A few comments, however ...
> ... we had to go to the dark side to be able to confront the threat posed by bad guys. We had to adopt their methods for ourselves.
He's using "we" there in reference to the government. But it can also be read with "we" as you and me, and "bad guys" as the government ;) But then, I claim a broad "right to be left alone", one that doesn't concede any state monopoly on power.
> ... you can’t opt out of governmental mass surveillance that watches everybody in the world without regard to any suspicious criminal activity or any kind of wrong doing.
Well, sure you can ... as he goes on to explain ...
> You would need to act like a spy to pursue a career in a field like journalism because you are always being watched.
... and ...
> Instead of changing your phone to change your persona — divorcing your journalist phone from your personal phone — you can use the systems that are surrounding us all of the time to move between personas.
Right! Compartmentalization is for sure the way to go. There are numerous personas like Mirimir. Maybe I make it too distinctive. But I have no meatspace identity that goes on like Mirimir does. And Mirimir, ve has lots of vis personas. So hey, let's create a tangled morass of overlapping personas ;)
Are those typos?
You touched on the cyperpunk fantasy: using multiple online identities, all kept carefully separate from each other and from your real identity. (There's an excellent short story called True Names that explores this idea.)
For the majority of ordinary, nontechnical people, there are lots of simpler solutions.
* Use cash. In Berlin, many ordinary people have an awareness of and distaste for government surveillance. People remember East Germany. One result is that lots of people will just pay for everything in cash. In most other western countries, the norm is to leave an electronic trail of every single shop you visit.
* Use Signal or WhatsApp. WhatsApp rolled out strong end to end encryption to a billion people--most of whom have no idea what a "key" is and only the faintest sense of what "encryption" means.
The lesson I take from those projects is that whenever we can ship transparent, easy to use encryption that our users dont have to worry about, its a massive win.
If your app allows users to talk to each other privately, consider adding E2E encryption. It's the future.
If your app has some kind of cloud backup, like a password manager or a photo app, make sure that it's encrypted with a key that you don't have access to.
E2E comes with product tradeoffs. You may have to charge your users money, because you cant target ads against data you cant access. You'll need to make an installed app rather than a webapp. But its worth it -- and I think someday, hopefully soon, users will demand it.
ve = she/he
ver = him/her
vis = hers/his
I encountered them in Greg Egan's Diaspora.
And yes, True Names :) An inspiration.
With a decent host machine, one can run numerous Whonix instances, each with one or more personas. They can be long-term or throwaway.
I do nothing at all private on smartphones. Signal and WhatsApp are cool and all, but radios are untrustable black boxes. Even if the data is secured at rest.
Edit: In Egan's Diaspora, one of the protagonists is a software-generated entity, which literally has no gender. In my case, I'm referring to invented personas, which have whatever gender I fancy.
Edit: Oops, this was in the wrong subthread, so now I have maybe a duplicate. Damn.
Or is it just that you fundamentally disagree with the "need" for gender neutral pronouns and this is your way of ridiculing it? I'm afraid I don't follow your logic at all.
Simply inventing a new word and expecting that suddenly everyone understands it feels arrogant and leads to discussion derailments like this one.
I would also agree that "they" is the best choice.
I don't like artificial pronouns either, they stick in my mouth and feel weird, and I'm lazy so I use they. But other people have other preferences or needs so I try to tamp down any unproductive instinctive reaction in myself- who am I to say in a hundred years we won't be using them? After all, our post-singularity AI offspring won't have the same idea of gender as we do...
I'm not sure reintroducing a word from a long-dead language (even if it's an antecedent to your own) is much different from just making a new word up, other than it might sound a bit better if the language is related. Words can come from anywhere; why not invent the ones you need? Laser radar quark...
I knew what those words meant and would have shared as well, despite how much I detest the SJW movement.
Edit: Oh, social justice warrior. Meh. Me, I'm just an old anarchist ;)
You should try to stay on topic around here, and take that kind of vitriol elsewhere.
The technology is probably available, and it's entirely possible that ATMs could be recording serial numbers of dispensed cash and tying them to the account used, but it's (presently) deeply unrealistic that every possible (or even most) places that accept paper money have the ability or desire to record serial numbers of incoming & outgoing bills.
Serial numbers on bills are routinely scanned and tracked. There's a discussion here:
It's not done at the point of sale. It's done when the money is returned to the banks themselves, and when they're dispensed at ATMs. Cash doesn't circulate for long and anti-money laundering laws prevent payment for many expensive items in cash, so this can provide important clues about where the money goes.
For instance, withdraw money from an ATM, pay for food at your local grocery shop, and the bank/govt can see "withdrawal from account Herr Schmidt at 7:03pm Thursday, deposited by a grocery store down the road the next day" and conclude the money was used to buy food ... or at least had at most one hop in between.
Dump $50, get a random bunch of notes that add up to $50.
Dump a prepaid SIM, get a new prepaid SIM.
I know this is as pathetic as "why aren't scientists working on cancer instead of X", but we have WebXXX including Bluetooth and USB, you'd think we'd have "WebVerifiedApps" or something. Even content-addressable URIs aren't being allowed.
