
Distracting the NSA - jdkanani
http://www.chemie.fu-berlin.de/chemnet/use/info/emacs/emacs_29.html#SEC303
======
TeMPOraL
To all thinking up ways to "distract NSA" \- keep in mind that they employ
skilled magicians that know how to use crazy spells and are smarter than most
of us here. Oh, and they also have several orders of magnitude more money.

By magic I obviously mean math, which is the real-world equivalent, at least
for information. The kind of math that leads to reading signals -30db below
noise level by handheld devices (aka. GPS). The kind of math that leads to
extracting causality graph out of data collected on a single point in time.
The kind of math that leads to recreating your social graph out of small bits
of metadata. And those are only the things invented some time ago that now
everybody knows how to do. What they can, and do, now, we don't know.

So basically any scheme to "distract NSA" should be assumed to be able only to
give them some good laughter, until proven otherwise by some mathemagicians.

~~~
AsymetricCom
> reading signals -30db below noise level

Can you tell us a little more about this?

~~~
TeMPOraL
The thermal noise level for 2MHz (GPS freq) is around -111dBm [0] and typical
GPS signals on Earth surface are around -130 to -160dBm [1] [2].

There was a discussion here about GPS jamming recently, and some commenters
also talked about it [3] [4].

[0] -
[http://en.wikipedia.org/wiki/Johnson%E2%80%93Nyquist_noise#N...](http://en.wikipedia.org/wiki/Johnson%E2%80%93Nyquist_noise#Noise_power_in_decibels)

[1] - [http://en.wikipedia.org/wiki/DBm](http://en.wikipedia.org/wiki/DBm)

[2] -
[http://www.gpsinformation.net/main/gpspower.htm](http://www.gpsinformation.net/main/gpspower.htm)

[3] -
[https://news.ycombinator.com/item?id=6124811](https://news.ycombinator.com/item?id=6124811)

[4] -
[https://news.ycombinator.com/item?id=6124965](https://news.ycombinator.com/item?id=6124965)

~~~
AsymetricCom
More specifically, I was wondering what the algorithm would be for such a
feat. One of the yc comments has a layman description linked from wikipedia

[http://en.wikipedia.org/wiki/GPS_signals#Demodulation_and_de...](http://en.wikipedia.org/wiki/GPS_signals#Demodulation_and_decoding)

------
xnyhps
I find all of these attempts to "troll" or "distract" the NSA quite naive. If
they truly have direct access to the backbone cables of the internet, then
they must be pretty good at filtering signal from noise. Just imagine the size
of email/IM traffic compared to bittorrent.

If they can extract everyone's email messages from fiber-optic cables in real-
time, then they surely are smart enough to create a filter that ignores just a
list of words without any actual structure, like "Croatian nuclear FBI colonel
plutonium Ortega Waco, Texas Panama CIA DES jihad fissionable quiche terrorist
World Trade Center".

~~~
popee
What if you could generates messages with real meaning but _are_ in fact spam?
That way lot of people could maybe make a difference.

Btw not sure how/where they sniff traffic, but creating alter egos that are
consistent -> also interesting concept. You goto jail because of multiple
virtual personality disorder :-)

Or planting bots that are not just talking gibberish? Or creating predefined
scenario and play it over time? Just to fuck them up?

~~~
xnyhps
How would that help? If the NSA tracks a billion accouns, how is even a
million fake ones going to make a difference? I'm pretty sure "spam" is not a
new concept to them.

If they want to look up any real person, they'll still be able to find all
their email/IM accounts. If you include a way for the recipient of an email to
tell "fake" messages from real ones, then the NSA will be able to tell as
well.

------
junto
If you want to send a message these days to someone in secret, the simplest
way would be to use a book cipher:
[http://en.wikipedia.org/wiki/Book_cipher](http://en.wikipedia.org/wiki/Book_cipher)

The NSA would need to know the book and the cipher. Screw using mathematical
encryption. For all we know it is now compromised.

As an added bonus, use text from spam email examples. Thus, the emails you
send end up in the spam mail folder of the recipient. I imagine that the NSA
will have optimised their hoover algorithm to exclude email that is spam. I
mean, do they really need to log all of those 'enlarge your penis in 6 weeks'
emails?

