you worried that there is someone with an erect penis monitoring your private communications inside an NSA control room?
"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day,"
Looking at you Slashdot.
When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead.
As long as the citizenry tolerates and sometimes even roots for the government's violation of civil rights, everything including the technology is just details.
The existence of a decent open-source router can't do much against a U.S. National Security Letter.
Speaking out about anti-surveillance on a Google platform, who makes money collecting information on people?
A nice step ahead would be the establishment of a new set of root certificates and an accompanying authority that signs other peoples certificates. All located in a country that doesn't play ball with NSA and other thugs.
This would do a lot to dampen the routine man-in-the-middle we see these days.
TCAP-Abort
I'm going back to my 1942 Corona typewriter with the "t" slightly raised.
You are welcome on my lawn.
Even if you grant Snowden every consideration, how can he have any credibility as long as he's in Russia?
So, who will be auditing Snowden's code? I wouldn't even consider using anything he wrote without independent third party audits .... lots of audits of the code, design, algorithms, everything. And no binaries that he builds.
Imagine the evasive power of the dual or triple functionality achieved by some of the Obfuscated C content entries combined with the subtle designs of Russian government cryptographers. No threat there, no sir.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I didn't post this, but I think most of the replies/mods missed this dripping sarcasm...
(My post above was in reference to the OP, not the post I replied to.)
I hate to admit it, but I just happen to have an erect penis reading your public communications on Slashdot.
To be fair, it was erect before I opened the page. I think the SEO consultant sitting next to me is ovulating.
It is dangerous to be right when the government is wrong.
Privacy is about getting out. Put on light t-shirt, thin-sole running shoes, light shorts and go with your partner to a park, a stadium, etc.
Or go to a beach for a swim.
Have a meaningful private conversation while running, walking or swimming. Speak in a calm quiet voice, not louder than necessary.
So getting out is good not only for health, but for privacy too. Besides, it is much safer to run together or to walk together.
Alright, but which day do you think it's going to be?
Signed,
your friends at the NSA.
Get free satoshi (Bitcoin) and Dogecoins
Well, if he is a cretin, you shouldn't criticize him. It's not nice to criticize the mentally handicapped.
Get free satoshi (Bitcoin) and Dogecoins
... I'd want to be a traitor any day...
Lets pick a specific day: April 1, 1940
On that day Bletchley Park was reading the "email" of the German government, having broken the Enigma code - a fragile achievement that could fairly easily be foiled, perhaps permanently .... if the Germans knew about it. As a result of breaking that code, and keeping it secret that it had broken the code, the rights of the German government and people were trampled. The trampling of the rights of the German government and people in that fashion meant that Britain would not be starved into submission by submarine warfare, and ultimately the Allies would win the war. That meant that the trampling of the rights, including the right to live, of the people of Western and Eastern Europe by the then Nazi German government would come to an end.
Beyond that, the ability of the UK and US to read Enigma type machine encrypted messages carried over into the Cold War (which at various points nearly flared into a shooting war, including nuclear war) and played a role in helping the West obtain the intelligence necessary to defeat Soviet Communism which killed far more people than the Nazis did.
So, would-be traitor, is that still a good day for treason for you, knowing that Britain would likely have been starved into submission in WW2, the Nazis might have held on, and Soviet Communism might have lived on indefinitely? Many millions more would have been killed, several genocides would likely have been completed, we might still be faced by both Nazi and Soviet regimes, but nobody would be trampling on the rights of the German people by reading their encrypted mail. But I take it you're OK with that since it is "any day," right?
Just curious.
Isn't there an April 1st coming next year? And the year after that? What battles might be lost then?
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Hell, he walked in and got the stash and fled the country. Manning had already done a similar heist before this.
So, we've got minions with access to sensitive data and can't stop them. The government needs to audit itself ... again.
It does no good to wrap this stuff up in a cloaking device if space cadets can glomp and run.
It little behooves the best of us to comment on the rest of us.
