Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Snowden Seeks To Develop Anti-Surveillance Technologies

samzenpus posted about 2 months ago | from the snowden-brand dept.

Privacy 129

An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

Kinda Like Mega (1)

Anonymous Coward | about 2 months ago | (#47498937)

Can't wait for an app that would allow anyone to be completely anonymous, even from the almighty Goog'lord.

Re:Kinda Like Mega (0)

Anonymous Coward | about 2 months ago | (#47498953)

or Facebook, Twitter, [insert all social websites here]

Re:Kinda Like Mega (0)

PopeRatzo (965947) | about 2 months ago | (#47499311)

Can't wait for an app that would allow anyone to be completely anonymous, even from the almighty Goog'lord.

The NSA's probably got them in stock.

Re:Kinda Like Mega (0)

Anonymous Coward | about 2 months ago | (#47499691)

I wouldn't be surprised at all :(

Re:Kinda Like Mega (1)

SuricouRaven (1897204) | about 2 months ago | (#47499517)

Retroshare can give you encrypted IM, mail and forums shared only with your retroshare contacts. It's a big of a headache on dynamic IPs though - it expects all nodes to be mostly-stationary. An observer could work out who your contacts are, but that's all they are getting - metadata only, no content. Also does file transfer and share-browsing.

Re:Kinda Like Mega (2)

AHuxley (892839) | about 2 months ago | (#47499963)

Thats all the need. If the contact is the press and the sender works/worked for a gov they are both targeted.
The "An observer could work out who your contacts are" gets even better if you try and meet in person. A member of the press turns their phone off and walks in a direction. Any other person in the area who turns their phone off and then on later like the member of the press is tracked.
IP, the internet, mobile phones its all great for tracking back the moment a person in gov tries reach out.
Thats what a good section of the talk was about. Discovering that journalist to whistleblower association, then turning press and byline journalist into criminals for accepting the material and daring to publish. Then its all secret laws, secret courts for the gov worker and soon the press too.
More Vietnam, Iraq like entanglements as gov staff do not speak out. As they sit back and let more wars to start. That total oath only to authority.
You can encrypt all you like, the metadata of an unbreakable code to the press will be tracked back. So unattributable internet access was mentioned as a good skill to consider teaching via people with the skills to work on such tasks.

Re:Kinda Like Mega (1)

SuricouRaven (1897204) | about 2 months ago | (#47500017)

Requiring the government to use fiddly correlation analysis to get a partial idea of your activities is still a lot better than the current situation, where they need issue one sternly-worded letter in order to retrieve everything including content and history.

Re:Kinda Like Mega (1)

AHuxley (892839) | about 2 months ago | (#47500061)

Thats what the talks mentioned too, a set of small steps. Encryption but the wisdom to understand the networks as they are now.

Re:Kinda Like Mega (0)

Anonymous Coward | about 2 months ago | (#47499905)

I developed a file sharing app for Unix (Linux, BSD, Solaris, etc.) and OSX back in the mid-2000s that permitted people to connect to "safe" IP lists (we called them "server lists") and then the final version of my p2p client also made every client a server, too. I bolted on encrypted (twofish) IM and file sharing. Years later I heard that several persecuted groups were using it to securely communicate inside despotic regimes.

Re:Kinda Like Mega (3, Informative)

mspohr (589790) | about 2 months ago | (#47501033)

An app won't give you much anonymity. You need to start from the ground up with an OS that leaves no trace on the hardware and has good encryption and anonymity tools built in.
Here's a good start: TAILS
https://tails.boum.org/ [boum.org]
 

soviet era crypto (1, Insightful)

Penn (308504) | about 2 months ago | (#47498999)

And I'm sure Russia will have absolutely no influence over what Snowden is working so hard to bring us too!

Re:soviet era crypto (5, Insightful)

NotInHere (3654617) | about 2 months ago | (#47499109)

As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
The russians could only say "this is too secure, design something that can be broken more easily".

Re:soviet era crypto (2)

balaband (1286038) | about 2 months ago | (#47499165)

Mod parent up.

It is not who makes it, it is how it is made.

Re:soviet era crypto (1)

Anonymous Coward | about 2 months ago | (#47499375)

Mod parent up.

It is not who makes it, it is how it is made.

Assumptions breed ignorance. And even you were likely surprised over the capabilities and activities revealed by the very person we're discussing here. One would have thought you would have learned when random number generators were found to be not-so-random, and encrypted microcode updates validating themselves against compromised key servers came along.

But hey, if you truly feel that it doesn't matter who makes it, then feel free to ignore those export control laws and purchase your electronics where they are cheap. I'm sure it'll be worth it, kind of like "free" smartphone apps that never collect any information on you.

Do yourself a favor. Don't wait for the next Snowden document dump to come along. Wake up.

Re:soviet era crypto (2)

ArcadeMan (2766669) | about 2 months ago | (#47499425)

Kind of like "free" smartphone apps that never collect any information on you.

They don't? That's good to know, I'll go install a few dozen free apps right now!

Re:soviet era crypto (0)

balaband (1286038) | about 2 months ago | (#47499553)

I am not sure I follow your point.

You are arguing that it does matter who makes the software, yet take examples of the unchecked software to be examples of supporting your case. Even if you get down to hardware level, you are back to square 1 - unchecked code.

As for the build process, that only depends how thick is your tin-foil hat. I don't see any reason why Soviets are going to be any worse in producing your hardware then 'muricans or Chinese.

