
Edward Snowden: The Internet Is Broken - doctorshady
http://www.popsci.com/edward-snowden-internet-is-broken
======
mirimir
Excellect! It's the most cogent analysis that I've seen from him. Damn, what a
fucking hero!

A few comments, however ...

> ... we had to go to the dark side to be able to confront the threat posed by
> bad guys. We had to adopt their methods for ourselves.

He's using "we" there in reference to the government. But it can also be read
with "we" as you and me, and "bad guys" as the government ;) But then, I claim
a broad "right to be left alone", one that doesn't concede any state monopoly
on power.

> ... you can’t opt out of governmental mass surveillance that watches
> everybody in the world without regard to any suspicious criminal activity or
> any kind of wrong doing.

Well, sure you can ... as he goes on to explain ...

> You would need to act like a spy to pursue a career in a field like
> journalism because you are always being watched.

... and ...

> Instead of changing your phone to change your persona — divorcing your
> journalist phone from your personal phone — you can use the systems that are
> surrounding us all of the time to move between personas.

Right! Compartmentalization is for sure the way to go. There are numerous
personas like Mirimir. Maybe I make it too distinctive. But I have no
meatspace identity that goes on like Mirimir does. And Mirimir, ve has lots of
vis personas. So hey, let's create a tangled morass of overlapping personas ;)

~~~
dcposch
> ve has lots of vis personas

Are those typos?

You touched on the cyperpunk fantasy: using multiple online identities, all
kept carefully separate from each other and from your real identity. (There's
an excellent short story called True Names that explores this idea.)

For the majority of ordinary, nontechnical people, there are lots of simpler
solutions.

* Use cash. In Berlin, many ordinary people have an awareness of and distaste for government surveillance. People remember East Germany. One result is that lots of people will just pay for everything in cash. In most other western countries, the norm is to leave an electronic trail of every single shop you visit.

* Use Signal or WhatsApp. WhatsApp rolled out strong end to end encryption to a billion people--most of whom have no idea what a "key" is and only the faintest sense of what "encryption" means.

The lesson I take from those projects is that whenever we can ship
transparent, easy to use encryption that our users dont have to worry about,
its a massive win.

If your app allows users to talk to each other privately, consider adding E2E
encryption. It's the future.

If your app has some kind of cloud backup, like a password manager or a photo
app, make sure that it's encrypted with a key that you don't have access to.

E2E comes with product tradeoffs. You may have to charge your users money,
because you cant target ads against data you cant access. You'll need to make
an installed app rather than a webapp. But its worth it -- and I think
someday, hopefully soon, users will demand it.

~~~
1stop
You can't E2E with a web app?

~~~
MichaelGG
No, not really. Until there's a standard that allows doing crypto in the
browser, enforcing a higher security level for the page, and somehow verifying
the hash of contents (so sites can "publish" an app) then web apps are
basically useless for security.

I know this is as pathetic as "why aren't scientists working on cancer instead
of X", but we have WebXXX including Bluetooth and USB, you'd think we'd have
"WebVerifiedApps" or something. Even content-addressable URIs aren't being
allowed.

It's funny, given the rise of things like Tutanota, which provide basically
zero security over Gmail. (In fact, probably worse, since Google's sec team is
way better.)

------
partycoder
The EFF warned long ago something was going on when AT&T was putting beam
splitters on Internet backbones to feed the NSA. Then Snowden revealed how
everything is tapped. Then, be sure all mainstream encryption is "NOBUS".
Nothing is truly random. Someone somewhere has the master key: elliptic curve
cryptography using magic numbers from NIST? "Secure boot" by Intel? OpenSSL?
Microsoft software? All backdoored. Trust no one.

~~~
djsumdog
I heard about those taps in 2008/2009 I think. Snowden hasn't really given us
anything truly new. It's also bizarre how quickly everything he presented
was/is accepted as fact immediately without question.

I think it's way more likely Snowden was intentional. He's still working for
the Federal government and the leaks are intentional so that the Federal
Government could announce to the world that they are spying on all their own
citizens...and nothing happen. No real revolution, and no real end to the
surveillance.

