×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Phil Zimmermann's New Venture Will Offer Strong Privacy By Subscription

timothy posted about 2 years ago | from the sounds-like-a-pretty-good-plan dept.

Canada 219

New submitter quantic_oscillation7 writes with this excerpt from the Register: "Phil Zimmermann and some of the original PGP team have joined up with former U.S. Navy SEALs to build an encrypted communications platform that should be proof against any surveillance. The company, called Silent Circle, will launch later this year, when $20 a month will buy you encrypted email, text messages, phone calls, and videoconferencing in a package that looks to be strong enough to have the NSA seriously worried. ... While software can handle most of the work, there still needs to be a small backend of servers to handle traffic. The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

219 comments

No article link (1)

Anonymous Coward | about 2 years ago | (#40352703)

Wow slashdot, a new low: Not even providing a link to TFA for people to complain about other people not reading.

Re:No article link (2)

game kid (805301) | about 2 years ago | (#40352729)

That's happened before, but it's still perplexing after the OP linked The Register in the submission [slashdot.org]. *shrugs*

Re:No article link (0)

Anonymous Coward | about 2 years ago | (#40352887)

Timothy is an Excellent Editor and deserves a Pay Raise

Re:No article link (2, Funny)

Anonymous Coward | about 2 years ago | (#40352919)

Never mind a pay raise, I'd chip in for a redundancy package if I thought he'd take it.

Re:No article link (1)

AliasMarlowe (1042386) | about 2 years ago | (#40352937)

Timothy is an Excellent Editor and deserves a Pay Raise

"That's all right - he tried. That's the important thing. I think he should get a nice big raise for trying so hard." - Hazel Bergeron (in the short movie 2081 [imdb.com]).

They better not do the mistake of Hushmail... (5, Interesting)

Anonymous Coward | about 2 years ago | (#40352711)

Canada is decent, but they can still be forced to modify their code to catch people on demand of Interpol there.

Look what happened with Hushmail.

Re:They better not do the mistake of Hushmail... (5, Informative)

isopropanol (1936936) | about 2 years ago | (#40352973)

Also there's been a bill on the order paper for a few years that would require them to backdoor it, and it looks like the bill is probably going to pass this time.

Re:They better not do the mistake of Hushmail... (5, Interesting)

Anonymous Coward | about 2 years ago | (#40353445)

If I were doing a service like this, I'd split the company into five independent divisions, either owned by a holding company in Antigua, or otherwise protected the same way the telephone scammers keep a step ahead of the authorities.

First company does the billing. Then it sends money to the other three companies, using tokens that change often. This separates users from their online userIDs.

Second company does the client coding and makes packaged, signed executables.

Third company takes the packaged code from company #2 and installs it. The reason for this is to make it harder for backdoors to be inserted at the whims of a local government. Users will easily see the executables have invalid signatures. Because company #2 is a separate firm, it is harder to demand they create a bongoed executable.

Fourth company provides the VPN service, and tosses logs between IPs.

Fifth company does the servers. Since the clients do a layer of encryption, commanding the server holding company to cough up user data is going to not give much, other than perhaps traffic analysis reports.

This isn't perfect, but it means that if the servers get seized, the data isn't compromised. Same if the client making company gets demanded they insert a backdoor, or the network between the servers is seized.

I would like to work on a service like this However, the main reason why I wouldn't run it is because of cynicism -- it would turn into a nice stomping ground for the child pornography crowd, not to mention a haven for people who are interested in turning the a local church or synagogue into rubble.

Re:They better not do the mistake of Hushmail... (5, Insightful)

Anonymous Coward | about 2 years ago | (#40354381)

If we want freedom we have to accept an increase in terrorism an violated children. This is a very tough call that we should not avoid discussing. Anyone has evidence on how many children, synagogues we have to sacrifice for how much children? Sure would be interesting reading.

Backdoor ? pfffff (0)

Anonymous Coward | about 2 years ago | (#40353927)

They already have one. It's called Windows :| How many bugs and exploits are found almost monthly ? How many zero day exploits are out there but unpublished ? Even Flame was using unpublished zero day stuff, so don't think for a moment they din't exist.

To be fair, not just Windows, but all flavors of OS that require patches on a monthly basis as new exploits are found.

They don't need to backdoor it. A simple keylogger will give them anything they need should the need arise.

Hell, if you really want to get fun, install the keylogger hardware in a chip INSIDE the keyboard. See you find that one. Especially if it came from the manufacturer that way :|

Re:They better not do the mistake of Hushmail... (2)

arisvega (1414195) | about 2 years ago | (#40354041)

The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance.

Going for the pro-citizen countries, are we? Switzerland has also recently allowed external investigators into its banks (as an example of on-demand privacy violations). I am not judgind it, I am only saying that it happened. So that's why the option that includes the servers sitting on a volcano and being surrounded by the ocean seems like a good choice.