Re:soviet era crypto (1)

ArcadeMan (2766669) | about 2 months ago | (#47499393)

It is not who makes it, it is how it is made.

I love that show [wikipedia.org] !

Re:soviet era crypto (1)

SuricouRaven (1897204) | about 2 months ago | (#47499557)

I'm waiting for them to do an episode on laws and sausages.

Re:soviet era crypto (2)

Anonymous Coward | about 2 months ago | (#47499343)

Why (and this is the point,) would you trust the NSA any more than the Russian government? Neither wants you to be able to hide what you're doing from them. If these last few years have taught us anything, it's that your government, (wherever you live,) and possibly other governments, should be regarded as the same as any other group of people who could potentially do you harm by knowing things you might want to keep to yourself, whether or not you've committed any legitimate transgression or 'crime' as they call it. Crime is of course subjective because what's a crime in one place may or may not be in another. Case in point, possession, manufacture, consumption, transportation, or offering for sale the product generally known as "booze". Illegal in some places.

If there are any other lessons here, it's that governments, indeed, other people in general can listen-in on your communications, PERIOD. Using any form of communication that can be intercepted virtually guarantees it will be intercepted by someone, or at least that you should figure it will be. If you find yourself in a room full of loud, random-noise generating equipment, (or just are next to a large waterfall,) and whisper something directly into the ear of another human being, cupping your hands so your lips movements, (etc.) can't be seen, MAYBE no one other than the person to whom you whisper can hear you. Maybe.

If, OTOH, you're using a device that modulates your voice onto an electrical carrier wave, and broadcasts that via emissions of photons across half the universe, or conveys it using a half-dozen different companies' equipment to someone hundreds or thousands even, of miles away via wire and/or fiber... yeah, someone can listen in, and you should assume that someone will. You should further assume anything you say on the phone (or over the radio) can and will be used against you in a court of law, will be shown to your mother/father/wife/husband/boss/coworkers/the-general-public, and will be misinterpreted to make you seem complicit in whatever they decide it would be funny to frame you for, etc. etc. etc.

The reason most people get away with using these technologies is that there simply isn't enough crap to pin on people to put every single person into jail, and then no one left to make the cops' doughnuts after everyone else is locked up. That's why we're not all in jail. Yet.

But wait. They're working as fast as they can on robots who can do your job, and on technology that will enable them to read your minds. I can't wait, (though I think it will suck to live in this world, once this becomes reality,) if only to be able to say, "HA! I told you so!" to read of the first person put into prison for what he THOUGHT. No action, mind you, no "attempted" anything, just for having thought it; you know, he'll be wearing "Google Mind," or using the "iThink Headband," and won't realize they built backdoors into both, and the local police can read thoughts, and he'll have a fleeting fantasy about beating someone to death, pushing his mother off a cliff, or running someone over with his truck, or whatever... and they'll arrest and jail him, convict him and send him to the penitentiary just FOR THAT.

You know the day is coming. They already jail you for what you say, in some places, what you wear, or don't, they'll do THAT even in " 'Murica " ... yeah, as soon as someone figured out how to make money off putting people in jail... well, it's just like any other time someone figures out you can make money doing a thing, people will do it.

So forget crypto as a privacy device, unless you're prepared to make it yourself, test in yourself, and be responsible for it yourself. The only unbreakable crypto is the (TRULY F'ING RANDOM) one-time pad, and only if it's used correctly. Everything else is like the locks on your house or car, only keeps people out who don't REALLY want in. The reason the government relented on the whole "crypto is a weapon and you can't export it," is once they were confident in it being compromised.

How the hell do you think they keep busting people and sending them to jail for the contents of their communications with each other, when the ones sent to jail USED CRYPTO? They busted people for using TOR to transact illegal things, drugs, etc. How the hell do you think they did that?

Because. It's. Compromised.

Have a beautiful day, y'all.

Re: soviet era crypto (0)

Anonymous Coward | about 2 months ago | (#47499729)

Men already are sent to prison forever for fancying young girls. Thought crime has exists in the feminist states of America for some time

Re:soviet era crypto (1)

AHuxley (892839) | about 2 months ago | (#47500009)

1+ for 'So forget crypto as a privacy device, unless you're prepared to make it yourself, test in yourself, and be responsible for it yourself. The only unbreakable crypto is the (TRULY F'ING RANDOM) one-time pad, and only if it's used correctly."
Thats really the only way, one time pad used once, number stations. The key to all the free quality crypto was that all the press where been watched anyway so you get to encode all you want. The moment you send, attempt contact, its just tracked back. No need for a gov to waste time on the decrypt, just watch for encryption been used and all the press. Then get the hardware, software and the plain text before its encoded.

Who will be auditing Snowden's code? (0)

cold fjord (826450) | about 2 months ago | (#47499365)

So, who will be auditing Snowden's code? I wouldn't even consider using anything he wrote without independent third party audits .... lots of audits of the code, design, algorithms, everything. And no binaries that he builds.

Imagine the evasive power of the dual or triple functionality achieved by some of the Obfuscated C content entries combined with the subtle designs of Russian government cryptographers. No threat there, no sir.

Re:Who will be auditing Snowden's code? (1)

luis_a_espinal (1810296) | about 2 months ago | (#47499941)

So, who will be auditing Snowden's code? I wouldn't even consider using anything he wrote without independent third party audits .... lots of audits of the code, design, algorithms, everything. And no binaries that he builds.