I mean yea, we have better security practices, more people use encryption,
more people are aware about security ... but overall the landscape hasn't
changed except in one crucial aspect: people are talking less publicly. People
are afraid that what they say is monitored. There has been a chilling effect.

The Snowden narrative needs to be questioned. Since when does an NSA
contractor working from home in Hawaii get VPN access to all the government
secretes? Like...people actually believe that?

~~~
snowwrestler
I hope you're being satirical. This is such a classic formulation of a
conspiracy theory that I hope it's intentional. If so, bravo!

If not, then like all conspiracy theories you need to account for everyone who
would need to be in on the secret, how they're all keeping the secret, and why
--what's in it for them.

~~~
themartorana
Just to be clear, a big chunk of what Snowden's leak revealed actualized a
bunch of conspiracy theories. Do you see the disturbing irony of dismissing
another conspiracy theory so flippantly? I don't believe it's true, but if it
turned out to be, I'd hardly be surprised.

~~~
snowwrestler
The difference is evidence vs no evidence.

------
0xCMP
> But at the same time, we technologists as a class knew academically that
> these capabilities could be abused, but nobody actually believed they would
> be abused. Because why would you do that? It seemed so antisocial as a basic
> concept.

I guess so? Not me though. Snowden literally only proved what I had learned on
my own.

> But we were confronted with documented evidence in 2013 that even what most
> people would consider to be a fairly forthright upstanding government was
> abusing these capabilities in the most indiscriminate way.

Um. Who thought this? Ever? Since the 90s.

~~~
sp332
You knew GCHQ tapped Google's datacenter-to-datacenter links?

~~~
nickpsecurity
Definitely. They could, targets were using it, they were known to tap backhaul
microwaves/satellites, their own guideance in high-assurance side was using
link encryptors between sites, its in their commercial recommendations (NIPSOM
Industrial Security Manual), and so on. Everything in the world to make you
think _somebody_ was tapping your line and that they might.

So, some groups that were wise went ahead and deployed link encryptors. Black
programs, follow NIPSOM and SAP supplements, sure as hell used link encryptors
so good [1] we can't buy them because... national security. I sure as hell
used end-to-end crypto and VPN's for anything significant. Google and
Facebook... treasure troves of PII and I.P.... didn't for reasons I can't
imagine. Result was they got intercepted in bulk by something that's been a
known risk for 20+ years. Take NSA out of picture and they should've still
thought the lines might get tapped by crooks or foreign spooks.

So, yes, Snowden leaks mostly just taught us what we already knew in greater
detail. People ignored it then, some ignore it now, and yeah problems
happened.

[1]
[http://www.raytheon.com/capabilities/products/high_speed_net...](http://www.raytheon.com/capabilities/products/high_speed_network/)

