Danse was one of the many who sent us a thought-provoking
piece about privacy-not about how it's important, but how we've already lost it, or shortly will. All those little memories we build up, living our lives and how they all, ultimately, betray us.
Slashdot Mirror
There is not now, nor has there ever been, a 40-bit "export" version of PGP. Other programs, yes. PGP, no.
I'm not sure what you mean by "the keys can be reconstructed on a LAN, with only the time of message known". Frankly, I suspect that you just don't know what you're talking about... but maybe you'd like to explain how to go about it? If you think that the random number generator is seeded with the time of day, think again... it's seeded with keystroke cadence information.
Of course if you send your pass phrase or the cleartext of your key over any network, LAN or otherwise, you lose. The solution is not to do that, as has been clearly explained in the PGP documentation since version 2.
Newer commercial versions of PGP do have a rather nasty data recovery system, but it's optional; you turn it on at key generation. It's also intended for corporations to use to recover messages encrypted by their own employees, and there's no infrastructure for giving it to the government. Anyway, if you buy your own copy of PGP, you just don't turn on the recovery feature.
PGP has problems. It's big and complex, so it might have unknown bugs. It has a corporate key recovery system. It's not clear that the "web of trust" PKI will scale even as well as the (also problematic) hierarchical model. Weakness of the cryptography is not, however, one of PGP's problems.
Sheesh.
Don't use "savings cards" designed to collect consumer data on you
If you are willing to give up some conveniences, then you can retain a great deal of privacy. I emphasize retain - once you have given away privacy it never returns, so you cannot "get it back".
If you enjoy the above conveniences, then you simply have to live with less privacy.
Of course there are a great number of things government and industry could do to increase privacy, but I'm sure other posts will cover that.
Any student of history (or anybody who knows _anything_ at all about history) knows that revolutions occur on a pretty regular schedule. Governments come into power, usually backed with the support of the majority of the population, on a platform that 'fixes' the problems of the previous government.
.02
But after a while, the new government gets so bogged down in its own buraucracy, and opportunists seize every chance they can to gain more power for themselves (=> less for the people) and eventually the new government that was supposed to fix all the problems of the previous one has its own set of problems.
Now I'm definately NOT a history major, but one instance that comes to mind is Russia/USSR. After the fall of the czars, a communist government (which sounds great on paper) took over. What happened? The few people in power were selfish, more concerned with themselves than with the good of the country, and then you get what happened in the 1980's.
What's my point? I think that our governent (remember how that came to be?) is starting to abuse its powers. The principles that the US was founded on are being twisted and manipulated by people with ulterior motives. This process is being accelerated to an incredible speed thanks to our level of technology (the Net, etc.).
The world is an imperfect place. No large population of people is every happy with their government for a long period of time. THIS WON'T CHANGE! As Joseph Campbell once said, (I don't remember it exactly), "The world isn't perfect. It's a mess. But it's a perfect mess."
Just my
LL
"If you are falling, dive." -Joseph Campbell
This keeps everybody in a state of fear: am I "normal"? is my credit record worse than that of other people? was the bank justified in denying my loan? did I do something wrong? is everybody around me earning more money than I am?
Perhaps a better approach to the encroachment on our privacy is more transparency: with some exceptions, anybody can view most data about other people, from the Bills (Clinton and Gates) to your nextdoor neighbor. That way, I know where I stand relative to other people in society, I can review my records for accuracy, and people can detect discriminatory or harmful practices by businesses. Or on a smaller scale, if all salaries in a company are widely known, that will likely lead to more equity in pay since it gives employees more negotiating power.
Perhaps it would also mean that individuals behave more prudently because they would embarrassed about some of the things they do. Right now, detrimental behavior is covered by a blanket of privacy in a way it has never been before. The constitution may protect your right to bear arms, but it doesn't protect your right to amass a private weapons stash without your neighbors knowing about it.
The current state, where large corporations can get information on consumers, but everybody else is in the dark, seems to me like the worst possibility. Transparency, if it applies to everybody, individuals as well as corporations, could be a workable alternative.
I say let's spam 'em! Just sprinkle likely trigger words randomly North Korea through your emails. Your recipient NORAD might be confused until you potassium nitrate explain it to them, but that's a small price to pay for anthrax the fun. We could also attach boiler plate to our sig files, replacing those threadbare Star Trek snippets. It's kind of like that Jeff Goldblum tactic in one of his less-than-successful movies, where he tells his captors so many different stories, they don't know which one to believe.
Flood the system.
The problem isn't so much the big, bad government as the government-industrial behemoth. Look at the data Echelon is really concerned with - it's usually economic. Companies are using the net, your bank information, etc to target you for specific purchases. Not a problem, you like recieving unsolicited ads for products that you may use? Ok, how about an HMO database that redlines on your genetic history, your food purchases and the frequency of your visits to the health club?
/., but how many 10 year olds do you know who have to get the latest thing advertised on TV within 20 seconds of seeing the commerical? How many of them grow up to continue to need the ego-balms that companies spend billions of dollars to advertise, even after they have reached what we pass off as maturity? The more detailed the record the corporate structure gains, the deeper, and earlier, they can sink in the claws.