Imagine the evasive power of the dual or triple functionality achieved by some of the Obfuscated C content entries combined with the subtle designs of Russian government cryptographers. No threat there, no sir.

Can he actually write code? And I mean code at the level of sophistication required for the type of functionality he is calling for? What he is calling for is way beyond the realm of sysadmin-related programming.

Re:Who will be auditing Snowden's code? (1)

SuricouRaven (1897204) | about 2 months ago | (#47500663)

Probably not, but he at least know it and instead calls upon those of greater ability in that area to rally to his cause.

Re:Who will be auditing Snowden's code? (1)

fustakrakich (1673220) | about 2 months ago | (#47500951)

See? Now I know you're full of it.. When have you ever seen anything subtle from the Russians?

Re:soviet era crypto (1)

AmiMoJo (196126) | about 2 months ago | (#47499683)

The russians could only say "this is too secure, design something that can be broken more easily".

Like the NSA did with TrueCrypt?

Re:soviet era crypto (0)

Anonymous Coward | about 2 months ago | (#47500199)

Exactly. Except that for TrueCrypt there is a certain likelihood that there is a version available that isn't compromised.
The thing is that even if it is created with an intentional backdoor, if the theory behind its operation is sound one can take whatever comes out of this and fix the backdoor. It is only if the entire concept is flawed that it becomes useless.

Re:soviet era crypto (0)

Anonymous Coward | about 2 months ago | (#47500311)

Through the paywall it'll have a feature that can make a planeload of people disappear.

Soukill and the Snowden lovers are having a re-think? Or they sticking to their BUKs?

they will always be MITM (0)

Anonymous Coward | about 2 months ago | (#47499007)

NSA will always be MITM. it's going to be challenging :)

Re:they will always be MITM (1)

ArcadeMan (2766669) | about 2 months ago | (#47499483)

NSA is Malcolm in the Middle?

Re:they will always be MITM (1)

present_arms (848116) | about 2 months ago | (#47499831)

No, Malcolm was more intelligent

Biggest problem in IT security: ID-10-T errors (4, Insightful)

Stolpskott (2422670) | about 2 months ago | (#47499009)

Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.

Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.

Re:Biggest problem in IT security: ID-10-T errors (4, Interesting)

AHuxley (892839) | about 2 months ago | (#47499057)

Small steps. Move away from the brands that helped ie the PRISM list of willing brands and tame staff building junk systems.
Understand how "open source" telco layers over tame telco software and hardware can save any data on entry.
ie once your targeted all is privacy lost no matter the fancy open source app. The security services will be in every hop of any network into and out of your computer/device until they get full plain text.
Encryption seems to be the key until your use of it shows up at an endpoint under constant surveillance. Then the individual targeting starts on the new person.
The most easy step is to make encryption more gui, web 2.0 friendly. Then a lot more people will be flooding the net with random heavy code 24/7.
Use once hardware would be interesting. It would stop any longterm profile, any unique hardware numbers been sent. If you then work on really good crypto to hide voice, pic, file sent, text you could kind of have a one session. Snowden hinted a bit about association (you to the press), mixed routing, the need for unattributable internet access in the 1h+ talk.
A lot of steps to fix an internet that is now really like Tempora https://en.wikipedia.org/wiki/... [wikipedia.org] and what that can do to your message and a person in the press been watched.
The other aspect was education. A civic duty to teach, educate the wider public and press. The classic Sysadmins of the world, unite! also mentioned.

Re: Biggest problem in IT security: ID-10-T errors (1, Insightful)

Anonymous Coward | about 2 months ago | (#47499137)

Bull shit... OpenSSL is open source and look at all the crap they found this quarter alone...

Re: Biggest problem in IT security: ID-10-T errors (5, Insightful)

Anonymous Coward | about 2 months ago | (#47499473)

Bull shit... OpenSSL is open source and look at all the crap they found this quarter alone...

They found all that *because* OpenSSL is open source. How much have they found in closed source versions of SSL libraries?

Re:Biggest problem in IT security: ID-10-T errors (1)

Razed By TV (730353) | about 2 months ago | (#47499389)

I would say the bigger problem right now is that people don't care enough, period. Your average person is going to want to use whatever is cheaper, or whatever they have now, and isn't aware enough to demand something better and isn't going to want to pay for it. Existing products and services don't have a lot of incentive to improve because the customers don't care enough. As long as competition keeps the playing field level, as long as noone tightens up their security, nobody has to spend money on something that doesn't directly generate revenue.

Consumers aren't going to drive companies to improve. It's going to take competitors trying to one up each other, to offer better service at the same price, to make people want to use their product. Until then, it doesn't matter that the consumers are infecting their computers and giving scammers their login information; the NSA is just going to be using their dirty backdoor tricks to get what they want (plus whatever exploits they copy from the scammers).

Once you have the scammers and the NSA back on a level playing field, then you can get back to status quo where the user is the biggest unseen threat.

Re:Biggest problem in IT security: ID-10-T errors (4, Insightful)

AmiMoJo (196126) | about 2 months ago | (#47499715)

It doesn't have to be perfect, it just has to increase the cost of mass surveillance to a level where it is no longer feasible. Surveillance is too cheap because much of the data is just there for collection, unprotected.

For example, the UK government just pass emergency data retention laws that require all ISPs to continue logging the domain names of every web site every subscriber visits. If more people started using VPNs regularly that capability would become far less useful, and while I'm sure they could attack the VPN providers or crypto or even the individual target's computers the cost would be much higher than simply requiring the ISP to run a large database. They would be forced to stop bulk collection and only target people of genuine interest, which is the reasonable.

