
Jacob Appelbaum at European Parliament: Privacy, security, spying issues - wicknicks
https://vikingvpn.com/blogs/politics/japplebaum-speaks-at-euro-parlaiment
======
jacquesm
Everybody has a cryptographic telephone in their pocket. The problems are the
cryptography is weak, the endpoints are insecure and people underestimate the
value of traffic analysis.

Even if the cryptography were perfect the endpoints could still be listened in
on and the latter would still be a huge problem.

Mobile phone encryption only works for the phone-to-tower part. Obviously what
Appelbaum is referring to is a phone that does end-to-end encryption (still
leaking some info but at least the contents of your conversation should be
mostly safe), but people that are not capable of making this distinction will
be wary of radio intercepts rather than wholesale line tapping.

It would be a funny thing if you needed a key-signing party before you could
start to call people on the phone but it may come to that yet.

~~~
Zigurd
It's all very do-able. Even carrier voice could be pulled up into userland
code in LTE, and therefore could use open source strong encryption.

Social networks are the ideal medium to exchange keys and form and maintain a
web-of-trust.

This does not fix traffic analysis, but it would blind Sauron's eye enough to
make the current surveillance infrastructure so unreliable as to be useless.

What's needed is for one or two national governments to come to the conclusion
that their own surveillance is so far behind the NSA that the only way to win
is not to play the game and actually secure their nation's communications and
sell this the way tax havens sold financial privacy.

~~~
jacquesm
> Social networks are the ideal medium to exchange keys and form and maintain
> a web-of-trust.

I can see some real problems with that method.

~~~
bigiain
I agree.

I've noticed my use of Facebook has been restricted and constrained by
mistakes I made when I first used Friendster and Tribe and Orkut. I see my
family and friends making many of the same mistakes I made - playing the
competitive "more friends" game and connection to people they've never met or
who they really don't want "snooping" on their social life - exes, coworkers,
bosses, friends-of-friends…

There's no way I'd want Facebook (or Twitter or Google or Yahoo or Microsoft
or … ) being any part of a "web of trust" I was using for
privacy/encryption/authentication – partly because there's no doubt they're
deeply in bed with the NSA (are you really suggesting Facebook's platform is
trustworthy enough to exchange keys?), but at least as much because I can
clearly see that most people haven't curated their social networking
"connections" with anything like the rigor they might have done if they'd been
told up-front that "these connections might be used to authenticate your
identity and communication to others (potentially including government, law
enforcement, and other legal/contractual entities), and also to authenticate
your connections identities and communication to those entities."

Do you _really_ know who all of your Facebook "friends" are? Are you _sure_
the person you think that account represents is actually in control of that
account? Even if they are, do you trust them enough to vouch for your
identity? Are you sure enough of that trust that they wouldn't "betray" you if
the NSA, or a police officer, or their local council's dog-catcher, or your
car/health insurance company approached them with either a threat or a handful
of cash?

~~~
Zigurd
Key signing enables keys to be exchanged in a hostile environment. Compare
web-of-trust to x.500 directory services, which are dependent on CAs.

It also isn't necessary to use Facebook for key exchange in order to adopt
social networking functionality to enhancing a web of trust.

The bottom line is you have to design a secure system to avoid having to trust
cloud services. While Facebook may be the poster child for untrustworthyness,
you can't trust your own machine in the basement of your house not to get
hacked. What you _can_ trust is key signing, because it requires stealing a
number of identities all at once.

------
plg
"I have in my pocket a cryptographic telephone"

Anyone know what he is referring to? I'd like one of those.

~~~
devx
If you can't get one of those, you can try Moxie's RedPhone for Android:

[https://play.google.com/store/apps/details?id=org.thoughtcri...](https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone)

~~~
schoen
I think the part of the speech quoted by the parent commenter was indeed
referring to exactly this software, and to the other things that the speech
mentions:

"I have in my pocket a cryptographic telephone [...] This phone, short of
breaking into it when I make a phone call, no one here, short of a
mathematical breakthrough, is going to be able to intercept it. I have a
couple different encrypted text messaging services. I have the TOR project,
Orbot, Progra, Cryptophone, Redphone, TextSecure."

In context, the "cryptographic telephone" is a smartphone running all of this
software. "Progra" is a mistranscription; I just listened to the original and
he says "the Tor Project's Orbot program".

~~~
dthunt
I would be shocked if Appelbaum is still using a standard cell-phone at this
point. There's just too much reason to worry about remote compromise of the
device.

------
frank_boyd
Jacob is awesome.

It doesn't need to be said anymore, but it still needs to be said.

~~~
arthulia
I met him once. We exchanged words. I didn't even know who he was, when it
happened.