It's funny, given the rise of things like Tutanota, which provide basically zero security over Gmail. (In fact, probably worse, since Google's sec team is way better.)
update No. EME is only intended to be used by content consumers; even if it could be hacked to encrypt uploads / outgoing transfers, that use case wouldn't even be considered important as the spec evolves. Super lame.
It takes a special kind of persistent, all-encompassing paranoia and effort. And as we've seen in the past, it only takes a single fuck-up, logging into the wrong server with the wrong account once, mentioning the wrong anecdote with the wrong persona, and bam, you're fucked. Once two dots are connected, they cannot be unconnected.
> But we were confronted with documented evidence in 2013 that even what most people would consider to be a fairly forthright upstanding government was abusing these capabilities in the most indiscriminate way.
This really does depend on who you ask.
Second, if someone makes a movie about you, that does not expand your knowledge into wide areas or into depths of world knowledge.
Third, no one individual can become an expert on all things based on knowing other like-minded individuals.
My point was, it seems too many of his worshipers now come to his altar asking for his opinion on all things ... and forgiveness.
Trust no one
With this sort of attitude you might as well give up on life. Society doesn't work without trust between people.
So it's hard to "trust" in a single direction when the actions that cause distrust are so, so bald-faced. Every conspiracy-sounding theory surrounding surveillance has turned out to be true. And all that worry about being caught has had a net-zero effect. Maybe Let's Encrypt was at least partially a result, but that's about it. So why worry now? Turns out secret courts are just about guaranteed to green-light whatever the hell the NSA wants, so people finding out didn't really turn out as badly as they were worried about.
So "trust us" is about impossible anymore. I don't know if the relationship can be healed, to be honest. Obama was the ideal of our best shot, but that ship sailed like, day 2.
The #1 goal of the Neoliberal elite class is to crush the will of people like you. If you've already given up then you might as well be dead to them; they don't even need to spy on you at that point! If, on the other hand, you're out in public and organizing in large numbers then what can they do? You can force them to engage with the issues on your terms.
If people are upset, enough to effect change, they only have to start showing up. Find the game, learn the game, play the game.
Technology alone cannot solve political problems. The technology can be banned.
Technology can, however, raise the difficulty for sub-components of a government that are wanting to push the limits and do things outside the boundaries of the politically agreed upon systems. Encryption can't stop the NSA if it has widespread political support because the encryption can be banned. But right now intelligence agencies are absolutely hurting, because what they're doing is highly controversial and blocking them with encryption is not at illegal. If the political debate is won, even if it's just a partial win, then they're forced back inside their box for a long time to come.
I'm glad there are people fighting the political fights too, though I can't imagine where they get the patience. I certainly have nothing to offer in that arena.
I take your point about the NSA, but it doesn't appear that political action will stop them either, because they are happy to ignore political constraints (and lie to Congress about it, for example) and simply do whatever their technological capabilities allow them to.
A war on encryption would be much easier to enforce than a war on drugs because there are such fewer sources, and there's not a big market for its use.
This author's conclusions seem quite sound to me. They collapsed it in a way to comply with a gag order while silently sounding an alarm.
Anyone operating in this space is eventually going to get the same option as Lavabit's founder: compromise or collapse.
He created E4M (which truecrypt was based on) and is rumored to have been one of the creators of truecrypt. Apparently he's also been a US government asset for a while.
I think it's way more likely Snowden was intentional. He's still working for the Federal government and the leaks are intentional so that the Federal Government could announce to the world that they are spying on all their own citizens...and nothing happen. No real revolution, and no real end to the surveillance.
I mean yea, we have better security practices, more people use encryption, more people are aware about security ... but overall the landscape hasn't changed except in one crucial aspect: people are talking less publicly. People are afraid that what they say is monitored. There has been a chilling effect.
The Snowden narrative needs to be questioned. Since when does an NSA contractor working from home in Hawaii get VPN access to all the government secretes? Like...people actually believe that?
Oh for goodness sake. Reality is too boring for you? You could engage with the real campaign that EFF and Snowden and others are trying to get going, or you could wander off and make up some other story that protects you from having to do anything.
Since when does an NSA contractor working from home in Hawaii get VPN access to all the government secretes?
Since the NSA got reliant on huge networks that aren't understood by their own management and they needed to hire in techies to keep it running.
Essentially: big organisations have to choose between (a) crippling levels of security that prevent them from getting anything done or (b) getting things done with a small risk of leaks.
(a) is pointless so everything is heading for (b) and thats why every major news story of the last few years and the next few decades is going to be based around leaks.
Back then the excuse was that they were only being used to collect foreign traffic. Snowden revealed their loose interpretation of "foreign" and many more domestic activities happening outside of AT&T NOCs.
Foreigners' rights aren't protected by the constitution. Citizens' are and now we have legal standing to force the government to respect the law which we didn't have before knowing that the panopticon was pointed at us.
Those who knew how much the system had changed from satellite-intelligence gathering (from the era prior to transatlantic/transpacific submarine fiber, where most phone calls and international data were satellite based), to tapping fiber at submarine cable landing stations and "partnering" with major telcos, were totally unsurprised.
