

Can we try to find solution to NSA and all such spying - negamax

By now it&#x27;s established that a huge surveillance equipment exists. It&#x27;s not that we can&#x27;t solve this problem. It&#x27;s only that we didn&#x27;t knew about it.<p>Google&#x2F;Facebook&#x2F;Yahoo. All the big players can solve this issue for once and for all by providing end to end encryption. But their business interests comes in play. All these companies (and other Internet companies involved) make money by showing contextual ads to their users. An encrypted message stored on the server gives no context. Every piece of communication made over FB&#x2F;Gmail etc is broken down to shards to get any relevant context out of them and then ads shown to the users are fine tuned.<p>Can these companies create clients (web&#x2F;mobile&#x2F;tablets) which encrypt the message before leaving user&#x27;s machine and transparently decrypt it on arrival to the recipient? Sure they can. At the very least they can provide such a service as an option.<p>But truthfully, everyone shall be wary of them now. I propose open source clients should be created for all major platforms which can provide such an option.<p>Three keywords:<p>1. Open source clients<p>2. Client side encryption and decryption<p>3. Making user adopt these tools instead of official ones
======
bifrost
> It's only that we didn't knew about it.

This has been well known since the 1990s (Eschelon, Carnivore, etc)

> All the big players can solve this issue for once and for all by providing
> end to end encryption.

You as the user really has to take responsibility for that, if the $BIGCO
holds your keys, they can do whatever they want with them. I've put up GPG
encrypted posts on Facebook, no big woo. Twitter is really only good w/ROT13
:P

The only thing thats sortof close to what you're looking for is OTR, but its
only for instant messaging.

~~~
monsterix
I have this thought, but not sure if it can be considered a decent solution to
achieve machine blindness?

One of the reasons why PRISM/computers or search works is because they can
parse the text we type off our keyboards. Those character codes is what helps
'em look for key words, and enables the opportunity to snoop.

So instead if we doodle our text [1] in free-form and in language/lingo of our
choosing (augment steganography with raw data/images) then we are perhaps
closer to making it difficult for the snooping algorithms to parse and detect
the keywords these people bank on.

I have significant reasons to believe that OCR across all languages for 400BB
mails a day is next to impossible with available technology today. Given the
diversity of handwriting/languages worldwide and the the fact that people can
invent characters to communicate with each other, this could become an
impeccable method.

[1] Example: [https://bubbleideas.com/letters/the-tiger-by-sir-william-
bla...](https://bubbleideas.com/letters/the-tiger-by-sir-william-blake)
(Observe the second half of the page that is handwritten. Since private mails
are meant to be read only by intended recipient, we don't need to fret much
about search. Basic tagging would be enough.)

~~~
ippisl
Handwriting won't work against backdoors.Backdoors can send screen captures.
And since handwriting is slower than typing , most of the times, people won't
use it - so it will be a good signal that one is trying to hide something.

~~~
monsterix
> Handwriting won't work against backdoors.Backdoors can send screen captures.

It will be very hard to find/detect context from screen captures without human
intervention. Which means only those who need to be snooped will need to be
snooped by the Gov, not everybody.

> And since handwriting is slower than typing , most of the times, people
> won't use it - so it will be a good signal that one is trying to hide
> something.

This one is important. The example that I linked above has been written off
the iPad. On the iPad it's relatively fast to write by hand (clunky
keyboards?), and with a Wacom Pentab too, but then this could be the earliest
of such experiences that we're talking about. If Tech focus/innovation can be
centered around it, people would love doodling as much as typing.

~~~
ippisl
I just did a non-scientific test and it took me a similar time to write on an
android smartphone(with a good keyboard) and on paper.

This might work.

But there are some tools for handwritten OCR:

[http://www.cvisiontech.com/ocr/file-ocr/ocr-tool-for-hand-
wr...](http://www.cvisiontech.com/ocr/file-ocr/ocr-tool-for-hand-written.html)

And if we aim for people to write clearly ,unlike doctors, handwritten OCR
doesn't seem like a hard problem relative to machine vision in general.

------
varunkho
This is not a software engineering problem but social and political one. Thus,
any attempt to solve it only by means of some smart engineering would be bound
to be rendered uneffective for most or all of the masses.

~~~
negamax
It is a technological problem as well.

Let's suppose government allocated $200 billion to create this infra. But
there are free tools which can render it useless. They are less likely to go
ahead with such a plan then.

Whole premise of making inroads in service providers servers is that
information stored there is human readable. Store it encrypted. Come up with
stronger algorithms and security schemes and this problem is affectively
solved.

If we can reach to a stage where only option remain to read a person's
information is to arrest them or break into their devices, we have affectively
pulled a project like PRISM down.

~~~
varunkho
> Whole premise of making inroads in service providers servers is that
> information stored there is human readable. Store it encrypted.

Nobody is inroading, government has access to the data by law or by policy.
Service providers, that operate under the jurisdiction of a state, cannot
perform actions that do not adhere to the laws and policies of that state.
It's as simple as that.

> Come up with stronger algorithms and security schemes and this problem is
> affectively solved.

Algorithms and schemes are already there, but there's no legal and/or policy
framework to force their use. In fact, the current framework is designed to
force the opposite.

~~~
negamax
You are speaking these words as a matter of fact but you couldn't be more
wrong. Government have access to this data by law when it's by a court order.
Why is the first defence statement made that it's not done on US citizens?
Because government will be pulled in court for this. And make no mistake, US
companies can be pulled in court over this in foreign countries. So don't make
flying statements like 'it was lawful' without understanding how court and
executive branches balance each other.

I agree with your point about existence of such algorithms. But we can
certainly improvise. What you have written here is like saying that Facebook
is just a message board. Of course, technologies exists. It's about how to
utilize them and make them easily accessible. And again, there's no framework
to force any communication channel. There's no law that data stored on servers
cannot be encrypted.

If it is lawful then there's no reason for Snowden to run and hide. In fact
you are insinuating that what he has done is unlawful.

