|
SubG posted:None of this is corner case poo poo as far as privacy is concerned. And none of it is about some rogue NSA employee giggling over your holiday snaps. This is large-scale, institutional violation of individual privacy as a matter of policy. And what I'm trying to get at is what exactly you mean by that, why do you consider it a problem? If it's purely the principle of the thing then the only recourse is to completely dismantle the NSA. Good luck with that.
|
#
?
Mar 3, 2015 10:54
|
|
|
|
| # ? Jun 13, 2024 09:07 |
|
|
Zombywuf posted:And what I'm trying to get at is what exactly you mean by that, why do you consider it a problem? If it's purely the principle of the thing then the only recourse is to completely dismantle the NSA. Good luck with that. Wait, so at the end of this whole argument your thesis is: Privacy concerns are a problem of principle only, it would be somewhat challenging to change the government institution that is doing the spying, and why should people even care about it in the first place? Basically the dumbest, shallowest reply imaginable.
|
|
#
?
Mar 3, 2015 16:35
|
|
|
Zombywuf posted:And what I'm trying to get at is what exactly you mean by that, why do you consider it a problem? If it's purely the principle of the thing then the only recourse is to completely dismantle the NSA. Good luck with that. You are really dumb.
|
|
#
?
Mar 3, 2015 17:20
|
|
|
Signal 2.0 was just released for iOS so people can now send and receive encrypted voice, text, and picture messages to each other without any setup whatsoever. It's works cross platform with the Android apps Redphone and Textsecure. The entire thing is open source and their goal seems to be to make all communications use end to end encryption so that just using encryption is no longer a huge red flag. They've been pretty successful so far, Cyanogenmod used their protocol for their default text messaging application a while back and more recently WhatsApp started using the protocol for messages 100% transparently. I think WhatsApp only uses their protocol for messages sent between Android devices though at the moment.
|
|
#
?
Mar 3, 2015 17:37
|
|
|
 I wonder how many years it will take before someone discovers that Signal has a bug potentially compromising all communications sent over it up to that point. My entire point in the first place was that other people, companies, or services cannot be trusted to provide reliable encryption for you, especially if you can't be bothered to independently verify their security practices and code quality. Heartbleed and other OpenSSL bugs have seriously damaged the reputation of the security community, and also demonstrated that simply making the source public is not sufficient to ensure that potential flaws are found. The only people bothering to do a full code review on Signal right now to find the bugs in their implementation are the NSA.Note that I'm not claiming malice on Signal's part, I'm sure they're genuinely trying their best. I'm just pointing out that an invisibility cloak that has a random chance of malfunctioning and revealing your position and identity both now and in any security footage that has ever been recorded of you isn't really a great privacy tool, even if the chance of malfunctioning is really low. Nobody who really needs bulletproof armor is going to buy armor that has a 0.1% chance of randomly and retroactively vanishing from existence, not only leaving you vulnerable to bullets but also inflicting injury on you for each bullet that it had previously stopped. Of course, if you're not on the battlefield and being shot at, that doesn't really matter, but in that case you didn't really need any armor at all in the first place. Signal is probably good enough for wishing your mom happy birthday, but only because you're not really worried about the potential consequences of the NSA hacking it. You'll wave around a bunch of outrage and stuff when it later turns out there was a compromising bug in Signal, but you're just going to be doing it in ideological grounds rather than because you're genuinely worried about the NSA seeing the contents of your messages. "Encrypt everything" falls somewhere between security theater and defiance for the sake of defiance. Somebody who actually needs privacy - as in, someone who's going to have to leave the country and change their name if their communications are compromised - is basically risking their life by using Signal, and in that situation, "eh, programs have bugs, poo poo happens" isn't an acceptable attitude to have. If privacy is genuinely important to you, an encrypted chat service is nothing more than the seductive kiss of death. Real security is loving hard - and it is also way, way, way too important to leave up to the hands of utopianists who think privacy is nothing more than a way to stick it to the man.
|
|
#
?
