|
quote:And admittedly, from a certain perspective it would be in the FBI's interest to hold evidence of US lawmaker's wrong doing A Man With A Plan posted:And unless you think the largest employer in Maryland (NSA) is entirely staffed by Orwellian thugs out to crush your freedoms, it's hard to assume that they don't care about freedom of speech, living in a good country, and whatever else just as much as you. It's selection bias. People who feel that the NSA has overstepped it's legal authority and do not accept it's trade-off, like me, aren't going to be working at the NSA. People who would be right at home in 1984, are more likely to apply and be accepted. So no, they don't care about freedom of speech nearly as much as I do.
|
#
?
Feb 20, 2015 22:29
|
|
|
|
| # ? May 20, 2024 16:00 |
|
|
A Man With A Plan posted:I feel the important thing to remember is that the agencies aren't evil entities unto themselves - they're made out of regular people. And unless you think the largest employer in Maryland (NSA) is entirely staffed by Orwellian thugs out to crush your freedoms, it's hard to assume that they don't care about freedom of speech, living in a good country, and whatever else just as much as you. Oh hey, look what someone posted right above you: Zombywuf posted:As for why anyone should care about privacy, in the UK various branches of the Intelligence services have been linked to covering up the ongoing VIP child abuse scandal. Including one ex head of MI6 being an active paedophile. This is literally a think-of-the-children response, members of the Intelligence services have used their powers to groom children and others have covered it up. Interesting that one of the things GCHQ does is delete billing data to cover up their activities. hakimashou posted:At some point we have to come to grips with the fact that in the real world no one actually cares. Nektu fucked around with this message at 22:58 on Feb 20, 2015 |
|
#
?
Feb 20, 2015 22:30
|
|
|
A Man With A Plan posted:Not wanting to reveal how their surveillance worked is exactly what I'm talking about, except that I'm saying the reason is that they aren't effective if everyone knows. I'd be very surprised if you actually read a document that said "Hey guys we're totally breaking the law here, but don't tell anyone lol". You may be right. Looking back at the articles I think I mixed up all the commentary on them about how illegal it was with the actual documents themselves. I can't believe that was over a year ago.
|
|
#
?
Feb 20, 2015 22:35
|
|
|
Dum Cumpster posted:You may be right. Looking back at the articles I think I mixed up all the commentary on them about how illegal it was with the actual documents themselves. Don't get me wrong, it's pretty clearly skirting the line of legal/illegal behavior. The morality of it is a personal opinion kinda thing. I believe, at the moment, it's accepted as legal but that could easily change with a federal court challenge. Powercrazy posted:And what value would that have to the public? Because having knowledge of wrong-doing but using it to coerce/black-male is called corruption and is a strong argument for the abolishion of non-public law-enforcement/government activities. Very little value, except in edge cases. I'm agreeing with you that the FBI maintaining dossiers on US politicians, Hoover-style, is unequivocally a bad thing. Powerful oversight and auditing via an OIG type group is a good thing. Maybe those employees think the NSA provides a valuable service to the nation, and realize that they really have very little to do with US based intelligence. Weren't there only like 100 US persons total investigated in the history of that metadata program?
|
|
#
?
Feb 20, 2015 23:23
|
|
|
Check out my namesake if you really think people's better judgment will actually stop systemic abuse. The idea is especially amusing in light of the fact that we are aware of so many of the abuses only because of one whistleblower, who, for his trouble, has been hounded to the ends of the earth. What's more, Snowden is likely to end up spending the rest of his life being tortured by the federal government just like Chelsea Manning if he is ever caught.
|
|
#
?
Feb 20, 2015 23:29
|
|
|
"You and everyone you know are all a bunch of worthless nobodies (like me) that no one with power could actually care about and will remain in that status in perpetuity under any government" is actually a really stupid argument to make against privacy.
|
|
#
?
