Snowden Seeks To Develop Anti-Surveillance Technologies

← Back to Stories (view on slashdot.org)

Snowden Seeks To Develop Anti-Surveillance Technologies

Posted by samzenpus on Sunday July 20, 2014 @09:07PM from the snowden-brand dept.

An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."

12 of 129 comments (clear)

Min score:

Reason:

Sort:

Biggest problem in IT security: ID-10-T errors by Stolpskott · 2014-07-20 21:40 · Score: 4, Insightful

Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.
Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.
1. Re:Biggest problem in IT security: ID-10-T errors by AHuxley · 2014-07-20 22:07 · Score: 4, Interesting
  
  Small steps. Move away from the brands that helped ie the PRISM list of willing brands and tame staff building junk systems.
  Understand how "open source" telco layers over tame telco software and hardware can save any data on entry.
  ie once your targeted all is privacy lost no matter the fancy open source app. The security services will be in every hop of any network into and out of your computer/device until they get full plain text.
  Encryption seems to be the key until your use of it shows up at an endpoint under constant surveillance. Then the individual targeting starts on the new person.
  The most easy step is to make encryption more gui, web 2.0 friendly. Then a lot more people will be flooding the net with random heavy code 24/7.
  Use once hardware would be interesting. It would stop any longterm profile, any unique hardware numbers been sent. If you then work on really good crypto to hide voice, pic, file sent, text you could kind of have a one session. Snowden hinted a bit about association (you to the press), mixed routing, the need for unattributable internet access in the 1h+ talk.
  A lot of steps to fix an internet that is now really like Tempora https://en.wikipedia.org/wiki/... and what that can do to your message and a person in the press been watched.
  The other aspect was education. A civic duty to teach, educate the wider public and press. The classic Sysadmins of the world, unite! also mentioned.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re: Biggest problem in IT security: ID-10-T errors by Anonymous Coward · 2014-07-21 00:13 · Score: 5, Insightful
  
  Bull shit... OpenSSL is open source and look at all the crap they found this quarter alone...
  They found all that *because* OpenSSL is open source. How much have they found in closed source versions of SSL libraries?
3. Re:Biggest problem in IT security: ID-10-T errors by AmiMoJo · 2014-07-21 00:58 · Score: 4, Insightful
  
  It doesn't have to be perfect, it just has to increase the cost of mass surveillance to a level where it is no longer feasible. Surveillance is too cheap because much of the data is just there for collection, unprotected.
  For example, the UK government just pass emergency data retention laws that require all ISPs to continue logging the domain names of every web site every subscriber visits. If more people started using VPNs regularly that capability would become far less useful, and while I'm sure they could attack the VPN providers or crypto or even the individual target's computers the cost would be much higher than simply requiring the ISP to run a large database. They would be forced to stop bulk collection and only target people of genuine interest, which is the reasonable.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Don't you want to be a traitor too? by some+old+guy · 2014-07-20 22:12 · Score: 4, Funny

Don't be a police state fan boy, and learn to spell "cretin", cretin.

--
Scruting the inscrutable for over 50 years.
Re:Don't you want to be a traitor too? by ChristW · 2014-07-20 22:12 · Score: 5, Insightful

If making people realise that their basic rights are being trampled makes me a traitor, then I'd want to be a traitor any day...

--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
So Slashdot... by Anonymous Coward · 2014-07-20 22:30 · Score: 5, Insightful

"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day,"
Looking at you Slashdot.
When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead.
Re:soviet era crypto by NotInHere · 2014-07-20 22:33 · Score: 5, Insightful

As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
The russians could only say "this is too secure, design something that can be broken more easily".
Technology is only a small part of the problem by DoofusOfDeath · 2014-07-20 22:36 · Score: 4, Informative

As long as the citizenry tolerates and sometimes even roots for the government's violation of civil rights, everything including the technology is just details.
The existence of a decent open-source router can't do much against a U.S. National Security Letter.
Secure technology by PopeRatzo · 2014-07-20 23:43 · Score: 3, Funny

I'm going back to my 1942 Corona typewriter with the "t" slightly raised.

--
You are welcome on my lawn.
1. Re:Secure technology by ArcadeMan · 2014-07-21 00:03 · Score: 3, Funny
  
  And why do you think the "t" is slightly raised, hum? Spyware, that's why.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
Re:Kinda Like Mega by mspohr · 2014-07-21 03:52 · Score: 3, Informative

An app won't give you much anonymity. You need to start from the ground up with an OS that leaves no trace on the hardware and has good encryption and anonymity tools built in.
Here's a good start: TAILS
https://tails.boum.org/

--
I don't read your sig. Why are you reading mine?