|
SubG posted:I'm not telling anyone they shouldn't bother with encryption. Indeed, I've said precisely the opposite. In this thread. Recently. But unless you're somehow or other trying to equate a couple of guys passing around pictures they've `stumbled across' to the whole problem with NSA surveillance, you're just equivocating. Encrypting your poo poo is good. It solves, or can help solve, a bunch of problems. Your privacy being violated by a all-consuming surveillance state is not one of them. Pretending that it does or that it could is woefully underestimating the true scope of the problem. I never made any claim that the whole problem is people passing around pictures they stumble across. It is however part of the problem of security services staff looking at naked pictures of your kids that they are totally sending no matter what they tell you. Encryption causes them problems, and low level staff looking at poo poo they shouldn't are going to have to escalate their access (i.e. passive to active) to get away with this kinda poo poo. Sure if you want to actually go up against the NSA toe to toe you are going to need a massively hard OPSEC routine of which encryption will pay a tiny tiny part. I think you're confusing security and privacy here.
|
#
?
Feb 22, 2015 17:27
|
|
|
|
| # ? May 3, 2024 09:36 |
|
|
Tezzor posted:Ok, perhaps the requirement that someone go to a top school is incorrect at least for low-level employment. That's one count. How about almost every other? For context, I work in the security induustry in the DC area. This has involved work with the agency before. Demographically, the nsa is more diverse than many places I've worked. 3 of the 4 managers I dealt with were women, and each got promoted in the time I was there. Racially, pretty decent thanks to the local hiring/military and the fact that it's in the Maryland, DC area. During the 2012 election people avoided talking too much about politics, but it was clear it followed the standard model. The older works were generally more conservative, younger more liberal, smattering of libertarians. I'll confess I didn't meet any avowed leftists. It's a large enough organization that it really is just an even slice of the greater population. There's no official bias towards giving military members clearances, though it's certainly easier to investigate. You know where they've lived and who they interact with. The nsa does preferentially hire veterans as it's a part of the DoD. However as for all the other pop psych stuff in your post, you said yourself it applies to all large organizations, if you're correct about any of it, so I'm not sure why it's pertinent in this case. I think you're working off of an outdated perception of the intelligence agencies. They can change along side changes in the dominant culture. And while there's an old guard still afraid of the Soviets, the majority of people, including leadership, have realized the differences now. Also I've said it before, but they really are much more concerned about foreign actors. Spying on domestic things is the fbi's job. E: I'd like to emphasize that I'm not an expert in NSA things, nor claiming to be. These are my impressions from working on a brief contract there. A Man With A Plan fucked around with this message at 18:02 on Feb 22, 2015 |
|
#
?
Feb 22, 2015 17:52
|
|
|
A Man With A Plan posted:For context, I work in the security induustry in the DC area. This has involved work with the agency before. I don't dispute and never disputed that there is some gender and racial diversity in the intelligence community particularly at lower levels. What I am talking about is structural organization and ideological diversity. I also spoke about the exclusion of people with radical politics, not liberals; I'm sure there are plenty of worthless liberals at the bottom rungs of the intelligence community who are almost certainly entirely supportive of really-existing American foreign policy, ambivalent towards it, or silent about their meager criticisms at work. You are correct that the structural filtering is not uncommon in large organizations, but the requirement for security clearances and the privileged hiring of military backgrounds makes the ideological conformity worse.
|
|
#
?
Feb 23, 2015 08:14
|
|
|
Citizenfour won Best Documentary tonight which will hopefully impel more people to see it.
|
|
#
?
Feb 23, 2015 08:14
|
|
|
Tezzor posted:...ideological[/i] diversity. I also spoke about the exclusion of people with radical politics, not liberals... The type of clearance/background check you are talking about here in which political ideology is seriously examined only happens at a level when polygraphs are introduced. You can hold up to a TS/SCI without any political question more invasive then "Have you ever been a member of a group dedicated to the overthrow of the US government?" being asked of you. Granted, the intelligence community is specifically where poly level investigations start to happen.
|
|
#
?