Feb 21, 2015 00:04
|
|
|
Properly implemented encryption works, but the security value of any particular encryption scheme is nil unless you can trust that the encryption is properly implemented and has not been compromised somehow. That means that any and all encrypted communication platforms, services, and apps - whether they're chat, email, or something else entirely - are useless because everything passes through a central authority which serves as a major point of potential compromise, and it's impossible to be sure that they didn't keep a backdoor and can't retrieve the encryption keys. Skype claims that their service is encrypted, for example, but it's known that they are able to provide access to Skype communications to law enforcement, and it's also known that the NSA is able to monitor or eavesdrop on Skype conversations as well. Something like SSL, where there's no centralized platform, is stronger. But there's still a centralized point of failure - the developers. Heartbleed was in OpenSSL for two years before security researchers publicly disclosed it. Whether it was caused by NSA scheming or just plain old programmer mistakes, that's a long period of potential vulnerability, there's no guarantee that there aren't other bugs compromising security, and the fact that the issue went undiscovered for so long basically shatters any trust in the security community's ability to keep things secure. If you can't trust a program or service, then it's not solid security. At least with one-time pads, the NSA has to compromise a pad-holder, their friends or family, or their physical location. And if you're worried about the NSA breaking into your house or bribing your friends, you've got bigger problems than communications security. Now, I'm not saying that you should be using one-time pads for everything. I'm just saying that you probably can't rely on your communications being 100% private if you don't. Sure, most people don't want to put in that much effort, but just admit to yourself you don't think your communications are worth real privacy, rather than fooling yourself into thinking that enabling encrypted mode on WhatsApp or whatever is actually protecting your communications.
|
|
#
?
Feb 21, 2015 00:18
|
|
|
Encryption isn't binary. Given infinite time all encryption is useless. But just because we don't possess perfect encryption doesn't mean that it is all worthless. The nsa still has finite storage and finite resources. Thus unless you are using a trivial "encryption "method Like ROT13 or something stupid, there is value in the average person clicking the "encrypt" button in WhatsApp. Even better if the encrypt button was default, and didn't depend on a central server for encryption to begin with.
|
|
#
?
Feb 21, 2015 00:44
|
|
|
As long as """"""""""""""""average"""""""""""""""" people aren't affected, there's no problem.
|
|
#
?
Feb 21, 2015 01:22
|
|
|
Main Paineframe posted:
Of course with one time pads, you run into the chicken/egg problem of how to distribute the pads. If you can deliver it in person, you might as well just tell them what you wanted to say, or hand them a flash drive. Quantum computing offers an interesting way of using one time pads for encryption ( http://en.wikipedia.org/wiki/BB84 ) but quantum computers are probably 10-20 years off from being able to do much at all, and god knows if they'll ever be widespread. Though I could imagine standard computers having a supplementary Quantum Processing Unit at some point in the future. Also the NSA is probably already researching ways to break quantum encryptions, so there's that too.
|
|
#
?
Feb 21, 2015 01:45
|
|
|
Salt Fish posted:Encryption is irrelevant in the very rare case of the full brunt of the security apparatus being brought down onto an individual. However, it is extremely relevant when discussing bulk collection and mass surveillance which is where you and I are most likely to be affected. Obviously nobody is arguing that we shouldn't have a security or intelligence apparatus at all. The main arguments against what the NSA have been doing fall into two categories; subverting Internet security, and bulk warrant-less collection. Yeah, what I meant to say was the that the type of encryption is irrelevant (mostly). Against bulk collection encryption does two things, first it makes it basically impossible for them to do a "full take" and second gives people who do have things to hide some chaff to hide in. As for the question of using better encryption solving our problems, it wont. The NSA boast a 100% success rate at implanting iPhones remotely, if they wanted to they could simply own every iPhone and read the keystrokes before any encryption happens. Chances are they'll only use this in targeted attacks, i.e. every iPhone not in the US and those in the US that have made calls to other countries. There is no point in attacking most encryption. Even DES, considered to be trivially broken today is still probably more expensive to crack than simply hacking the target's machines. What we've seen from the Equation Group is that they have the capability to exercise full control over the hardware, from the BIOS up. It doesn't matter if you encrypt all your data unless you learn to type encrypted data in directly you can't. The best you can do is to encrypt everything, everywhere and hope this makes you to expensive a target. It's the best anyone can hope for. Then they'll just burgle your home and stick bugs in all your hardware. EDIT: urgh, shut up about one time pads, they're just way to inconvenient. AES is almost certainly unbroken.
|
|
#
?