Re:Biggest problem in IT security: ID-10-T errors (2)

SuricouRaven (1897204) | about 2 months ago | (#47500673)

For a start, just convince every site to use SSL. It's possible to MITM SSL, but not on a large scale without detection. All the ISPs would be able to log is DNS lookups and IP addresses, which is still bad but not nearly as bad as being able to see individual pages accessed. Then you can start looking into possible ways to make DNS harder to monitor somehow.

You might want to watch where you point that. (-1)

Anonymous Coward | about 2 months ago | (#47500309)

Can YOU recognize "compromised behavior" in a computer? You might think you can, but in reality, at best, you can recognize "compromised behavior" that you know about, or have tools that can reveal it to you. Some "behavior" is more obvious than others. For instance, if the compromise causes your computer to encrypt your files with a key you don't have, or goes through and quietly corrupts your files starting with those with the oldest "last accessed" date, (on file systems and OS that support that,) or jams your screen with pop-up windows you either can't close, or that have two open for each one you kill... (like so many millions of viruses designed to run on the built-to-be-compromised mal-ware serving platform known commonly as Microsoft Windows,) etc. (and I do mean, ET CETERA,) then it's trivial to detect.

By contrast, there are ways to compromise your computer you can't really detect, only prevent, and then only maybe. For example, do you know what TEMPEST is? Are you aware that the operation of the machinery attached to your CPU can be detected at a distance? Or do you do all your computing from the inside of a FARADAY CAGE? Do you also block the faint ultrasounds produced by your computer's memory, keyboard IC's, your monitor, etc.? It's far beyond the ability of the human ear to detect, but it's a safe bet that since it is the rhythmic opening and closing of PN junctions, there's a certain amount of noise... noise that it could be possible to pick up. Even if you play music to drown out any sounds it may make, the music played is produced at, (and reproduced on equipment designed to store and spit-out exclusively) frequencies you can hear. Much higher frequencies, in the kilohertz to terahertz range you would never know about from your ears, but that definitely doesn't mean they don't exist, or that they can't be intercepted, and even possibly used to create a usable representation of what's going on inside your computer.

One may even surmise that the very fact that you're allowed to have a computer at all implies that the authorities are confident they can figure out what you're doing no matter how carefully you try to hide it, assuming of course that they want to. But you do go on calling everyone whom you think knows less about security than you do an "idiot," if it makes you feel better about yourself, you totally elite, "power-user".

By the way, anyone who uses the acronym ID-10-T, (except to point this out,) is an idiot. You're not clever, you're a dolt, and I'm guessing, a child to boot. Maybe you've turned 18, but in there... (your head,) you're still a child. Not everyone has the time or inclination to be a security expert, and while you rail against "incompetent" users, you probably don't know how the inside of the locking mechanism on your house works. You could learn, and maybe you will after reading this just to be able to say, "nuh uh, I totally know that!" but it's not really relevant to your work or school life, so you don't know it, and somewhere out there there's a locksmith on a forum about door locks calling you an "incompetent user" because you don't swap out the lock cylinder every 90 days, or whatever. There's a doctor who calls you an incompetent m0r0n (to use your 'replacing letters with numbers because I'm so f'ing clever' routine,) for not knowing the ins and outs of your own cellular respiration, DNA transcription into proteins, or what "security" mechanisms your body uses to protect you from real, actual viruses.

My point is, unless you're prepared to pretend you're an expert par excellence on everything, (in which case you likely wouldn't be wasting your time on /., so no one else here is going to believe you if you claim this is so,) there are large numbers of people, many professionals, who will justifiably think of you as an incompetent moron in their fields of expertise. At least they will if they're enough of a bunch of assholes to look down their noses at people who aren't as "smart" as they are in their chosen fields.

On a related note, do you drive a car? Do you check it inside and out, above and below for bombs every time you drive? When you drive to work, (or school, or wherever you play Magic the Gathering,) every day no doubt anyone who wanted to could have planted a bomb in your car, and detonated it when you arrived where you work. You probably park in more or less the same spot every day, visit the same gym (hahahah...) routinely, shop at the same grocery store, get pizza and perhaps beer at the same one or few locations, and drive the exact same route to and from each of these places.

Do you practice operational security, as the military calls it? Do you drive a different route in a different car and make it impossible for anyone to learn anything of you from your routine by... not having a routine? Do you check every inch of your car every single time you drive it to ensure it isn't carrying a bug, or a bomb, or some other payload you don't know about? Of course you don't.

Then from a security standpoint it is YOU who are the idiot. I don't write this to belittle you, only to point out your belittling others is hypocritical. I don't even check all this. (I do try to avoid driving the same way each time, parking in the same spot, etc., for that exact reason though... I shred all my paperwork using a microcut shredder, and then add chemicals before disposing of it to make it beyond merely difficult to reassemble my trash. Also, I shred everything. Not just sensitive stuff, everything. More crap without significance for an attacker to wade through that costs me almost nothing.) Am I a computer security expert? No. I use Unix, long and complicated passwords that I change routinely, (and don't use with more than one site,) routinely check balances on financial accounts, monitor credit rating, and don't log in as root unless I must. That's pretty much enough. Could I do more? Sure. Would there be a point? No, not really. I have security set to "mildly paranoid," and I think that's more than adequate for MY purposes.

Are typical end-uses stupid? Sure. They're humans. So am I, and so are you. Think about it.