Anyway, it was all over US media from 1999-2001 plus European Parliament with plenty testimony and recommendations. And again, the link encryption recommendation was in US security requirements anyway.
If not, then like all conspiracy theories you need to account for everyone who would need to be in on the secret, how they're all keeping the secret, and why--what's in it for them.
Re damage. Tens of billions to economy that military-industrial complex worked hard to get. Push-back against police state legislation. NSA ops and methods blown. Large uptake in products that reduce SIGINT. Businesses moving overseas. All with no benefits on the table for intelligence agencies.
Far as distractions, that's the media's job focing on mass shooters, North Korea, ISIS, etc instead of pending legislation and schemes by government.
I guess so? Not me though. Snowden literally only proved what I had learned on my own.
Um. Who thought this? Ever? Since the 90s.
This was censorship by business and security communities plus apathy by consumers. Plain and simple. The business communities didn't want to spend crap on INFOSEC. The ones that did faced two obstacles: (a) low volume meant real deal was ridiculously expensive with slower development; (b) mainstream INFOSEC conned companies with bandaids or fake security because they made more money that way. Constantly charging to fix problems they left in or upgrades people didn't need.
So, result was everything is shit security and stays that way. Neither proprietary nor FOSS learn from lessons 99% of the time. All due to what Schneier always called "perverse incentives" that keep bad stuff produced.
So, you're saying that Snowden is right, that computer people as a whole were not aware of it. There is a huge difference between a theoretical risk and someone coming forward with a huge amount of proof that it is, in fact, happening right now.
Such things were mostly ignored despite being in media, conferences, government certifications... yoh name it. Interestinv enough, Snowden had seeminglh no impact on number of high assurance dsvelopments out there. So, even as bad as it is, people aren't doing the things that stop even NSA during evaluations and which they themselves use for most critical stuff.
Without Stallman's foresight of the need for public domain open source software, there would only be proprietary software, all subject to PRISM.
Without the foresight of potential Government's to come the US founding fathers would not have written in such protections as still exist today.
Before Snowden there were many that suspected but now everyone knows.
>Um. Who thought this?
"I had too much faith that the government really would do no wrong. I was drinking the Kool-Aid in the post-9/11 moment. I believed the claims of government, that this was a just cause, a moral cause, and we don't need to listen to these people who say we broke this law or that law."
pre Snowden this was unopposable, the NSA's James Clapper lied to Ron Wyden in Congress about mass surveillance.
Now I want to use Emacs. I want to use everything FSF if possible. I'm no where close. There is a lot for me to do to get there. But I'm hoping I will because soon that may be our only hope.
> NSA's James Clapper lied to Ron Wyden in Congress about mass surveillance.
And isn't that crazy? Try lying in front of congress and not go to jail. Such corruption. Completely institutionalized corruption of the processes and the power of congress to check the power of the NSA.
Whoa, whoa, let's not go that far.
Or proprietary, shared-source software provided by nonprofits or companies in jurisdictions that aren't surveillance heavy. No, you don't need FOSS to avoid PRISM lol. It has its advantages in resisting totalitarianism for sure but you don't actually need them. More of author or organization's intent and licensing that really matters. Many models available.
Btw, the first, secure-ish mainframe OS (MCP of Tron fame) was sold in source form by Burroughs with fixes/updates allowed to be submitted. In 1963. High-assurance stuff under Orange Book similarly had to deliver source that was reviewed and provided a way to know you had same copy. Just to support my claim that there's proprietary models for it but most just wanted money instead. ;)
Stallman saw it coming early enough that he had completed his GNU Free toolchain in time for Torvalds to use it.
A developer community is less likely to arise when your modifications can be closed and you cannot fork. If your business runs in someone elses walled garden it can be taken away.
Without the GPL's four freedoms we would not have the rich public domain of code we have today - a legally protected commons.
Before the GPL the public domain suffered from the tradgedy of the commons, a fantastic legal hack.
We're still waiting on FOSS model to do that. Nobody has. Fortunately, the cathedral builders in industry and good CompSci are sometimes open-sourcing stuff after the fact. RISC-V, GenodeOS, seL4, NaCl, etc.
What you say is not technically incorrect, but practically Google, Apple & Microsoft were all secretly in NSA's PRISM. A large corporate entity is subject to state pressure in a different way than a public good. A corporation must profit, new markets must be entered, their regimes placated at the expense of users. Ownership is a single point of failure.
A proper security audit is only possible if one can compile that source with ones own toolchain or get the binary from a source you trust. One must test and make modifications, otherwise the binary only purports to be from exactly that source.
So you must in the end trust the companies, and trust them to release patches promptly, not delay them at the behest of the NSA (as per Snowden).
PGP and SSH are both provably secure. Security is dynamic, FOSS is faster at releasing patches and not removing features while updating security.
If a patch removes an essential feature and security is bundled with it, this is problematic. If you cannot use distributed community modifications then you are often out of luck.