Mar 3, 2015 18:18
|
|
|
I haven't looked at Signal's code but there is no reason that even in the inevitably flawed implementation, that all past conversations would have to be compromised. Perfect Forward Secrecy works and has been standard for a long time in internet communications. I doubt Signal is using a single key for all sessions forever.
|
|
#
?
Mar 3, 2015 18:26
|
|
|
Main Paineframe posted:Real security is loving hard - and it is also way, way, way too important to leave up to the hands of utopianists who think privacy is nothing more than a way to stick it to the man. I don't think that's the case. The source is available on GitHub for anyone who wants to go digging for vulnerabilities. No system is 100% bullet proof, and there's never a guarantee that your messages are absolutely secure, but for now the apps seem to have stood up to most of the scrutiny they've been subjected to so far.
|
|
#
?
Mar 3, 2015 19:01
|
|
|
Heartbleed was undetected for 2 years and openssl has several orders of magnitude more eyeballs going through the source.
|
|
#
?
Mar 3, 2015 19:10
|
|
|
I don't think it being open source inherently means it is automatically secure, nor do I think it will completely prevent the NSA or other state level actors from examining conversations they are interested in. I do think that this type of technology makes it significantly more difficult to passively examine all communications, which is something I don't think governments should be allowed to do. The NSA will absolutely be able to compromise individual suspects machines or phones through other means and they will still be able to examine the metadata of who is communicating with who. It also should at least remove having to trust a 3rd party to store everything. Putting aside the NSA entirely I don't like that my ISP, cell phone provider, and google could read all my messages and having nothing more them their promise not to.
|
|
#
?
Mar 3, 2015 19:21
|
|
|
shrike82 posted:Heartbleed was undetected for 2 years and openssl has several orders of magnitude more eyeballs going through the source. Yeah, but OpenSSL's maintainers were loving idiots who probably couldn't even identify most of their bugs, much less fix them. Just look at the commit comments on BSD's fork of openssl that they started after Heartbleed came out: http://opensslrampage.org/ Half of the commits are just fixing code that straight doesn't work or is doing mindbendingly wrong things. Open source doesn't guarantee that outside people are actually analyzing the code and making contributions. It just means they can if they wanted to.
|
|
#
?
Mar 3, 2015 19:57
|
|
|
Powercrazy posted:I haven't looked at Signal's code but there is no reason that even in the inevitably flawed implementation, that all past conversations would have to be compromised. Perfect Forward Secrecy works and has been standard for a long time in internet communications. Signal uses PFS. The algorithm is basically OTR updated for the mobile world, where long running, persistent connections cannot be assumed. Open Whisper Systems announced that it is bringing the same algorithm to WhatsApp. I share your cynicism, to a degree. But look at OTR, another piece of critical security infrastructure that is probably too ancient to be truly bug free. It was still good enough for Snowden and Poitras. It is listed in the credits for Citizenfour. Ultimately, it may not stand up to the full wrath of the NSA, but that doesn't mean it should be shrugged off as a toy for wishing mom a happy birthday. It, and apps like Signal, are absolutely useful in a number of nontrivial, real world scenarios, such as communication between an attorney and a client, a journalist and a source, and politicians and their aides.
|
|
#
?
Mar 3, 2015 21:49
|
|
|
LeftistMuslimObama posted:Half of the commits are just fixing code that straight doesn't work or is doing mindbendingly wrong things. Open source doesn't guarantee that outside people are actually analyzing the code and making contributions. It just means they can if they wanted to. This is exactly how most programming projects work; that's not unique to OpenSSL. And open source's "the code is out there, anyone can look at it" is just a cognitive crutch for people to shrug off doing due diligence because "somebody else probably did it" - an attitude which has killed plenty of people in the past. In the case of security projects, I take open source as a tacit admission that the code hasn't been checked over by anyone who knows what they're doing, because security is very, very hard to do right, there are very few people who are really qualified to audit code for security, and the ones that can handle it are very unlikely to blow all of their spare time doing it for free. Like I said, the only people probably analyzing Signal's code for potential vulnerabilities right now are a team of NSA experts probably getting paid six digits each to do it, and somehow I doubt they'll share any issues they find with the community.
|
|
#
?
