I am a US citizen and travel out of the country fairly frequently. The work I do is "innocent" and "I have nothing to hide" but I do interact with "foreigners" and with the government random collection of metadata and "six degrees of separation", I could end up in this situation and considerable inconvenience (or worse). I've been thinking of using a Chromebook which I could wipe before crossing the border. Any ideas?
Nobody is saying that open source software is guaranteed safe. The point is that commercial software is now pretty much guaranteed unsafe and there is no way to audit it. With open source, you have lots of people looking at the code and they can find problems and fix them so you have a better chance of having safe software.
I hate to get into a political philosophy argument since these tend to go around in circles, generating lots of heat but no light so I will just quote William Buckley from the first National Review in 1955. I believe that he can be considered an authority on American Conservatism. "It is the job of centralized government (in peacetime) to protect its citizens’ lives, liberty and property. All other activities of government tend to diminish freedom and hamper progress. " Unfortunately, all of this spying is being done in the name of protecting citizens' lives, liberty and property. I see no difference between liberals or conservatives on this issue... they are both corrupt.
With closed source, you don't know if it's secure and you can't verify that it's secure and now we have these NSA documents which state that they have already compromised the most popular commercial security software and they are working on compromising the rest of it. With open source, you don't have a guarantee that it's secure but you do have lots of knowledgeable people looking at the code (especially now) and you yourself can audit the code. It has a much higher chance of being secure. You're right, "a security solution with a destroyed reputation is no solution at all"... and the NSA just destroyed the reputation of all commercial security software.
This has nothing to do with liberal or conservative and everything to do with the power of government. From Bruce Schneier: Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground. http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
I think you can assume that most "popular" commercial encryption software has been compromised. Bruce Schenier has a good article in The Guardian on how to protect your computer: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance From the article: With all this in mind, I have five pieces of advice:
1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
Tunisa folded to a popular uprising, not guns. (see http://www.amazon.com/Why-Civil-Resistance-Works-Nonviolent/dp/0231156839 ) Libya rebels recruited bigger guns from NATO Yemen... US is still in charge with drones, etc. Egypt - The military (the people with guns) threw out the government (twice). Guns are persuasive. Bigger guns / more guns win.
The article states that they are working with commercial software vendors to insert back doors, vulnerabilities, etc. into their software. This is much easier than trying to break RSA or AES by brute force. I think we have to assume that all commercial software has been compromised and is vulnerable. Only trust open source software where the code has been audited carefully.
From the article it sounds like the NSA has compromised most commercial VPN software (and is working on the rest) with backdoors, etc. Do you use commercial (non open source) VPN software? If so, it doesn't matter that your keys are secure.
5M NRA members with pea shooters are no match for the US Army (think big guns, tanks, helicopters, etc... you get the idea). It's amusing to see NRA members boasting that they can "defend themselves against the guvmt"... good luck with that.
I've been waiting for this because I wanted a phone that was easy to carry (like a watch, duh). I have been following the Omate TrueSmart on Kickstarter: http://www.kickstarter.com/projects/omate/omate-truesmart-water-resistant-standalone-smartwa Now that Samsung has released more information, I'm very disappointed. It's not a stand alone phone, it requires the latest Samsung phone to be paired all of the time. It's crippled Android. (Not very attractive, either, compared to the Omate). The Omate is waterproof and is a fully functioning phone with better specs... and it's only $200. I guess Samsung was just looking to create a fancy "accessory" for their phone without much functionality.
Au contraire... I've found that I get great service on Slashdot for legal questions. You can ask anything and get lots of different answers in minutes. None of these people are actual lawyers but that doesn't stop them from expounding at length (as if they were getting paid by the hour) about any subject. The usual barriers of accounting for different laws in different jurisdictions are never a problem here. You can get legal advice for any country just by extrapolating answers from the five or ten countries represented in the typical answer set. Best of all, it's free and open source!
Boston had no excuse for being thick in 2007: http://en.wikipedia.org/wiki/2007_Boston_bomb_scare Aqua Teen Hunger Force A group of police found them to be sharing "some characteristics with improvised explosive devices." These characteristics included an identifiable power source, a circuit board with exposed wiring, and electrical tape. Investigators were intending to determine "if this event was a hoax or something else entirely."
You could have just checked their web site... I, however, did it for you since you seem to have some challenges using these computer/internet thingys. http://www.truecrypt.org/docs/issues-and-limitations "There are currently no confirmed issues."
Slashdot Mirror
The problem is the "suitable sensor".
This X Prize is to develop the sensor.
Current sensors are not sensitive enough or durable enough.
I am a US citizen and travel out of the country fairly frequently. The work I do is "innocent" and "I have nothing to hide" but I do interact with "foreigners" and with the government random collection of metadata and "six degrees of separation", I could end up in this situation and considerable inconvenience (or worse).
I've been thinking of using a Chromebook which I could wipe before crossing the border.
Any ideas?
Omate true smart on Kickstarter looks like a good option. it seems to do everything a Smart Watch should do.