Feb 23, 2015 13:36
|
|
|
Zombywuf posted:I think you're still not seeing what the problem being solved is. The NSA do vacuum up data from the wire and they do pass around pictures they stumble across. This is a privacy issue. If they want to get you they'll get you. But so long as people like you go around telling everyone that they shouldn't bother with encryption it's worthless you only make their job easier. I think his point is that if you're doing it to annoy the NSA, more power to you-and there's tons of lesser threats which will be stopped via encryption, but if you're doing it under the impression it'll stop them from reading your emails if they want to, that is probably a fool's errand. http://research.microsoft.com/en-us/people/mickens/thisworldofours.pdf If you're security concerned and you're dealing with Mossad (or in this case the NSA), you're probably boned if they really care-so think of using crypto as thumbing your nose at them rather than keeping yourself secure. Maybe I'm misinterpreting him but it seems like that's what he's saying. "Crypto isn't going to make you more secure against the NSA, so think of it is a form of protest than a form of security."
|
|
#
?
Feb 23, 2015 17:48
|
|
|
MJ12 posted:I think his point is that if you're doing it to annoy the NSA, more power to you-and there's tons of lesser threats which will be stopped via encryption, but if you're doing it under the impression it'll stop them from reading your emails if they want to, that is probably a fool's errand. That's exactly what he's saying. The entire video is wonderful.
|
|
#
?
Feb 23, 2015 17:52
|
|
|
 There's a bigass new leak with stuff from MI6, Mossad, FSB, SSA, Iran and more http://www.aljazeera.com/news/2015/...8100147229.html quote:A digital leak to Al Jazeera of hundreds of secret intelligence documents from the world's spy agencies has offered an unprecedented insight into operational dealings of the shadowy and highly politicised realm of global espionage.
|
|
#
?
Feb 23, 2015 17:55
|
|
|
snorch posted:
One thing worth noting here is AJ's mention that these cables will highlight agency HUMIT operations, different from most of the SIGINT stuff we've seen within the Snowden documents.
|
|
#
?
Feb 23, 2015 18:08
|
|
|
A Man With A Plan posted:... So one of the reasons Snowden stated as a motivation for leaking was that the tools are focused more on the US than externally. Here's a relevant quote from Snowden during an award ceremony last year: quote:But what I saw was our Constitution being violated on a massive scale, and I did report this internally. I told all of my coworkers. I told my superiors. I showed them Boundless Informant, which is a global heat map, an internal heat map that any NSA employee could see, anyone with an internal [...] account could see that showed the precedents, the level of incidence of NSA interception, collection, storage and analysis of events around the world. And I asked these people, because this is what the tool showed, “Do you think it’s right that the NSA is collecting more information about Americans in America than it is about Russians in Russia?” I'm sure you really believe the things you're saying, I'm just not sure they're actually true.
|
|
#
?
Feb 23, 2015 19:02
|
|
|
inignot posted:The type of clearance/background check you are talking about here in which political ideology is seriously examined only happens at a level when polygraphs are introduced. You can hold up to a TS/SCI without any political question more invasive then "Have you ever been a member of a group dedicated to the overthrow of the US government?" being asked of you. Granted, the intelligence community is specifically where poly level investigations start to happen. This is false. All the filters I mentioned are in place preventing you from getting that clearance.
|
|
#
?
Feb 23, 2015 19:46
|
|
|
Tezzor posted:This is false. All the filters I mentioned are in place preventing you from getting that clearance. I can only confirm my own experiences having done multiple clearance reference interviews with investigators. The interviews have always consisted of verifying basic biographical information (schools attended, job history, addresses) for the past 7 - 10 years, confirming a lack of drug or alcohol problems, best effort confirmation of lack of debt problems, general "any problems with this person having access to sensitive information" type questions. No one has ever asked about Che Guevara tshirts or any other political ideology related question (aside from membership in a gov overthrow dedicated organization). Poly exams, like a counter intel or lifestyle, are another realm. Here's a list of clearance adjudications that went to an appeal for some reason. It's all drug/alcohol problems, debt problems, and foreign interest problems. And they don't all end in denials either; many of them illustrate examples of applicants mitigating whatever initial problem they were reviewed for. http://www.dod.mil/dodgc/doha/industrial/
|
|
#
?
