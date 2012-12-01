I do have to say when I and my ex broke it off, reading that first conversation logged in my Facebook chat between the two of us was a total bitch to swallow. Everything was there. Every single word. Nothing's faded into distant memory. There we were 2 years ago happy that we've met each other. Here we are now - complete strangers to each other. It is definitely a weird feeling.
There are others that exist online, forever. A constant record of horrible experiences, never to be dulled by the fog that's cast over distant memories. As a result, I've pretty much left the online services where these memories are preserved.
These days, I write letters. Actual paper. With an enveloped sealed with wax, using a signet ring, because I'm a romantic ;) Pictures I love are printed and hung. It feels more... well, if not human, certainly humane.
(I'm still active online. Obviously. Just more judiciously. The more personal it is, the less likely it is online)
It's difficult even to find time to edit the record so it's manageable—and can you, anyway? Can you delete 95% of the photos of your kids, or that loved one you lost, or whoever? Even if you know the idea of looking through them for pleasure or nostalgia brings on anxiety because there are so many, and you never got around to tagging everyone in them or adding those notes you wanted to, and oh no you've forgotten most of what you were going to write, and so on? Looking at them becomes or reminds one of work and you'd actually enjoy them more if there were far fewer of them, but can you delete them?
What about your email archive from 20 years ago? You know there are emails you'd love to read again in there, but now you need to find a program to read the file, and go through deleting the 99% you don't care about at all, and there's still a lot, so now you're going through one-by-one to decide whether "hey, wanna meet for lunch?" from a now-dead loved one is worth keeping.
And you've got several "misc/laptop_backup/documents/old_files_from_zip_disks"-type directories to go through one of these days when you find the time (will you, ever?). All this for a bunch of junk that will plummet in value to anyone as soon as you die and have nearly zero value to anyone in the world (except maybe as raw data for some damned machine learning program) at most 150 years from now. And when you die you'll burden your friends and relatives with the same data management mess you've mostly-failed to deal with—on top of their own.
Article about it: https://www.fastcompany.com/3036536/this-is-the-user-experie...
https://en.wikipedia.org/wiki/Quinn_Norton
She mentions in the article that "I came to the attention of a media storm after being struck by a tragedy. My life imploded, and between grieving and dealing with media controversy, my days became a sickening tragicomedy I couldn’t turn off."
Could it have been this?
> Norton dated Aaron Swartz for three years. Articles in The Atlantic and in New York Magazine indicate that she was pressured by prosecutors to offer information or testimony that could be used against Swartz, but that she denied having information that supported prosecutors' claims of criminal intentions on Swartz's part. Prosecutors nevertheless attempted to use a public blog post on Swartz's blog that Norton mentioned, which may or may not have been co-authored by Swartz, as proof of a criminal intent.
It's a damn shame, in the least part because she is a superb writer. Her eulogy for Occupy Wall Street is a sprawling, stunning work of journalism.
https://www.wired.com/2012/12/a-eulogy-for-occupy/
Gabriel Garcia Marquez, eat your heart out.
It's unusual to be someone who specializes in writing about digital activists who need encryption.
It's unusual to be a nerd (your identity is online) and also be constantly hiding your tracks (your identity is constantly erased, by your own action).
It's unusual to be an emigrant in this age, where they expect you to surrender your voluntary self-surveillance at the border.
The thing is, what happens to nerds on the margins eventually happens to everybody.
Personally – there's some of her story that already applies to me. And, even if all of this is trivial in terms of technology, there aren't a lot of people who can bring such evocative writing to the topic.
The rest of it: sure, this is all true. But that's my gripe: this story has little to do with any of that. Ultimately, the only role surveillance played in this story was something for a new couple to bond over. Sure, better that than The Sound And The Fury, which I swear to Christ a teenaged girlfriend made me read, but so what? What's special about OpenSSL here that wouldn't be special about Club Penguin or Overwatch or some other lower-status technological detail?
I think the OpenSSL line was only intended to emphasize that the communication wasn't easy - thereby making it more meaningful. I often wonder what internet messages would be like if sending them was has the same time/effort overhead as sending physical letters (having to address them properly, walking to a postoffice, etc.). Surveillance isn't really important here.
It's the OpenSSL command line that I'm taking issue with.
Second, they're using unauthenticated AES-CBC, so an attacker that knows what file format they're sending can flip bits to exploit bugs and pop calc.exe on them.