Nobody is saying that open source software is guaranteed safe.
The point is that commercial software is now pretty much guaranteed unsafe and there is no way to audit it.
With open source, you have lots of people looking at the code and they can find problems and fix them so you have a better chance of having safe software.
I hate to get into a political philosophy argument since these tend to go around in circles, generating lots of heat but no light so I will just quote William Buckley from the first National Review in 1955. I believe that he can be considered an authority on American Conservatism.
"It is the job of centralized government (in peacetime) to protect its citizens’ lives, liberty and property. All other activities of government tend to diminish freedom and hamper progress. "
Unfortunately, all of this spying is being done in the name of protecting citizens' lives, liberty and property. I see no difference between liberals or conservatives on this issue... they are both corrupt.
It's actually Chromium based, not Chrome
Chromium is open source:
http://www.chromium.org/
With closed source, you don't know if it's secure and you can't verify that it's secure and now we have these NSA documents which state that they have already compromised the most popular commercial security software and they are working on compromising the rest of it.
With open source, you don't have a guarantee that it's secure but you do have lots of knowledgeable people looking at the code (especially now) and you yourself can audit the code. It has a much higher chance of being secure.
You're right, "a security solution with a destroyed reputation is no solution at all"... and the NSA just destroyed the reputation of all commercial security software.
This has nothing to do with liberal or conservative and everything to do with the power of government.
From Bruce Schneier:
Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
It looks like researchers discovered the flaw in the 2006 Standard in 2007... not bad... (and Microsoft, too).
They don't need to break AES.
They just work with their commercial software "partners" to insert vulnerabilities into the software.
I think you can assume that most "popular" commercial encryption software has been compromised.
Bruce Schenier has a good article in The Guardian on how to protect your computer:
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
From the article:
With all this in mind, I have five pieces of advice:
1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
Tunisa folded to a popular uprising, not guns. (see http://www.amazon.com/Why-Civil-Resistance-Works-Nonviolent/dp/0231156839 ) ... US is still in charge with drones, etc.
Libya rebels recruited bigger guns from NATO
Yemen
Egypt - The military (the people with guns) threw out the government (twice).
Guns are persuasive.
Bigger guns / more guns win.
The article states that they are working with commercial software vendors to insert back doors, vulnerabilities, etc. into their software. This is much easier than trying to break RSA or AES by brute force.
I think we have to assume that all commercial software has been compromised and is vulnerable.
Only trust open source software where the code has been audited carefully.
From the article it sounds like the NSA has compromised most commercial VPN software (and is working on the rest) with backdoors, etc.
Do you use commercial (non open source) VPN software? If so, it doesn't matter that your keys are secure.
Like Syria?
Repression works... not all the time... but it works.
(... having second thoughts about replying to an anonymous psychopath...)
Kent State
5M NRA members with pea shooters are no match for the US Army (think big guns, tanks, helicopters, etc... you get the idea).
It's amusing to see NRA members boasting that they can "defend themselves against the guvmt"... good luck with that.
I've been waiting for this because I wanted a phone that was easy to carry (like a watch, duh). I have been following the Omate TrueSmart on Kickstarter:
http://www.kickstarter.com/projects/omate/omate-truesmart-water-resistant-standalone-smartwa
Now that Samsung has released more information, I'm very disappointed. It's not a stand alone phone, it requires the latest Samsung phone to be paired all of the time. It's crippled Android. (Not very attractive, either, compared to the Omate). The Omate is waterproof and is a fully functioning phone with better specs... and it's only $200.
I guess Samsung was just looking to create a fancy "accessory" for their phone without much functionality.
I agree completely.
My post was intended to be funny and sarcastic and many people did understand (it was voted +5 funny).
Hope this clarifies.
Au contraire...
I've found that I get great service on Slashdot for legal questions. You can ask anything and get lots of different answers in minutes. None of these people are actual lawyers but that doesn't stop them from expounding at length (as if they were getting paid by the hour) about any subject. The usual barriers of accounting for different laws in different jurisdictions are never a problem here. You can get legal advice for any country just by extrapolating answers from the five or ten countries represented in the typical answer set.
Best of all, it's free and open source!
Boston had no excuse for being thick in 2007:
http://en.wikipedia.org/wiki/2007_Boston_bomb_scare
Aqua Teen Hunger Force
A group of police found them to be sharing "some characteristics with improvised explosive devices." These characteristics included an identifiable power source, a circuit board with exposed wiring, and electrical tape. Investigators were intending to determine "if this event was a hoax or something else entirely."
They're all "linked" to Kevin Bacon.
(Thanks to all that metadata that NSA is snarfing up.)
You could have just checked their web site...
I, however, did it for you since you seem to have some challenges using these computer/internet thingys.
http://www.truecrypt.org/docs/issues-and-limitations
"There are currently no confirmed issues."
It could just be that there is nothing that needs updating.
Not every project is on a relentless path to add more and more "features".
Chromebook.
http://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias%3Daps&field-keywords=chromebook