Feb 23, 2015 22:42
|
|
|
inignot posted:I can only confirm my own experiences having done multiple clearance reference interviews with investigators. The interviews have always consisted of verifying basic biographical information (schools attended, job history, addresses) for the past 7 - 10 years, confirming a lack of drug or alcohol problems, best effort confirmation of lack of debt problems, general "any problems with this person having access to sensitive information" type questions. No one has ever asked about Che Guevara tshirts or any other political ideology related question (aside from membership in a gov overthrow dedicated organization). Poly exams, like a counter intel or lifestyle, are another realm. It is a misundersanding of how these filtering processes work. They don't sit you down in a room and say "are you now or have you ever been a member of the communist party." First, because party affiliation of radical parties is tiny and insignificant, people with radical beliefs about US foreign policy are much more likely to indentify as Greens, Democrats, Independents or not vote at all. More importantly, they don't need to ask that question because they've asked it from a dozen different directions already. 'OK, we know you want to join the NSA, are a heterosexual white male from a middle-class background who joined the Army to do computer science and you do not have any obvious radical affiliations or facebook posts, any arrests, any radical publications under your own name, you're not on any watchlists or under surveillance for anything, you can pass a drug test and never used a lot of drugs in the past, and have good credit, but are you a political radical??" Tezzor fucked around with this message at 23:09 on Feb 23, 2015 |
|
#
?
Feb 23, 2015 23:01
|
|
|
http://www.reddit.com/user/SuddenlySnowden Snowden on the internal mood of the NSA rank and file: redditor posted:Edward, a friend of mine works for the NSA. He still actively denies that anything you have done or said is legitimate, completely looking past any documented proof that you uncovered and released. Snowden posted:So when you work at NSA, you get sent what are called "Agency-All" emails. They're what they sound like: messages that go to everybody in the workforce.
|
|
#
?
Feb 23, 2015 23:07
|
|
|
I had a quick question I was wondering about recently. If I, a normal person, called up my friend Joe and said "Joe I just murdered Jeff", if the government wanted too could they get a copy of that call for court?
|
|
#
?
Feb 23, 2015 23:51
|
|
|
Its Miller Time posted:I had a quick question I was wondering about recently. If I, a normal person, called up my friend Joe and said "Joe I just murdered Jeff", if the government wanted too could they get a copy of that call for court? Probably. 20 year's ago the answer was probably not. Progress.
|
|
#
?
Feb 24, 2015 00:16
|
|
|
Documents have shown that the NSA has "total recall" systems in place in the phone networks of the Bahamas and Pakistan. These systems record all phone calls on the network and store them for later playback. It's unclear whether this is going on in the US as well, but signs point to "maybe". That bigass datacenter they built in Utah probably isn't just for porn storage.
|
|
#
?
Feb 24, 2015 00:55
|
|
|
MJ12 posted:I think his point is that if you're doing it to annoy the NSA, more power to you-and there's tons of lesser threats which will be stopped via encryption, but if you're doing it under the impression it'll stop them from reading your emails if they want to, that is probably a fool's errand. This is pretty much what I'm saying. But with the slight expansion that it does make it harder for them. Not much harder, but still harder. Why do you think there's the big push for perfect forward secrecy? It's because without PFS the NSA can just snag the keys they want at their leisure, with it they have to have the keys in advance. Can they get the keys? Sure, but they've got to work for them. Ultimately this means money. When Google provides PFS (and seem to use a bunch of certs on rotation (unless this is just evidence that the NSA are MITMing me)) this means a lot of money. Again, the docs about the SIM keys hacking suggest they never got the keys that were emailed with PGP, presumably they couldn't get the budget together to do it - which does make you wonder what they're doing that they have got the budget for. ps. It's pretty amusing to me that Mickens' Mossad or not Mossad model is posted immediately before Al Jazeera posts a bunch of Mossad related leaks. pps. I guess Mossad killed all those Iranian scientists for nothing.
|
|
#
?