Hero (0, Redundant)

Anonymous Coward | about 2 months ago | (#47499023)

Hero

This could totally work out (2)

SpzToid (869795) | about 2 months ago | (#47499025)

Edward Snowden certainly has name recognition in the security space, which in branding terms equals big money. He's got his share of wild and crazy times overseas doing various hijinx not always on the up and up, sorta just like other security specialists [slashdot.org] of an earlier generation. Sure, in terms of branding alone Snowden could easily become the next McAfee, and he's still very young!

And isn't as if they weren't both wanted on international warrants either; and street cred. does sell sneakers.

Re:This could totally work out (0)

Anonymous Coward | about 2 months ago | (#47499465)

Credibility with whom? I'll grant you he has name recognition in general, but security? I'm not disputing what you're saying because you probably describe some of his biggest fans here, but personally I don't see how someone grabbing and dumping classified info gives him any credibility on anything (other than, perhaps, grabbing and dumping secrets).

But, to your larger point, apparently Bob Villa has a hard time knowing which end of a hammer to hold, but he became America's best-known general contractor. I recall reading after that woman barricaded herself in her home against a home invader, then ended up shooting him a number of times, after her (mostly Fox News) media exposure, she became a consultant and expert for setting up neighborhood watch programs. Branding can certainly give one expertise.

Don't you want to be a traitor too? (-1)

Anonymous Coward | about 2 months ago | (#47499043)

Don't be a traitor and don't be a Snowden. This creatin has done more harm to The Establishment than all other traitors combined. Why would you want to follow this creatin down a path that only benefits terrorists? Are you a terrorist? Don't do it. Or you will go live in Russia like Snowden, a living hell if there is such a place.

Re:Don't you want to be a traitor too? (4, Funny)

some old guy (674482) | about 2 months ago | (#47499065)

Don't be a police state fan boy, and learn to spell "cretin", cretin.

Re:Don't you want to be a traitor too? (1)

ArcadeMan (2766669) | about 2 months ago | (#47499467)

cretin
krtn / noun
1. informal, offensive
a stupid person (used as a general term of abuse).
2. MEDICINE, dated
a person who is deformed and mentally handicapped because of congenital thyroid deficiency.

Well, if he is a cretin, you shouldn't criticize him. It's not nice to criticize the mentally handicapped.

Re:Don't you want to be a traitor too? (5, Insightful)

ChristW (18232) | about 2 months ago | (#47499067)

If making people realise that their basic rights are being trampled makes me a traitor, then I'd want to be a traitor any day...

Re:Don't you want to be a traitor too? (1)

ArcadeMan (2766669) | about 2 months ago | (#47499453)

Alright, but which day do you think it's going to be?

Signed,
your friends at the NSA.

Re:Don't you want to be a traitor too? (0)

cold fjord (826450) | about 2 months ago | (#47499569)

... I'd want to be a traitor any day...

Lets pick a specific day: April 1, 1940

On that day Bletchley Park was reading the "email" of the German government, having broken the Enigma code - a fragile achievement that could fairly easily be foiled, perhaps permanently .... if the Germans knew about it. As a result of breaking that code, and keeping it secret that it had broken the code, the rights of the German government and people were trampled. The trampling of the rights of the German government and people in that fashion meant that Britain would not be starved into submission by submarine warfare, and ultimately the Allies would win the war. That meant that the trampling of the rights, including the right to live, of the people of Western and Eastern Europe by the then Nazi German government would come to an end.

Beyond that, the ability of the UK and US to read Enigma type machine encrypted messages carried over into the Cold War (which at various points nearly flared into a shooting war, including nuclear war) and played a role in helping the West obtain the intelligence necessary to defeat Soviet Communism which killed far more people than the Nazis did.

So, would-be traitor, is that still a good day for treason for you, knowing that Britain would likely have been starved into submission in WW2, the Nazis might have held on, and Soviet Communism might have lived on indefinitely? Many millions more would have been killed, several genocides would likely have been completed, we might still be faced by both Nazi and Soviet regimes, but nobody would be trampling on the rights of the German people by reading their encrypted mail. But I take it you're OK with that since it is "any day," right?

Just curious.

Isn't there an April 1st coming next year? And the year after that? What battles might be lost then?

Re:Don't you want to be a traitor too? (1)

AHuxley (892839) | about 2 months ago | (#47500329)

How many more wars?
As for 'if the Germans knew about it." is the classic understanding of ww2 crypto. Germany trusted the machine, upgraded it a bit and had all its spies turned.
Lets take Normandy. Army Group B has some idea, Pz Lehr Division was moved, Germany had a spy near the British ambassador to Turkey, the Royal Navy had lost aspects to its low level codes, British railroads codes had been lost by late 1943, the German airforce saw changes in US and UK practice traffic, US Transport Command lost its codes, US M-209 and M-138 strip traffic was not totally secure, the A-3 A-3 speech scrambler was not so great, the Polish government in exile had code issues, a few German spies still existed in Sweden and Portugal, SIS-SOE agents where under watch in France
ie Germans moved units to Normandy.
As for "Enigma type machine encrypted messages" post ww2, the Soviet Union had a good understanding of the UK via humans. The Soviet Union was also moving to much tighter one time pad use as it fully understood its code reuse was a huge fault. But they had so much intel to send, they had few options but to risk it.
If govs cant get to one main code, they go for the weak ones, they go for people, they go for the weak codes that get used all day in sloppy ways.
For all the Enigma faith, Germany seemed to understand something was not perfect and worked hard to try and stay ahead.
New rotors, wheel permutations, random indicators, protections to counter cribbing, CY procedure, Uhr device, the UKW-D reflector but it all failed as cryptologic security was so split up. But people keep the old WW2 stories about Germany, Russia, Finland, Australia, Japan code work as just been all safe or all broken.
Post ww2 is filled with new advances and attempts by the UK and US. All very interesting, great in the new history books as more papers are released.
So for that Enigma vision we all give up our rights via an oath to authority for generations?
The talks did cover the authority and rights, press aspect in the last 30 mins.

