Slashdot Mirror
Snowden Seeks To Develop Anti-Surveillance Technologies
An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."
Can't wait for an app that would allow anyone to be completely anonymous, even from the almighty Goog'lord.
And I'm sure Russia will have absolutely no influence over what Snowden is working so hard to bring us too!
NSA will always be MITM. it's going to be challenging :)
Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.
Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.
Hero
Edward Snowden certainly has name recognition in the security space, which in branding terms equals big money. He's got his share of wild and crazy times overseas doing various hijinx not always on the up and up, sorta just like other security specialists of an earlier generation. Sure, in terms of branding alone Snowden could easily become the next McAfee, and he's still very young!
And isn't as if they weren't both wanted on international warrants either; and street cred. does sell sneakers.
You can't be ahead of the curve, if you're stuck in a loop.
Don't be a traitor and don't be a Snowden. This creatin has done more harm to The Establishment than all other traitors combined. Why would you want to follow this creatin down a path that only benefits terrorists? Are you a terrorist? Don't do it. Or you will go live in Russia like Snowden, a living hell if there is such a place.
"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day,"
Looking at you Slashdot.
When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead.
https://en.wikipedia.org/wiki/...
As long as the citizenry tolerates and sometimes even roots for the government's violation of civil rights, everything including the technology is just details.
The existence of a decent open-source router can't do much against a U.S. National Security Letter.
Why would anyone trust their secrets to someone who is popular for stealing them and posting them to the public.
Speaking out about anti-surveillance on a Google platform, who makes money collecting information on people?
A nice step ahead would be the establishment of a new set of root certificates and an accompanying authority that signs other peoples certificates. All located in a country that doesn't play ball with NSA and other thugs.
This would do a lot to dampen the routine man-in-the-middle we see these days.
TCAP-Abort
I'm going back to my 1942 Corona typewriter with the "t" slightly raised.
You are welcome on my lawn.
Even if you grant Snowden every consideration, how can he have any credibility as long as he's in Russia?
So, who will be auditing Snowden's code? I wouldn't even consider using anything he wrote without independent third party audits .... lots of audits of the code, design, algorithms, everything. And no binaries that he builds.
Imagine the evasive power of the dual or triple functionality achieved by some of the Obfuscated C content entries combined with the subtle designs of Russian government cryptographers. No threat there, no sir.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Privacy is about getting out. Put on light t-shirt, thin-sole running shoes, light shorts and go with your partner to a park, a stadium, etc.
Or go to a beach for a swim.
Have a meaningful private conversation while running, walking or swimming. Speak in a calm quiet voice, not louder than necessary.
So getting out is good not only for health, but for privacy too. Besides, it is much safer to run together or to walk together.
Hell, he walked in and got the stash and fled the country. Manning had already done a similar heist before this.
So, we've got minions with access to sensitive data and can't stop them. The government needs to audit itself ... again.
It does no good to wrap this stuff up in a cloaking device if space cadets can glomp and run.
It little behooves the best of us to comment on the rest of us.
Moderated Usenet
Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker or capable of the type of software engineering that this proposal would entail. Is his plan just to use his name to fundraise (In bit coin, I guess. I doubt many people are stupid/brave enough to attach their name to a donation towards anything to do with this guy) and attract talent, or is he honestly going to try and release code himself, which will probably be of poor-to-average quality and expect the world to adopt it?
I mean, let's be honest: Either way, whether he's going to just try and brand the stack or contribute, we have technologies that are perfectly good (that is, however, not to say perfect) already -- its just they aren't particularly widely deployed. How many organizations are running IPSec internally, other than just for site-to-site VPN tunnels? How many organizations are deploying DNSSec outside of governments and the military? How many organizations are using PGP or similar asymmetric encryption between employees? Making it easier might help, but chances are that the vast, vast majority of individuals aren't going to jump on any of these technologies in any great numbers unless they are mandated to (like at work, where they don't have a choice), but it isn't as if the government is going to make it a requirement that you try and "spy proof" your computer and communications.
Can YOU recognize "compromised behavior" in a computer? You might think you can, but in reality, at best, you can recognize "compromised behavior" that you know about, or have tools that can reveal it to you. Some "behavior" is more obvious than others. For instance, if the compromise causes your computer to encrypt your files with a key you don't have, or goes through and quietly corrupts your files starting with those with the oldest "last accessed" date, (on file systems and OS that support that,) or jams your screen with pop-up windows you either can't close, or that have two open for each one you kill... (like so many millions of viruses designed to run on the built-to-be-compromised mal-ware serving platform known commonly as Microsoft Windows,) etc. (and I do mean, ET CETERA,) then it's trivial to detect.
By contrast, there are ways to compromise your computer you can't really detect, only prevent, and then only maybe. For example, do you know what TEMPEST is? Are you aware that the operation of the machinery attached to your CPU can be detected at a distance? Or do you do all your computing from the inside of a FARADAY CAGE? Do you also block the faint ultrasounds produced by your computer's memory, keyboard IC's, your monitor, etc.? It's far beyond the ability of the human ear to detect, but it's a safe bet that since it is the rhythmic opening and closing of PN junctions, there's a certain amount of noise... noise that it could be possible to pick up. Even if you play music to drown out any sounds it may make, the music played is produced at, (and reproduced on equipment designed to store and spit-out exclusively) frequencies you can hear. Much higher frequencies, in the kilohertz to terahertz range you would never know about from your ears, but that definitely doesn't mean they don't exist, or that they can't be intercepted, and even possibly used to create a usable representation of what's going on inside your computer.
One may even surmise that the very fact that you're allowed to have a computer at all implies that the authorities are confident they can figure out what you're doing no matter how carefully you try to hide it, assuming of course that they want to. But you do go on calling everyone whom you think knows less about security than you do an "idiot," if it makes you feel better about yourself, you totally elite, "power-user".