Re:They better not do the mistake of Hushmail... (4, Informative)

lightknight (213164) | about 2 years ago | (#40353279)

Indeed. It's like none of them get the idea that paranoid users are paranoid, and keeping out 99.99% of all various intruders, but letting in the 0.01% via a mandated backdoor is the same, mentally speaking, as letting in 100% of all various intruders. Having a backdoor means the solution is inherently insecure, and requires trusting someone which, let's be honest, you don't know. ("Dude, it's totally cool. Your files are totally secure, except that because of a recent law, we have to create a master key that unlocks all the files, at once, and yes, if this key were ever compromised / stolen for any reason, all of our users would have their proverbial asses hanging out the window onto oncoming traffic, but yeah, come on, what are the chances that'd ever happen? Why wouldn't you want to use an almost-secure solution?").

Not everyone using these services is a spy, thief, hacker, cracker, mentally ill, or otherwise questionable person trying to hide something. Sometimes they're just people who like the idea of living quiet lives, and would like a secure / protected e-mail service to actually live up to its name. But there are some eccentric people in positions of power which don't like that idea -> they can't sleep at night until they know for sure that there isn't a bogeyman living under your bed!

 

Re:They better not do the mistake of Hushmail... (2)

JaredOfEuropa (526365) | about 2 years ago | (#40353895)

If you want no backdoor at all, better roll your own solution; that's still a legal option in many countries.

personally, I am ok with a backdoor, provided that there are some proper controls around it, such as:
- Access only granted to specific law enforcement agencies (listed publicly)
- Access only granted after due process, i.e. a judge issues a wiretap warrant for a specific suspect in a specific case
- Access is rescinded as soon as the warrant runs out
- The government agencies themselves have proper controls in place to ensure the tapped info is accessed on a need to know basis only.

Of course, these are pretty big "ifs". Looking at my own country (NL), I don't think they meet any of these requirements. Especially not the second point; small wonder we're the most widely tapped country in the world (per capita). Hell, the police do not even need a court-issued warrant for physical (house) searches anymore, the mayor can issue them as well for pretty much any reason... and they have, even ordering door-to-door searches.

I give it two more kiddie porn peddlers with encrypted hard drives before the goverment proposes to outlaw personal crypto.

TFA (3, Informative)

6031769 (829845) | about 2 years ago | (#40352713)

Link is http://www.theregister.co.uk/2012/06/14/pgp_seal_encrypted_communications/ [theregister.co.uk] since it wasn't in the summary.

Help me out here... (4, Insightful)

icebike (68054) | about 2 years ago | (#40352727)

encrypted email, text messages, phone calls, and videoconferencing

With the proper encryption software on the endpoints, and properly encrypted storage, why does the server location even matter?

If nothing was actually stored on the server (or if everything stored there was encrypted with keys unknown to the operators) there would be no point in any government agency grabbing the server other than to shut it down. And nothing prevents that better than multiple sites.

It would seem to me the best solution would be for that server to have zero knowledge about the content of any data, and serve as a store and forward repository for content where one or the other party is off line (file transfer or email). For Video conferencing and text messages the servers might serve only as a routing agent for firewall piercing (where each participant is behind a firewall). But in no case should it contain un-encrypted data, and all logging should be to /dev/null.

Almost all of this is available today using a variety of off the shelf software with PGP keys, etc.

Wouldn't concentrating this traffic in a single place make it easier to monitor? If nothing else, a monitoring agency can gain the equivalent of pen register data simply by doing packet analysis at the upstream of such a service provider.

Wouldn't merely subscribing to such a service (and leaving a money trail) become a red flag?

Re:Help me out here... (0)

Anonymous Coward | about 2 years ago | (#40352763)

Maybe "they" are hoping most people won't realize this...

"Super secure everything! Just $20 a month (to make it seem legitimate - everyone knows those "free" solutions are scams!")!

All you need to do is route all your secret communications to our server.

Re:Help me out here... (2, Interesting)

Anonymous Coward | about 2 years ago | (#40352795)

why does the server location even matter?

I'd go one step further and wonder why it needs dedicated servers at all.

If email is end to end encrypted (a thing that's very easy to do already) it does not need any NEW infrastructure. The existing email infrastructure works just fine, the only difference being that the messages are encrypted, and anyway the encryption keys better be known only to the endpoints, or it defeats the entire purpose.

Same for IM and other things - all that's needed is client support. The very fact that there is some custom server involved would make me REALLY nervous about whether this is trustworthy.

Re:Help me out here... (1)

SwashbucklingCowboy (727629) | about 2 years ago | (#40352835)

Think about the business model: They're probably providing the authentication (i.e. you're really talking to whoever you think you're talking to). If they provided a way around that then you wouldn't need their subscription, would you?

Re:Help me out here... (1)

icebike (68054) | about 2 years ago | (#40352895)

Well, if they were providing the authentication, then that would suggest that they would have way too much knowledge if you ask me.

Re:Help me out here... (1)

ATMAvatar (648864) | about 2 years ago | (#40353459)

You can do that using digital signatures already without having to resort to some central authority.

Re:Help me out here... (4, Insightful)

girlintraining (1395911) | about 2 years ago | (#40352853)

With the proper encryption software on the endpoints, and properly encrypted storage, why does the server location even matter?