Re:Don't you want to be a traitor too? (1)

Anonymous Coward | about 2 months ago | (#47499099)

Ain't you worried that there is someone with an erect penis monitoring your private communications inside an NSA control room?

Re:Don't you want to be a traitor too? (1)

Dins (2538550) | about 2 months ago | (#47499369)

I didn't post this, but I think most of the replies/mods missed this dripping sarcasm...

Re:Don't you want to be a traitor too? (1)

Dins (2538550) | about 2 months ago | (#47499377)

(My post above was in reference to the OP, not the post I replied to.)

Re:Don't you want to be a traitor too? (1)

dotancohen (1015143) | about 2 months ago | (#47499437)

I hate to admit it, but I just happen to have an erect penis reading your public communications on Slashdot.

To be fair, it was erect before I opened the page. I think the SEO consultant sitting next to me is ovulating.

So Slashdot... (5, Insightful)

Anonymous Coward | about 2 months ago | (#47499101)

"You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day,"

Looking at you Slashdot.

When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead.

Re: So Slashdot... (1)

Anonymous Coward | about 2 months ago | (#47499147)

You mean https that's built on OpenSSL?

Re: So Slashdot... (0)

Anonymous Coward | about 2 months ago | (#47499281)

SSL. Not OpenSSL.

Re: So Slashdot... (1)

Anonymous Coward | about 2 months ago | (#47499325)

A protocol isn't built on an implementation. Use a version of OpenSSL that doesn't have known bugs or use another SSL implementation if you want to.
Claiming that HTTPS is unsafe just because one implementation has bugs is like saying that C is slow because someone wrote a bad compiler once.

Re: So Slashdot... (0)

Anonymous Coward | about 2 months ago | (#47499409)

You mean https that's built on OpenSSL?

Of all the components that have received the MOST scrutiny from the entire community recently, I'd probably trust a patched OpenSSL implementation over a lot of other options.

Re:So Slashdot... (1)

ArcadeMan (2766669) | about 2 months ago | (#47499439)

Do something useful? Do you have any idea what it would do to Dice's profits?

Re:So Slashdot... (0)

Anonymous Coward | about 2 months ago | (#47499539)

Yes. It's all about money. Filthty lots of money.

Re:So Slashdot... (1)

AmiMoJo (196126) | about 2 months ago | (#47499735)

At this point I'm thinking that the NSA or GCHQ asked them not to implement HTTPS. What other reason could there be for not taking the simple, low cost, minimal action required to enable it? Soylent News, which runs on the same code base, supports it.

Re:So Slashdot... (0)

Anonymous Coward | about 2 months ago | (#47500225)

That's a laughable idea. TPTB don't care about your hot grits posts.

Re:So Slashdot... (1)

Anonymous Coward | about 2 months ago | (#47500049)

And IPv6 access while you are at it.

White Power (-1)

Anonymous Coward | about 2 months ago | (#47499117)

Technology is only a small part of the problem (4, Informative)

DoofusOfDeath (636671) | about 2 months ago | (#47499119)

As long as the citizenry tolerates and sometimes even roots for the government's violation of civil rights, everything including the technology is just details.

The existence of a decent open-source router can't do much against a U.S. National Security Letter.

Re:Technology is only a small part of the problem (0)

Anonymous Coward | about 2 months ago | (#47499289)

The existence of an I2P router can. The letter has to be addressed somewhere.

Re:Technology is only a small part of the problem (1)

SuricouRaven (1897204) | about 2 months ago | (#47499501)

End-to-end encrypted communications can.

Re:Technology is only a small part of the problem (0)

Anonymous Coward | about 2 months ago | (#47499593)

There is no such thing as "tolerating" coercive authority. You either obey, or you are dealt with through coercion (and ultimately deadly force, if you attempt to protect yourself).

Re:Technology is only a small part of the problem (0)

Anonymous Coward | about 2 months ago | (#47500083)

That is why we have warrant canaries. Set one up.

Re:Technology is only a small part of the problem (1)

Sloppy (14984) | about 2 months ago | (#47500695)

It's a small part, but it's a part. I think Snowden has done his fair share of trying to inform laymen and stir up giving-a-fuck. If he wants to switch to working on tech, he could accomplish nothing and still come out far ahead of the rest of us. ;-)

The existence of a decent open-source router can't do much against a U.S. National Security Letter.

While we certain should care enough to force our government to stop being our adversary, there will always nevertheless be adversaries. You have to work on the tech, too. Even if you totally fixed the US government, Americans would still have to worry about other governments (and non-government parties, such as common criminals, nosey snoops, etc), where you have no vote at all. You will never, ever have a total social/civic solution which relies on, say, 4th Amendment enforcement to keep your privacy. I'm not saying your chances are slim; I'm saying they're literally 0%.