By the way, anyone who uses the acronym ID-10-T, (except to point this out,) is an idiot. You're not clever, you're a dolt, and I'm guessing, a child to boot. Maybe you've turned 18, but in there... (your head,) you're still a child. Not everyone has the time or inclination to be a security expert, and while you rail against "incompetent" users, you probably don't know how the inside of the locking mechanism on your house works. You could learn, and maybe you will after reading this just to be able to say, "nuh uh, I totally know that!" but it's not really relevant to your work or school life, so you don't know it, and somewhere out there there's a locksmith on a forum about door locks calling you an "incompetent user" because you don't swap out the lock cylinder every 90 days, or whatever. There's a doctor who calls you an incompetent m0r0n (to use your 'replacing letters with numbers because I'm so f'ing clever' routine,) for not knowing the ins and outs of your own cellular respiration, DNA transcription into proteins, or what "security" mechanisms your body uses to protect you from real, actual viruses.
My point is, unless you're prepared to pretend you're an expert par excellence on everything, (in which case you likely wouldn't be wasting your time on /., so no one else here is going to believe you if you claim this is so,) there are large numbers of people, many professionals, who will justifiably think of you as an incompetent moron in their fields of expertise. At least they will if they're enough of a bunch of assholes to look down their noses at people who aren't as "smart" as they are in their chosen fie
So now, he is busy helping Russia? Hmmm.
Vs. DNS request logs in hostsfile hardcodes (faster than remote dns, shores up Kaminsky flaw w/ less moving parts complexity room 4 breakdown + electric power use (vs. local DNS)):
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of benefits in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity/room 4 breakdown,
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
So now I guess ZeroKnowledge was 16 years too early. I remember laughing at it.
I still don't care wether NSA or other idiots read my mail for I have nothing to hide. But the prospect of ill-advised policy enforcer's ability to use otherwise benign data as scapegoating is irritating.
https://www.youtube.com/watch?...
would 3e a bad
Here's my latest Snowden / Binney 2016 bumper sticker art, suitable for printing at 2.75" x 5" cropped size plus a .125" bleed, 300 DPI, on vinyl:
PNG
Vector (LibreOffice Draw)
This is my original artwork, CC BY-NC-SA, so print a pile and spread them around if you like. I use psprint.com, and I recommend searching "vinyl bumper stickers" on DuckDuckGo, where psprint is usually running a coupon in the search results. I haven't received the color proofs for this version yet, but these are corrected from a previous batch and should be pretty good.
Disclaimer: I have no affiliation with DuckDuckGo or PSPrint, and Snowden/Binney is (perhaps unfortunately) neither a real nor a realistic campaign. This is just for giggles.
Stop-Prism.org: Opt Out of Surveillance
Oh please, Eddy, shut the fuck up.
One of the angles of privacy violation is by accessing data on the local machine. Is there any particular OS distro that could operate truly read-only, writing only to RAM for the current session?
Could it work in metadata-free secure writes to a storage device if you wanted to store an acquired file?
Meanwhile you can bet his ass is being surveilled magnitudes more by his gracious hosts than by anything when he was a U.S. citizen.
gotta just love his hypocrisy
I applaud and vigorously support Mr. Snowden's suggestion that our rights MUST (my emphasis) be encoded into the programs and PROTOCOLS on which we rely every day. I seriously and sincerely doubt however that anyone, let alone the entrenched interests who construct and maintain the Internet, will in any way be moved to action.
As instance I cite the farce that is known as email. Architectural and design decision were made which did not consider the mass adoption of email by billions. Nor were the possibilities of incompetent, untrusted and malevolent actors considered. As a small illustrative example. Why, aside from the godlike feeling of absolute power conferred, do these servers allow sysadmins (or anybody who has hacked their account) to view or search the CONTENT of emails. The mail server programs implementing these flawed protocols were and continue to be kludges requiring near genius levels of competence to correctly configure and maintain.
These flaws were and are directly responsible for the tsunami of email spam and malware which began all of twenty years ago. The response was NOT to realize that the protocols were flawed and that serious refactoring was required. Instead castles of sand were built on top of quicksand. Heuristic Bayesian spam filters I'm looking at you here. This non response has directly enabled hundreds (if not perhaps thousands) of millions of dollars worth of damage and computer fraud yet still the protocols and programs were and still are not redesigned !!!
One could go on and on with similar critiques of virtually every piece of tcp/ip's fundamental infrastructure. IPV6 is not a counter example as some twenty years later it formats approximately four percent of internet traffic. These, not merely, and in addition to, the presence or absence of cryptography, I believe, are the privacy busting facts to which Mr Snowden alludes and refers.
If such serious monetary damage cannot impel substantive action this poster asserts that it is difficulty to imagine Mr Snowden's totally laudable revelations and prescriptions having any effect whatsoever.
I'm guessing, with the crowd he was speaking to this kind of project would be open source.
I've taken the time to watch some of the Chaos Computer Club videos on cryptography, which I think is loosely connected with this HOPE crowd. They seem like a very sharp bunch. I would certainly take my chances on anything they've hammered on.
Revolution is the opium of the intellectuals.
Did they get you to trade your heroes for ghosts?
"When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead."
You can use Startpage's free HTTPS proxy to access sites like Slashdot.
One would have to question exactly what kind of material he proposes trading. Would we want kiddie fiddlers transferring data?
Really who has mass surveillance harmed?
http://www.dailymail.co.uk/news/article-2671467/Almost-300-pedophiles-including-teaching-assistant-retired-sheriffs-deputy-arrested-month-long-To-Catch-Predator-style-sting-operation.html