Feb 21, 2015 01:50
|
|
|
Zombywuf posted:AES is almost certainly unbroken. There are public attacks against AES with a 128 bit key size that, last I saw, got the time complexity down to about 2^70. That's small enough to be reasonable for state actors if they want you. So a perfect AES 256 or more right now with software or trusted hardware, you're probably safe for the time being. Probably.
|
|
#
?
Feb 21, 2015 01:59
|
|
|
Broken Machine posted:There are public attacks against AES with a 128 bit key size that, last I saw, got the time complexity down to about 2^70. That's small enough to be reasonable for state actors if they want you. So a perfect AES 256 or more right now with software or trusted hardware, you're probably safe for the time being. Probably. I believe that the attack you're describing is against a partial implementation where fewer 'rounds' are made through the algorithm and it does not work against full AES. Is it this one? https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
|
|
#
?
Feb 21, 2015 02:18
|
|
|
Salt Fish posted:I believe that the attack you're describing is against a partial implementation where fewer 'rounds' are made through the algorithm and it does not work against full AES. Is it this one? No, although that's related and a good overview of the current state of things. I think a robust AES implementation is still probably safe but there's not much of a safety margin at this point, that's the key point. Attacks aren't generally practical yet but they're on their way shortly.
|
|
#
?
Feb 21, 2015 02:52
|
|
|
Zombywuf posted:Yeah, what I meant to say was the that the type of encryption is irrelevant (mostly). Against bulk collection encryption does two things, first it makes it basically impossible for them to do a "full take" and second gives people who do have things to hide some chaff to hide in. Unless the company running the service gives the encryption keys to the NSA. Or unless the encryption implementation has some exploitable flaw. It doesn't matter how strong the lock is if the homeowner gives the NSA a spare key, or if the NSA secretly obtains a copy of the key (as some of the Snowden leaks suggested), or if the windows are left wide open. Even if the encryption algorithm itself is solid, how can you trust that it's being applied properly and thoroughly? Heartbleed has demonstrated that the open source community can't handle that task, and the NSA leaks have shown that communication platform owners can't be trusted either.
|
|
#
?
Feb 21, 2015 04:33
|
|
|
Main Paineframe posted:Unless the company running the service gives the encryption keys to the NSA. Or unless the encryption implementation has some exploitable flaw. It doesn't matter how strong the lock is if the homeowner gives the NSA a spare key, or if the NSA secretly obtains a copy of the key (as some of the Snowden leaks suggested), or if the windows are left wide open. Even if the encryption algorithm itself is solid, how can you trust that it's being applied properly and thoroughly? Heartbleed has demonstrated that the open source community can't handle that task, and the NSA leaks have shown that communication platform owners can't be trusted either. What exactly are you trying to say? No security system is perfect or ever will be perfect. What does pointing to these small flaws accomplish? "It's hard to do so everyone just give up" ?
|
|
#
?
Feb 21, 2015 04:46
|
|
|
Salt Fish posted:What exactly are you trying to say? No security system is perfect or ever will be perfect. What does pointing to these small flaws accomplish? "It's hard to do so everyone just give up" ? I mean if it makes you feel better more power to ya. And using encryption by default will protect you from a lot of lower-level threats. But against an adversary like the NSA? If you believe that you're either delusional or you haven't been paying attention to the Snowden (et all) disclosures. I mean I kinda feel like I just fell into a timewarp since we had a more or less identical discussion six or eight months ago in this very thread. But if anything in the meantime all that's happened is that even greater surveillance capabilities have been brought to light. SubG fucked around with this message at 05:17 on Feb 21, 2015 |
|
#
?