Furthermore, getting our tech more acceptable to layment acually would correct some of the problems inherent with NSLs, improving the situation even in a we-still-don't-give-a-fuck society. If you do things right, then the person they send the NSL to, is the surveillance target. The reason NSLs (coercion with silence) works is that people unnecessarily put too much trust into the wrong places.

For example, Bob sends plaintext love letters to Alice, so anyone who delivers or stores the love letters, can be coerced into giving up the contents. OTOH if they did email right, then if someone wanted to read the email Bob sent to Alice, they'd have to visit Bob or Alice. That squashes the most egregious part of NSLs, where the victim doesn't even get to know they're under attack.

That's true whether we're talking about email, or even if Bob and Alice get secure routers and VPN to each other. One of them gets the NSL ordering them to install malware on their router.

Secrets (-1)

Anonymous Coward | about 2 months ago | (#47499149)

Why would anyone trust their secrets to someone who is popular for stealing them and posting them to the public.

Re:Secrets (0)

Anonymous Coward | about 2 months ago | (#47500613)

Sad, but not surprising, that you got modded down for your appropriately on-topic post. Speak not against the Snowden, for it is fraught with peril and fanbois down-modding.

Is this irony? (0)

Anonymous Coward | about 2 months ago | (#47499209)

Speaking out about anti-surveillance on a Google platform, who makes money collecting information on people?

New SSL root certificate authority (2, Interesting)

johnjaydk (584895) | about 2 months ago | (#47499277)

A nice step ahead would be the establishment of a new set of root certificates and an accompanying authority that signs other peoples certificates. All located in a country that doesn't play ball with NSA and other thugs.

This would do a lot to dampen the routine man-in-the-middle we see these days.

Re: New SSL root certificate authority (1)

Anonymous Coward | about 2 months ago | (#47499307)

We have already have them. We need Google and mozilla to stop being little bitches and bending over for the CA's and security services and implent DANE already in their browsers. I don't buy for a fucking minute that they don't implement it because it's not common enough yet...

Re:New SSL root certificate authority (2)

Sloppy (14984) | about 2 months ago | (#47500451)

A nice step ahead would be the establishment of a new set of root certificates...

The lesson of CA failure is that there shouldn't be root authorities. Users (or the people who set things up for them, in the case of novices) should be deciding whom they trust and how much, and certificates should be signed by many different parties, in the hopes that some of them are trusted by the person who uses it.

If you want to catch up to ~1990 [wikipedia.org] tech, then you need to remove the "A" in "CA."

Re:New SSL root certificate authority (1)

johnjaydk (584895) | about 2 months ago | (#47500905)

If you want to catch up to ~1990 tech, then you need to remove the "A" in "CA."

Thanks for the insult. It hardly stung. I expect you to start the project shortly. I'll gladly donate to it on kickstarter.

Secure technology (3, Funny)

PopeRatzo (965947) | about 2 months ago | (#47499323)

I'm going back to my 1942 Corona typewriter with the "t" slightly raised.

Re:Secure technology (3, Funny)

ArcadeMan (2766669) | about 2 months ago | (#47499429)

And why do you think the "t" is slightly raised, hum? Spyware, that's why.

Maybe he can help hide BUK launches (0, Flamebait)

swb (14022) | about 2 months ago | (#47499331)

Even if you grant Snowden every consideration, how can he have any credibility as long as he's in Russia?

Re:Maybe he can help hide BUK launches (1)

ArcadeMan (2766669) | about 2 months ago | (#47499433)

Because in Soviet Russia, something something Dark Side.

Re:Maybe he can help hide BUK launches (0)

Anonymous Coward | about 2 months ago | (#47499509)

He's exactly where the US government wanted him to be...nice and safe. If his passport wasn't canceled, he would've ended up in a place where a discrete bribe would quietly eliminate him from the face of this earth (Breaking Bad barrel-of-acid-style). Everyone would just assume he covers his tracks very well...

It is about getting out. (1)

Max_W (812974) | about 2 months ago | (#47499441)

Privacy is about getting out. Put on light t-shirt, thin-sole running shoes, light shorts and go with your partner to a park, a stadium, etc.

Or go to a beach for a swim.

Have a meaningful private conversation while running, walking or swimming. Speak in a calm quiet voice, not louder than necessary.

So getting out is good not only for health, but for privacy too. Besides, it is much safer to run together or to walk together.

Re:It is about getting out. (1)

messymerry (2172422) | about 2 months ago | (#47499601)

The parks are full of bugs...

Re:It is about getting out. (1)

Max_W (812974) | about 2 months ago | (#47499611)

It is really funny :o)

Stop Snowden first ... (1)

CaptainDork (3678879) | about 2 months ago | (#47499843)

Hell, he walked in and got the stash and fled the country. Manning had already done a similar heist before this.

So, we've got minions with access to sensitive data and can't stop them. The government needs to audit itself ... again.

It does no good to wrap this stuff up in a cloaking device if space cadets can glomp and run.

Re:Stop Snowden first ... (1)

slimshady76 (3752059) | about 2 months ago | (#47500723)

Unless you are trying to be sarcastic, I'd say you are one the remaining ones who still collect their checks from the government and didn't flee... yet...

Irony or blowback? (0)

kevlar_rat (995996) | about 2 months ago | (#47499865)

TOR, of course, was created by the US gov't to protect users against dictatorships and now is mostly used to protect against the US gov't. See also the webertarian manifesto [squte.com] :

The webertarian project aims to create software that makes tyranny mathematically infeasible.