You're new here. Okay, from the top ... If the server gets disappeared in some government raid, then the services offered by said server are no longer available. Sorta obvious there. The internet requires some types of centralization to function; As to any services that run on top of it. DNS, e-mail, Facebook, BGP, etc. -- everything on a packet-based network which lacks broadcast/multicast ability needs to have a static point of entry into whatever superstructure you build on top of it.

In this case, the server acts as a mediator of identities: Person A wants to talk to Person B, so Person A subs Person B's public key, and the server returns Person B's IP address, drop box, or whatever, thus allowing the transaction to complete.

It would seem to me the best solution would be for that server to have zero knowledge about the content of any data

The server would regard the data as a binary blob with a source and destination. You know, just like a router does. Except the data is encrypted, so the only useful data that can be recovered is where it's going, and where it's coming from.

But in no case should it contain un-encrypted data, and all logging should be to /dev/null.

But what if someone unlinked /dev/null? Server should immediately self-destruct, Mission Impossible style? :P

Almost all of this is available today using a variety of off the shelf software with PGP keys, etc.

One word: Convenience. And another word: Cheaper.

Wouldn't concentrating this traffic in a single place make it easier to monitor?

Dude, the NSA is building a massive data center under a mountain in Arizona to monitor every packet sent or received on the internet domestically as you read this. The "single place" is now the entire network. Europe is doing the same thing, but requiring ISPs to store all the data instead. If you want something hard to monitor, go back to sneakernet and drop boxes.

Wouldn't merely subscribing to such a service (and leaving a money trail) become a red flag?

I see that you're paying with cash, instead of credit card. You filthy terrorist. Well, actually, everything these days is a red flag. Carrying a bottle of water in your car? You must be using drugs. Breast implants? Possible weapons of mass distraction. Driving a car at the speed limit -- you're paying too close of attention, you must be up to no good. Ah, the rationalizations are endless. Look, there's no technology on this planet that's going to save you from a government that decides (for whatever reason) to make you disappear. All these laws, the constitution, your rights, it's all for show and it always has been. The powerful do whatever they want, and then give it post-facto legitimacy after the fact.

All that said, I do all my browsing on Tor. Which mostly includes posting to slashdot and reading the Skyrim wiki. If you encrypt everything, and everyone else does the same, then you have made stateful packet inspection a waste of time. Nobody should be sending packets in the clear these days anyway -- most of you are reading this from a processor with an AES encryption/decryption module built into the CPU that can run at gigabit speeds with very little overhead. -_-

Re:Help me out here... (-1)

Anonymous Coward | about 2 years ago | (#40352957)

So let Mr get this shit straight. what you are really saying is that you area fucking cunt and you eat your own toys. also you are always at war with your own penis. it its all quite clear to me now.

Re:Help me out here... (4, Funny)

EdIII (1114411) | about 2 years ago | (#40353047)

also you are always at war with your own penis

Are we not all at war with our own penises?

You would have to be. My Penis tells me to do some incredibly dumb, stupid, and impulsive shit all the time that is quite counterproductive to my continued standard of living. If I listened to him, I would probably be penniless on the side of the road with two nuts for company.

Re:Help me out here... (2)

Nofsck Ingcloo (145724) | about 2 years ago | (#40353135)

"and then give it post-facto legitimacy after the fact." Yeh, that's the best kind of post-facto legitimacy. :)

Re:Help me out here... (1)

girlintraining (1395911) | about 2 years ago | (#40353511)

"and then give it post-facto legitimacy after the fact." Yeh, that's the best kind of post-facto legitimacy. :)

Well, not everyone knows what post-facto means! I just wanted to be extra clear. :( Slashdot isn't what it used to be.

Re:Help me out here... (0)

Anonymous Coward | about 2 years ago | (#40353999)

I was pulled over in the 95 for going the speed limit because I was "paying to close attention with out of state plates".

Nothings changed.

I would argue however that the tools to do point to point encryption without a service ran by ex government employees have been around for ages, if every one just got off their asses and forced everyone to use them we wouldn't need or care about this!

Re:Help me out here... (1)

fustakrakich (1673220) | about 2 years ago | (#40352927)

...if everything stored there was encrypted...and all logging should be to /dev/null.

The modern bureaucrat will see that as damage and route around it through regulation of permitted protocols and 'proper' logging of all communications

Re:Help me out here... (1)

Anonymous Coward | about 2 years ago | (#40352969)

Yes, you are correct. Most tracking is done through the financial system.

Re:Help me out here... (1)

chill (34294) | about 2 years ago | (#40352997)

For ZRTP proxy and automated SAS would be my guess. Also for an IM presence server and you have to put e-mail servers SOMEWHERE. E-mail isn't p2p.

http://zfone.com/docs/asterisk/man/html/u_guide.html [zfone.com]

Re:Help me out here... (1)

icebike (68054) | about 2 years ago | (#40353045)

Also for an IM presence server and you have to put e-mail servers SOMEWHERE. E-mail isn't p2p.