Mar 3, 2015 21:51
|
|
|
RaySmuckles posted:Wait, so at the end of this whole argument your thesis is: Privacy concerns are a problem of principle only, it would be somewhat challenging to change the government institution that is doing the spying, and why should people even care about it in the first place? That's not remotely my thesis. My thesis is that unless you have a threat model - i.e. an actual concrete description of what the threat is, how it works and how it impacts you - then talking about how do defend yourself is a complete waste of time because you have no idea what you're trying to defend against. If your threat model is "The government knows what I'm doing and this is bad because I don't want them to" then Luddism or insurrection are your only solutions. Throw away anything with an antenna in it and communicate only by face to face meetings and travel in disguise, making sure to wear a hat that covers your face and ears and contacts that disguise your irises.
|
|
#
?
Mar 4, 2015 12:24
|
|
|
I would imagine the 'threat model' is that I don't want my government having access to all my personal data because I have a right to privacy, away from prying eyes. That's the harm. It's a violation of my rights. That's why NSA-style surveillance is bad. There are all the possible abuses of power that it can facilitate (and to be clear, these are BIG PROBLEMS and a reason in and of themselves to want surveillance to stop), but the big problem is that my right to privacy is being violated.
|
|
#
?
Mar 4, 2015 17:13
|
|
|
Sure, but that's not something you defend yourself against - that's something the government's not supposed to do in the first place. You don't have to buy an extra-good lock to protect your right against unreasonable search and seizure, because declared legal rights protect themselves by definition of being declared legal rights which are illegal for the government to violate. If you have a legally-protected right to privacy, then you shouldn't need to protect yourself from government spying because the government itself is supposed to protect you from that. If illegal conduct and violation of civil rights by the government is being openly condoned by the executive, legislative, and judicial branches, then the rule of law is so thoroughly borked that you should probably have way bigger worries than whether the NSA is reading your Facebook posts.
|
|
#
?
Mar 4, 2015 19:59
|
|
|
Zombywuf posted:And what I'm trying to get at is what exactly you mean by that, why do you consider it a problem? If it's purely the principle of the thing then the only recourse is to completely dismantle the NSA. Good luck with that. Why would that be a problem indeed.... https://www.eff.org/deeplinks/2014/11/fbis-suicide-letter-dr-martin-luther-king-jr-and-dangers-unchecked-surveillance Oh..
|
|
#
?
Mar 5, 2015 08:21
|
|
|
Powercrazy posted:Why would that be a problem indeed.... Yes, clearly the problem there was the Dr King's privacy was violated.
|
|
#
?
Mar 5, 2015 09:23
|
|
|
Main Paineframe posted:Sure, but that's not something you defend yourself against - that's something the government's not supposed to do in the first place. You don't have to buy an extra-good lock to protect your right against unreasonable search and seizure, because declared legal rights protect themselves by definition of being declared legal rights which are illegal for the government to violate. I don't even know where to begin. Stop and frisk maybe? Your rights are whatever your government allow you to have. If your government decides you don't have the right to be outside between 6m and 6am, you do not have that right. If it decides you don't have the right to private telephone calls you don't have that right. If it decides you don't have the right to breath, you don't have that right. No amount of pleading to what you learned in civics class is going to change that.
|
|
#
?