Moderated Usenet
Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker or capable of the type of software engineering that this proposal would entail. Is his plan just to use his name to fundraise (In bit coin, I guess. I doubt many people are stupid/brave enough to attach their name to a donation towards anything to do with this guy) and attract talent, or is he honestly going to try and release code himself, which will probably be of poor-to-average quality and expect the world to adopt it?
I mean, let's be honest: Either way, whether he's going to just try and brand the stack or contribute, we have technologies that are perfectly good (that is, however, not to say perfect) already -- its just they aren't particularly widely deployed. How many organizations are running IPSec internally, other than just for site-to-site VPN tunnels? How many organizations are deploying DNSSec outside of governments and the military? How many organizations are using PGP or similar asymmetric encryption between employees? Making it easier might help, but chances are that the vast, vast majority of individuals aren't going to jump on any of these technologies in any great numbers unless they are mandated to (like at work, where they don't have a choice), but it isn't as if the government is going to make it a requirement that you try and "spy proof" your computer and communications.
How many more wars?
As for 'if the Germans knew about it." is the classic understanding of ww2 crypto. Germany trusted the machine, upgraded it a bit and had all its spies turned.
Lets take Normandy. Army Group B has some idea, Pz Lehr Division was moved, Germany had a spy near the British ambassador to Turkey, the Royal Navy had lost aspects to its low level codes, British railroads codes had been lost by late 1943, the German airforce saw changes in US and UK practice traffic, US Transport Command lost its codes, US M-209 and M-138 strip traffic was not totally secure, the A-3 A-3 speech scrambler was not so great, the Polish government in exile had code issues, a few German spies still existed in Sweden and Portugal, SIS-SOE agents where under watch in France
ie Germans moved units to Normandy.
As for "Enigma type machine encrypted messages" post ww2, the Soviet Union had a good understanding of the UK via humans. The Soviet Union was also moving to much tighter one time pad use as it fully understood its code reuse was a huge fault. But they had so much intel to send, they had few options but to risk it.
If govs cant get to one main code, they go for the weak ones, they go for people, they go for the weak codes that get used all day in sloppy ways.
For all the Enigma faith, Germany seemed to understand something was not perfect and worked hard to try and stay ahead.
New rotors, wheel permutations, random indicators, protections to counter cribbing, CY procedure, Uhr device, the UKW-D reflector but it all failed as cryptologic security was so split up. But people keep the old WW2 stories about Germany, Russia, Finland, Australia, Japan code work as just been all safe or all broken.
Post ww2 is filled with new advances and attempts by the UK and US. All very interesting, great in the new history books as more papers are released.
So for that Enigma vision we all give up our rights via an oath to authority for generations?
The talks did cover the authority and rights, press aspect in the last 30 mins.
Domestic spying is now "Benign Information Gathering"
So now, he is busy helping Russia? Hmmm.
Vs. DNS request logs in hostsfile hardcodes (faster than remote dns, shores up Kaminsky flaw w/ less moving parts complexity room 4 breakdown + electric power use (vs. local DNS)):
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
So now I guess ZeroKnowledge was 16 years too early. I remember laughing at it.
I still don't care wether NSA or other idiots read my mail for I have nothing to hide. But the prospect of ill-advised policy enforcer's ability to use otherwise benign data as scapegoating is irritating.
https://www.youtube.com/watch?...
Here's my latest Snowden / Binney 2016 bumper sticker art, suitable for printing at 2.75" x 5" cropped size plus a .125" bleed, 300 DPI, on vinyl:
PNG
Vector (LibreOffice Draw)
This is my original artwork, CC BY-NC-SA, so print a pile and spread them around if you like. I use psprint.com, and I recommend searching "vinyl bumper stickers" on DuckDuckGo, where psprint is usually running a coupon in the search results. I haven't received the color proofs for this version yet, but these are corrected from a previous batch and should be pretty good.