Feb 21, 2015 05:15
|
|
|
SubG posted:Relying on encryption to protect your privacy from the NSA is delusional. They far, far are better at listening to you than you are at making it difficult for them to listen, they have vastly greater resources than you do, and anything you do that might have any marginal success will just flag you for greater scrutiny. Salt Fish posted:Encryption is irrelevant in the very rare case of the full brunt of the security apparatus being brought down onto an individual. However, it is extremely relevant when discussing bulk collection and mass surveillance which is where you and I are most likely to be affected. Obviously nobody is arguing that we shouldn't have a security or intelligence apparatus at all. The main arguments against what the NSA have been doing fall into two categories; subverting Internet security, and bulk warrant-less collection. edit: also, the answer to my question is that yes, what you're saying boils down to "security is hard wah wah might as well give up". This is exactly the argument that the NSA would like for us to accept. Let's throw our hands into the air and change our passwords to "123qwe" because you can't be 100% secure. What a complete joke. Your servile attitude is an authoritarian's wet dream. Salt Fish fucked around with this message at 05:24 on Feb 21, 2015 |
|
#
?
Feb 21, 2015 05:20
|
|
|
No. The distinction you have persistently clung to in this thread between `bulk' or `mass' surveillance and `the full brunt of the security apparatus being brought down onto an individual' or whatever is completely divorced from the facts as we know them. I mean feel free to just keep repeating it as a talking point and ignore the public disclosures if you want, but (at least according to the Snowden disclosures) they do not seem to have the problems of scaling their methods in the way you seem to persistently wish to imply they do. You can't rely on hiding in the crowd because people don't occur in cryptographically significant numbers. In a given day there are on the order of a couple billion phone calls made in the U.S. You could search and sort that dataset on the typical desktop computer. Scaling up to the size of the U.S. population---or even the world population---is just not a meaningful barrier to any state actor, much less the NSA. Anything that they can do in an automated fashion they can do as often as they want to, and in so doing any distinction between `mass' or `targeted' surveillance becomes nothing more than a semantic quibble to be ignored by a FISC judge. Salt Fish posted:edit: also, the answer to my question is that yes, what you're saying boils down to "security is hard wah wah might as well give up". This is exactly the argument that the NSA would like for us to accept. Let's throw our hands into the air and change our passwords to "123qwe" because you can't be 100% secure. What a complete joke. Your servile attitude is an authoritarian's wet dream. But as I've said before, on this subject and in this thread, I'm not saying we shouldn't do anything. I'm not even saying not to use encryption. Indeed, I've said precisely the opposite. I'm just saying that running a loving encrypted app on your iPhone is not going to protect your privacy from the NSA and you'd have to ignore a huge body of evidence to believe otherwise.
|
|
#
?
Feb 21, 2015 05:49
|
|
|
SubG posted:No. The distinction you have persistently clung to in this thread between `bulk' or `mass' surveillance and `the full brunt of the security apparatus being brought down onto an individual' or whatever is completely divorced from the facts as we know them. I mean feel free to just keep repeating it as a talking point and ignore the public disclosures if you want, but (at least according to the Snowden disclosures) they do not seem to have the problems of scaling their methods in the way you seem to persistently wish to imply they do. quote:You can't rely on hiding in the crowd because people don't occur in cryptographically significant numbers. In a given day there are on the order of a couple billion phone calls made in the U.S. You could search and sort that dataset on the typical desktop computer. Scaling up to the size of the U.S. population---or even the world population---is just not a meaningful barrier to any state actor, much less the NSA. Anything that they can do in an automated fashion they can do as often as they want to, and in so doing any distinction between `mass' or `targeted' surveillance becomes nothing more than a semantic quibble to be ignored by a FISC judge. quote:But as I've said before, on this subject and in this thread, I'm not saying we shouldn't do anything. I'm not even saying not to use encryption. Indeed, I've said precisely the opposite. I'm just saying that running a loving encrypted app on your iPhone is not going to protect your privacy from the NSA and you'd have to ignore a huge body of evidence to believe otherwise. So here's the thing. It will protect your privacy. Your privacy is violated when some low level wire tap janitor sees your holiday snaps flowing past and shows them round the office so they can all laugh at you, then the office paedo takes a liking to one of your kids and puts it in his private collection. The more encryption there is the more expensive it is for the NSA to do the kind of full-take collection that allows this scenario to happen. HTTPs everywhere for example, now they can't just sit on the wire monitoring your Google searches, they have to go to Google and do a poo poo-ton of expensive collation. It will not protect you from the NSA taking an interest in you.
|
|
#
?