Third, reprising the first problem: using OpenSSL to encrypt means you're using OpenSSL's weak password KDF. In fact, I think the defaults when they were using this were single-iteration hash KDF; essentially: salted hashes.
This is like the one application where GPG actually still makes sense to use, and GPG is easier to use here than OpenSSL in addition to being safer.
OBVIOUSLY NONE OF THIS MATTERS. My issue with the article isn't "it recommends weak crypto". My issue is that despite the title, it isn't actually about crypto or surveillance or anything like that.
> openssl aes-256-cbc -a -salt -in for-you.mp3 -out for-you.mp3.enc
$round1 = hex2bin(md5($pwd . $salt));
$round2 = hex2bin(md5($round1 . $pwd . $salt));
$round3 = hex2bin(md5($round2 . $pwd . $salt));
$key = $round1 . $round2;
$iv = $round3;
$ openssl version
OpenSSL 1.0.2g 1 Mar 2016
Big, if true.
Then she runs the dataset again, and goes to the captain to say the exact same thing about the first officer.
Perhaps private messages and emails are less likely to be preserved after the account-holder is deceased, but pretty much everything you do publicly on Facebook is preserved and accessible to others after your death in a memorialized account. It's not hard to believe that our descendants will be able to casually search through our daily musings and pictures of our dinners and whatnot, either on Facebook if it still exists, or an archived version of it captured before the site is taken down/replaced.
I also wouldn't rule out more private writings finding their way along in some form or another. People are often sentimental and keep things that belonged to their loved ones. I recall reading a story not long ago of a man who kept his father's video game save files, with the suggestion that he may try passing them on to his children.
Now, I want to be clear that many of these things shouldn't be saved. I don't believe that the Internet should be archived, but rather that with physical media the choice is simple: save it or throw it. With the Internet there is less choice and what exists is complex and sometimes out of your control.
I have some long-term online friends. Mostly totally anonymous. But none romantic. I don't even for sure know gender for some of them. It doesn't really matter.
I've seen GnuPG-encrypted conversations in "private" Craigslist channels. But no background images, of course. So exchanges are public, but only readable by participants.
At some point, with better technology and bandwidth, those could be thoughts, or even shared reality.
OTR is useful if you go to great lengths to exchange public keys, and as soon as the key changes you go through all of it again. (I don't really count shared secrets as a secure means of authenticating your key, since if you have the shared secret, the key can be substituted and thus is irrelevant)
That's probably fine if you're just chatting aimlessly and don't need to rely on secure communication regularly. But it's a pain in the ass if you wanted to rely on it for remote long-term secure communication. "Privacy" is about all it's useful for (assuming more attacks aren't found in the protocol).
(Side note: to defeat all this complicated encryption and expose identities, just become a member of the hacker community. They're quite gossipy)
I wouldn't use OTR today, but in 2011, when this story started, libotr wasn't a weird recommendation.
Version 1 had plenty of holes. Later (including when it was used by the author) version 2 had more holes. So I don't really buy the idea that "stirring the shit on Twitter" for a grand would be enough to get serious research done - and then published - to expose this fledgling protocol's newest bugs.
It wasn't a weird recommendation for a cypherpunk, of course, which is what i'm really saying. It's a hipster messaging protocol.
I don't think $1000 is a lot for a libotr bet, but from the caliber of people who submitted attempts to end the bet (almost all of which were libpurple problems), I'm satisfied that it got quite a bit of attention.
That <decade is a short period in most of our lifetimes, and a blip in the context of government regulation
So how is love in the age of cryptography? Exactly the same as love was in the 1990s, and the 1980s, and the 70s, and the 60s ..
Which apps defaulted to ephemeral storage (other than Snapchat)? And how do we know if the ephemerality is only in our view or applies to the underlying data stored (in other words, how do we know our data is truly deleted vs. being hidden from our view, used for devious purposes without us knowing)? Also, where are the social apps with no logging? All the popular social communication platforms seem to want to hoard every bit of data we can feed them and never want to delete those at their end.
I do have to say when I and my ex broke it off, reading that first conversation logged in my Facebook chat between the two of us was a total bitch to swallow. Everything was there. Every single word. Nothing's faded into distant memory. There we were 2 years ago happy that we've met each other. Here we are now - complete strangers to each other. It is definitely a weird feeling.