NZ Professor Advocates Civil Disobedience Against Mass Surveillance 321
nut writes "We're all aware of how much surveillance we are under on the internet thanks to Edward Snowden. Gehan Gunasekara, an associate commercial law professor at Auckland University in New Zealand, wants us all to start sending suspicious looking but meaningless data across the internet to overload automated surveillance systems. Essentially he is advocating a mass distributed Bayesian poisoning attack against our watchers."
Need to Do More (Score:5, Interesting)
Just sending a bunch of keywords in email isn't enough - emacs has had a spook function [gnu.org] since the 80s so they are kind of used to that stuff by now./ You'll have to act like a crazy-pants terrorist.
To make it really work we need to bring the eternal september to the islamic extremist websites. Everybody go post on those arabic jihadi websites. Uh, does anyone know of any arabic jihadi websites? Or how to read and write arabic?
Re:Need to Do More (Score:5, Funny)
Just sending a bunch of keywords in email isn't enough - emacs has had a spook function [gnu.org] since the 80s so they are kind of used to that stuff by now./ You'll have to act like a crazy-pants terrorist.
To make it really work we need to bring the eternal september to the islamic extremist websites. Everybody go post on those arabic jihadi websites. Uh, does anyone know of any arabic jihadi websites? Or how to read and write arabic?
Even that's not enough. Everyone needs to buy backpacks, pressure cookers, and explosives, so the authorities have no hope of finding the actual terrorists. Also take lots of flying lessons but deliberately skip the parts about landing and taking off. And bring a knife and a gun with you _every_ time you fly. They can't lock us all up right?
Re:Need to Do More (Score:5, Informative)
Don't forget to download the US Army publication (available many places online, in various formats) :
"TM 31-210: Improvised Munitions Handbook".
I was issued this TM (Technical Manual) when I was in the US Army in 1977. Instant science geek Massive Woody! The actual printed manual even had many blank pages, with a note at the beginning of the book on how to construct an effective, simple balance scale, and the info that each page of the book weighed one gram!
After the intro of the 'MacGyver' TV series, it became 'the MacGyver Bible' by the troops.
I highly recommend the book for the potentially useful info, and the entertainment value.
DISCLAIMER:
Most of the recipes/procedures are dangerous and risky!
Keep in mind the context of this manual. Alarmingly, the context is for a would be terrorist, guerrilla fighter, insurgent, etc.....go figure...
Re:Need to Do More (Score:5, Interesting)
Under UK Law, downloading this could result in a prison sentence.
Re: (Score:2, Troll)
Under UK Law, downloading this could result in a prison sentence.
And yet I love the never ending posts about how America is the ONLY country which is a threat to liberty. It certainly is pushing at the boundaries of crazy but at least it is ostensibly legal to download that manual.
I was reading part of Benjamin Franklin's autobiography and memoirs and two quotes struck me which were written just a few months before the outbreak of the revolutionary war:
"Try on your fetters and if you don't like them, then we can talk."
And
"Either we must all be free, or none of us."
(I may
Re:Need to Do More (Score:5, Interesting)
And yet I love the never ending posts about how America is the ONLY country which is a threat to liberty. It certainly is pushing at the boundaries of crazy but at least it is still ostensibly legal to download that manual.
FTFY. But republicans (and democrats, but less explicitly) are working hard to "fix" that.
These programs are thrust on us, and we have to really complain for even the slightest hope of the patriot act to not be renewed.
Money is the root of all problems. Best action is to reduce its influence: http://www.wolf-pac.com/ [wolf-pac.com]
If we stumble we may drag everyone to the ministry of love with us.
True, and a really scary thought.
Re:Need to Do More (Score:5, Interesting)
Under UK Law, downloading this could result in a prison sentence.
Yes? It sounds like the US has the strictest rules here, punishable by a $250,000 fine and 20 years' imprisonment.
https://en.wikipedia.org/wiki/Bomb-making_instructions_on_the_internet#Legislation [wikipedia.org]
Re:Need to Do More (Score:5, Insightful)
in all my time living in the US (born here and with a couple of exceptions lived here all my life) I've never heard of anyone being arrested for downloading such material anyway
Which means that it's a say-so law. Normally it's not enforced, but if they want to go after somebody and can't make real charges stick, they'll charge them with this. Even if they aren't convicted and don't plead guilty to it, it's a sword to hold over their head. Think Aaron Swartz.
Worse is that I don't see how such a law can possibly be Constitutional, so it's a pure intimidation tactic. You could appeal a conviction all the way to the Supreme Court if you have millions for legal fees and are willing to gamble 20 years of your life on the outcome, or you could just plead guilty to the other charge with the 10 year sentence, and hope to get out in five. This isn't a law, it's a federal thuggery provision.
Re:Need to Do More (Score:5, Interesting)
What a crock of drivel, the citation is right there, the US has it punishable by a $250,000 fine and 20 years' imprisonment. Do all the hand waving you like, the truth is the law is much more oppressive in the USA than it is in the UK in this matter.
Every day, I am more and more convinced that Dianne Feinstein (the author of the amendment) is by far the greatest danger to freedom in the United States Congress. Apparently, neither the 1st nor the 4th amendment mean anything to her.
It is interesting to note as was posted earlier that this particular law is not being enforced. The executive knows it will be thrown out by the courts if tested.
Re: (Score:3)
She readily admits to having no desire to acknowledge the 2nd so why should ignoring a few others concern her.
Re: (Score:3)
All laws are selectively enforced. There are no laws that are not selectively enforced. Your point?