Mar 5, 2015 09:30
|
|
|
Main Paineframe posted:security is very, very hard to do right, there are very few people who are really qualified to audit code for security, and the ones that can handle it are very unlikely to blow all of their spare time doing it for free. Like I said, the only people probably analyzing Signal's code for potential vulnerabilities right now are a team of NSA experts probably getting paid six digits each to do it, and somehow I doubt they'll share any issues they find with the community. The NSA is kind of like a ouroboros eating its own tail, or a sheriff that removes the locks on everyone's doors to make everyone safe from themselves, and that might be the thing that really forces the NSA's hand, but only after likely many, many people have been harmed. I mean, the state of internet security is garbage, and if anyone could make a significant impact to solve this problem it would be the NSA, but instead they are the problem. America Inc. fucked around with this message at 11:10 on Mar 5, 2015 |
|
#
?
Mar 5, 2015 10:59
|
|
|
The US state/intelligence apparatus is not threatened from outside. It is threatened from within, where people ask inconvenient questions like "why the gently caress are you spying on me" and "isn't that really loving illegal?" and "what the gently caress do you mean it's LEGAL?!". So of course it spies on, sabotages and disrupts it's enemies.
|
|
#
?
Mar 5, 2015 12:02
|
|
Zombywuf posted:I don't even know where to begin. Stop and frisk maybe? Your rights are whatever your government allow you to have. If your government decides you don't have the right to be outside between 6m and 6am, you do not have that right. If it decides you don't have the right to private telephone calls you don't have that right. If it decides you don't have the right to breath, you don't have that right. No amount of pleading to what you learned in civics class is going to change that. Hello and welcome to the 21st century! I see that you're up on technology, but there was this discovery about two hundred years after your time, in the midst of war and strife, wherein a couple of monks discovered this little notion called "consent of the governed" in order to understand rulership. It's, so far, largely intact, but perhaps you have some means to tear it down?
|
|
|
#
?
Mar 5, 2015 14:44
|
|
|
Effectronica posted:Hello and welcome to the 21st century! I see that you're up on technology, but there was this discovery about two hundred years after your time, in the midst of war and strife, wherein a couple of monks discovered this little notion called "consent of the governed" in order to understand rulership. It's, so far, largely intact, but perhaps you have some means to tear it down? A myth as convenient, if not more so, than the divine right of kings.
|
|
#
?
Mar 5, 2015 15:00
|
|
Zombywuf posted:A myth as convenient, if not more so, than the divine right of kings. Oh, dear me. Dear me. We're not in the eleventh century anymore. You have the ability to defend your statements with ease, and I suggest that you do so.
|
|
|
#
?
Mar 5, 2015 15:04
|
|
|
Effectronica posted:Oh, dear me. Dear me. We're not in the eleventh century anymore. You have the ability to defend your statements with ease, and I suggest that you do so. The divine right of kings didn't even become popular until the 17th century, but grats for trying. What happened when the residents of Ferguson revoked their consent to be governed?
|
|
#
?
Mar 5, 2015 15:07
|
|
Zombywuf posted:The divine right of kings didn't even become popular until the 17th century, but grats for trying. What? Are you, to use your native parlance, simple? That didn't happen at any point, you blithering idiot. If you're asking "duh duh why don't secession movements work automatically", you're presuming that the support of the majority for the government and government actions is somehow outweighed inherently by minority opposition. You know, if you look at the actual operation of a police state, a large part of its means of control is about fooling and misdirecting the public, because just straight-on oppression leads to unworkable situations where you need two cops for every person eventually. Hell, Goering loving outlined it at Nuremberg.
|
|
|
#
?
Mar 5, 2015 15:12
|
|
|
Effectronica posted:Hello and welcome to the 21st century! I see that you're up on technology, but there was this discovery about two hundred years after your time, in the midst of war and strife, wherein a couple of monks discovered this little notion called "consent of the governed" in order to understand rulership. It's, so far, largely intact, but perhaps you have some means to tear it down? You mean the public consented to a secret program it didn't know (as in didn't have proof) about? The means to tear it down is secrecy, simple.
|
|
#
?