Companies change hands, policies change, you may be secure today but they sell your data tomorrow. Free software forks at disagreements so everyone is happy. Free software cannot be taken from you by law - it is public domain.
Ownership can be a single point of failure but someone owns copyright to GPL code, too. Trick is protections in licensing. A recent conversation found that the real issue, if you get down to it, is in distribution: free distribution and network effects is strongest benefit of FOSS over proprietary, shared-source model which may have every other benefit.
"A proper security audit is only possible if one can compile that source with ones own toolchain or get the binary from a source you trust. One must test and make modifications, otherwise the binary only purports to be from exactly that source."
Realize that I said proprietary, shared source. You have the source of whatever you need. One can also do something like Wirth's Pascal/P where runtime is P-code and some I/O shims. Everything else in toolchain was compiled to it. Result was amateurs ported whole thing to 70+ architectures while having to reimplement just one, tiny part. Interesting enough, System/38 design did same thing at microcode or asm level with successful port to POWER with many apps needing no source recompile.
"So you must in the end trust the companies, and trust them to release patches promptly, not delay them at the behest of the NSA (as per Snowden)."
This problem exists for FOSS, too, so don't kid yourself. The vast majority of FOSS isn't Linux: it's barely maintained and many ignore bug reports for long periods. The average is in favor of FOSS if it's major projects vs proprietary software but individually it ranges from total shit to excellence. Totally dependent on contributors or maintainers.
"PGP and SSH are both provably secure. "
They're not due to their CVE history. They just got really good with GPG foiling NSA after years of improvements with a narrow focus for GPG. GEMSOS, PSOS, and seL4 are provably secure. World of difference in how they're built. None were created with a FOSS model.
"If a patch removes an essential feature and security is bundled with it, this is problematic. If you cannot use distributed community modifications then you are often out of luck."
" Free software forks at disagreements so everyone is happy. "
It's a risk but can be countered. The counter I did in another discussion was a shared-source license that allowed fixes, modifications, and even distribution to other customers. You perpetually keep what you licensed if you keep paying optionally with a limit on per organization charges. You and a group can do anything you want with that commercial code if you're paying. Btw, the real hacker OS was provided with some (but not enough) of those attributes with features UNIX still can't fully match:
"cannot be taken from you by law - it is public domain."
It's actually not: it's copywritten software licensed with specific terms that enforce things on you. Public domain has no copyrights or restrictions. This is a problem or a feature of GPL vs public domain depending on who you ask. Only thing both protect almost 100% is widespread distribution which any paid model might... might... always reduce.
Your 'Network Effects and free distribution' are benefits of the efficiencies of freedom. But paltry when it comes to legal freedoms in the face of tyranny, the topic of this post-Snowden thread.
A Good Monarch or Wise & Benificent Dictator is a great form of government and historically golden ages & enlightenments record this. It is not the 'do no evil' CEOs, or good kings but those that might follow that Free Software offers legal protection against.
GPL is public domain 2.0, not a poor tragic commons starved by ever extending legal protectionisms or over grazing and undersharing.
Technically you are right, a company could stand up for our rights, but they didn't recently and they had to keep it secret. Discretionary, temporary freedom is illusory - it vanished when needed most. Like the constitution of a democracy the GPL seeks to enshrine natural rights in law. Like Democracy it must be actively defended and abuses policed. The GPL ensures freedom cannot be taken back easily, it is a legal hack that protects itself and the 4 freedoms with copyright.
Historically it revitalised the public domain in the software sphere and practically protected it against decades of well funded attacks and FUD - creating billions of dollars in value that didn't mainly go to rent-seeking intellectual landowners but developers and users.
Yes, your proprietary shared source model has given some freedoms & verifiability; Snowden shows how illusionly this was. The four freedoms: to Run, Compile, Modify & Share are all needed to ensure (not merely offer or promise) continued freedom.
FOSS & Shared source are one thing; Free GPL Software is quite another.
Is CVE french for FUD ? Because this is nonesense, security is an arms race. Under a panopticon even TOR is weak. Since Snowden millions have been spent & volunteered auditing, patching & shoring up our commerce & the individual against state level actors & fifth column code. Pre-Snowden no-one imagined the elliptic curves were a lie or our own governments funded & coerced weaknesses into ssh - freedom is playing catchup. Our own governments paid to make us all vulnerable to intrusion. Everyone technical was dumbfounded at the scale of the hidden betrayal of trust.
Security by obscurity & secrecy is weak. Published source alone is not free nor verifiably safe, the distributed binary's hash and compiled binaries hash may coincide but malicious code hash collisions are trivial for states to produce. Your scenario offers hypothetical freedom but Snowden's slides show backdoor concealement is actively pursued by states coercing companies, e.g. Lavabit CEO (and noone knows how many who merely complied and distributed the backdoored binaries rather than face jail.) Furthermore if the toolchain isn't free the Ken Thompson backdooring compiler hack applies.
GPL is owned by all. Coders retain their personal copyrights - that is its genius not a quibble. Again if you can't make a change you alone believe is necessary or receive it from & share it with with your community yous aren't free. GPL forks ensure every party has the same rights. Owners & Licensee's legal asymmetry can & has prevented this. Forking requires all 4 freedoms.