Re: (Score:3)
All laws are selectively enforced.
Some are more selectively enforced than others. The issue is that and how the selection is made. If done for nefarious reasons, selective prosecution [wikipedia.org] is a trademark of tyranny and a serious enough issue to be a legal defense. Of course that won't matter once somebody labels the defendant a terrorist, but in a system of justice it would.
Re:Need to Do More URL (Score:3, Informative)
http://ia601203.us.archive.org/5/items/milmanual-tm-31-210-improvised-munitions-handbook/tm_31-210_improvised_munitions_handbook.pdf
happy instant woody ;)
Re: (Score:2)
Re:Need to Do More (Score:5, Interesting)
In high school, I got in interested in explosive chemistry, so I had a local bookstore order The Anarchists Cookbook for me. The easiest recipes are the most dangerous. I asked my grandfather to get me the materials for the easiest and most-powerful thing to make (because he knew everyone, and could get anything), and he basically told me I was crazy. I was asking to make the detonator that he loaded into howitzer shells during the war. The stuff was so sensitive, they tested it by firing shells through PAPER. I was still determined to make SOMEthing that exploded.
Then my chemistry teacher (who I was very close to) caught wind of what my best friend and I were up to. One day, he didn't lecture or give us a lab. He did a demo. While he talked about the weather, or some other nonsense, he very calmly distilled a couple of drops of 100% nitric acid. He didn't explain any of this; I just knew enough about it to know what was going on. He then poured HALF of that couple of drops into a fire tube and stuffed a wad of test tube straw packing material into it. He continued to talk while the nitric acid effused into the straw. He then started a wood splint on fire, and held it towards the open end of the fire tube, which he had placed at a 45-degree angle. The straw ignited, and the wad shot about 12 or 15 feet across the room. I understood that he had just made very weak dynamite, and saw how powerful that was, and immediately resigned to not screw around with trying to make explosives. He never explained why he did it, to me, or the rest of the class, but I learned the lesson as clearly as I ever learned any.
Re: (Score:2)
Ah, which geeky kid does not wish for a grandfather who can get anything and a chemistry teacher they're very close to...
Re:Need to Do More (Score:4, Funny)
Ah, which geeky kid does not wish for a grandfather who can get anything and a chemistry teacher they're very close to...
ones that have all of their fingers still attached and both eyebrows on their head.
Re: (Score:3)
The straw ignited, and the wad shot about 12 or 15 feet across the room. ... He never explained why he did it, to me, or the rest of the class, but I learned the lesson as clearly as I ever learned any.
That chemistry is radical, science is awesome, and explosions can be performed in a controlled and safe manner?
and immediately resigned to not screw around with trying to make explosives
You dun goofed kiddo. Are you a chemist right now? Are you? NO? yeah, that's right, you dun goofed.
Tell me you're at least an engineer. Don't tell me you're an IT wage slave.
Re: (Score:3)
It sounds like he made nitrocellulose (smokeless gunpowder), not nitroglycerine (the explosive in dynamite). Nitrocellulose is not particularly dangerous, although it does make lots of gas and is great as a propellant (hence your teacher putting it in the tube). Nitroglycerine, on the other hand, is not something to play around with.
Depending on how old your grandfather was, he was probably talking about nitroglycerine, too. It's pretty easy to make, but I do not recommend an amateur attempt it. Many people
Re: (Score:2)
On to more practical matters, I don't seem to have TM 31-210 but I haven't completely sorted that end of the library out here. I keep that kind of stuff in a survival bundle. I don't seem to have missed much else comple
Re:Need to Do More (Score:5, Informative)
Don't forget to download the US Army publication (available many places online, in various formats) :
"TM 31-210: Improvised Munitions Handbook".
I was issued this TM (Technical Manual) when I was in the US Army in 1977. Instant science geek Massive Woody! The actual printed manual even had many blank pages, with a note at the beginning of the book on how to construct an effective, simple balance scale, and the info that each page of the book weighed one gram!
After the intro of the 'MacGyver' TV series, it became 'the MacGyver Bible' by the troops.
I highly recommend the book for the potentially useful info, and the entertainment value.
DISCLAIMER:
Most of the recipes/procedures are dangerous and risky!
Keep in mind the context of this manual. Alarmingly, the context is for a would be terrorist, guerrilla fighter, insurgent, etc.....go figure...
https://archive.org/details/milmanual-tm-31-210-improvised-munitions-handbook [archive.org]
Re:Need to Do More (Score:5, Informative)
Not sure why you're surprised by that ... the US has funded insurgencies against governments they don't like for decades.
A lot of nasty, vicious people were funded because they were opposed to the Soviets. In fact, Bin Laden and many of the people in Afghanistan were funded by the US.
The US used to fund what they'd now class as terrorists to overthrow democratically elected governments they didn't like the ideology of -- which in no small part is why there's a lot of resentment in Latin America against the US.
Don't act like the last decade or so has been in a vacuum. These types of groups were actively (and sometimes secretly) funded and trained over a large number of years, and often some of the more appalling things they did were overlooked because of Cold War ideology.
That the US literally wrote the book on how to do this is of no surprise to anybody else. If you train attack dogs, you better be damned sure you can control them or they'll turn on you.
Re: (Score:2)
For now it seems like they are still building fancy lists. ie longer, bigger, better versions of concepts like http://en.wikipedia.org/wiki/Main_Core [wikipedia.org]
Re: (Score:2)
And bring a knife and a gun with you _every_ time you fly.
Actually, that's exactly what I do. So far, the airport personnel hasn't had any issues with that.