Feb 24, 2015 03:08
|
|
|
Its Miller Time posted:I had a quick question I was wondering about recently. If I, a normal person, called up my friend Joe and said "Joe I just murdered Jeff", if the government wanted too could they get a copy of that call for court? At this point what is stopping them from accusing you of wasting valuable time and taking your stuff as punishment.
|
|
#
?
Feb 24, 2015 04:49
|
|
|
Zombywuf posted:This is pretty much what I'm saying. But with the slight expansion that it does make it harder for them. Not much harder, but still harder. You want privacy. So you encrypt poo poo. Even if this prevents the NSA from reading it (which isn't by any means a foregone conclusion for reasons we've already explored in this thread), you're going to get flagged for additional scrutiny. There is no conceivable way this will fail to result in less net privacy for you unless you're some kind of crazy privacy survivalist living completely off the grid. I mean I was replying to snorch and Salt Fish and the people who were pushing the idea that the `real solution' (snorch's words) to NSA surveillance is to `encrypt everything'. Because it's not. Which is what I said. I'm not sure why you felt the need to swoop in and defend the honour of encryption or whatever the gently caress you're trying to do. But even leaving aside all that, you're still wrong if you're advocating the position that encrypting your poo poo is improving your privacy as far as the NSA is concerned. At least not if the content of the Snowden disclosures can be trusted.
|
|
#
?
Feb 24, 2015 05:01
|
|
|
SubG posted:You want privacy. So you encrypt poo poo. Even if this prevents the NSA from reading it (which isn't by any means a foregone conclusion for reasons we've already explored in this thread), you're going to get flagged for additional scrutiny. There is no conceivable way this will fail to result in less net privacy for you unless you're some kind of crazy privacy survivalist living completely off the grid. Yeah I forgot to mention that for this to work, it has to be "everyone encrypts everything all the time". This still leaves the metadata problem, which can only really be overcome by using something like onion routing, which is slow and impractical for most purposes. And you're right in that it's not a universal solution to the root of the problem. I think Snowden categorized the purpose of this approach nicely in one of his responses in the reddit AMA. quote:At the same time, we should remember that governments don't often reform themselves. One of the arguments in a book I read recently (Bruce Schneier, "Data and Goliath"), is that perfect enforcement of the law sounds like a good thing, but that may not always be the case. The end of crime sounds pretty compelling, right, so how can that be?
|
|
#
?
Feb 24, 2015 12:18
|
|
|
SubG posted:I mean I was replying to snorch and Salt Fish and the people who were pushing the idea that the `real solution' (snorch's words) to NSA surveillance is to `encrypt everything'. Because it's not. Which is what I said. I'm not sure why you felt the need to swoop in and defend the honour of encryption or whatever the gently caress you're trying to do. But even leaving aside all that, you're still wrong if you're advocating the position that encrypting your poo poo is improving your privacy as far as the NSA is concerned. At least not if the content of the Snowden disclosures can be trusted. Which is why Snowden said "Encryption is a waste of time, don't use it." Oh wait, that's not what he said, what he said was "Encryption works."
|
|
#
?
Feb 24, 2015 12:32
|
|
|
snorch posted:Documents have shown that the NSA has "total recall" systems in place in the phone networks of the Bahamas and Pakistan. These systems record all phone calls on the network and store them for later playback. It's unclear whether this is going on in the US as well, but signs point to "maybe". That bigass datacenter they built in Utah probably isn't just for porn storage. I think the leak said it was Afghanistan, but yeah. There's a couple orders of magnitude difference between either of those and the US though. I'd say, regarding the original question, not unless they already had decided to target you for some reason.
|
|
#
?