With proper encryption, it doesn't matter where that is, and concentrating it in one place isn't going to help.
Ask Blackberry.

Re:Help me out here... (1)

chill (34294) | about 2 years ago | (#40353077)

Yes, but...

E-mail will not work without a server. Since you need one, you might as well put it somewhere that has the tightest restrictions on privacy. A place that has the most hoops a gov't has to jump thru to force you to cough up data.

By data I mean the non-encrypted stuff like customer name, billing info, how often e-mail is sent/received, the source and destinations, etc.

Encryption doesn't hide any of that.

Re:Help me out here... (1)

Beryllium Sphere(tm) (193358) | about 2 years ago | (#40353007)

It's called "traffic analysis", and it's a wonderful source of intelligence even in its simplest forms.

Of those nations, Canada seems the most likely to assist with a US official "request". Iceland would love to resist but has little power.

Re:Help me out here... (1)

JoeMerchant (803320) | about 2 years ago | (#40353193)

Almost all of this is available today using a variety of off the shelf software with PGP keys, etc.

Yes, and a lot of good security software is available free and open source, but it's not very easy to use and/or effectively marketed.

Wouldn't concentrating this traffic in a single place make it easier to monitor? If nothing else, a monitoring agency can gain the equivalent of pen register data simply by doing packet analysis at the upstream of such a service provider.

Wouldn't merely subscribing to such a service (and leaving a money trail) become a red flag?

Absolutely, anyone can use free HushMail, but in so doing, you are marking yourself as a less than 1% minority that cares enough about privacy of your communications to actually do something about it - and as such, I'd assume you'll be first against the wall in any witch hunt investigation since you are rare and "they" can't really be sure what all you have effectively hidden.

I think, for the paranoid, security at the endpoints is the only way to go... secure transit layers, servers, services, etc. may help, but at the point it leaves you and the receiving party's control, you never really know who's listening / watching / sifting / archiving.

I wrote a little screed [stegamail.com] about "appropriate security" for ordinary people, short version is: if you make it expensive to read your mail, nobody is likely to bother.

Right now, most "private" e-mail, and even voice, communication costs a fraction of a penny for an interceptor to interpret, index, catalog, archive for decades, and later search when hunting for whatever historical chatter they may be interested in. While I "don't have anything to hide," I really do think it's worth some effort to make diving my digital dumpster harder to do.

Maybe I'm just a retard..... (2, Interesting)

Anonymous Coward | about 2 years ago | (#40352731)

But if it's made up of a bunch of ex-navy seals, can you really trust that it's going to be secure against american intelligence access? And if it *IS*, what does that say about these EX-SEAL personnel? The old 'loyalty to your job' versus 'loyalty to your country' :D

Yes, you are just a retard..... (1)

Anonymous Coward | about 2 years ago | (#40352789)

The old 'loyalty to your job' versus 'loyalty to your country'

"Country" means more than just "the guys holding political office right now." Perhaps they see the sad state of privacy laws in the US, remember the 4th Amendment, and realize that they would be doing their country the best service they can by offering this sort of solution.

Re:Maybe I'm just a retard..... (4, Informative)

CRCulver (715279) | about 2 years ago | (#40352815)

But if it's made up of a bunch of ex-navy seals, can you really trust that it's going to be secure against american intelligence access?

No, you can't completely trust that it's going to be secure. On the other hand, there's a remarkable amount of ex-SEALs who have become embittered about the government they once served, and Mike Janke is a privacy advocate. So, the involvement of SEALs isn't a guarantee that this company is in bed with the US government.

Re:Maybe I'm just a retard..... (2)

betterunixthanunix (980855) | about 2 years ago | (#40352845)

But if it's made up of a bunch of ex-navy seals, can you really trust that it's going to be secure against american intelligence access?

I was going to reply with a list of the algorithms and constructions used here, and then point out that they are all standard and widely studied. Then I noticed that the website does not actually have that information, so unless someone would like to post a link (I could have just missed something obvious), no, I do not think you can really assume anything. Phil Zimmerman did good work with PGP, but that does not mean that he will do similarly good work here.

Re:Maybe I'm just a retard..... (1)

lightknight (213164) | about 2 years ago | (#40353305)

Indeed. That was the first red flag that caught my eye -> "ex-Navy Seal would be nice if I were expecting the offices to be physically attacked, but I don't know how well they'd hold up against various intelligence people questioning their 'loyalty' to their own..."

Canada is a questionable choice (3, Insightful)

Anonymous Coward | about 2 years ago | (#40352743)

Are they aware of the Canadian Conservative party's utter contempt for online privacy and willingness to grant broad snooping powers with no oversight to completely unqualified authorities? All without a warrant? Bill C-11 is currently in the process of being rammed through along with plenty of other unpopular legislation. Need I even mention the unabashed kowtowing to the whims of U.S. media conglomerates?

"You can either stand with us or with the child pornographers" - Vic Toews, Minister of Public Safety.

Re:Canada is a questionable choice (0)

Anonymous Coward | about 2 years ago | (#40352925)

I was thinking the same thing. Perhaps he hasn't been paying attention to Canadian politics, lately? I've been thinking about creating a numbered company, just so I can become a private Canadian police force, too.