Feb 21, 2015 12:00
|
|
|
Main Paineframe posted:Unless the company running the service gives the encryption keys to the NSA. Or unless the encryption implementation has some exploitable flaw. It doesn't matter how strong the lock is if the homeowner gives the NSA a spare key, or if the NSA secretly obtains a copy of the key (as some of the Snowden leaks suggested), or if the windows are left wide open. Even if the encryption algorithm itself is solid, how can you trust that it's being applied properly and thoroughly? Heartbleed has demonstrated that the open source community can't handle that task, and the NSA leaks have shown that communication platform owners can't be trusted either. OpenSSL was known to be poo poo forever. Unfortunately it took a good kicking to get people to realise this and get things fixed. Part of the problem there is people constantly saying things like "Crypto is some sort of advanced space magic which ordinary programmers cannot possibly hope to understand." So the OpenSSL devs get treated like exalted wizards and we get heartbleed. We fundamentally cannot trust that the crypto is being applied properly, we can only apply so much that it makes them sweat. This is not security it's civil disobedience.
|
|
#
?
Feb 21, 2015 12:11
|
|
|
Zombywuf posted:It will not protect you from the NSA taking an interest in you. And we also know that independent of any encryption they have the ability to compromise your privacy for any meaningful definition of the term. E.g., by knowing what you're looking at online, who you're talking to on the phone, for how long and how frequently, where you go, what you buy, and so on. That is: encrypting stuff is insufficient to protect your privacy because you can't even in principle encrypt everything you want to keep private, and the more poo poo you encrypt the more attention you draw to yourself. Encrypting stuff has advantages against other threats, sure. But, again, if it's NSA surveillance you're worried about you're loving kidding yourself if you think installing an encryption app is solving the problem. Zombywuf posted:If you're the one guy using PGP you stick out like a sore thumb, if everyone's using PGP they've got to examine everyone. Again: I'm not saying this to talk anyone out of using encryption. I absolutely agree that ubiquitous, passive encryption on communications channels is a good thing and it's shameful that more technologies don't supply such facilities as a matter of course. It's just that if the problem is the NSA violating every loving body's privacy, that is not a solution. It so unlike a solution that proposing that it is suggests a profound and fundamental underestimation of the actual scope of the problem. As I said before, an actual solution to the problem involves poo poo like a modern Church Committee, a major watershed decision from the Supreme Court, a Constitutional Amendment, massive reform of industry data handling standards, or poo poo like that for starters. Zombywuf posted:HTTPs everywhere for example, now they can't just sit on the wire monitoring your Google searches, they have to go to Google and do a poo poo-ton of expensive collation. I mean if you've got some stunning disclosure you'd like to share with the thread I'd be delighted to listen to it, but SSL between you and google does precisely gently caress all to protect the privacy of your search activity from the NSA unless the Snowden slides are full of poo poo.
|
|
#
?
Feb 21, 2015 13:10
|
|
|
SubG posted:What? No. They go to google with a blanket FAA 702 request, get google to hand them whatever mountain of data they demand, and then it just sits there waiting for XKS to trigger on someone searching for Tor. That's what PRISM is, it's what it does. They're already listening on the wire as little as they possibly can precisely because it's easier to have e.g. the service providers do all the heavy lifting. It's a matter of cost. Data doesn't just sit around, it needs processing and that costs money. GCHQ has full take on every wire leaving the UK, they're doing that for a reason. If it wasn't worth their while to grab the traffic off the wire they wouldn't be doing it, so encrypt your traffic on the wire for no other reason than to thumb your nose at them. Edit: quote:And, as we know from the disclosures, using encryption will in and of itself cause the NSA to take an interest in you.
|
|
#
?