Mar 5, 2015 15:34
|
|
|
Effectronica posted:What? Are you, to use your native parlance, simple? The NSA engages in massive domestic spying following direct orders from the president of the US without any consent or knowledge whatsoever from the people of the United States. Warrants are issued in secret courts. Companies are subject to secret orders compelling them to be complicit in spying without disclosure. You are coming across as stunningly naive.
|
|
#
?
Mar 5, 2015 15:34
|
|
The Real Foogla posted:You mean the public consented to a secret program it didn't know (as in didn't have proof) about? The means to tear it down is secrecy, simple. Zombywuf posted:The NSA engages in massive domestic spying following direct orders from the president of the US without any consent or knowledge whatsoever from the people of the United States. Warrants are issued in secret courts. Companies are subject to secret orders compelling them to be complicit in spying without disclosure. You are coming across as stunningly naive. Okay. Let's skip back here. Zombywuf posted:I don't even know where to begin. Stop and frisk maybe? Your rights are whatever your government allow you to have. If your government decides you don't have the right to be outside between 6m and 6am, you do not have that right. If it decides you don't have the right to private telephone calls you don't have that right. If it decides you don't have the right to breath, you don't have that right. No amount of pleading to what you learned in civics class is going to change that. So you're arguing that the government has the ability to impose anything it wants by force on the populace it governs. You're probably going to weasel out of it, of course. But in that case, why was the program of domestic surveillance kept secret, then? In fact, why even bother with the idea that it's for the purposes of national security? It doesn't matter, in your argument, how the public perceives things- they are completely helpless and prostrate before the US government. My argument proposes that this was kept secret because the public would object to it and the US government depends on public acceptance of its legitimacy to function, like all modern governments do. Now that it's been revealed, there are significant efforts to make it more palatable and reassure people that it only shoots bad guys for this exact reason (in addition, though this is only marginally relevant to the argument you're proposing, this is also done internally to keep the people responsible for implementing it from confronting the fact that they're secret police now). So this argument, without going into the historical evidence, explains why the US government is doing what it's doing rather than simply publicizing the fact that everyone is watched and it's for no reason beyond the desire to know everything about everything. Yours does not.
|
|
|
#
?
Mar 5, 2015 15:45
|
|
|
Effectronica posted:So you're arguing that the government has the ability to impose anything it wants by force on the populace it governs. You're probably going to weasel out of it, of course. quote:But in that case, why was the program of domestic surveillance kept secret, then?
|
|
#
?
Mar 5, 2015 16:05
|
|
Zombywuf posted:Of course it has this ability. Unless you have a few fleets of F-16s lying around. I know I don't. No it doesn't. Being able to blow up people doesn't translate into making them do what you want. Otherwise ISIS would not exist and the US would have never faced insurgencies in Iraq and Afghanistan, or lost Vietnam, etc. and you're stupid as hell. It's cheaper to impose security restrictions? You're clearly an insane man.
|
|
|
#
?
Mar 5, 2015 16:12
|
|
|
Effectronica posted:No it doesn't. Being able to blow up people doesn't translate into making them do what you want. Otherwise ISIS would not exist and the US would have never faced insurgencies in Iraq and Afghanistan, or lost Vietnam, etc. and you're stupid as hell. quote:It's cheaper to impose security restrictions? You're clearly an insane man.
|
|
#
?
Mar 5, 2015 16:24
|
|
Zombywuf posted:You're making a lot of assumptions here. Chief among which appears to be that the US has some sort of divine right over the world and just wants to spread peace and joy throughout it. What on earth? You're talking nonsense. Utter gibberish.
|
|
|
#
?