~~~
pyre
Google's datacenter-to-datacenter links probably weren't going over the public
internet, so they didn't feel the need to protect against man-in-the-middle
attacks on physical lines that they owned. If you connected two computers to
each other with a cross-over cable, would you feel the need to encrypt all
communications between them, just in case?

~~~
nickpsecurity
I'm sure that's what they thought. It's so common it's in textbooks. As in,
any point-to-point line running outside two buildings through public land and
a third party network owned by sneaky, Tier 1 types could never result in
eavesdropping by anyone with physical or logical access. It was ridiculous
claim when I read it and wasnt doing INFOSEC at the time. Horrendously stupid.
There were already link encryptors on market for those exact lines for a
reason. A good one in this case.

Far as your contrived example, yes I did recommend Layer 2 or 3 encryption,
authentication, and monitoring between all nodes for a variety of benefits. It
was also in Red Book (Orange Book for networking) as a high-assurance security
requirement due to malicious hosts or tapped lines. All the times I
eavesdropped on and screwed with Intranets fully justified it. Moreover,
reading the Security Monkey later showed he handled a situation where an
intruder did a physical splice of the line into a nearby building for his
attacks. Just more evidence.

So, yes, security must be applied to every layer inside of and around
endpoints, networks, and more. The risk you mentioned, minus crossover part,
resulted in numerous hacks in the real world that my methods and 80's era
methods would've stopped. In a PCI form factor, too, as DiamondTEK secure LAN
did exactly that.

------
tmnvix
Well yes, the internet is broken. That article is inaccessible to me. I am
redirected from popsci.com to popsci.com.au which, it appears, doesn't have
the article in question. I just get a message telling me "Oops! Something went
wrong. Please scroll down to find your content." The content isn't there and
there is no way to select the non-au site. Very broken.

------
tmptmp
I guess, the Snowden incidence is being used to hurl undue venom towards USA.
But these people are ignoring or deliberately misleading other people to
ignore the real dangers posed by extremists (including Islamists, communists,
the far right Christians and so on). These ideologically driven criminals
(called terrorists) live hidden in the general public. Their identification is
a main problem. This "identification" problem is what requires mass
surveillance.

The terrorists are significantly different than many other criminals. In the
sense that terrorists are not mainly driven by personal and earthly goals but
they are driven by the goals set by their ideologies. Thus terrorism (inspired
by hate ideology or religion) is significantly different in a very important
respect from other crimes; that is, the terrorist(s) generally find support
and shelter amongst large number of otherwise normal citizens inspired/driven
by the hate ideology or religion whereas a murderer or a pedophile generally
doesn't find such shelter.

Tell this Snowden to do (or at least talk) a little bit about the dire
situation of people's freedom in the country he has chosen to flee to, namely,
Russia. And the people who are criticizing US way too much should do
themselves a favor by looking at countries run by tyrants like China, North
Korea, most Islamist countries and Cuba. The way the Chinese government does
the _mass surveillance_ of its citizens on the Internet and the way the
communists have installed the _reward /punishment system_ based on it will
make you realize that what is happening in US is hardly even annoying.

I am not to say that US is innocent person but it has been receiving criticism
way too much.

Edit: typo

~~~
mercurial
> I guess, the Snowden incidence is being used to hurl undue venom towards
> USA. But these people are ignoring or deliberately misleading other people
> to ignore the real dangers posed by extremists (including Islamists,
> communists, the far right Christians and so on).

Yeah, well, I don't think Cuban or North Korean spies are really at the
forefront of anyone's concerns (apart from South Korea and Japan).

> Thus terrorism (inspired by hate ideology or religion) is significantly
> different in a very important respect from other crimes; that is, the
> terrorist(s) generally find support and shelter amongst large number of
> otherwise normal citizens inspired/driven by the hate ideology or religion
> whereas a murderer or a pedophile generally doesn't find such shelter.

Funny how pedophile rings are regularly dismantled (and made of "otherwise
normal citizens" in majority). As for the "wolf in sheep's clothing" thing,
it's not necessarily true (look at the profile of the attackers in France and
Belgian, most of whom were linked to petty criminality - not to mention the
guy who _actually went to Syria_ ).

> Tell this Snowden to do (or at least talk) a little bit about the dire
> situation of people's freedom in the country he has chosen to flee to,
> namely, Russia.

It was only a choice in the sense that the alternative was "kidnapping by the
CIA". Russia was way down in Snowden's list of countries to flee to. What you
don't seem to realize is that even if it's not abused _now_ , it could very
well be abused _tomorrow_. You want a Donald Trump nominating one of his
cronies at the head of the US intelligence services and starting to dig into
untold amounts of already-recorded communications?

And it's not only the US. Us Europeans are doing exactly the same thing, just
with less money. The potential of it being abused by organizations which by
their very nature have little to no external oversight (or by their political
masters) is absolutely frightening. And that's compounded by the panopticon
effect: if you're never sure of how much you're being watched, you will self-
censor.

~~~
tmptmp
>>You want a Donald Trump nominating one of his cronies at the head of the US
intelligence services and starting to dig into untold amounts of already-
recorded communications?

Still a Donald Trump _in USA_ is far better and very less dangerous as
compared to the tyrants like Mao or Stalin or Castro, because USA has many
good checks and balances in place. I do appreciate people's fears about state
becoming tyrannical but people in USA should not allow its enemies to use
(exploit) such fear to push forward their agenda and make US a weak and
vulnerable state.

The people of USA should recognize this. The important point to note here is
that the intellectuals (Snowden and his supporters) who are targeting USA both
at national and international level _were_ silent about the extremely
intrusive surveillance and other atrocities inflicted by the tyrants like
Putin (at whose place Snowden may be currently enjoying his reward) and _are
still silent_.