Feb 21, 2015 14:08
|
|
|
Intelligence employees are not "regular people." People who get jobs in the NSA are systematically selected to have a particular ideological background. First by being the kinds of people who can get into and through top schools, then by being the kind of people who want to join the NSA or would find it an acceptable option. So already our pool of people has been narrowed down to people who graduated high-ranked colleges, are from wealthy backgrounds, had major scholarships, or are severely buried in debt, and who are mildly critical to rabidly in favor of the standard presuppositions of American "national security." They are very likely careerist workers-for-the-sake-of-it, especially if their scholarship funding comes from the likeliest source, the military or academic achievement. Most importantly, NSA employees are the kind of people who can pass a "Top Secret Clearance," which acts as an insidiously ideological filter that weeds out anyone left from this pool who might have radical politics, a criminal record, until recently a "nonstandard" sexual orientation, or merely with a history of drug use or bad credit. Let's look at what these all mean. Radical politics and the reasons for excluding it seem clear enough, with the caveat that libertarianism isn't considered terribly radical if its critique is mostly directed at domestic government spending; to the natsec state they're no different than the millions of Republicans in the DC metro area who declaim against big government while their entire livelihood is based on it. Discrimination against people with criminal records, drug use histories, and bad credit has the effect of weeding out people who may not have implicit respect for the law, authority, or contracts simply by virtue of their existence; these characteristics are symptomatic of a spark of rebelliousness and cannot be tolerated. It is also worth noting that veterans, active-duty soldiers and members of military families are given preferential treatment in obtaining top-secret clearances; this also has the effect of even further privileging entry to authority-respecting people already exposed to and receptive to following hierarchical orders, nationalist *ein-svei and indoctrination. There is also reason to believe that they are preferred for promotion. Which brings us to the last point, structural advancement. Ideology, education, background, money and/or crushing debt keeps the entry-level employees relatively homogenous and in line, but as with any large organization advancement is not a pure meritocracy and certainly not an ethical meritocracy. The higher you go the more positions are occupied by true believers and cynical careerists, sometimes both in the same person. It also becomes even whiter and more male-dominated as you go up, for the same reasons as most large old organizations. It is important to note that this is an emergent property of these organizations, not anything any one individual demanded. I'm sure that when they sincerely defend refusing to grant security clearance to people who used LSD a few times in college, they do so grounded in Deep Pragmatic Concerns and not on trying to maintain ideological homogeneity. When they privilege military applicants I am sure that they are doing so because it is A Nice Thing to Do For Our Boys and not because they know they want more half-bright brainwashed nationalists. But this is the result. They have built an organization built on conformity, careerism and obedience, and it shows. Tezzor fucked around with this message at 23:00 on Feb 21, 2015 |
|
#
?
Feb 21, 2015 22:57
|
|
|
Zombywuf posted:It's a matter of cost. Data doesn't just sit around, it needs processing and that costs money. GCHQ has full take on every wire leaving the UK, they're doing that for a reason. If it wasn't worth their while to grab the traffic off the wire they wouldn't be doing it, so encrypt your traffic on the wire for no other reason than to thumb your nose at them. Zombywuf posted:So everyone Googling for TOR and PGP will increase their overheads.
|
|
#
?
Feb 22, 2015 00:40
|
|
|
SubG posted:If you want to argue that using encryption is some form of pasty white civil disobedience that's cool, but that's not what the argument was. The argument was that it was an effective means of protecting your privacy from the loving NSA, which it isn't. I mean if you want to send a postcard to the NSA requesting to be put on a watchlist I'm sure that would be deliciously subversive and make you feel like you're totally fighting the power and all that, but it wouldn't exactly be an effective measure for preserving your privacy. Personally I think the only way it's going to stop is when the situation gets so bad people rise up as one and collect some loving heads, and that time is a long way off - probably not within our lifetimes. Until then, use encryption, make encryption easier to use, encourage others to learn about computer security. If they're going to see all your sexts at least make them work for it.
|
|
#
?
Feb 22, 2015 00:56
|
|
|
Tezzor posted:Interesting stuff
|
|
#
?