Re:Canada is a questionable choice (1, Informative)

Anonymous Coward | about 2 years ago | (#40352989)

Are they aware that Canada's intelligence agencies are lately working under less oversight and with more direct partisan political control?

Are they aware that while Canada has some nice privacy laws on paper, the federal & provincial privacy commissioners don't have any actual enforcement powers when the police simply choose not to cooperate?

Re:Canada is a questionable choice (0)

Anonymous Coward | about 2 years ago | (#40353081)

Are you aware that they are proposing a new police force, likely funded by the people promoting the bill(s)?

Move to England (0)

Anonymous Coward | about 2 years ago | (#40352751)

Move to England, you'll do great business there. Didn't you hear? Their government took Orwell's warning and turned it into a plan!

Canada (2)

WarSpiteX (98591) | about 2 years ago | (#40352771)

As a Canadian resident, I wouldn't count on our privacy laws remaining strong, or - above all - being strongly enforced - with the Conservative party in power. They should have gone with Sweden or Switzerland.

Re:Canada (1)

Mashiki (184564) | about 2 years ago | (#40352875)

Warrants are required in Canada, even under exigent circumstances now. The SCC recently struck down even prior existing laws(telephone) on that. The only exception is home entry in case of emergency, where you can see/hear/know a person in an obvious case of distress.

Re:Canada (4, Informative)

BlueParrot (965239) | about 2 years ago | (#40353149)

Sweden has few effective laws for private citizens. It's explicitly codified into law that the authorities are allowed to snoop on your communications. It's a bit better than England ( where you can be jailed for not giving police your encryption keys ) , but there's really no good way to defend against a hostile government. If you truly want to avoid government meddling with your communication your best bet is probably hiding in plain sight. I.e, make sure you and your communication appear dull enough that your government can't be bothered to look at it.

Re:Canada (0)

Anonymous Coward | about 2 years ago | (#40354073)

If you truly want to avoid government meddling with your communication your best bet is probably hiding in plain sight. I.e, make sure you and your communication appear dull enough that your government can't be bothered to look at it.

You're assuming that the snooping is going to be done by humans, and in a selective manner. We live in an age where computers can mine everyone's communications automatically. Computers don't care how 'dull' your communications are. If you mention a hot keyword it will be noted.

Re:Canada (1)

Anonymous Coward | about 2 years ago | (#40354087)

Not to mention the fact that we club Seals to death and eat them in Canada.

What do SEALs have to do with privacy? (3, Insightful)

guanxi (216397) | about 2 years ago | (#40352785)

What do SEALs have to do with it? Are they going to infiltrate the datacenters of privacy violators and blow them up? Secure this company's underwater cables? Now some NSA or CIA signals intelligence veterans might be helpful.

Re:What do SEALs have to do with privacy? (2)

houghi (78078) | about 2 years ago | (#40352869)

What do SEALs have to do with it?

Perhaps they wanted to be close to Heidi Klum.

Re:What do SEALs have to do with privacy? (2)

Dahamma (304068) | about 2 years ago | (#40352873)

No, duh. They are launching a subscription service in the US. The SEALs are there for the TV commercials.

Re:What do SEALs have to do with privacy? (1)

swillden (191260) | about 2 years ago | (#40353015)

No, duh. They are launching a subscription service in the US. The SEALs are there for the TV commercials.

Because Act of Valor showed the world that SEALs are incredibly talented actors?

Re:What do SEALs have to do with privacy? (0)

Anonymous Coward | about 2 years ago | (#40352977)

What do SEALs have to do with it? Are they going to infiltrate the datacenters of privacy violators and blow them up? Secure this company's underwater cables? Now some NSA or CIA signals intelligence veterans might be helpful.

Physical control has no role in security? Doesn't Slashdot always say the first step in securing a computer is physical control of the hardware? If you'd RTFA you'd know that both the SEALs have security companies, and one is a privacy advocate and author.

Slashdot is in poor shape...

Re:What do SEALs have to do with privacy? (1)

jon3k (691256) | about 2 years ago | (#40353813)

Then maybe they should mention that instead of the credentials that have pretty much no application to the topic at hand.

Re:What do SEALs have to do with privacy? (5, Insightful)

Phat_Tony (661117) | about 2 years ago | (#40353005)

They may have any amount of legitimate expertise to contribute. Even if it's just on the business/managerial side of things and not the software/encryption side, not that that's necessarily the case.

But you know one big thing they contribute just by being there? This company will be accused of being anti-American, of "helping the terrorists win." There's nothing that will help inoculate them against that as much as having a couple of combat veterans as founders.

And to those who will say the presence of veterans means you can't trust this organization because they will provide a backdoor for the feds, the people in our armed forces hold a range of political opinions, they are not all clones. And there are a lot of them who agree with a libertarian or traditional conservative view of highly restricted government power and lots of freedom. A lot of people in the military are there to fight for our freedom, and that includes opposing the Orwellian encroachments of our own government.