~~~
mercurial
> Still a Donald Trump in USA is far better and very less dangerous as
> compared to the tyrants like Mao or Stalin or Castro, because USA has many
> good checks and balances in place.

How do you think Hoover stayed in place that long? You can pull a great many
things without needing to disappear people at four in the morning.

> The important point to note here is that the intellectuals (Snowden and his
> supporters) who are targeting USA both at national and international level
> were silent about the extremely intrusive surveillance and other atrocities
> inflicted by the tyrants like Putin (at whose place Snowden may be currently
> enjoying his reward) and are still silent.

Snowden was not a public figure before. And you really think a life of exile
in Russia is some kind of reward?

That said, I think Snowden is against global surveillance in general, but:

a) I can totally understand that you want to tread carefully in this kind of
situation. You don't think he has already given up enough? What would you do
in his situation?

b) While Putin is certainly more willing to suppress political opponents, I
doubt the Russian surveillance network is even remotely in the same league as
the NSA

c) Snowden is no doubt a lot more qualified to speak about Western
surveillance than he is about Russian or Chinese efforts

~~~
tmptmp
>>How do you think Hoover stayed in place that long? You can pull a great many
things without needing to disappear people at four in the morning.

Still Hoover or whoever in USA is no match for Mao or Stalin or Castro as far
as their potential to inflict torture and control over their citizens is
concerned. A president in US cannot be a president for his entire life, it's
only 8 years max (that too if people wanted him/her to be).

While in Cuba we can see Castro remained in power until he couldn't move his
body even so much and then also he put his crony (his brother) in power. That
is dangerous and worrisome.

>>While Putin is certainly more willing to suppress political opponents, I
doubt the Russian surveillance network is even remotely in the same league as
the NSA.

The way Putin and his cronies suppressed homosexuals in Russia sends chills
down the spines of free thinkers.

In short, with your neighbours and even family members spying on each other
and reporting to Putin's people, you don't need sophisticated surveillance
network in the first place.

In USA, the situation is far, far better than what the Snowdens and their
supporters are trying to portray.

~~~
tmptmp
See [1] also

[1]
[https://en.wikipedia.org/wiki/LGBT_rights_in_Russia](https://en.wikipedia.org/wiki/LGBT_rights_in_Russia)

------
stevetrewick
> _But at the same time, we technologists as a class knew academically that
> these capabilities could be abused, but nobody actually believed they would
> be abused. Because why would you do that? It seemed so antisocial as a basic
> concept._

What's with 'we?' The various classes of technologists that I've been a member
of - from the teen hax0r BBS days thru the crypto lists and Usenet groups to
actual working professionals have absolutely believed this. It takes a truly
spectacular amount of naivety to believe the contrary.

I have a deep and profound respect for Snowden, who has certainly sacrificed
any possible semblance of a normal life in his native culture and likely
narrowly escaped a worse fate, something he must certainly have known was a
risk. It is his very naivety that made him such a perfect whistleblower : he's
in there looking around and he's like "Holy crap! These guys are into some
profoundly bad shit! I have to tell everyone!"

There's probably a hiring policy moral for black ops shops in there somewhere.

~~~
sievebrain
I think he's right. His statement is carefully phrased. Yes, of course, all
sorts of intelligent people have argued that the tools of mass surveillance
_could_ be developed and _could_ be abused.

But only a very small number of people picked up on AT&T Room 101 and Echelon
and so on, and saw their significance. Unfortunately those things were more
like news stories than events that redefined people's thinking. Mass
surveillance simply wasn't a part of the conversation for the vast majority of
technologists _who mattered_ , i.e. the ones building the products we all use.

The NSA leaks changed all that. Now you have the guys running WhatsApp and
Apple talking about this stuff. And even though for politeness reasons they
sometimes talk in hypotheticals, "if we don't encrypt it _could_ be abused by
_bad_ governments", it's as clear as day that what they really mean is
"because we don't encrypt it _is_ being abused by _our_ governments".