Feb 22, 2015 01:33
|
|
|
Branis posted:I don't actually know anything about the hiring process, but wouldn't the NSA be looking more for skilled people in the vein of Edward Snowden who had a GED but was extremely good with computers? Do top tier schools even teach the type of stuff the NSA does? The whole company man toe the nationalistic american line seems more cold war G man stuff than 2015 hiring people who have lived in front of computers their entire lives and wrote viruses and hacked gibsons for fun. It would depend on the specific job, but yes plenty of universities do teach what the NSA does. I remember when I was looking into colleges that was a selling point for one of them (RIT I believe).
|
|
#
?
Feb 22, 2015 01:41
|
|
|
Branis posted:I don't actually know anything about the hiring process, but wouldn't the NSA be looking more for skilled people in the vein of Edward Snowden who had a GED but was extremely good with computers? Do top tier schools even teach the type of stuff the NSA does? The whole company man toe the nationalistic american line seems more cold war G man stuff than 2015 hiring people who have lived in front of computers their entire lives and wrote viruses and hacked gibsons for fun. It's a lot of words he pulled entirely out of his rear end, and is wrong on almost every count. NSA draws heavily from the military enlisted and local state schools like UMD, UMBC, Penn State, and a few tech schools like VTech and RIT. Any good sized CS program will have a cybersecurity specialization or something.
|
|
#
?
Feb 22, 2015 04:26
|
|
|
The NSA isn't all computer programmers
|
|
#
?
Feb 22, 2015 04:42
|
|
|
Ghost of Reagan Past posted:Leaving aside RAH RAH ARE COUNTRY stuff, you might think that this is bad for the American tech industry. Why should anyone trust American technology? In seriousness? Because it's also the NSA's job to break into companies globally so there's no way buying Chinese or German is going to guarentee you any better safety. Remember that their SIM card heft stuff operated almost exclusively in Europe. In fact tech from countries that are "unfriendly"may be even likelier to have NSA backdoors, which they'd be a bit bolder with since "friendly" companies might be expected not to buy it normally, and the US government will studiously avoid itself. And that's before you take into account other cyberarfare agencies worldwide.
|
|
#
?
Feb 22, 2015 04:45
|
|
|
And then you take into account all the companies who skimped on their tech budget and bought Huawei routers.. e: but it's okay because the NSA used Google's streetview wifi database to create a map of compromisation across the country... i am harry fucked around with this message at 05:06 on Feb 22, 2015 |
|
#
?
Feb 22, 2015 04:56
|
|
|
WhiskeyJuvenile posted:The NSA isn't all computer programmers Right, but I don't think anyone here is super concerned about the nsa's linguistic/bureaucratic staff, however good they might be.
|
|
#
?
Feb 22, 2015 05:37
|
|
|
Zombywuf posted:I think you're still not seeing what the problem being solved is. The NSA do vacuum up data from the wire and they do pass around pictures they stumble across. This is a privacy issue. If they want to get you they'll get you. But so long as people like you go around telling everyone that they shouldn't bother with encryption it's worthless you only make their job easier.
|
|
#
?
Feb 22, 2015 06:54
|
|
|
Nintendo Kid posted:In seriousness? Because it's also the NSA's job to break into companies globally so there's no way buying Chinese or German is going to guarentee you any better safety. Remember that their SIM card heft stuff operated almost exclusively in Europe. I'm pretty sure American companies are still more likely to have innate NSA sponsored exploits like so. In addition to normal spying and hacking against such tech companies, nationalistic legal avenues for compliance, whether cooperative or compulsory, seem to me as an amazing bonus for them against U.S. manufacturers.
|
|
#
?
Feb 22, 2015 07:02
|
|
|
Salt Fish posted:What exactly are you trying to say? No security system is perfect or ever will be perfect. What does pointing to these small flaws accomplish? "It's hard to do so everyone just give up" ? I'm saying that if you have data which absolutely has to be secure no matter what, then there's no point in using security that can't be trusted. Services and platforms where your communications are traveling through the servers of a third party who also provides the encryption are inherently untrustable, and the failures of the infosec community have rendered it - and the security software and protocols it creates - difficult to trust as well. I'm fairly sure anyone who sent valuable information they didn't want the NSA seeing over SSL during the two years that OpenSSL was vulnerable thinks that Heartbleed was more than just a "small flaw". The concept of inherently secure communications is essentially dead. Secure communication isn't impossible, but user-friendly "it just works" systems where you just type whatever and hit "Send" can no longer be trusted, even if they claim to encrypt your communications. If cybersecurity is even still possible, it's going to be under the old spergy graybeard model of using PGP or something to encrypt your message before you get it anywhere near a communication method. On the flip side, of course, most people aren't going to do that. Which is fine. After all, most communications don't genuinely need to be secure, and people's unwillingness to put any real effort into securing their communications merely reflects how much they really care about keeping their communications away from the NSA. But don't lie to yourself and pretend that "hey, Whatsapp is adding an encrypted mode" means that your communications are safe.