Yes GPL can license crap & democracies have elected theocracies & dictatorships. Magna Carta states If the Executive is not subject to the rule of law, it is nothing less than tyranny.
In final answer I quote Vonnegut & Churchill who both witnessed true horror: "So it goes. All is Foma.", & “Democracy is the worst form of government, except for all the others”
So, some groups that were wise went ahead and deployed link encryptors. Black programs, follow NIPSOM and SAP supplements, sure as hell used link encryptors so good  we can't buy them because... national security. I sure as hell used end-to-end crypto and VPN's for anything significant. Google and Facebook... treasure troves of PII and I.P.... didn't for reasons I can't imagine. Result was they got intercepted in bulk by something that's been a known risk for 20+ years. Take NSA out of picture and they should've still thought the lines might get tapped by crooks or foreign spooks.
So, yes, Snowden leaks mostly just taught us what we already knew in greater detail. People ignored it then, some ignore it now, and yeah problems happened.
Far as your contrived example, yes I did recommend Layer 2 or 3 encryption, authentication, and monitoring between all nodes for a variety of benefits. It was also in Red Book (Orange Book for networking) as a high-assurance security requirement due to malicious hosts or tapped lines. All the times I eavesdropped on and screwed with Intranets fully justified it. Moreover, reading the Security Monkey later showed he handled a situation where an intruder did a physical splice of the line into a nearby building for his attacks. Just more evidence.
So, yes, security must be applied to every layer inside of and around endpoints, networks, and more. The risk you mentioned, minus crossover part, resulted in numerous hacks in the real world that my methods and 80's era methods would've stopped. In a PCI form factor, too, as DiamondTEK secure LAN did exactly that.
If I cared about privacy and I couldn't control physical access to the cable? Yes, of course.
That's one hell of a counter to the bullshit I keep hearing that nothing secret or evil could happen if it's 2 or more government people.
This stuff has been going on, and widely discussed, for over a decade. But no one really cared or understood the full scope until Snowden's slapped everyone across the face with it.
I am in no way downplaying Snowden or what he prompted everyone to do, but everyone knew it was happening. They just weren't motivated or felt no one else cared.
Its kind of like trying to get people to use PGP for normal communications: You understand why, and they might too, but they don't care enough. So it doesn't get done.
Good example. I've seen harder to use tools with little benefit adopted by enterprises because management forced it. The simplest version of encrypted email and storage often was ignored for just apathy.
I too knew about that whistleblower before Snowden. I didn't know about Google intranet being compromised, or things like hostile code uploaded to hard disk controllers, or data exfiltration via compromised in-transit routers, etc.
> Um. Who thought this? Ever? Since the 90s.
To be clear this meant who thought we had "a fairly forthright upstanding government [not] abusing these capabilities in the most indiscriminate way" ever since the 90s.
The terrorists are significantly different than many other criminals. In the sense that terrorists are not mainly driven by personal and earthly goals but they are driven by the goals set by their ideologies. Thus terrorism (inspired by hate ideology or religion) is significantly different in a very important respect from other crimes; that is, the terrorist(s) generally find support and shelter amongst large number of otherwise normal citizens inspired/driven by the hate ideology or religion whereas a murderer or a pedophile generally doesn't find such shelter.
Tell this Snowden to do (or at least talk) a little bit about the dire situation of people's freedom in the country he has chosen to flee to, namely, Russia. And the people who are criticizing US way too much should do themselves a favor by looking at countries run by tyrants like China, North Korea, most Islamist countries and Cuba. The way the Chinese government does the mass surveillance of its citizens on the Internet and the way the communists have installed the reward/punishment system based on it will make you realize that what is happening in US is hardly even annoying.
I am not to say that US is innocent person but it has been receiving criticism way too much.
Snowden got stuck in a Russian airport when his US visa got revoked. He then applied to many countries for asylum. Russia granted it. I've read that Snowden is still trying to find another host country.
Yeah, well, I don't think Cuban or North Korean spies are really at the forefront of anyone's concerns (apart from South Korea and Japan).
> Thus terrorism (inspired by hate ideology or religion) is significantly different in a very important respect from other crimes; that is, the terrorist(s) generally find support and shelter amongst large number of otherwise normal citizens inspired/driven by the hate ideology or religion whereas a murderer or a pedophile generally doesn't find such shelter.
Funny how pedophile rings are regularly dismantled (and made of "otherwise normal citizens" in majority). As for the "wolf in sheep's clothing" thing, it's not necessarily true (look at the profile of the attackers in France and Belgian, most of whom were linked to petty criminality - not to mention the guy who actually went to Syria).
> Tell this Snowden to do (or at least talk) a little bit about the dire situation of people's freedom in the country he has chosen to flee to, namely, Russia.
It was only a choice in the sense that the alternative was "kidnapping by the CIA". Russia was way down in Snowden's list of countries to flee to. What you don't seem to realize is that even if it's not abused now, it could very well be abused tomorrow. You want a Donald Trump nominating one of his cronies at the head of the US intelligence services and starting to dig into untold amounts of already-recorded communications?