~~~
stevetrewick
Not could. Had been and were, for which there was growing evidence culminating
with the Snowden files. I don't disagree that they had a considerably larger
impact than what went before. You're absolutely right in the sense that once
the stories of GCHQ's black boxes, the EUP's documented disclosure of Echelon
[0], room 101 and so on and so forth got outside the circle of people who were
familiar with them they became FOAF stories and conspiracy theories and
weren't part of any mainstream discourse, but there was a bit more to [it]
than abstract hypotheticals and general 'power corrupts' cynicism.

[0] An Appraisal of Technologies of Political Control.
[http://www.europarl.europa.eu/pdf/jadis/2013_12/8.PE4_AP_PV!...](http://www.europarl.europa.eu/pdf/jadis/2013_12/8.PE4_AP_PV!LIBE.1994_LIBE-199801260050EN.pdf)

[edit]

------
nickpsecurity
He's still not getting it or fully recommending it any more than most have.
The funny thing is that I recently read a 150 page interview with one of
founders of INFOSEC, Dr Schell, that showed his employer was the same way:
ignored "COMPUSEC" as useless in favor of "COMSEC" solutions to all security
problems. Schell, Karger, and Anderson's tiger teams smashed every mainframe
and crypto using system put in front of them due to hardware and software
bugs. They bypassed it.

Like Schell and Karger said for _30 years_ , what we need is to start
deploying high-assurance security practices, protocols, systems, methods...
everything that's proven to get the job done in various ways. We need them
deployed pervasively. More private protocols and encryption by default, too,
but who gives a shit if it runs on systems so insecure it doesn't need
backdoors?

Let's go back to 1960's moving toward the 70's and 80's on hardware stuff.
Burroughs stuff was tagged so everything in memory was code or data, pointers
protected, arrays bounds-checked, arguments checked on function calls, and OS
tried to isolate apps from each other. Some LISP machines had GC's for memory
management. System/38 had capability-security & built-in database. Solo had
safe concurrency at OS level. One had read-only firmware you couldn't change
without physically moving it with a nucleus that handle protected functions
that OS's built on. Two implemented a secure, Ada runtime that enforced the
language's safety properties. SAFE (crash-safe.org), Cambridge's CHERI, and
Sandia's SSP/Score processors follow these traditions.

Now let's look at how Schell et al said to do assurance. Precise,
math/flowcharts/whatever description of functional and security requirements
to avoid ambiguities & resulting vulnerabilities. Similar for design with
attention to simplicity. Implementation in safest language you can with
simpler subset and style easy to analyze. Every module proven to match a
requirement/spec so no subversion (well, a start on it...). Strict modularity,
layering, and interface checks all over the place. Success _and failure_
states modeled then shown to follow a precise, security policy. If you can't
state it precisely, then you can't secure it because you don't know what
security means for you. Code review, tests of each function, formal proofs if
possible, static analysis if possible, _covert channel analysis_ of info
flows, configuration management that _assumes malicious developers_ , source
to object code verification, trusted distribution of HW/SW to customers,
onsite verification/generation from source, and configuration guidance. All of
this independently verified by at least one set of professionals that know
what they're doing.

That was security in 1970's-1980's. Far from red tape some here claim, _every
method above_ was proven by researchers, field users, and pentesters to catch
serious problems. The only dispute was what caught most and where to spend
most money. Even those questions had decent answers. Well, plus specific
design and modeling decisions but INFOSEC was in infancy & that was evolving.
I'm talking assurance activities: getting it done right whatever it is. Fast
forward today to find that all the problems Schell, Karger, etc predicted have
happened and consistently in systems that don't use those methods whereas
systems that do avoid many more problems.

