Slashdot Mirror
Snowden Seeks To Develop Anti-Surveillance Technologies
An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."
Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.
Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.
Edward Snowden certainly has name recognition in the security space, which in branding terms equals big money. He's got his share of wild and crazy times overseas doing various hijinx not always on the up and up, sorta just like other security specialists of an earlier generation. Sure, in terms of branding alone Snowden could easily become the next McAfee, and he's still very young!
And isn't as if they weren't both wanted on international warrants either; and street cred. does sell sneakers.
You can't be ahead of the curve, if you're stuck in a loop.
Don't be a police state fan boy, and learn to spell "cretin", cretin.
Scruting the inscrutable for over 50 years.
If making people realise that their basic rights are being trampled makes me a traitor, then I'd want to be a traitor any day...
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day,"
Looking at you Slashdot.
When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead.
As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
The russians could only say "this is too secure, design something that can be broken more easily".
As long as the citizenry tolerates and sometimes even roots for the government's violation of civil rights, everything including the technology is just details.
The existence of a decent open-source router can't do much against a U.S. National Security Letter.
Mod parent up.
It is not who makes it, it is how it is made.
A nice step ahead would be the establishment of a new set of root certificates and an accompanying authority that signs other peoples certificates. All located in a country that doesn't play ball with NSA and other thugs.
This would do a lot to dampen the routine man-in-the-middle we see these days.
TCAP-Abort
I'm going back to my 1942 Corona typewriter with the "t" slightly raised.
You are welcome on my lawn.
Why (and this is the point,) would you trust the NSA any more than the Russian government? Neither wants you to be able to hide what you're doing from them. If these last few years have taught us anything, it's that your government, (wherever you live,) and possibly other governments, should be regarded as the same as any other group of people who could potentially do you harm by knowing things you might want to keep to yourself, whether or not you've committed any legitimate transgression or 'crime' as they call it. Crime is of course subjective because what's a crime in one place may or may not be in another. Case in point, possession, manufacture, consumption, transportation, or offering for sale the product generally known as "booze". Illegal in some places.
If there are any other lessons here, it's that governments, indeed, other people in general can listen-in on your communications, PERIOD. Using any form of communication that can be intercepted virtually guarantees it will be intercepted by someone, or at least that you should figure it will be. If you find yourself in a room full of loud, random-noise generating equipment, (or just are next to a large waterfall,) and whisper something directly into the ear of another human being, cupping your hands so your lips movements, (etc.) can't be seen, MAYBE no one other than the person to whom you whisper can hear you. Maybe.
If, OTOH, you're using a device that modulates your voice onto an electrical carrier wave, and broadcasts that via emissions of photons across half the universe, or conveys it using a half-dozen different companies' equipment to someone hundreds or thousands even, of miles away via wire and/or fiber... yeah, someone can listen in, and you should assume that someone will. You should further assume anything you say on the phone (or over the radio) can and will be used against you in a court of law, will be shown to your mother/father/wife/husband/boss/coworkers/the-general-public, and will be misinterpreted to make you seem complicit in whatever they decide it would be funny to frame you for, etc. etc. etc.
The reason most people get away with using these technologies is that there simply isn't enough crap to pin on people to put every single person into jail, and then no one left to make the cops' doughnuts after everyone else is locked up. That's why we're not all in jail. Yet.
But wait. They're working as fast as they can on robots who can do your job, and on technology that will enable them to read your minds. I can't wait, (though I think it will suck to live in this world, once this becomes reality,) if only to be able to say, "HA! I told you so!" to read of the first person put into prison for what he THOUGHT. No action, mind you, no "attempted" anything, just for having thought it; you know, he'll be wearing "Google Mind," or using the "iThink Headband," and won't realize they built backdoors into both, and the local police can read thoughts, and he'll have a fleeting fantasy about beating someone to death, pushing his mother off a cliff, or running someone over with his truck, or whatever... and they'll arrest and jail him, convict him and send him to the penitentiary just FOR THAT.
You know the day is coming. They already jail you for what you say, in some places, what you wear, or don't, they'll do THAT even in " 'Murica " ... yeah, as soon as someone figured out how to make money off putting people in jail... well, it's just like any other time someone figures out you can make money doing a thing, people will do it.
So forget crypto as a privacy device, unless you're prepared to make it yourself, test in yourself, and be responsible for it yourself. The only unbreakable crypto is the (TRULY F'ING RANDOM) one-time pad, and only if it's used correctly. Everything else is like the locks on your house or car, only keeps people out who don't REALLY want in. The reason the government relented on the whole "crypto is a weapon and you can't export it," is once they were c
They don't? That's good to know, I'll go install a few dozen free apps right now!
Get free satoshi (Bitcoin) and Dogecoins
Thats all the need. If the contact is the press and the sender works/worked for a gov they are both targeted.
The "An observer could work out who your contacts are" gets even better if you try and meet in person. A member of the press turns their phone off and walks in a direction. Any other person in the area who turns their phone off and then on later like the member of the press is tracked.
IP, the internet, mobile phones its all great for tracking back the moment a person in gov tries reach out.
Thats what a good section of the talk was about. Discovering that journalist to whistleblower association, then turning press and byline journalist into criminals for accepting the material and daring to publish. Then its all secret laws, secret courts for the gov worker and soon the press too.
More Vietnam, Iraq like entanglements as gov staff do not speak out. As they sit back and let more wars to start. That total oath only to authority.
You can encrypt all you like, the metadata of an unbreakable code to the press will be tracked back. So unattributable internet access was mentioned as a good skill to consider teaching via people with the skills to work on such tasks.
Domestic spying is now "Benign Information Gathering"
Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker or capable of the type of software engineering that this proposal would entail. Is his plan just to use his name to fundraise (In bit coin, I guess. I doubt many people are stupid/brave enough to attach their name to a donation towards anything to do with this guy) and attract talent, or is he honestly going to try and release code himself, which will probably be of poor-to-average quality and expect the world to adopt it?
I mean, let's be honest: Either way, whether he's going to just try and brand the stack or contribute, we have technologies that are perfectly good (that is, however, not to say perfect) already -- its just they aren't particularly widely deployed. How many organizations are running IPSec internally, other than just for site-to-site VPN tunnels? How many organizations are deploying DNSSec outside of governments and the military? How many organizations are using PGP or similar asymmetric encryption between employees? Making it easier might help, but chances are that the vast, vast majority of individuals aren't going to jump on any of these technologies in any great numbers unless they are mandated to (like at work, where they don't have a choice), but it isn't as if the government is going to make it a requirement that you try and "spy proof" your computer and communications.
An app won't give you much anonymity. You need to start from the ground up with an OS that leaves no trace on the hardware and has good encryption and anonymity tools built in.
Here's a good start: TAILS
https://tails.boum.org/
I don't read your sig. Why are you reading mine?
You seem to be comparing two searches:
1) Done on ALL civilians, including people who were suspected of nothing
2) Specifically targeting official transmissions with probable cause to expect genocide
I don't know about the other would-be traitors, but the problem I have isn't with intercepting any communications of any kind; it's with searching innocent people. I'm perfectly OK with the NSA hacking actual terrorists.