Feb 24, 2015 18:50
|
|
|
A Man With A Plan posted:I think the leak said it was Afghanistan, but yeah. There's a couple orders of magnitude difference between either of those and the US though. I'd say, regarding the original question, not unless they already had decided to target you for some reason. How many orders of magnitude difference between the US and the Bahamas, then? Since that's at least one of however many others now. Here's the relevant article, since it's been a while now: https://firstlook.org/theintercept/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/ e: I suppose it's a bit of a question of what's their end goal. Do you think they don't want those same capabilities in the US eventually? Doing a full take of the Bahamas (which includes a hell of a lot of Americans, by the way) whom the State Department say “The Bahamas is a stable democracy that shares democratic principles, personal freedoms, and rule of law with the United States,” the State Department concluded in a crime and safety report published last year. “There is little to no threat facing Americans from domestic (Bahamian) terrorism, war, or civil unrest.” Are they likely doing a full take of many or most American's full audio specifically? Very likely not..yet. Yet all the metadata they collect can easily provide far more intelligence about Americans than phone audio would. hobotrashcanfires fucked around with this message at 19:18 on Feb 24, 2015 |
|
#
?
Feb 24, 2015 18:59
|
|
|
Zombywuf posted:Which is why Snowden said "Encryption is a waste of time, don't use it." Oh wait, that's not what he said, what he said was "Encryption works." It is an effective defense against, or at least makes much more difficult, indiscriminate bulk collection. If you're the target of a focused surveillance effort, encryption is still annoying, but the NSA is probably still going to compromise your infrastructure and get what they want. Most people aren't the target of focused efforts.
|
|
#
?
Feb 24, 2015 19:37
|
|
|
annapacketstormaya posted:It is an effective defense against, or at least makes much more difficult, indiscriminate bulk collection. If you're the target of a focused surveillance effort, encryption is still annoying, but the NSA is probably still going to compromise your infrastructure and get what they want. Most people aren't the target of focused efforts. That's the way that it should be. We should want the NSA to be able to target specific individuals very well when they have good reason. What we don't want is unlimited warrentless bulk collection. Encryption is the way to move forward on this issue for regular apolitical individuals and I feel like subg is trying to sow dissension in this thread to get people to argue with each other about minutiae with the explicit goal of preventing a consensus on the need to expand the use of encryption.
|
|
#
?
Feb 24, 2015 22:41
|
|
|
hobotrashcanfires posted:How many orders of magnitude difference between the US and the Bahamas, then? Since that's at least one of however many others now. By orders of magnitude I was strictly talking about the population and volume of telecom traffic, not whether it's a critical intelligence target. The population of the Bahamas is about 1/1000 that of the US, and I'd be willing to bet there's some infrastructure peculiarity that led them to be the choice, like maybe all of their phone traffic being routed through the US. I don't think you need to worry about full take telecom in the US for the same reasons you just said. Too many people, and for the rare need of US surveillance, the metadata they get from the telcos is more useful. And while I know it's not the majority opinion in here, in my knowledge the NSA is much more concerned with foreign actors. Like if they were offered all the voice traffic from either the US or Iran, they'd pick Iran every time.
|
|
#
?