So, here's the solution: raise assurance of our systems across the board using
methods that go back to _1961_. That's right, Burroughs engineers were doing a
better job on security before that was even a thing just trying to improve
reliability. This is 2016. We have better specs, better languages, better
static analysis, easier formal tools, automated test generation, tons of
sample code, fast dev machines... you name it. There's no excuse, outside
willful ignorance or apathy, for security-focused developers (esp in FOSS) to
not use everything at their disposal that's _proven to work_ at reducing risk.
Even less excuse for the stuff they make to _still_ be less secure than tech
from the friggin 60's and 70's.

Shout out to the exceptions that are trying to do it right. Groups like
GenodeOS, Dresden, NICTA/OKL4, Carlisle's IRONSIDES DNS, Bernstein's stuff,
Galois, JX OS, ETH, INRIA, Secure64, Sentinel HYDRA (minus bodacion crap lol),
Combex, and even NativeClient since they knocked off OP browser. Enough stuff
like this and NSA will be begging us to ban INFOSEC books and shit since their
info will dry up haha.

~~~
hnhnhn3
I agree that software bugs are a bigger concern than encrypting everything. I
think the problem is that not many people are starting companies around "high
assurance." How do you get people to turn their PL research into startups?

~~~
nickpsecurity
Galois Inc is a perfect example of one that continually makes money on high-
assurance R&D some of which they open-source. Others spin it off into useful
commercial tools. INRIA has done that with Astree Analyzer for C. Other times
they can just make the tools practical and available for a community that will
then build on them alongside their students. INRIA w/ Ocaml and Coq come to
mind again.

So, that's one route.

------
mouzogu
I have absolutely no faith in any government that gives the impression that
they will add tighter controls or a reduction on the collection of personal
data.

They've been doing this for many years before Snowden and will continue long
after any new laws are passed to give us the impression of an improvement.

------
Daneel_
I'd love to be able to read this article, however popsci, in their infinite
wisdom, redirect all Australian users to the .com.au site...which doesn't have
the same articles. _Sigh_

US proxy it is then!

------
educar
Excellent points.

I think the other part which he hasn't discussed is the rise of Cloud
companies like Google, Facebook. We should really be working towards an
internet where people can keep the data to themselves and decide how it gets
used. But now, the default is for these corporations to own all the data.

Of course, govt can still access the data (which is what snowden is talking
about) but that is a different problem.

------
awqrre
Computers are also broken, and the Internet makes it more obvious.

------
yoz-y
Soo... roll out your own crypto?

------
lolidaisuki
>hello,

>You are receiving this error message because your ip (89.234.157.254) is
listed in the StopForumSpam.com database.

>You can check the status of your IP and have it removed by visiting
[http://www.stopforumspam.com/removal](http://www.stopforumspam.com/removal).
Thank you.

It's kind of ironical that they are quoting Snowden and their own site blocks
Tor.

E: didn't HN used to have markdown quoting?

~~~
maxerickson
There's only been
[https://news.ycombinator.com/formatdoc](https://news.ycombinator.com/formatdoc)

------
known
Broken for whom?

~~~
voidz
The Dutch for one, whose major ISP Ziggo still does not provide IPv6.

~~~
jason46
The only cable provider(charter) in northern MI doesn't support IPV6.

~~~
api
The largest provider where I live in Southern California does not support
IPv6. The largest cloud providers don't either. Amazon, Google, and Microsoft
all lack any IPv6 support at all.

~~~
DanielDent
Large cloud providers may have _poor_ IPv6 support, but they do have some
support.

For instance, do a DNS lookup on netflix.com. You'll find IPv6 records
pointing to Amazon AWS IP space.

------
matchagaucho
_" police and the government then have the authority to search through your
entire life in your pocket just because you are pulled over for a broken
taillight"_

This is the classic Snowden formula. Establish a false premise that has no
faith in the government or constitutional rights, then continue to paint a
picture of a dystopian future.

This guy should be writing sci-fi novels...

 _[edit: I predicted at least 5 down votes as I typed this. Don 't disappoint
me ;-) ]_

~~~
crpatino
What is the false premise?

Why do you think 'faith' is required in a logical argument?

What future?

~~~
soared
"police and the government then have the authority to search through your
entire life in your pocket just because you are pulled over for a broken
taillight: "

Is false.

~~~
ashitlerferad
Isn't it routine?