Re:Need to Do More (Score:4, Insightful)
The thing is, how many times do you see the exact same uniquely-styled terrorist attack? The mere fact that they're looking for people with pressure cookers and backpacks tells me that they wouldn't know what to look for on their best day. It's just like how now everyone has to take off their shoes at airports, but we all know there's no shoe-bombing suspects being caught by it.
Re:Need to Do More (Score:4, Insightful)
well the point isn't to BE a terrorist...and it definitely isn't to protect terrorists. The point clearly, unless you're clueless, is to stop our government from being Big Brother and effectively disrupt their collection efforts enough to make waves...we don't even have to shut them down perse.
Although the intentions may be admirable and the potential for good great, the issue here is that secret oversight of secret collection over previously protected persons isn't protecting our privacy. Furthermore it creates the potential for HUGE abuses...the nearly omniscient possibilities for market manipulations, personal investments, vendettas, stalking, etc are mindblowing...yet we're being told effectively...don't worry we've here to help. I was thinking basically the same thing in that if we create a program to include certain words in routine and random communications...they'll have to tweak their methods...keep up this cat and mouse game for long enough and someone at the top will start to notice. Hopefully we can increase the costs of collection enough too that someone will notice. I'm sure I can poke holes in this idea until I'm blue but the point should be to find a way to make the system better. And although it's a mighty enticing idea to leach into every ISP and IT system in the US to try and look at everything...just because you can doesn't make it right...regardless of your intention. I guess though that we've forgotten that the ends do not justify the means.
WTF??? Was "Re:Need to Do More" (Score:5, Insightful)
Okay, maybe this is just whooshing over my head, but ... "so the authorities have no hope of finding the actual terrorists"?
But, but, I WANT them to find the "actual terrorists".
I DON'T want them to accuse innocent people of being terrorists. I don't want them to break down doors with guns blazing because someone didn't answer the door fast enough. I don't want them to frighten young children (or adults that have the mental capacity of young children) at airports. I don't want the police to pay a visit to people just because someone Googled "pressure cookers" while his wife Googled "backpacks". I don't want them to arrest people for wearing suspicious T-shirts, or kick people off of airplanes because they are speaking Russian (or Arabic, or Spanish) to each other. I don't want them to shoot to kill because someone dark-skinned is running for the train. I do not want the police to act on false positives.
But I definitely DO want them to catch the "actual terrorists" before they can commit their acts of terrorism!
Re:WTF??? Was "Re:Need to Do More" (Score:5, Insightful)
But I definitely DO want them to catch the "actual terrorists" before they can commit their acts of terrorism!
Here's a better alternative: ask yourself what causes someone to become a terrorist; then ask yourself whether you're doing something in that list; then ask yourself whether those things you're doing are necessary and important enough that it's worth it to have terrorists being formed due to you doing them; then, if the answer is "no", stop doing them. That's a good way to not have terrorists appearing, or at least to not have a majority of them appearing, meaning you won't have to worry about catching that which doesn't exist anymore.
An alternative is to do a cost-benefit analysis. In which position, relative to all other troubles are terrorism-caused violence, destruction and death? 1st place, 2nd, 3rd, 100th, 1000th? Adjust your priorities accordingly. If something kills 'n' more people than terrorists, it should be worth 'n' times more of your time than terrorism. Terrorism kills on average what? A few hundred people every year? There's stuff out there that kill a few hundred thousand people every year. Ask yourself: why aren't you worried a thousand times more about those?
Terrorism is a very minor problem. Giving it all this attention is a cognitive failure. There are much more objectively important issues out there.
Re:WTF??? Was "Re:Need to Do More" (Score:5, Insightful)
Bull feathers!
The cause of most wars and terrorism is us-versus-them. Different religions provide a dividing line between "us" and "them", but it can just as easily be ethnic origins, skin color, language, political views, gang affiliation, or any other marker.
Re:WTF??? Was "Re:Need to Do More" (Score:5, Insightful)
But I still completely disagree that it should be anybody's goal to ensure that "the authorities have no hope of finding the actual terrorists."
The problem is that someone's an actual terrorist only after actually committing some terrorist activity or at least helping someone who did. Trying to go after people who are "thinking about" committing an act of terrorism is going after someone for a thought crime. No, the appropriate approach is to focus on prevention. You try the best you can, upper bound by an objective cost-benefit analysis, to prevent such acts from being successful. And if it so happens that one such act goes through the prevention efforts and end up happening, then you go after those who *now* have actually become criminals to prosecute and punish them to the full extent of their *actual* crime.
There's no place in a free society for thought crimes. Widespread surveillance is unneeded both in principle and in practice.
Re:Need to Do More (Score:5, Interesting)
http://blogs.fas.org/secrecy/2013/08/quantum-leap/ [fas.org] seems to hint at the "exploiting open sources of information, particularly social media"
"utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the internet and social media"
Go to your local library and search for a few good local political journalists emails.
Spend a few days looking at real, local political scandals, deals, foreign intrigue or any interesting issues.
Note as many names as you can, brands, firms, lawyers names, journalists. Create a new draft email and account with one of the big US technology giants that the NSA likes.
Start shaping your draft message. Be as creative as you can about new information, a family member willing to talk.
Anonymity, hint at a bank, a document, past low level political access that 'helped'.
Pad out the intro and local aspect with a time line, what was in the press, how a journalist was on the right track, regional terms.
Save the draft.
Read and save your message from the account via clean computer (MAC and wifi unused) in the state capitol days later.