Feb 24, 2015 23:01
|
|
|
A Man With A Plan posted:By orders of magnitude I was strictly talking about the population and volume of telecom traffic, not whether it's a critical intelligence target. The population of the Bahamas is about 1/1000 that of the US, and I'd be willing to bet there's some infrastructure peculiarity that led them to be the choice, like maybe all of their phone traffic being routed through the US. Fair point, and I kinda realized that's what you meant, thinking about it later. The dangers of multi-tasking and posting while working. As for why the Bahamas specifically, it would appear to be simply because they could. According to the Intercept it was due to some partnership with the DEA, for “international narcotics traffickers and special-interest alien smugglers”, which is a bit unclear. Perhaps simply because they're US-friendly enough that transport between the two is easier. Maybe potential targets using that route, maybe simply as a trial run. A more conspiratorial idea would be there's a lot of wealthy and potentially powerful Americans they could catch up. Though really, who knows (which is a big part of the problem). Not that I particularly think the NSA is blackmailing and strong-arming folks, but the mere potential of it with what they want to implement, and have very successfully implemented, that sort of thing is inevitable. Though as for any full-take on US calls, we've got that data center in Utah. What is it's purpose exactly? They've already been handling enormous quantities of data from other various forms of collection. I wouldn't merely shrug off the idea that they want to do a full-take here as well. Though it's certainly also possible they're just running out of room from all the other data-collection, or wish to retain that data for longer periods. (Side note: I decided to glance at the NSA's page for their Utah data center and saw their lovely description of the "Domestic Surveillance Directorate: Defending Our Nation. Securing The Citizens.", something about that syntax feels a bit..off. Mostly it's a bit frustrating how people shrug off metadata (they sure did a fine PR job with that one). You could store years worth of data on where someone goes, what they buy, who they associate or likely associate with, etc, for the same space/cost as a handful of useless phone calls. Immeasurably more valuable and easily analyzed without the need of a human operator to interpret. I just wouldn't write US call-recordings altogether, they almost certainly have the resources to pull it off (or at least a healthy chunk of it)..though if you've got reason to think the NSA might be interested, you're a drat fool for talking about it on the phone these days. \/\/\/ I like to pretend to give the benefit of the doubt. hobotrashcanfires fucked around with this message at 23:49 on Feb 24, 2015 |
|
#
?
Feb 24, 2015 23:36
|
|
|
There are a lot of ties between the NSA's surveillance program and the War on Drugs based on previous leaks. It's a cover.
|
|
#
?
Feb 24, 2015 23:45
|
|
|
Zombywuf posted:Which is why Snowden said "Encryption is a waste of time, don't use it." Oh wait, that's not what he said, what he said was "Encryption works." I think it'd be more accurate to characterize it as "encrypting stuff yourself works". After all, Skype claims that all Skype communications are encrypted, yet we know from Snowden's leaks that the NSA is able to eavesdrop on Skype calls. The actual encryption itself has probably not been broken, but the NSA doesn't need to break the encryption when they can just get the key from Microsoft. Or they can just exploit bugs in the encryption software; I don't think Heartbleed was created by the NSA but I'm willing to bet they knew about it a long time before anyone else discovered it. The NSA may not be able to break encryption, but they can often work around it. You can't trust a service just because they say the data is encrypted - even if it is, they might very well be giving the NSA access to everything anyway (willingly or unwillingly). Remember PRISM? annapacketstormaya posted:It is an effective defense against, or at least makes much more difficult, indiscriminate bulk collection. If you're the target of a focused surveillance effort, encryption is still annoying, but the NSA is probably still going to compromise your infrastructure and get what they want. Most people aren't the target of focused efforts. It depends. The  is almost certainly placing a priority on compromising platforms rather than targeting individual communications, as that is the absolute key to bulk data collection. Even if you use HTTPS when you log into Gmail and send your most incriminating communications, a copy of those communications is still going to be stored in plaintext on Google's servers, and that is almost certainly the heart of any bulk data collection program - as confirmed by the Snowden leaks themselves.
|
|
#
?