And it's not only the US. Us Europeans are doing exactly the same thing, just with less money. The potential of it being abused by organizations which by their very nature have little to no external oversight (or by their political masters) is absolutely frightening. And that's compounded by the panopticon effect: if you're never sure of how much you're being watched, you will self-censor.
Still a Donald Trump in USA is far better and very less dangerous as compared to the tyrants like Mao or Stalin or Castro, because USA has many good checks and balances in place. I do appreciate people's fears about state becoming tyrannical but people in USA should not allow its enemies to use (exploit) such fear to push forward their agenda and make US a weak and vulnerable state.
The people of USA should recognize this. The important point to note here is that the intellectuals (Snowden and his supporters) who are targeting USA both at national and international level were silent about the extremely intrusive surveillance and other atrocities inflicted by the tyrants like Putin (at whose place Snowden may be currently enjoying his reward) and are still silent.
How do you think Hoover stayed in place that long? You can pull a great many things without needing to disappear people at four in the morning.
> The important point to note here is that the intellectuals (Snowden and his supporters) who are targeting USA both at national and international level were silent about the extremely intrusive surveillance and other atrocities inflicted by the tyrants like Putin (at whose place Snowden may be currently enjoying his reward) and are still silent.
Snowden was not a public figure before. And you really think a life of exile in Russia is some kind of reward?
That said, I think Snowden is against global surveillance in general, but:
a) I can totally understand that you want to tread carefully in this kind of situation. You don't think he has already given up enough? What would you do in his situation?
b) While Putin is certainly more willing to suppress political opponents, I doubt the Russian surveillance network is even remotely in the same league as the NSA
c) Snowden is no doubt a lot more qualified to speak about Western surveillance than he is about Russian or Chinese efforts
Still Hoover or whoever in USA is no match for Mao or Stalin or Castro as far as their potential to inflict torture and control over their citizens is concerned. A president in US cannot be a president for his entire life, it's only 8 years max (that too if people wanted him/her to be).
While in Cuba we can see Castro remained in power until he couldn't move his body even so much and then also he put his crony (his brother) in power. That is dangerous and worrisome.
>>While Putin is certainly more willing to suppress political opponents, I doubt the Russian surveillance network is even remotely in the same league as the NSA.
The way Putin and his cronies suppressed homosexuals in Russia sends chills down the spines of free thinkers.
In short, with your neighbours and even family members spying on each other and reporting to Putin's people, you don't need sophisticated surveillance network in the first place.
In USA, the situation is far, far better than what the Snowdens and their supporters are trying to portray.
What's with 'we?' The various classes of technologists that I've been a member of - from the teen hax0r BBS days thru the crypto lists and Usenet groups to actual working professionals have absolutely believed this. It takes a truly spectacular amount of naivety to believe the contrary.
I have a deep and profound respect for Snowden, who has certainly sacrificed any possible semblance of a normal life in his native culture and likely narrowly escaped a worse fate, something he must certainly have known was a risk. It is his very naivety that made him such a perfect whistleblower : he's in there looking around and he's like "Holy crap! These guys are into some profoundly bad shit! I have to tell everyone!"
There's probably a hiring policy moral for black ops shops in there somewhere.
But only a very small number of people picked up on AT&T Room 101 and Echelon and so on, and saw their significance. Unfortunately those things were more like news stories than events that redefined people's thinking. Mass surveillance simply wasn't a part of the conversation for the vast majority of technologists who mattered, i.e. the ones building the products we all use.
The NSA leaks changed all that. Now you have the guys running WhatsApp and Apple talking about this stuff. And even though for politeness reasons they sometimes talk in hypotheticals, "if we don't encrypt it could be abused by bad governments", it's as clear as day that what they really mean is "because we don't encrypt it is being abused by our governments".
 An Appraisal of Technologies of Political Control.
Like Schell and Karger said for 30 years, what we need is to start deploying high-assurance security practices, protocols, systems, methods... everything that's proven to get the job done in various ways. We need them deployed pervasively. More private protocols and encryption by default, too, but who gives a shit if it runs on systems so insecure it doesn't need backdoors?
Let's go back to 1960's moving toward the 70's and 80's on hardware stuff. Burroughs stuff was tagged so everything in memory was code or data, pointers protected, arrays bounds-checked, arguments checked on function calls, and OS tried to isolate apps from each other. Some LISP machines had GC's for memory management. System/38 had capability-security & built-in database. Solo had safe concurrency at OS level. One had read-only firmware you couldn't change without physically moving it with a nucleus that handle protected functions that OS's built on. Two implemented a secure, Ada runtime that enforced the language's safety properties. SAFE (crash-safe.org), Cambridge's CHERI, and Sandia's SSP/Score processors follow these traditions.