Keep a camera near your door if you ever get a 'unrelated' visit.
Speak loud and ask the person at the door to speak up too
i.e. make your message flow like a real whistelblower might. Great practice for a work of fiction.
Re:Need to Do More (Score:5, Insightful)
Just sending a bunch of keywords in email isn't enough - emacs has had a spook function [gnu.org] since the 80s so they are kind of used to that stuff by now.
Yes, yes... whatever. Tell me, did you witness the Occupy protests? Did you see how the feds and local police coordinated to stamp that out? Did you see how even the mainstream media glossed over and under reported the events, and how there seemed to be "no real message" to the protests... except there actually was? At one point NYC Financial district was packed with people, that evening I was at a friends house and we watched the news, even scanned several local channels, not a mention of it... They wouldn't believe me that it even happened until I pulled up a video on my phone.
So, what you've got to do is not just encrypt data, but form a network of peers that you regularly encrypt data between. The system triggers on perceived organized networks of people, or what it thinks are "cells".
Also, I take offense at labeling the sending of encrypted data across a network as "Civil Disobedience". If IPv6 hadn't had mandatory encryption removed from the standard to keep PRISM running, would everyone then be a Civil Disobedient? Hell, everyone going to the government websites and pressing [F5] a bunch would be more of a Civil Disobedience than sending encrypted messages. I don't send ANY Unencrypted emails in the first place -- PGP is my SPAM filter FFS.
Re:Need to Do More (Score:5, Informative)
I hate organized media organizations for the travesty that they have become to unbiased reporting but my personal experience with the Occupy protests were that they were spot-the-fuck on. Also, in each of the three that I traveled hundreds of miles to go to, the police didn't stamp out shit...they showed up in strength but they didn't bother me or anyone I knew of who wasn't purposely trying to cause problems. Again, I'm not fond of the establishment but I was fairly impressed at the restraint shown by the 'peace-keepers'.
Things may be different in NYC; however, in other parts of the country, at least in the two cities I visited during the Occupy protests, there was local and national media coverage all over the place and things were as fair as could be expected.
Re:Need to Do More (Score:5, Insightful)
I think all long-running protests turn into that. The Tea Party protests were just as bad, and for much the same reason: The protesters were protesting a vague idea, but had nothing specific to unify them.
Watch for the next FALSE FLAG ATTACK after this (Score:2)
I like the professor's idea. However, the problem is after this, there's an increased likelihood that they will deliberately allow the next attack (or even fake one), like many think they did at 9/11.
Watch for 9/11-esque nonsense explanation after the next attack.
Re: Watch for the next FALSE FLAG ATTACK after thi (Score:5, Insightful)
En what? 9/11 barelly killed half of what diarrhea kill EVERY DAY. Fighting diarrhea is far less costly than fighting this so called terrorism. The real terrorists are these states instilling fear of terrorism in the population. And let me laught when they say that they have so good information about a next terrorist attack that they need to stengthen the security worldwide and not just where the next attack would be. This is probably an attempt to talk about something else than snowden and the surveillance state in the medias...
Re: (Score:3)
Just sending a bunch of keywords in email isn't enough - emacs has had a spook function [gnu.org] since the 80s so they are kind of used to that stuff by now./ You'll have to act like a crazy-pants terrorist.
To make it really work we need to bring the eternal september to the islamic extremist websites. Everybody go post on those arabic jihadi websites. Uh, does anyone know of any arabic jihadi websites? Or how to read and write arabic?
In certain countries (the one I saw this happen in myself was Morocco), just going to an extremist website URL will end you up in prison as a suspected terrorist.
So for those planning to visit such websites I suggest you check the laws of the country you're in before you do so.
Re:Need to Do More (Score:5, Insightful)
Suspicious looking but meaningless data? (Score:5, Funny)
What does that even mean?
Death metal to America!
Re:Suspicious looking but meaningless data? (Score:5, Funny)
Death metal to America!
\m/ (-_-) \m/
Re: (Score:2, Funny)
Dead Kennedys?
Re: (Score:2)
C'mon, if you did that like a decade ago, it might have worked, but now the impact would be even lower than killing the real one.
Re: (Score:2)
What is this, some kind of a cheap Queen knock-off?
Re: (Score:2)
What does that even mean?
Death metal to America!
For your sake, I hope you are not living in US. Because they may come after you on drug charges [reuters.com]
Re: (Score:2)
What does that even mean?
Death metal to America!
Obama's been laden!
Re:Suspicious looking but meaningless data? (Score:5, Funny)
What does that even mean?
Death metal to America!
Obama's been laden!
...after rifling through emails. What a bull's natural fertilizer smell-bomb! Makes one's mind boiling like a pressure cooker to think he got that prize from dynamite inventor's foundation.
Excellent Idea (Score:3)
We should do this, and make user-friendly encryption tools more widely available to the non-geek community as well.
Re:Excellent Idea (Score:5, Insightful)
We should do this, and make user-friendly encryption tools more widely available to the non-geek community as well.
Tools are not the problem. The problem is that at a certain scale you need some infrastructure to distribute and authenticate encryption keys and at that point you'll run into the same problem we're at now: You have third parties you'll have to trust. Doesn't matter then if you have to trust them not to hand over your data (like Google and ISPs do) or your encryption keys.
It's not a technical problem, it's a political problem.
Re:Excellent Idea (Score:4, Interesting)
Very true, for now. The short-term solution is scale: sheer volume can create enough noise and wasted effort to at least slow the bastards down a bit, albeit temporarily. Overflows still happen.