Feb 25, 2015 02:03
|
|
|
snorch posted:Yeah I forgot to mention that for this to work, it has to be "everyone encrypts everything all the time". This still leaves the metadata problem, which can only really be overcome by using something like onion routing, which is slow and impractical for most purposes. Zombywuf posted:Which is why Snowden said "Encryption is a waste of time, don't use it." Oh wait, that's not what he said, what he said was "Encryption works." annapacketstormaya posted:It is an effective defense against, or at least makes much more difficult, indiscriminate bulk collection. If you're the target of a focused surveillance effort, encryption is still annoying, but the NSA is probably still going to compromise your infrastructure and get what they want. Most people aren't the target of focused efforts. Google alone accounts for approximately 70% of the search market. A couple years ago when google had a brief outage overall traffic on the internet dropped by about 40%. Beyond google, Bing is the next largest search engine, with about 20% of all search. What this means is over 90% of search results are subject to collection and analysis under FAA 702 requests. That appears to account for somewhere around 50% of all web traffic. Beyond that, around half of the top million or so web sites in the world, according to Alexa, use google analytics. So all of the browsing behaviour on those sites is similarly subject to FAA 702 disclosure. Gmail and Yahoo mail account for about 20% of all email in the world. Assuming source and destination addresses are independent and normally distributed (this is probably not true, but will actually lead us to underestimate the reach) that means somewhat more than a third of all email passes through a service that can be compelled to supply data to LEAs. The same is true for social media, messaging, photo sharing, and so on. Leave all that aside. What do the Anthem, Sony, Target, Home Depot, and so on hacks tell us? They tell us that tens of millions of people's privacy can be violated in a single incident independent of whether or not the end users were exercising proper security. Why? Because the bad guys don't have to compromise the individual users' communications in bulk. They can wait for the service providers to aggregate the data and then compromise that. The point of all of this being that if we're talking about 90% of search, 50% of web traffic, 36% of email, or tens of millions of end user records at a go we're loving kidding ourselves if we're pretending this isn't `bulk' data. And this is just the simplest, most obvious, and best-documented poo poo. And not even counting cell records, location data, and on and on and on into more technical horseshit that's just as relevant but even more difficult to talk about. That's the real-world shape of the privacy problem. It's not theoretical, and it's not some crazy science fiction scenario. And encrypting poo poo has absolutely no bearing on it. Again: I'm not saying don't encrypt poo poo. I'm not saying encryption is bad (even though no crypto in the world is better for privacy than not being noticed in the first place and we know that using crypto gets you noticed by the NSA). I'm saying that if the problem is protecting individual privacy against NSA surveillance, encryption isn't the solution. It isn't even a solution to a big chunk of the problem. Anyone who wants to advocate for encryption: more power to ya. But if you're talking about an actual real-world solution to the privacy problems posed by surveillance by the NSA et al, you have to address the actual real-world problems. That's my point. Salt Fish posted:Encryption is the way to move forward on this issue for regular apolitical individuals and I feel like subg is trying to sow dissension in this thread to get people to argue with each other about minutiae with the explicit goal of preventing a consensus on the need to expand the use of encryption.
|
|
#
?
Feb 25, 2015 03:37
|
|
|
SubG posted:You're accusing me of anti-thread sedition? Really? You're making GBS threads on people who want to make the Internet more secure and your entire argument boils down to encryption not being a panacea that perfectly solves every security and privacy issue related to the internet. If your goal isn't to troll/derail, what exactly is your goal? What solutions are you proposing? None as far as I can tell.
|
|
#
?
Feb 25, 2015 03:49
|
|
|
Salt Fish posted:You're making GBS threads on people who want to make the Internet more secure and your entire argument boils down to encryption not being a panacea that perfectly solves every security and privacy issue related to the internet. If your goal isn't to troll/derail, what exactly is your goal? What solutions are you proposing? None as far as I can tell. Perhaps he is more interested in policy solutions limiting the NSA etc, so that they can't (legally) press "CTRL-C and copy the internet". Encryption is a good thing, but not a solution to the problem of state surveillance.
|
|
#
?
Feb 25, 2015 04:08
|
|
|
Salt Fish posted:what exactly is your goal? What solutions are you proposing? None as far as I can tell.
|
|
#
?
Feb 25, 2015 05:11
|
|
|
tentative8e8op posted:I'm pretty sure American companies are still more likely to have innate NSA sponsored exploits like so. In addition to normal spying and hacking against such tech companies, nationalistic legal avenues for compliance, whether cooperative or compulsory, seem to me as an amazing bonus for them against U.S. manufacturers. That's pretty much exactly what the NSA wants you to think if you're trying to hide from them. The fact is that large companies are aware that your contention is most likely false, and thus don't take it into account in purchasing decisions. You can't trust anyone to not be infiltrated by the NSA considering what they've proven capable of doing completely outside of the USA.
|
|
#
?