Re:What do SEALs have to do with privacy? (1)

chill (34294) | about 2 years ago | (#40353021)

The SEALs mentioned both operate physical security companies. Their expertise will probably come in handy in securing the datacenters.

Re:What do SEALs have to do with privacy? (2)

equex (747231) | about 2 years ago | (#40353061)

Friend of a guy who worked in intelligence here, all your encryption is worthless, they will just park outside your lawn and point a device towards your keyboard. The electrical charge generated by each key can somehow be translated into clear text.

Re:What do SEALs have to do with privacy? (1)

Anonymous Coward | about 2 years ago | (#40353091)

For the interested: http://en.wikipedia.org/wiki/Keystroke_logging#Electromagnetic_emissions

Can't find the link but similar has been done for monitors as well.

My encryption is to keep that annoying friend from messing with my computer.

Re:What do SEALs have to do with privacy? (1)

Midnight_Falcon (2432802) | about 2 years ago | (#40353195)

The similar thing done for monitors is known as a TEMPEST attack. It's only feasible against CRTs, though.

Re:What do SEALs have to do with privacy? (1)

Anonymous Coward | about 2 years ago | (#40354259)

The similar thing done for monitors is known as a TEMPEST attack. It's only feasible against CRTs, though.

Actually, TEMPEST [wikipedia.org] is a group of standards to prevent these kinds of attacks.

Re:What do SEALs have to do with privacy? (0)

Anonymous Coward | about 2 years ago | (#40353877)

The problem is right there too: "semi-anechoic chamber" meaning it was tested inside a reasonably sterile EMI resistant, resonance dampening room. So assuming there is no interference from any monitors, cpus, speakers, fluorescent bulbs, microwaves, bluetooth devices, cellphones, gps, vehicle engines, power lines, and so on then this could be technically possible with some tuning equipment.

Moreover nothing is stated in the second citation link about effectiveness against USB keyboards, and claims "...fully recovered 95% of the keystrokes of a PS/2 keyboard at a distance up to 20 meters, even through walls.." Given that, why are they not stinking rich from selling wifi devices that have 95% signal strength that does not degrade through walls. I would buy one. Old brick is the bane of wireless.

Nevermind the first of two citations which links to an article:

http://www.zdnet.co.uk/news/security-management/2000/10/26/a-year-ago-cypherpunks-publish-proof-of-tempest-2082190/

that links to the Cypherpunks group claiming a FOIA request actually worked for the NSA hosted via

http://cryptome.org/nt1-92-1-5.htm

  More tinfoil hats than fallacy free.

Re:What do SEALs have to do with privacy? (1)

turbidostato (878842) | about 2 years ago | (#40353509)

"all your encryption is worthless, they will just park outside your lawn and point a device towards your keyboard. The electrical charge generated by each key can somehow be translated into clear text."

Failing that, they will just park outside of your lawn and point a device towards your head. The adrenaline generated by you knowing the "device" is a 7.65 long barrel can somehow be translated into clear text too.

Obliged reference: http://xkcd.com/538/ [xkcd.com]

Re:What do SEALs have to do with privacy? (1)

jgrahn (181062) | about 2 years ago | (#40353757)

Friend of a guy who worked in intelligence here, all your encryption is worthless, they will just park outside your lawn and point a device towards your keyboard. The electrical charge generated by each key can somehow be translated into clear text.

Not everyone who wants my data has a black van full of electronics, readily available for dispatching, in my area.

Re:What do SEALs have to do with privacy? (0)

Anonymous Coward | about 2 years ago | (#40353789)

Not everyone who wants my data has a black van full of electronics, readily available for dispatching, in my area.

Where do you live?

Re:What do SEALs have to do with privacy? (0)

Anonymous Coward | about 2 years ago | (#40354519)

Not everyone who wants my data has a black van full of electronics, readily available for dispatching, in my area.

Where do you live?

Why are you interested in where I live?

Canada? (1)

SuperCharlie (1068072) | about 2 years ago | (#40352793)

I'm sure they did their due diligence, but from what Ive seen the last couple years Canada seems to be heavily influenced by US politicians, lobbyist, etc.. And I would not be surprised to hear of a joint task force as in" go ahead eh" taking down the servers for <insert reason here> from the US privacy destruction machine. Just my tinfoil hat 2 cents.

Re:Canada? (1)

Anonymous Coward | about 2 years ago | (#40352901)

My thoughts exactly. I've been reading (mostly on /.) too often of the Canadians caving in to adopt US-style legislation. A day or two ago, there even was a /. headline about Canada's new Copyright law resembling the DMCA closely...
My thoughts: Iceland.
Their economy tanked, and to resolve this, they came up with the idea to be the safe harbour for internet services.
I'll say that again: one of their paths out of the country going (sort of/almost) bankrupt was to offer a safe place for internet services.
That's a mighty incentive to stay nice, for the time being.

Canadian privacy... (3, Funny)

Dahamma (304068) | about 2 years ago | (#40352849)

They just nee to make sure they don't discuss any details of the service at the airport...

why not put a server center in each? (1)

Dan667 (564390) | about 2 years ago | (#40352871)

that way have better world coverage and can shift if the local politics go to crap on privacy.