In the longer term, we just need to develop and host purpose-built junk generator applications whose sole mission is to flood the sniffer's nostrils with the digital aroma of a cattle feed lot.
Re: (Score:2)
I get it. :-)
In USA terms: "Bury them in Bullshit."
I applaud this, and will participate gleefully!
The thought of /.'ing the NSA is too much fun to pass up.
Re:Excellent Idea (Score:5, Interesting)
Tools are not the problem. The problem is that at a certain scale you need some infrastructure to distribute and authenticate encryption keys and at that point you'll run into the same problem we're at now: You have third parties you'll have to trust. Doesn't matter then if you have to trust them not to hand over your data (like Google and ISPs do) or your encryption keys.
It's not a technical problem, it's a political problem.
I do not agree, or at least not see it as so black and white. Tools *are* a big problem, almost a complete failure even being designed by engineers for engineers. Hard to use and setup for people with no 5kill2, not up and running by default with zero configuration on programs first install. Tools today put the egg before the chicken requiring that you pay/setup/configure yourself into the "infrastructure to distribute and authenticate encryption keys" before you can encrypt anything by default, therefore the overwhelming default is that nothing is encrypted - a big fail. In this light OTR does it right - 100% everything encrypted by default after first install of chat clients supporting it, by default. If you are one of the few that wants to raise the bar on the security from there, then you can easily check signatures out of band or use a third party authenticator - but that is secondary and and very easy to do given everyone is using it already by default. PGP/SSL does it the hard/wrong way (IMO): Forces everyone into "too complicated for the average person"/$$$ solutions even before you can start encrypting (without scary browser warnings etc). End result: Nobody encrypts, an especially glaring failure in the case of email. SSL is mostly for commercial orientated websites - check stats for vast majority of websites vs those that support SSL. Self signed certs are a dirst word
Security experts will be growling "MITM", "we neeeed third party authentication", "good security is hard to do", "MITM, again", but again it is egg before the chicken missing the forest for the trees. Top priority Job #1 is get everything encrypted all the time. Job #2 you can start worrying about how to check signatures on your certs out of band, raise the visual cues that your session is both encrypted and you have taken the extra time or used a third party to authenticate the certs signatires. If the whistleblower Snowden has taught us nothing else, it is that if you do bother to encrypt whilst nobody else is doing it then your communications are automatically being targeted for extra monitoring. Oh, and if you do happen to visit some website over https that one agency or other happens to have a grudge against or wishes to perform some industrial espionage on, then your also MITM'ed.
Security tools are still in the dark ages and do not cater to humans. No amount of political hot air is going to fix that...
Re: (Score:2)
not up and running by default with zero configuration on programs first install.
Encryption programs that do that, won't be worth there cpu cycles. Where are the keys coming from? Who do *you* trust. What about expired keys and other key management things?
Proper secure point to point encryption over the internet, is not zero configuration.
The threat model in this case is the government. So MITM attacks are very likely a real threat. People will expect it to work on their phone, tablet and PCs around the house without any more annoying configuration. It just does not work. Look at t
Re: (Score:3)
Encryption programs that do that, won't be worth there cpu cycles. Where are the keys coming from? Who do *you* trust. What about expired keys and other key management things? Proper secure point to point encryption over the internet, is not zero configuration. The threat model in this case is the government. So MITM attacks are very likely a real threat. People will expect it to work on their phone, tablet and PCs around the house without any more annoying configuration. It just does not work. Look at the state of SSL.
You are mis-informed, see Diffie-Hellman and OTR. Yes we can have zero configuration tools *and* secure to get us ALL to always encrypted all the time (Top priority Job #1). After that priority Job #2 easy methods to validate certs out of band is just a small baby step for those that are interested. After that Job #3 making meta data collection useless is also much easier once everything is encrypted all the time - for example a simple multicast encrypted packets to many random destinations but only one int
Re:Excellent Idea (Score:5, Insightful)
We should do this, and make user-friendly encryption tools more widely available to the non-geek community as well.
Tools are not the problem. The problem is that at a certain scale you need some infrastructure to distribute and authenticate encryption keys and at that point you'll run into the same problem we're at now
Oh if only there were some decentralized trust management system like PGP!
If only someone from the 1970's could travel Half a Century into the future to tell us about Diffe-Hellman key exchanges.
If only Six Degrees were about level of separation required to link all humanity to an Erdos Number of One. [wikipedia.org]
WHY! Oh Why? Why have I wound up trapped in this Math Forsaken Timeline AGAIN?!!
Please, sir! Tell me they haven't outlawed plotting the series of Zn+1=Zn*Zn+c too?!
Security be damned, I just couldn't live in a world without beauty...
Re: (Score:3)
But we don't need to make networks impossible to monitor.
We just need to make them take so much effort that even the most over-funded government agency can't afford non-targeted monitoring.
Re: (Score:3)
Encryption is always good, especially triple symmetric encryption using TEMK with different algorithms and two passphrases. For example, you could write a program that fills a USB stick with encrypted random keys, one for you with your key and one for the recipient with his own key, and derives session keys from that using a user-defined offset (which could be a word, for instance). One direct key exchange from person to person can suffice for years of secure sessions as long as both parties manage to keep
I've my own approach. (Score:5, Informative)
I've been convincing as many people as I can to start using Retroshare as an IM program. It's encryption isn't the best - the NSA might be able to break it with a lot of effort, but they certainly can't do so for mass-surveillance. But it's compact, reliable, cross-platform (Though a rather fiddly compile), and it gets the IMs through. No central servers, all communications encrypted - you establish contacts by exchanging keys. And very hard to filter, as it doesn't run consistent ports and the preferred protocol is SSL with a UDP fallback. It can even do the UDP-dummy-start trick to get through a NAT at both ends, like Skype does. Plus it incorporates folder sharing, which means you can help to promote it by promising friends access to your folder-o-piracy.