Now let's look at how Schell et al said to do assurance. Precise, math/flowcharts/whatever description of functional and security requirements to avoid ambiguities & resulting vulnerabilities. Similar for design with attention to simplicity. Implementation in safest language you can with simpler subset and style easy to analyze. Every module proven to match a requirement/spec so no subversion (well, a start on it...). Strict modularity, layering, and interface checks all over the place. Success and failure states modeled then shown to follow a precise, security policy. If you can't state it precisely, then you can't secure it because you don't know what security means for you. Code review, tests of each function, formal proofs if possible, static analysis if possible, covert channel analysis of info flows, configuration management that assumes malicious developers, source to object code verification, trusted distribution of HW/SW to customers, onsite verification/generation from source, and configuration guidance. All of this independently verified by at least one set of professionals that know what they're doing.
That was security in 1970's-1980's. Far from red tape some here claim, every method above was proven by researchers, field users, and pentesters to catch serious problems. The only dispute was what caught most and where to spend most money. Even those questions had decent answers. Well, plus specific design and modeling decisions but INFOSEC was in infancy & that was evolving. I'm talking assurance activities: getting it done right whatever it is. Fast forward today to find that all the problems Schell, Karger, etc predicted have happened and consistently in systems that don't use those methods whereas systems that do avoid many more problems.
So, here's the solution: raise assurance of our systems across the board using methods that go back to 1961. That's right, Burroughs engineers were doing a better job on security before that was even a thing just trying to improve reliability. This is 2016. We have better specs, better languages, better static analysis, easier formal tools, automated test generation, tons of sample code, fast dev machines... you name it. There's no excuse, outside willful ignorance or apathy, for security-focused developers (esp in FOSS) to not use everything at their disposal that's proven to work at reducing risk. Even less excuse for the stuff they make to still be less secure than tech from the friggin 60's and 70's.
Shout out to the exceptions that are trying to do it right. Groups like GenodeOS, Dresden, NICTA/OKL4, Carlisle's IRONSIDES DNS, Bernstein's stuff, Galois, JX OS, ETH, INRIA, Secure64, Sentinel HYDRA (minus bodacion crap lol), Combex, and even NativeClient since they knocked off OP browser. Enough stuff like this and NSA will be begging us to ban INFOSEC books and shit since their info will dry up haha.
So, that's one route.
Btw, here's two things Galois did with their contracts that mainstream security folks are mostly ignoring instead of building on or applying:
And a repo with the rest that uses the magical power of open source to counter people's fears and improve the world:
At least some of them have stars in the three digits. I'm impressed an open-source crowd giving it that much attention. Maybe cuz it's on GitHub. The rest might need to go on there, too, for better odds of adoption. Using Google and Save As... are apparently major obstacles of adoption these days. Idk as I'm still trying to figure it out.
1. Cryptographers come up with the algorithms and protocols with their mathematical proofs applied to their properties.
2. Someone uses tools like CRYPTOL for algorithms or AnBx for protocols to generate the code.
3. The code is run through visual inspections, static analysis tools like ASTREE or SPARK, tests, covert channel analysis, and so on. Modified if problems are found.
4. An optimizing version of a certified compiler like CompCert produces the object code.
5. It's distributed with public key cryptography and/or Merkle Signatures if people don't trust that. There's modern versions with efficient or unlimited signing.
6. Optionally, a subversion-resistant process builds the fist compiler and checkers in stages.
They've been doing this for many years before Snowden and will continue long after any new laws are passed to give us the impression of an improvement.
US proxy it is then!
I think the other part which he hasn't discussed is the rise of Cloud companies like Google, Facebook. We should really be working towards an internet where people can keep the data to themselves and decide how it gets used. But now, the default is for these corporations to own all the data.
Of course, govt can still access the data (which is what snowden is talking about) but that is a different problem.
>You are receiving this error message because your ip (220.127.116.11) is listed in the StopForumSpam.com database.
>You can check the status of your IP and have it removed by visiting http://www.stopforumspam.com/removal. Thank you.
It's kind of ironical that they are quoting Snowden and their own site blocks Tor.
E: didn't HN used to have markdown quoting?
If you can't prevent the spam by other means than IP blocking then maybe you should make your website read-only.
I'm honestly kind of surprised that there isn't more spam from attackers who compromise something close enough to a backbone provider that they can spoof arbitrary IP addresses and still see the return traffic.
And the problem is going to get worse as a result of IPv4 address exhaustion because some ISPs are going to have to start using carrier grade NAT (and some already are). The answer to that is IPv6 as ever, but that has the opposite problem. IPv6 addresses are too cheap to meter and using a thing for proof of stake requires the thing to be scarce.
So the thing to show for it is that you can field test your solution prior to the day of Spam Armageddon when a spammer realizes they have a botnet with access to a million billion IPv6 addresses.
That's sort of true. It's technically true that any I.P. address might be the source of malice. Yet, Tor's I.P. addresses will steadily be the source of a ton of malice with no resolution of that problem. Quite different than what happens when someone's ISP tells them there's malware on their machine. There's also economics involved where people have to pay for those machines and are therefore more likely to use them for other, profitable activities. Probably why we see less spam from those accounts.
What remains are WiFi hotspots, libraries, etc. Apparently, they're not drowning services in hatemail and spam because they're still allowed. They could but few are complaining about them.