Another fracking Hushmail.. no real privacy (0)

Anonymous Coward | about 2 years ago | (#40352999)

As the Hushmail cases have proven.. bullshit and server /client cryptography DONT work against government subpoena(s).. especially in canada...

          and another strike!!!

          how about peer to peer voip crypto...

lesson learned (0)

PopeRatzo (965947) | about 2 years ago | (#40353003)

The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada

Also, three countries with universal single-payer health care, free education, high standards of living and a thriving middle class.

Also countries that have succeeded despite not adopting the disastrous "austerity measures" that have caused widespread recessions in other countries, and threaten to send the U.S. into a double-dip recession if adopted here.

Having successful developed societies is not really so hard when you have nice clear examples like these three. Yet still if you were to watch any of the news talk programs on television this morning, you would hear our political elite talking about how desperately we need to adopt the austerity measures that are sinking so many countries in the Eurozone. Hell, we have one political party here that is wholly dedicated to adopting precisely those failed policies. And bigger tax cuts for the Rent Seekers!

Re:lesson learned (2)

lgw (121541) | about 2 years ago | (#40353171)

No one is adopting "austerity measures" for fun, and those measures are not disastrous, nor have those measures cause any sort of recession etc. The underlying economies of countries adopting "austerity measures" are disasters! These "austerity measures" are a last-gasp attempt to prevent total collapse of economies, not some 1%-er imposed hardship!

Countries that wildy overspent beyond their means (e.g., Greece, Ireland, Italy, Portugal, Spain) are finding that no one now believe that ending them even more money is a smart idea. Countries that made some reasonable attempt to live within their means (e.g., Switzerland, Germany) are still fine, if they don't let the others drag them down. Ireland actually embrace their austerity measures, and by all measures seems to be on the path to recovery without collapse.

And clearly your definition of "Rent Seekers" is "people I don't like", unless there's some "tax cut for the MAFIAA" bill I haven't seen (which, admittedly, wouldn't surprise me).

Re:lesson learned (1)

Anonymous Coward | about 2 years ago | (#40353425)

No one is adopting "austerity measures" for fun, and those measures are not disastrous, nor have those measures cause any sort of recession etc. The underlying economies of countries adopting "austerity measures" are disasters! These "austerity measures" are a last-gasp attempt to prevent total collapse of economies, not some 1%-er imposed hardship!

Remind us again who enabled the problems austerity measures are supposed to fix, who benefited from the faud^w 'boom' and who is now being forced to pay the price?

Re:lesson learned (4, Informative)

PopeRatzo (965947) | about 2 years ago | (#40353627)

And clearly your definition of "Rent Seekers"

My definition of "rent seekers" is people who accumulate wealth while contributing nothing to society.

"tax cut for the MAFIAA"

It's called the Paul Ryan budget.

Countries that made some reasonable attempt to live within their means (e.g., Switzerland, Germany) are still fine

Greek workers put in as many hours as German workers. They retire no earlier than German workers. When you talk about "living within their means" you aren't talking about the working and middle classes. The ones that didn't "live within their means" were entirely the financial sector and the "1%".

Yes. the "rent seekers" whose income is entirely in capital gains.

Re:lesson learned (1)

lgw (121541) | about 2 years ago | (#40354537)

Well, fine, mean whatever you want to mean when you say "rent seekers", but what most people mean is "those who seek income from the government", via monopoly or other corruption. For example, if you pay a tax on a blank CD that goes directly to some company, that's a perfect example.

Maybe you're talking about bank bailouts? While bank bailouts are generally messed up, in the European countries currently in trouble, it's mostly holders-of-public-debt who are getting bailed out (which do include banks!). If you think somoene is an "evil rent-seeking 1%-er" because they buy government bonds and wish to be repaid, well, so do many who oppose austerity. But how can you expect the whole system of governments spending more than they collect to work, if you make it clear that loans won't be repaid? Really?

Not that I'd object to a pernanent end to deficit spending, mind you, but those who oppose these austerity measures seem to just want unlimited, consequence-free money from the government, possible only with ever-increasing deficit spending. Sorry, I canna change the laws of physicis captain! When there is no money, there will be no checks.

Re:lesson learned (1)

the eric conspiracy (20178) | about 2 years ago | (#40353517)

Post secondary education in Canada is not free.

Iceland went through a economic collapse and currency devaluation in 2008, savaging the savings of it's citizens. It's stock market fell 90%. At one time it's external debt was nearly 8x GDP. For weeks external currency transactions were frozen making critical imports difficult.

http://www.bloomberg.com/apps/news?pid=newsarchive&sid=aVFtDRGwcc50&refer=europe [bloomberg.com]

It was the largest economic collapse by any country in history.

http://en.wikipedia.org/wiki/2008%E2%80%932012_Icelandic_financial_crisis [wikipedia.org]

Re:lesson learned (2)

PopeRatzo (965947) | about 2 years ago | (#40353577)

It was the largest economic collapse by any country in history.