Shameless as this plug is, I'm in no way affiliated with Retroshare. I just think it's a very nice piece of software, and more people should use it.
Re: (Score:2, Interesting)
Oh, almost forgot: FIRST!
There are a few small issues with retroshare still (No forward secrecy, key length should be longer, hell to compile), but those are just refinement issues. More users means more incentive and developer attention to perfect it.
Re: (Score:2)
I totally agree on Retroshare... I saw it and immediately loved it. I've had a hard time convincing non-techy friends and family to start using it though.
I think it just needs to be pushed more, and maybe some of the buggy bits will get a bit more attention.
Re: (Score:2)
Share a folder, fill it with goodies. That's how I did it.
Re: (Score:3)
When it comes to crypto tools, I go by a simple rule: WWJD?
The J in this case is Jacob, more specifically Jacob Appelbaum. Until he endorses it, I'm on the fence. For IM, I already have OTR [cypherpunks.ca].
Re: (Score:2)
Damn, Jacob Appelbaum...I thought you were going to say John Wayne.
Why don't we combine the two?
Re: (Score:2)
As much as I like the idea of OTR, it still runs over existing centralised and thus filterable IM networks. RS's file-sharing capability was also a big selling point for me.
Re: (Score:2)
A voice, black screen, numbers in white.
http://en.wikipedia.org/wiki/Numbers_station [wikipedia.org]
Re: (Score:2)
There is such a thing as an appropriate level of security. Tor is overkill, because the many-proxy approach imposes severe resource limitations. Might be fine for messages, but try sending a large file. For most people, there isn't any need for that level of paranoia - the NSA isn't going to be trying to find you. The concerns are advertisers, sneaky hotspot operators trying to harvest credentials, government mass-monitoring programs, copyright enforcement agencies, snooping employers... things like that.
You first! (Score:5, Interesting)
Fifteen years ago, I'd have been all for causing a disruption. Exercising my self-evident liberties and thwarting The Man, when he came down on me for it.
Now, I have a fucked up back from a car crash, a fucked up knee from wrestling, a mortgage, people depending on me, a professional career, and neighbors. The amount of ways they could absolutely obliterate my life at their slightest whim are uncountable. As much as I'm all about people doing something and not just playing "Reddit-pretend-rebel/protestor", we are beyond the time of, say, the 90s -- where civil disobedience and voicing your dissent or even just being a vocal weirdo just got you either a knock on the door or a two hour trip into and out of your local lockup. We're in a time where you become an instant "child molester" or you just disappear or your finances go all permanently wonky, or you get "investigated" and now your neighbors and employer and coworkers all wonder what you've been up to that has raised the interest of The Man.
Re:You first! (Score:5, Insightful)
So this is what fear looks like.
Re: (Score:2)
No, it's the world looks like from under his tinfoil hat. (Though if you're wearing the same chapeau and blinders... yes, it will look like fear.)
Re:You first! (Score:5, Insightful)
The man has won. People are too afraid to do anything that gets any attention since the over reactions are a clear and present danger. In a sense the terrorist won too since America seem to be loosing all the rights defined in the constitution. It saddens me that the tools that can be used to increase communication and understanding around the world have turned inward to monitor, cower and censor us.
Re: (Score:3, Funny)
The man has won. People are too afraid to do anything that gets any attention since the over reactions are a clear and present danger. In a sense the terrorist won too since America seem to be loosing all the rights defined in the constitution. It saddens me that the tools that can be used to increase communication and understanding around the world have turned inward to monitor, cower and censor us.
You got that backwards. Us being afraid means the terrorists have won, and the loss of rights (from the people to the government/"man") is why the man has won.
Please keep our failures straight!
Re:You first! (Score:5, Insightful)
While we were jerking ourselves off in the streets over finally nailing Osama, we forgot to consider that he had already achieved what he wanted the better part of a decade before he was snuffed out. He's bogged us down in military action on at least two fronts that has gone on for over a decade and shows no signs of resolving (or gave certain government agents the justification to carry out actions they already desired in the first place), he's given politicians the tool of fear to leverage the American people into accepting the erosion of every vital liberty that we were founded on, and he has contributed to significantly speeding along our national debt to astronomical new heights.
The saddest part is that everyone playing Reddit-liberator in 2013 couldn't have given the slightest fuck when everyone else was screaming about what was being done the dozen years prior to this. Thus, we end up with things which dwarf The USA PATRIOT Act (which was to have sunsetted years ago, but like inch you give the government, will never be given back).
Frankly, I don't even know that any amount of dissent and disapproval from the citizens will ever amount to anything. If principles, law, and opinion mattered, they wouldn't have been doing these things in the dark to begin with. At best, a wave of overwhelming disapproval will scurry them all back into the dark (where they'd rather be, anyway) to carry on as they have for years with total disregard for the public.
Meanwhile, those who would risk exposing the government or make their dissent a focus of their attention wind up with the IRS being thrown at them like a rabid dog. They end up on no-fly lists. They end up on watch lists. They end up being investigated. Their entire histories end up being investigated. Their every association investigated. Intimidated. Threatened. They end up charged with espionage and treason. They end up running to other nations for their lives, for exposing those within a free government who are working to squelch the very freedom that government is meant to protect. The sad thing is, these are not the lunatic ravings of a paranoid conspiracy nut. Not any longer. These are documented incidents and practices in the mainstream press (and until the press were the victims of targets of these investigations, surveillances, intimidations, and threats -- even they weren't bothering to report on these stories). What was once the unthinkable fantasy-land of paranoid guys who see black helicopters everywhere is now both real and, apparently, accepted.