|
|
#
?
Feb 22, 2015 09:38
|
|
|
tentative8e8op posted:I'm pretty sure American companies are still more likely to have innate NSA sponsored exploits like so. In addition to normal spying and hacking against such tech companies, nationalistic legal avenues for compliance, whether cooperative or compulsory, seem to me as an amazing bonus for them against U.S. manufacturers. I'd almost think that non-us companies would be more of a hardware risk. Pretty much every industrial country has a sigint apparatus, but nowhere else in the world has the same ability to access fiber trunks, or get the really important companies' info (google, Microsoft, apple, etc). So if they can backdoor some routers made in their country that's a valuable and reliable access to intelligence they couldn't get otherwise. Basically, the incentives for foreign companies & governments to backdoor stuff is even greater than the US.
|
|
#
?
Feb 22, 2015 09:49
|
|
|
A Man With A Plan posted:It's a lot of words he pulled entirely out of his rear end, and is wrong on almost every count. NSA draws heavily from the military enlisted and local state schools like UMD, UMBC, Penn State, and a few tech schools like VTech and RIT. Any good sized CS program will have a cybersecurity specialization or something. This here: "Which brings us to the last point, structural advancement. Ideology, education, background, money and/or crushing debt keeps the entry-level employees relatively homogenous and in line, but as with any large organization advancement is not a pure meritocracy and certainly not an ethical meritocracy. The higher you go the more positions are occupied by true believers and cynical careerists, sometimes both in the same person." is absolutely true for any large organisation. A Man With A Plan posted:Right, but I don't think anyone here is super concerned about the nsa's linguistic/bureaucratic staff, however good they might be. The structure as a whole matters, not the people that are bound into it (even more if the punishment for betraying that structure is if not "death" than certainly "you will lose your life"). Zombywuf posted:Personally I think the only way it's going to stop is when the situation gets so bad people rise up as one and collect some loving heads, and that time is a long way off - probably not within our lifetimes. Nektu fucked around with this message at 10:00 on Feb 22, 2015 |
|
#
?
Feb 22, 2015 09:58
|
|
|
A Man With A Plan posted:It's a lot of words he pulled entirely out of his rear end, and is wrong on almost every count. NSA draws heavily from the military enlisted and local state schools like UMD, UMBC, Penn State, and a few tech schools like VTech and RIT. Any good sized CS program will have a cybersecurity specialization or something. Ok, perhaps the requirement that someone go to a top school is incorrect at least for low-level employment. That's one count. How about almost every other?
|
|
#
?
Feb 22, 2015 10:05
|
|
|
|
| # ? May 20, 2024 16:00 |
|
|
Branis posted:I don't actually know anything about the hiring process, but wouldn't the NSA be looking more for skilled people in the vein of Edward Snowden who had a GED but was extremely good with computers? Do top tier schools even teach the type of stuff the NSA does? The whole company man toe the nationalistic american line seems more cold war G man stuff than 2015 hiring people who have lived in front of computers their entire lives and wrote viruses and hacked gibsons for fun. Snowden had many characteristics that made him a good fit for NSA hire: he was a boring straight white male center-right-libertarian nerd who was very bright and skilled with computers, worked for NSA contractors, had a Top Secret clearance already, had a medical discharge as an army recruit and came from a military family in the DC area, and joined during a massive post-9/11 hiring splurge. Aside from never being a full-fledged member of the military and not having a degree he was basically a perfect candidate. That and having a sense of morality.
|
|
#
?
Feb 22, 2015 10:13
|
|