Feb 25, 2015 05:29
|
|
|
Powercrazy posted:Encryption isn't binary. Given infinite time all encryption is useless. But just because we don't possess perfect encryption doesn't mean that it is all worthless. The nsa still has finite storage and finite resources. Thus unless you are using a trivial "encryption "method Like ROT13 or something stupid, there is value in the average person clicking the "encrypt" button in WhatsApp. Even better if the encrypt button was default, and didn't depend on a central server for encryption to begin with. I'd like to point out that a properly-implemented one-time pad is mathematically unbreakable without the key, even with infinite time.
|
|
#
?
Feb 25, 2015 06:44
|
|
|
Powercrazy posted:Perhaps he is more interested in policy solutions limiting the NSA etc, so that they can't (legally) press "CTRL-C and copy the internet". Encryption is a good thing, but not a solution to the problem of state surveillance. I'm pretty sure this argument has happened before in the thread, but I would agree that if you're concerned the best solution is strong policies, oversight, and accounting. Of course, that may end up being harder to implement than just making all of the internet tor-based. e: Not saying that you shouldn't encrypt your stuff, if you want. But the US stuff that most people have been upset about is metadata collection which, as you pointed out, encryption isn't going to help with. VPNs only sorta count in that regard. A Man With A Plan fucked around with this message at 06:54 on Feb 25, 2015 |
|
#
?
Feb 25, 2015 06:51
|
|
|
A Man With A Plan posted:By orders of magnitude I was strictly talking about the population and volume of telecom traffic, not whether it's a critical intelligence target. The population of the Bahamas is about 1/1000 that of the US, and I'd be willing to bet there's some infrastructure peculiarity that led them to be the choice, like maybe all of their phone traffic being routed through the US. The population of the Bahamas is about 380,000, and the NSA can do a full take of all their phone calls and internet traffic almost as a triviality, or maybe more as a proof of concept, certainly nothing that's taxing their resources to the limit. That is a small percentage of the total US population, but it's the entire population of a small city or large town, or half of Boston proper, or 75% of Wyoming or Vermont. And if something like Moore's law holds up, multiplying that capacity to include all traffic out of a population the size of NYC is about 7 years away, and all traffic from the US in 15 years, the world in 21.
|
|
#
?
Feb 25, 2015 08:19
|
|
|
Last May the Internet Engineering Task Force (IETF) published a new standards document declaring that pervasive surveillance is considered an attack on the internet. And all future protocol development needs to take that attack into account. If you don't know who the IETF is, they are the standards body responsible for developing all the open standard communications protocols on the internet : TCP/IP, BGP, SMTP, SIP, etc. It's going to take a while, but pervasive encryption to mitigate pervasive surveillance is going to happen. Legal constraint of surveillance actors would be great, but they are in many different jurisdictions run by many different, potentially authoritarian, governments. Why not remove the opportunity for surveillance as much as possible? https://tools.ietf.org/html/rfc7258 https://tools.ietf.org/html/draft-trammell-perpass-ppa-01
|
|
#
?
Feb 25, 2015 12:54
|
|
|
|
| # ? May 3, 2024 09:36 |
|
|
SubG posted:Which is to say it doesn't work. It's a wild science fiction fantasy. It's like avoiding NSA surveillance by setting up a colony on Mars. It's barely within the realm of theoretical possibility, but it's so far beyond practical reality as to be meaningless as a real-world plan of action except in the distant and indistinct future. Why is it so far-fetched? The tech to make it happen is already there, and there is currently a big push to package it up in a way that "just works" in ways where the user doesn't have to worry about it. Putting keys in the hands of the users by way of behind-the-scenes automation instead of entrusting them to centralized authorities (SSL CAs, Gemalto, Microsoft, etc.) would already make a huge difference and render a huge patch of NSA tools (particularly the bulk collection elements) near-useless. Naturally this doesn't protect against them gathering stuff users voluntarily put out into the open like Facebook posts and tweets, but it at least ensures that the feeling of privacy in the context of private communication bears substance. The other risk is that legislators will want to crack down on perfect security in favor of mandated backdoors. See: http://www.itworld.com/article/2887795/nsa-director-wants-govt-access-to-encrypted-communications.html
|
|
#
?
Feb 25, 2015 14:45
|
|