It was a banking collapse. Iceland's economy is now growing, lives improving, and most importantly, the economic disparity, which is the source of so many social problems, is lessening.

If you are a middle class 23 year old in Iceland, your financial future is brighter than a middle class 23 year old in South Carolina.

A password is enough? (1)

mounthood (993037) | about 2 years ago | (#40353049)

You get the apps at the iPhone/Android store, so does it just use a password? Where's the 2/3 factor authentication, or a security quiz from the system before you can start using it? Can you set an 'alarm' password that tells everyone you're under duress, or an innocuous password that only shows fake data?

Trying to make it easy to use is commendable, but trading ease for security would be better.

They should have gone with Switzerland or Iceland (1)

Anonymous Coward | about 2 years ago | (#40353073)

They should have gone with one of the other two. My government doesn't have the balls to stand up to US pressure (eg copyright and digital locks legislation--bill C-11--going through the house right now that will make it illegal to even make a backup of media we buy). I have more faith in both Switzerland and Iceland to show more independence.

PGP Broken (0)

Anonymous Coward | about 2 years ago | (#40353079)

This has no one worried. PGP was broken in 1991 and is the only Phil Zimmerman is not in jail.

That's why we use one-time pads. :)

Re:PGP Broken (1)

macs4all (973270) | about 2 years ago | (#40353821)

This has no one worried. PGP was broken in 1991 and is the only Phil Zimmerman is not in jail.

That's why we use one-time pads. :)

It wasn't so much "broken" as it was that PZ was pressured into compromising it himself after having the IRS sicced on him. I remember those days very clearly. It was around the time I stopped using PGP...

No thanks (2)

SilverJets (131916) | about 2 years ago | (#40353113)

They teamed up with Navy SEALs to develop this. That means a branch of the US Government is involved.

No thanks.

Or you could join an existing network (Tor, I2P) (0)

Anonymous Coward | about 2 years ago | (#40353197)

For $20 a month you could also rent a virtual server somewhere and run the software for an existing, free anonymization network such as Tor, I2P, or Freenet. And that would even benefit all other users of these networks, who might not be able to afford a commercial service that doesn't seem to provide real benefits...

(And yes, I *have* put my money where my mouth is, and I am doing exactly what I wrote.)

Encryption System (1)

hackus (159037) | about 2 years ago | (#40353243)

Sounds good.

I believe them when they say it is a good privacy protection package, and $20 sounds reasonable.

It better be open, and available for public comment, for every single line of code that goes into it otheriwse, then no, I don't believe it is safe to use.

I want to see it and make my own determination.

-Hack

Re:Encryption System (1)

macs4all (973270) | about 2 years ago | (#40353809)

I don't believe that PZ has made his versions of PGP Open Source since around PGP 2.8, and maybe before.

Someone correct me if I'm wrong; because I'm not exactly sure about that.

Crypto without stego (1)

phreakngeek (1250360) | about 2 years ago | (#40353561)

This looks like the same architecture the NSA is advocating for a secure Android communication platform using encrypted VoIP. The problem with their (NSA) proposal is that it requires 3G+ data network coverage to work and this isn't available everywhere. What data speeds are required by Zimmerman's project? Also, won't using this tool immediately flag the user as suspicious? As a hostile government/network provider could I not just block/flag traffic routing towards the Canadian server? What is to keep someone using this in someplace like Ethiopia from being immediately picked up by the authorities and jailed indefinitely or tortured into revealing the data the cryptography was meant to protect?

Re:Crypto without stego (1)

macs4all (973270) | about 2 years ago | (#40353795)

Also, won't using this tool immediately flag the user as suspicious?

Not to the NSA. They'll just use their backdoor, and have a look. They MUCH rather you'd use this service (Ex-Navy SEALs, fercrissakes. If THAT isn't a "red flag", I don't know what is...) than some one that was independently developed WIHOUT the NSAs involvement.

There's already amazing solutions for this (0)

Anonymous Coward | about 2 years ago | (#40353567)

including a proxy, mail, webmail, even hosting.

http://www.cotse.net/ is what i use.

Privacy as a service. What's wrong here? (1)

Animats (122034) | about 2 years ago | (#40353651)

The concept of "privacy" as a paid, centralized service leaves something to be desired.

Why should the NSA be worried? (1)

macs4all (973270) | about 2 years ago | (#40353695)

Phil Zimmerman has been compromised ever since PGP 2.6 (IIRC), which was curiously released RIGHT AFTER he was hassled by the IRS. Curiously, 2.6 is incompatible with 2.3a, which was the version just BEFORE PZ was "re-educated" by the Feds.

Now it's time for me to put some copper foil on my hat; because the tinfoil doesn't block enough of the mind-control waves...

Never trust americans (0)

Anonymous Coward | about 2 years ago | (#40353977)

sorry utter fail him partnering up with the us military no really????
FAIL

Driving distance from where? (0)

Anonymous Coward | about 2 years ago | (#40354331)

The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance.

So.... that'll be Switzerland, then? Right?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...