Disclaimer: I have no affiliation with DuckDuckGo or PSPrint, and Snowden/Binney is (perhaps unfortunately) neither a real nor a realistic campaign. This is just for giggles.
Stop-Prism.org: Opt Out of Surveillance
Sad, but not surprising, that you got modded down for your appropriately on-topic post. Speak not against the Snowden, for it is fraught with peril and fanbois down-modding.
Oh please, Eddy, shut the fuck up.
One of the angles of privacy violation is by accessing data on the local machine. Is there any particular OS distro that could operate truly read-only, writing only to RAM for the current session?
Could it work in metadata-free secure writes to a storage device if you wanted to store an acquired file?
You seem to be comparing two searches:
1) Done on ALL civilians, including people who were suspected of nothing
2) Specifically targeting official transmissions with probable cause to expect genocide
I don't know about the other would-be traitors, but the problem I have isn't with intercepting any communications of any kind; it's with searching innocent people. I'm perfectly OK with the NSA hacking actual terrorists.
Would July 14th be ok?
The breeze around your neck that you feel shouldn't worry you...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Meanwhile you can bet his ass is being surveilled magnitudes more by his gracious hosts than by anything when he was a U.S. citizen.
gotta just love his hypocrisy
I applaud and vigorously support Mr. Snowden's suggestion that our rights MUST (my emphasis) be encoded into the programs and PROTOCOLS on which we rely every day. I seriously and sincerely doubt however that anyone, let alone the entrenched interests who construct and maintain the Internet, will in any way be moved to action.
As instance I cite the farce that is known as email. Architectural and design decision were made which did not consider the mass adoption of email by billions. Nor were the possibilities of incompetent, untrusted and malevolent actors considered. As a small illustrative example. Why, aside from the godlike feeling of absolute power conferred, do these servers allow sysadmins (or anybody who has hacked their account) to view or search the CONTENT of emails. The mail server programs implementing these flawed protocols were and continue to be kludges requiring near genius levels of competence to correctly configure and maintain.
These flaws were and are directly responsible for the tsunami of email spam and malware which began all of twenty years ago. The response was NOT to realize that the protocols were flawed and that serious refactoring was required. Instead castles of sand were built on top of quicksand. Heuristic Bayesian spam filters I'm looking at you here. This non response has directly enabled hundreds (if not perhaps thousands) of millions of dollars worth of damage and computer fraud yet still the protocols and programs were and still are not redesigned !!!
One could go on and on with similar critiques of virtually every piece of tcp/ip's fundamental infrastructure. IPV6 is not a counter example as some twenty years later it formats approximately four percent of internet traffic. These, not merely, and in addition to, the presence or absence of cryptography, I believe, are the privacy busting facts to which Mr Snowden alludes and refers.
If such serious monetary damage cannot impel substantive action this poster asserts that it is difficulty to imagine Mr Snowden's totally laudable revelations and prescriptions having any effect whatsoever.
I'm guessing, with the crowd he was speaking to this kind of project would be open source.
I've taken the time to watch some of the Chaos Computer Club videos on cryptography, which I think is loosely connected with this HOPE crowd. They seem like a very sharp bunch. I would certainly take my chances on anything they've hammered on.
Revolution is the opium of the intellectuals.
Did they get you to trade your heroes for ghosts?
Let's pick another day: 9 November 1989.
If the total surveillance state that you desire had been functional back then, the Berlin Wall would never have fallen, and Communism would still be ruling the USSR. You owe the fall of Communism to the failure of the surveillance state.
"When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead."
You can use Startpage's free HTTPS proxy to access sites like Slashdot.
If the surveillance state had been possible back in 1776 there would be no United States.
One would have to question exactly what kind of material he proposes trading. Would we want kiddie fiddlers transferring data?
Really who has mass surveillance harmed?
http://www.dailymail.co.uk/news/article-2671467/Almost-300-pedophiles-including-teaching-assistant-retired-sheriffs-deputy-arrested-month-long-To-Catch-Predator-style-sting-operation.html