~~~
Tloewald
Given the horsepower the NSA is throwing at this stuff, testing for book
ciphers doesn't seem like an intractable problem.

I'd suggest we simply start attaching modestly large files of random numbers
encrypted (or not) using ridiculously secure keys to our emails.

Incidentally, if the ratio of content to encryption key length is high, the
likelihood of false positive decryptions will be high.

------
tome
This isn't in response to current issues. It's very old. I remember it from
ten years ago.

~~~
jk4930
According to Firefox's page info, this is from Fri 17 Oct 1997.

But yes, I remember when I studied there (2001), things like Echelon and Total
Information Awareness were the current topics. It was clear to us few
"paranoids" that we're (soon to be) completely "transparent".

------
rdtsc
This brings an interesting point.

Before this what would happen? So you type "terrorist, bomb, drone, blah blah"
in an email and send it to yourself perhaps. Does the NSA flag you and send
your IP to the FBI and then you get a knock on the door. Wouldn't that reveal
that they are spying and reading everything? It would probably so they might
not do it. Quietly watch you from the shadows so to speak until you happen to
walk into your gardening store to buy some fertilizer on day for your lawn.

Now, while it is good that we know the spying is happening, a more terrifying
thing is about to go on and that is -- they can just openly come and arrest
you for conspiracy to commit terrorism solely based on your online jokes for
example. They know that everyone knows that they are spying so there is no
need to hide their "tactics and procedures" anymore. They can come to your
door and with plain unflinching face say "You sent this sentence to your
friend on this day and hour as detected by NSA surveillance program, you are
now under arrest ... blah blah ..."

So to recap. Without an overwhelming outrage from the masses this revelation
will actually embolden them and will let them widen the scope and power of
these programs.

------
fnordfnordfnord
Just attach an encrypted text of the Bill of Rights to every email. Be sure to
re-encrypt every time so that they can't win back their storage by de-duping.

~~~
lukifer
I love this idea. I think overwhelming their storage and decryption resources
is much likelier to get results, compared to attaching "junk keywords" to
introduce noise (there's no way they don't already low-pass filter for such
simple "intel vandalism" already, especially as methods become standardized).

------
geuis
Would not a better way to do this be to take the spammer's approach? Spam has
gotten to be quite good at sounding realistic. It's also normally quite naive.
But instead of emailing real people, just setup a vast network of bot
addresses that all mail each other in realistic ways. The content of the
messages can be algorithmically generated to appear like nefarious
conversations.

I'd love to see NSA and FBI members burning money and time tracking down spam
bots.

~~~
IvyMike
> Would not a better way to do this be to take the spammer's approach

On the other hand, anti-spam has gotten very good at distinguishing wanted and
unwanted content.

If Google can do a reasonable job binning email spam, we must assume the NSA
can do a reasonable job ignoring even relatively sophisticated keyword
spamming.

~~~
gwern
> If Google can do a reasonable job binning email spam, we must assume the NSA
> can do a reasonable job ignoring even relatively sophisticated keyword
> spamming.

Indeed; however the recent Snowden leaks have given us a replacement - we know
that the NSA stores indefinitely any encrypted messages. So, simply include
inline a random message. Boom, you've permanently used up that much of their
space for nothing.

------
northwest
It seems more like _Distracting yourself_ to me.

~~~
gwern
It is easy enough in Gnus to hook it in automatically so it populated your
signature line by default, not much of a distraction. The scriptability is the
main point of email in Emacs.

I stopped it when I eventually realized that it was probably a little bit
distracting & annoying to all my _readers_ , not myself.

------
rocky1138
I came up with a similar idea for a Chrome and Firefox plugin that, when you
searched online, it would also search on everyone else's device that was
running the plug in. Other people's searches would also be run on your device.

This way, it would be hard for them to track who did the original search and
the amount of traffic going to the keyword would grow immensely, making it
harder to find out if the search was real.

~~~
ippisl
That could easily be filtered by timing analysis. You're the first to search.

------
frozenport
Or gives them more employees to tackle the problem?

~~~
Ackley
distract the NSA and pay for it with your taxes