"And the problem is going to get worse as a result of IPv4 address exhaustion because some ISPs are going to have to start using carrier grade NAT (and some already are). "
Good call. I saw this coming. There were already talks by Ross Anderson IIRC about how critical it was for forensics to get the port number and time-stamp since CG-NAT would make I.P.'s useless. Already is in some areas.
"So the thing to show for it is that you can field test your solution prior to the day of Spam Armageddon when a spammer realizes they have a botnet with access to a million billion IPv6 addresses."
Haha. Interesting way of looking at it. I'm more worried about the routing tables, though, if IPv6 got massive surge of traffic. Never looked to see if they fixed early concerns about how well Tier 1-3 HW would handle it vs IPv4.
Which makes blocking Tor seem attractive until you still need some defense against the attacks from arbitrary other IP addresses, and once you have those defenses you can use them against malicious Tor traffic and no longer need to block its legitimate users.
> Good call. I saw this coming. There were already talks by Ross Anderson IIRC about how critical it was for forensics to get the port number and time-stamp since CG-NAT would make I.P.'s useless. Already is in some areas.
And even then it's assuming the carrier has port-level logs to compare against. If you have ten million customers who on average make one connection every ten seconds and a connection log entry is 50 bytes then you're writing 50MB/sec of log entries, i.e. >4TB/day. If they keep them at all it's not going to be for very long.
It seems like it would be a lot easier to move identities to some kind of proof of work based pseudonyms than to keep trying to force IP addresses to serve a role they were never designed for and the casting into of which causes no small amount of collateral damage.
> I'm more worried about the routing tables, though, if IPv6 got massive surge of traffic. Never looked to see if they fixed early concerns about how well Tier 1-3 HW would handle it vs IPv4.
Part of it is that IPv6 addresses are allocated in larger blocks, which means less address space fragmentation because nobody runs out and has to come back for another non-contiguous block, which means more addresses per routing table entry. And the rest of it is that memory is cheaper than it used to be.
What's your recommendation for a low-cost, low-effort method that solves the Tor and every other I.P. user problem? It has to provide a reduction just as good as blocking Tor with similar effort by admin.
The first step is realizing that you have a behavior problem, not an IP address problem. There is no silver bullet against an adaptive adversary, but this is the sort of thing that proof of stake or proof of work is well suited for. If the user wants to do more than read your website then they need to post some collateral. In the small time case this is just putting a CAPTCHA on account creation. If you're a bank or something then nobody gets in the door unless they have an account with you which has been verified against their government ID etc.
Then anybody who misbehaves forfeits their collateral, i.e. you close their account. Which for normal people never happens, but for malicious parties is designed to happen before the profit from their malice exceeds the value of the collateral. Spammers aren't going to be willing to solve CAPTCHAs all day just to post one message at a time which will be deleted in twenty minutes.
And then the administrative cost disappears because the spammers realize it isn't worth doing and you don't have to spend time deleting spam once they stop posting it.
> It has to provide a reduction just as good as blocking Tor with similar effort by admin.
To which a large point is that blocking Tor isn't particularly effective. People make a lot of noise about the fact that a Tor IP address is some large factor more likely than average to have malicious traffic, but it also represents a larger number of people than most IP addresses. If you look instead at the percentage of all malicious traffic that comes from Tor, it's a minority.
And even allowing Tor traffic and then trying to measure what percentage of all malicious traffic is from Tor is over-representing the effectiveness of blocking Tor by counting malicious traffic that comes from Tor if you allow it but would still come from somewhere else if you didn't.
Net result being that blocking Tor might get you something like a single digit reduction in malicious traffic. Now you need to do something about the other 90%. CAPTCHAs and pseudonym reputation systems and so on. But those things work about as well against traffic from Tor as traffic from anywhere else, which cuts a nice chunk out of the remaining single digit percentage improvement you had been getting by blocking Tor.
Net result is you end up blocking a lot of innocent people to get something like a 2% overall reduction in malicious traffic. And the better you get at solving the problem in other ways, the smaller the benefit of blacklisting IP addresses becomes.
1. Focus on benefiting anonymous people who either don't contribute shit back to the business or barely do. Freeloaders.
2. Focus on benefiting the founders, customers, and employees (in that order). If you loose some freeloaders, then so be it. If it's their design decision, then so be it time 10. They can always set up an unrestricted forum for people like them to discuss the article and deal with security headaches they bring in.
Wait, No 2 seems to work as most readers and the company are benefiting except for the few that choose not to.
Thing is it only works in non-bridged mode latest generation Technicolor modems. If you need bridge mode, they will switch you back to IPv4.
For instance, do a DNS lookup on netflix.com. You'll find IPv6 records pointing to Amazon AWS IP space.
This is the classic Snowden formula. Establish a false premise that has no faith in the government or constitutional rights, then continue to paint a picture of a dystopian future.
This guy should be writing sci-fi novels...
[edit: I predicted at least 5 down votes as I typed this. Don't disappoint me ;-) ]
Why do you think 'faith' is required in a logical argument?
Seriously.... don't fall prey to Snowden's scare tactics.
US law enforcement cannot physically take your smartphone without cause, much less even look at it.