And that is why I say "you first" in response to the urging for civil disobedience, dissent, and political activism (at least as far as constitutional issues go). Because, when you take that bold step forward, most of your fellow citizens are taking a giant step back. Hell, half of them are flat out against you.
Do not fear THE MAN (Score:2)
Re:You first! (Score:5, Insightful)
Wow, that really sounded like it came from the East Bloc in the 80s.
Re:You first! (Score:5, Interesting)
> You first!
You may feel you have too much to lose by taking action. But the least you can do is be entirely supportive of the people who do take action.
It seems like whenever someone does take action, everybody and his brother comes up with a reason to say that the guy who did take action didn't do it the "right" way. Fuck those guys. Nobody is perfect, people like Snowden, Assange, Manning, Drake, etc are all flawed human beings. But they did put their lives on the line for US. The least we can do is support them in that.
N.B. this isn't directed you personally, just a general statement to everyone who feels they can't take the risk themselves, at least you can speak out in support of the people who do take the risks.
Re:You first! (Score:4, Interesting)
The Man is immensely stronger than the individual. It makes no strategic sense to call his attention.
If an individual really wanted to hurt the system, and not just make a lot of noise for ego and PR reasons, instead of putting bombs he'd spend one or two decades studying biological weaponry, building a hidden lab and accumulating enough product as to kill his entire continent.
With a doctorate in molecular biology, a well paid stable job, and two or three decades of free time, it's not so hard to make some tons of nerve gas and then snail mail thousands of tiny fragile glass vials to the entire world.
(Is that enough Bayesian poisoning? Or must I also put pictures of the secret lab's location, right under the MPAA HQ)
Re: (Score:2)
He who sacrifices freedom for security deserves neither.
People willing to trade their freedom for temporary security deserve neither and will lose both.
He who gives up freedom for safety deserves neither.
Those who would trade in their freedom for their protection deserve neither.
Those who give up their liberty for more security neither deserve liberty nor security.
When the people fear the government there is tyranny, when the government fears the people there is liberty.
When a man is denied the right to liv
Re: (Score:3)
By the way, when did you first give up living to become a slave? Why have you given up and accepted that it's ok to be put on a watch list just because you type certain phrases or words? "The Man" already owns you.
Re: (Score:2)
When did you mistakenly believe that you had a choice? If a free society existed at the whim of the individual, every country would be free. It requires law and society to actively protect and uphold those freedoms. Just a few people willing to do anything, without the overwhelming support of their countrymen, are nothing more than martyrs, at best (probably not even that, after the media spin that is put on them).
This is why the whole idea of the second amendment as a tool partially intended to protect the
Re:You first! (Score:5, Interesting)
The amount of ways they could absolutely obliterate my life at their slightest whim are uncountable. We're in a time where you become an instant "child molester" or you just disappear or your finances go all permanently wonky, or you get "investigated" and now your neighbors and employer and coworkers all wonder what you've been up to that has raised the interest of The Man.
This is to a dot the same justification my father gave me for joining and staying in the Communist Party of Czechoslovakia back in 1985. I was taught early on in my adolescence not to stick the head out, mind my own business and ignore the governemt abuses of power.
Re: (Score:2)
Fifteen years ago, I'd have been all for causing a disruption. Exercising my self-evident liberties and thwarting The Man, when he came down on me for it.
Now, I have a fucked up back from a car crash, a fucked up knee from wrestling, a mortgage, people depending on me, a professional career, and neighbors. The amount of ways they could absolutely obliterate my life at their slightest whim are uncountable. As much as I'm all about people doing something and not just playing "Reddit-pretend-rebel/protestor", we are beyond the time of, say, the 90s -- where civil disobedience and voicing your dissent or even just being a vocal weirdo just got you either a knock on the door or a two hour trip into and out of your local lockup. We're in a time where you become an instant "child molester" or you just disappear or your finances go all permanently wonky, or you get "investigated" and now your neighbors and employer and coworkers all wonder what you've been up to that has raised the interest of The Man.
You're right. You might just get an unpleasant visit and some unpleasant consequences for taking a stand.
One thing is for certain, however, and has been proven true repeatedly throughout history.
If you don't take a stand, odds approach unity that you and those you love absolutely *will* suffer far worse consequences.
Remember Dietrich Bonhoeffer?
"We have been silent witnesses of evil deeds; we have been drenched by many storms; we have learnt the arts of equivocation and pretence; experience has made us susp
Re: (Score:3)
so sign up for a account from a disposable email account accessed from tor from a wifi hotspot at the local starbucks with a spoofed mac address.
Freenet (Score:3)
Nope, stupid idea! (Score:2)
The only thing that will is for all us basement dwellers to step outside and put our lives on the line. Those in power have too much to loose to give up without a lot of blood being spilled.
Easy fix (Score:2)
Flag all the people not posting suspicious keywords.
Do not go gentle (Score:5, Insightful)
Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.
Though wise men at their end know dark is right,
Because their words had forked no lightning they
Do not go gentle into that good night.
Good men, the last wave by, crying how bright
Their frail deeds might have danced in a green bay,
Rage, rage against the dying of the light.