Mar 5, 2015 16:28
|
|
|
Prav posted:The US state/intelligence apparatus is not threatened from outside. It is threatened from within, where people ask inconvenient questions like "why the gently caress are you spying on me" and "isn't that really loving illegal?" and "what the gently caress do you mean it's LEGAL?!". So of course it spies on, sabotages and disrupts it's enemies. America Inc. fucked around with this message at 00:33 on Mar 6, 2015 |
|
#
?
Mar 6, 2015 00:29
|
|
|
Effectronica posted:No it doesn't. Being able to blow up people doesn't translate into making them do what you want. But there are plenty of other ways to control people that are not explicitly forceful. Lying, peer pressure, propaganda, control of media, so on. These are the tools of control for modern democratic government. "Consent of the governed" is a joke, because the public at large is only told what the government and people who control major media corporations want them to hear. And being flawed, irrational people we often surround ourselves with those of similar view and hear what we want to hear, so it is a mutual relationship between the media and the audience, (Fox News). If the public does not have access to information about things like the NSA's spying which have a significant impact on the way governmental powers and their boundaries are interpreted, they cannot make a choice on these things and thus provide "consent". So the public "consents" much in the same way a lady might "consent" to sex with a man who lied to her to win her favor. Modern, capitalist, liberal government's ideal citizen is a rat in a box, content but not free (what does it mean to be free?). America Inc. fucked around with this message at 10:27 on Mar 6, 2015 |
|
#
?
Mar 6, 2015 10:14
|
|
LookingGodIntheEye posted:There are other forms of force besides blowing people up. Killing is the dumbest and most direct form of violence, and most modern democratic governments dispense with it on their citizens because it's a very easy way to de-legitimize a regime. Funnily enough, that was my point- the only way to maintain power is to convince people that what's happening is acceptable/inevitable. The use of naked force is self-defeating. EDIT: The NSA revelations haven't brought that much public outrage because many people feel helpless to do anything about it and there are substantial minorities that will accept anything done in the name of security.
|
|
|
#
?
Mar 6, 2015 14:15
|
|
|
Zombywuf posted:You're making a lot of assumptions here. Chief among which appears to be that the US has some sort of divine right over the world and just wants to spread peace and joy throughout it. Seriously, what the gently caress are you talking about here?
|
|
#
?
Mar 6, 2015 18:31
|
|
|
LookingGodIntheEye posted:As an entity that seeks to bolster national security, you would think that the NSA would try to fix some of these holes or give themselves exclusive access, but they don't, which is loving crazy because China and Russia are catching up and the NSA's offensive-first attitude could crash out on them with unimaginable consequences. What basis do you have for making the claim that the NSA does not assist American companies with external cybersecurity threats?
|
|
#
?
Mar 6, 2015 22:28
|
|
|
Muscle Tracer posted:What basis do you have for making the claim that the NSA does not assist American companies with external cybersecurity threats? I work in enterprise IT and if they do I have never heard about it.
|
|
#
?
Mar 9, 2015 18:07
|
|
|
cr0y posted:I work in enterprise IT and if they do I have never heard about it. Hell, I plug in computer cables at a mid-size company, and I've never had any NSA spooks come tell me how to do my job better either.
|
|
#
?
Mar 10, 2015 17:24
|
|
|
|
| # ? Jun 13, 2024 09:07 |
|
|
Muscle Tracer posted:What basis do you have for making the claim that the NSA does not assist American companies with external cybersecurity threats? I've mentioned it before, but he's right, sort of on a technicality. The NSA doesn't help American companies/citizens with cyber stuff because it's not their job. All they care about is securing government systems and classified info. The FBI and DHS are the ones that care about domestic stuff. Here's the relevant mission pages from their websites. https://www.nsa.gov/about/mission/index.shtml http://www.dhs.gov/safeguard-and-secure-cyberspace e: I couldn't find a direct statement on the FBI website, because it's terrible. But they definitely do a lot of incident response and the like. A Man With A Plan fucked around with this message at 19:02 on Mar 10, 2015 |
|
#
?
Mar 10, 2015 19:00
|
|