"Develop" or "Instigate the development of"? (2)

bsDaemon (87307) | about 2 months ago | (#47499973)

Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker or capable of the type of software engineering that this proposal would entail. Is his plan just to use his name to fundraise (In bit coin, I guess. I doubt many people are stupid/brave enough to attach their name to a donation towards anything to do with this guy) and attract talent, or is he honestly going to try and release code himself, which will probably be of poor-to-average quality and expect the world to adopt it?

I mean, let's be honest: Either way, whether he's going to just try and brand the stack or contribute, we have technologies that are perfectly good (that is, however, not to say perfect) already -- its just they aren't particularly widely deployed. How many organizations are running IPSec internally, other than just for site-to-site VPN tunnels? How many organizations are deploying DNSSec outside of governments and the military? How many organizations are using PGP or similar asymmetric encryption between employees? Making it easier might help, but chances are that the vast, vast majority of individuals aren't going to jump on any of these technologies in any great numbers unless they are mandated to (like at work, where they don't have a choice), but it isn't as if the government is going to make it a requirement that you try and "spy proof" your computer and communications.

Re:"Develop" or "Instigate the development of"? (2)

m00sh (2538182) | about 2 months ago | (#47500259)

Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker or capable of the type of software engineering that this proposal would entail. Is his plan just to use his name to fundraise (In bit coin, I guess. I doubt many people are stupid/brave enough to attach their name to a donation towards anything to do with this guy) and attract talent, or is he honestly going to try and release code himself, which will probably be of poor-to-average quality and expect the world to adopt it?

All that counts is that Snowden has the balls and integrity that is so lacking in the "uber-hacker" department. You can't threaten Snowden, you can't bribe him. An uber-hacker, you can buy him out or scare him.

Anyways, you don't uber-hackers to develop security software. The encryption algorithms are university research level stuff and as long as you understand the basics of it, you're fine. The rest is just writing code around it that a decent programmer should be able to handle well.

Re:"Develop" or "Instigate the development of"? (0)

Anonymous Coward | about 2 months ago | (#47500601)

Exactly this. If all that was needed was uber-hacking skills, this would be a non-issue.

What is needed is the spark to light the fire to give those uber-hackers a challenge or goal that is worty of their talents.
After all, there exists no better bragging rights than those whose work can deny the will of entire governments.

" I wrote a program that stole online banking credentials "

" I wrote a program that drove the US Government crazy because they couldn't easily spy on everyone anymore "

Which would you rather be remembered for ?

Re:"Develop" or "Instigate the development of"? (1)

SuricouRaven (1897204) | about 2 months ago | (#47500699)

Or an equally good brag: "I wrote a program that's illegal in China."

All I've written are two programs illegal in the US - but that's because one infringes on a software patent, and the other is a circumvention device under the DMCA. It's also a trivial program consisting of about five lines of C, but that doesn't really matter.

Russia and China will appreciate his work (0)

Anonymous Coward | about 2 months ago | (#47500339)

So now, he is busy helping Russia? Hmmm.

Been @ it for YEARS (& more speed too)... apk (0)

Anonymous Coward | about 2 months ago | (#47500435)

Vs. DNS request logs in hostsfile hardcodes (faster than remote dns, shores up Kaminsky flaw w/ less moving parts complexity room 4 breakdown + electric power use (vs. local DNS)):

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of benefits in link)

Summary:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B.) Hosts add reliability vs. downed/redirected dns (& overcome redirects on sites, /. beta as an example).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity/room 4 breakdown,

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in message passing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray is destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption too + hugely excessive cpu use (4++gb extra in FireFox https://blog.mozilla.org/nneth... [mozilla.org] )

Work w/ a native kernelmode part - hosts files (An integrated part of the ip stack)

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

ZeroKnowledge (1)

MouseR (3264) | about 2 months ago | (#47500469)

So now I guess ZeroKnowledge [wikipedia.org] was 16 years too early. I remember laughing at it.

I still don't care wether NSA or other idiots read my mail for I have nothing to hide. But the prospect of ill-advised policy enforcer's ability to use otherwise benign data as scapegoating is irritating.

mo[d up (-1)

Anonymous Coward | about 2 months ago | (#47500501)

would 3e a bad

Vote Snowden / Binney 2016! (1)

Bob9113 (14996) | about 2 months ago | (#47500575)

Here's my latest Snowden / Binney 2016 bumper sticker art, suitable for printing at 2.75" x 5" cropped size plus a .125" bleed, 300 DPI, on vinyl:
PNG [traxel.com]
Vector (LibreOffice Draw) [traxel.com]

This is my original artwork, CC BY-NC-SA, so print a pile and spread them around if you like. I use psprint.com, and I recommend searching "vinyl bumper stickers" on DuckDuckGo, where psprint is usually running a coupon in the search results. I haven't received the color proofs for this version yet, but these are corrected from a previous batch and should be pretty good.

Disclaimer: I have no affiliation with DuckDuckGo or PSPrint, and Snowden/Binney is (perhaps unfortunately) neither a real nor a realistic campaign. This is just for giggles.

....In Russia (1)

gelfling (6534) | about 2 months ago | (#47500823)

Oh please, Eddy, shut the fuck up.

Read-Only Computing? (0)

Anonymous Coward | about 2 months ago | (#47500853)

One of the angles of privacy violation is by accessing data on the local machine. Is there any particular OS distro that could operate truly read-only, writing only to RAM for the current session?

Could it work in metadata-free secure writes to a storage device if you wanted to store an acquired file?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?