Wild men who caught and sang the sun in flight,
And learn, too late, they grieved it on its way,
Do not go gentle into that good night.
Grave men, near death, who see with blinding sight
Blind eyes could blaze like meteors and be gay,
Rage, rage against the dying of the light.
And you, my father, there on the sad height,
Curse, bless, me now with your fierce tears, I pray.
Do not go gentle into that good night.
Rage, rage against the dying of the light.
-- Dylan Thomas
Re:Do not go gentle (Score:4, Insightful)
With a quite different atmosphere (yet still relevant IMHO), a quote I really like from Richard K. Morgan's Altered Carbon (a really good series of books):
The personal, as everyone's so fucking fond of saying, is political. So if some idiot politician, some power player, tries to execute policies that harm you or those you care about, take it personally. Get angry. The Machinery of Justice will not serve you here – it is slow and cold, and it is theirs, hardware and soft-. Only the little people suffer at the hands of Justice; the creatures of power slide out from under with a wink and a grin. If you want justice, you will have to claw it from them. Make it personal. Do as much damage as you can. Get your message across. That way you stand a far better chance of being taken seriously next time. Of being considered dangerous. And make no mistake about this: being taken seriously, being considered dangerous, marks the difference – the only difference in their eyes – between players and little people. Players they will make deals with. Little people they liquidate. And time and again they cream your liquidation, your displacement, your torture and brutal execution with the ultimate insult that it's just business, it's politics, it's the way of the world, it's a tough life, and that it's nothing personal. Well, fuck them. Make it personal.
Anarchist's cookbook version 5 (Score:2)
http://www.angelfire.com/oh/kewlkewlkewl/cookbook.html
Section IV: Bombs
Double edged sword (Score:3)
Ah, but they are not filtering for terrorists (Score:3)
This will never work (Score:3)
This will never work because it assumes that the purpose of the surveillance state is to 'fight terrorism'.
This is incorrect. The purpose of the surveillance state is to consolidate power in the hands of the elite. The target isn't terrorists using keywords like 'bomb' etc. The targets are everyone, using whatever words they use and doing whatever they do in their normal life.
The real intention is to give those at the top, unlimited, total information surveillance powers against their enemies, WHOMEVER they may be at any time. You want that supreme court decision to go your way? Read the private email and listen to the private conversations of the swing justice to gain insight to his thinking and shape your arguments correctly. If that fails, use the information to blackmail him.
You want to influence the elections? Analyze the big-data you have on the entire population in the voting district to figure out their private thoughts on issues and advertise accordingly.
You want to start a war? Use the knowledge you have to leverage the actors you have creating mainstream news to shape the country's views.
There were already laws against bombing or shooting people. The terrorism is the slight of hand that allows you to target people who have not committed crimes.
Carry Creative Beyond Sanity (Score:3)
As a pretend Political Officer, I had to come up with a bunch of meaningless (but familiar sounding) political sayings for a POW training exercise once.
"The People Know Best, And I Speak For The People" was a good one .. especially when I forced the poor long-suffering POWs to try to explain its meaning.
Some of my fellow NCOs were looking at me a bit oddly for a while, until they finally got the point.
"Humility Is A Smile In The Eye Of Your Mother" was another favorite :-)
So you'd better be careful, look closely at how this could all be presented by a prosecutor .. or the first few hundred trying this convincingly enough may get a wee bit more attention than they expected. Kind of like the first few ranks in the protest march .. encountering .50 cal's in The Man's anti-riot barricades.
Of course they say the weather at Gitmo isn't so bad in the winter months.
Re: (Score:2)
If that means that they finally actually manage to find real terrorists instead of going on the nerves of innocent people [theatlanticwire.com], I guess that's a good thing.
Re: (Score:2)
They want us to help them improve their automated monitoring.
If anything it's a ploy by the terrorists so they can go about their business under the noise floor.
Re:Make it easy. (Score:5, Informative)
Start with trackmenot [nyu.edu] and go from there.
Re: (Score:3)
That's why said disinformation has to be automated and must not come from the person engaging in it. Preferably one should also make sure that the information how to get those automated tools is available not only on "relevant" pages but in circles that he usually does not frequent (because, say, if only people on /. have trackmenot and the like, that, too, is information).
The key is to not only mess with the information, but also the meta-information.
Re: (Score:2)
I, for one, welcome...
No, I've seen too much science fiction to finish that sentence. I'd prefer natural idiocy to artificial intelligence.
Re: (Score:3)
The targets of this idea are not people, but the automated systems that scan all content and communications for random keywords etc. The bots searching for starting points that can be investigated further by humans. The idea is that if too many false postitives are thrown up, the manual parts of the process get overloaded, reducing the value of the automated systems.
Once an individual has the attention of human spooks he's already past the point where this strategy is relevant. So your anecdote is valid, bu
Re: (Score:2)
I think it would be more effective to use false metadata than false data. Don't send suspicious messages; send them in suspicious ways to suspicious places. The messages could be (and probably *would* be) more suspicious if they consisted just of random pictures of cats.
Re: (Score:2)
Too true, and even worse, the Second Amendment was too back up the First Amendment...and we have failed on both, not discounting the Fourth Amendment, which has also failed.
Re: (Score:2)
When facing the IRA, regional accents, work documents and known regions/supported local support networks always gave the MI5/6/GCHQ/SAS a lot of counterinsurgency help.
Funding from the USA was also trackable.
ie the person did not fit their papers well, accent, job, cash/life did not add up.
Much later the accents where English perfect, the jobs where local and movement was a normal 'everyday'.