The loss of freedom does not require dark-cloaked men who sneak through the shrubs and say "How can we eliminate the dreaded First Amendment." There is no great X-Files conspiricy out there eroding our rights, we do too good a job of that ourselves for it to be needed. How many people do you know who even think once before providing information to just about anyone who asks? So long as the request is not for bank account numbers or credit card info, we hand it over. This info is valuable to companies that want to target, and so passivly control, your habits. Not that any of this is a threat to the cynical, old hackers that read
The real threat to freedom, as most people define the word, is that this 'meerly' economic attack is being employed in politics. Do you honestly believe that the James Carville created Bubba campaigns of '92 and '96 were the anomoly? In 10 years they will seem remarkably crude, and the advance will be largly because of this sort of data collection and filtering. The real problem is how to craft laws that stop this sort of thing.
Last issue: the author of this article is yet another person who needs a few calm e-mails explaining the difference between hacker and cracker.
What a complete load of hooey. First off, its worth mentionning that the article is obviously USA specific. The first ad, which deals partly with the 5th amendment is an american issue. So other countries inhabitants have never had such 'rights' in the first place. But that amendment confuses the hell out of me at any rate: if you're doing something wrong, shouldn't you be working to change the law that makes it wrong rather than trying to uphold the amendment which keeps you from incriminating yourself for it?
;) I'll fully admit that capitalism and democracy seems to be the best of the evils so far.)
People often confuse the growing rate of human interaction with privacy. I'd argue that back in the 1800's, you're privacy was no better - there simply was not the means to track such detailed information, nor services which would require such information. But if those infrastucture elements had been there, no one would have been better off.
No one knew it was going to come to this, and so no one could act upon it in time. And now that it's here - well good luck changing things.
Remember, the real goal of everyone in this society is money and power. Capitalism encourages the storage of information, because it can be used later (even if the owner of such information isn't sure how to leverage it's value quite yet, s/he'd argue that it never hurts to store it until it does become useful.) So is it really a surprise that people in power wanna know everything about you?
Every day I see people running stop lights, people taking advantage of other people, people bending the truth about themselves in order to gain access to services, discounts, and such. People going for theirs. What boggles my mind is how hot headed they get when they discover that those in power act pretty much in the same vain, albiet on a larger scale. Information, and consequently people's 'privacy', is one such thing abused by everyone, on a daily basis. (Like the guy who passes around his ex-gfs phone number as revenge, and then turns around and bitches about the government or some company asking him for his.)
I'd argue that the democratic and capitalist system is set up such that the storage of your private deails is an inherently attractive notion to those in power. Rather than some sort of control on the information, which is pretty useless considering the people we think are abusing it are the ones to whom we'd trust the task to implementing those controls, we need to rethink our social structure. Otherwise, just get used to it. I have.
(And no, calling me a 'commie' won't work.
"Old man yells at systemd"
Really? That's an interesting claim -- sounds testable!
Here's something we can do: I'll encrypt a 60 KB message using PGP. I guarantee that the message is in clear ASCII English text. I'll turn over the cleartext and the key to a mutually-agreed-upon third party, and send the encrypted text to both of you. The third party can confirm that the encrypted text was encrypted with the key I submitted.
A couple of hours is too short -- I'll give you a day. If within 24 hours you have cracked that message to the satisfaction of the third party, you win. If you haven't, PGP wins.
The fact that you have not addressed key strengths or other matters in your original statement implies one of two things: Either you have discovered a weakness in RSA that renders those issues irrelevant, or you don't know what you're talking about. If you have broken 2048-bit RSA, that is interesting news.
Let's get testing!
--
Some keywords for the NSA in the Lord of the Rings universe: One Ring bind find Sauron quest Nazgul freedom
1) Yeah, it wasnt't he potshots that took at the ATF or anything like that...
Who were coming in unannounced through an open window without identifying themselves. And why were they there in the first case? Because he was a religious gun nut.
2) I don't know what you are talking about, but I'm sure its bullshit anyway.
So you don't think the NYPD are capable of brutality? An NYPD office (Volpe) recently plead guilty to shoving a broomstick up someone's ass... Other NYPD offices shot at an unarmed man (Diallo) 41 times!
3) Sure, a kid born in poverty has as much freedom of speech as anyone else. No one is going to listen to him, but that isn't that point.
But that IS the point. It's easy nowadays to put up a web page and express yourself however you like, but if you don't have the money to defend yourself, a single threat of legal action can usually shut you up. That's what took Packet Storm down.
4) Bullshit, the cops can't do their job becuase every criminal cliamns they've been beaten if the cops do so much as look at them funny.
Let's talk about NYPD again. According the the NY Times:
It [NYPD] routinely pays out tens of thousands of dollars to people who say the police abused them, but the Police Department rarely formally investigates their allegations, and the officers named in their lawsuits almost always continue working without scrutiny or punishment.
Here's the link.
5) Every lawyer who represents someone has passed the bar, so is by definition competent.
So you think that OJ would have done just as well if he'd relied on a public defender?
Thanks for the liberal propaganda though.
Once you can label someone, it's so easy to dismiss them. Usually people who mention David Koresh are labeled as conservatives, but I guess that doesn't matter. As long as you can tie up their philosophy with a single word, you can easily dismiss whatever they have to say.
-- Don't Tase me, bro!