Schneier: The US Government Has Betrayed the Internet, We Need To Take It Back 397
wabrandsma writes "Quoting Bruce Schneier in the Guardian: 'The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it. Government and industry have betrayed the internet, and us.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.
And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do."
Re:Freenet, I2P, Tor - darknets (Score:3, Interesting)
There is not going to be privacy as long as the physical links are not in the hands of the people. You are not the king of your castle if you rent. People need to start digging ditches and burying fiber to connect to their neighbors.
Re:Freenet, I2P, Tor - darknets (Score:5, Interesting)
Demand IPv6. Yell at your ISP. At least ask for it and tell them how important it is. With IPv6 people can start running own servers and more P2P stuff. The Internet before the last 10 years worked that way and it was good. The "Internet" of today is centralized and that is a major problem. No wonder it's easy for Intelligence agencies to do what they are doing if the only thing they need to do is attack 10 or 20 corporations to succeed.
Teach people around you about technology, encryption and how the Internet works. Give them an image of how their clear-text messages hop around and where they land and what happens to it when it does.
Don't be ignorant and don't say stuff like "well, I've known it all the time - I don't have anything to hide anyway so I don't care". Are your really sure about that? Do you know how your life will look like in 10 or 20 years time and how the political climate will look like where you live at that point?
Support organizations fighting for your freedom - I don't care if it's EFF, FSF, Pirate Party or something else. There are people willing to take on the big guys for you when you are not, but they can't do it without your help.
Re:Thanks Mr Schneier (Score:5, Interesting)
Just wait until the character assassination begins for Schneier too. He's been taking very strong positions, I'm waiting for a photoshopped picture of him fucking a sheep to be released on the Internet for the whole world to see. Pretty soon, he'll be living in a South American country's embassy.
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Peer review is no panacea. I'm not going to argue against open-source, but open-source is at significant risk too. You can't pull an _NSAKEY but with the resources available to the NSA it is no big feat to weaken an implementation in a non-obvious way.
Silent Circle's approach is that they sell their software to the US and UK government. If the NSA were to require them to install a secret backdoor then the NSA would be compromising the security of all of their government customers because they don't sell two different versions of their software, it is the same for all customers.
Re:The destruction of trust (Score:5, Interesting)
The exact same process has been going with doctors (The Red Cross, Doctors without borders, World Polio programs etc.) being used as cover by intelligence services and special forces. This practice is forbidden by the Geneva conventions, and now real doctors working in war zone's are being treated with suspicion at the very least, or shot on sight at worst.
"Ah, arrogance and stupidity all in the same package. How efficient of you!"
Re:All we have to do (Score:5, Interesting)
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Open Source is really tricky to do well and make money from and sometimes it is just not a viable business model.
Agreed, but the counterargument is that if it's closed source, you can't trust its security, and nobody should really trust it anyways. Why would I use some security software if it may well be carrying around an NSA backdoor? Why should anyone pay for it?
Once you close the source to your security product, you effectively have no product anymore. Open source is not 100% bulletproof, but closed source is by this point bloody close to 0%.
Re:What is Bruce Schneier's game? (Score:4, Interesting)
And what happens if he refuses? Is he "disappeared"? A public prosecution would be risky, of course, since then they would have to reveal (at the very least) that they tried to force him to do something bad.
And what if he complies? He inserts the line, it's immediately spotted by his co-developers and they say "no way that goes in, it's an obvious security hole!". Project maintainer says "Um. I'll just keep it in my tree if it's all the same to you. Maybe you can leave it out in your trees."
Life isn't nearly as easy for NSA as you would believe. Especially not these days. Thank God.
Re:What is Bruce Schneier's game? (Score:4, Interesting)
That is a red herring.
Will the security researchers be putting that level of scrutiny on evey desktop application?
Screw trying to backdoor the security software. It is much easier to simply backdoor something innocuous to get a foothold on the machine. Once it is compromised, just read all the encrypted stuff BEFORE IT GETS ENCRYPTED.
Re:What is Bruce Schneier's game? (Score:4, Interesting)
>> Open Source ... is just not a viable business model.
> Agreed ... closed source ... can't trust ...
But then again, one of Bruce's arguments is that WE -- the engineers and geeks who built the Internet -- should fix it. Doesn't that imply an open source approach as well? The existence of third-party, closed-source vendors is just a symptom of the underlying problem. If they go out of business as a result of the Net being "fixed" by the community, then ... oh, well. Just my opinion.
Interesting discussion, by the way.
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Does anyone know if anyone is actively looking for that type of exploit?
So long, and thanks for making computers creepy! (Score:4, Interesting)
I think the totalitarian sickness Schneier describes goes well beyond the NSA. Computers and especially mobile devices are becoming creepy, for lack of a better word, even without government intervention. They are the prying eyes in your house Harriton High School Used Laptop Webcams To SPY On Students At Home [huffingtonpost.com], they are following your every move Government Location Tracking: Cell Phones, GPS Devices, and License Plate Readers [aclu.org], they are keeping tabs on what you like and don't like Mapping, and Sharing, the Consumer Genome [nytimes.com] (featured on slashdot yesterday, itself a thinly veiled phishing scam IMHO). Although subject to government abuse, none of the "services" highlighted in those links were instigated by the government. Just yesterday I was innocuously checking for prices for various professional training seminars on Google, and on cue my Email inbox started overflowing with unsolicited offers. On some days, I want to throw my smartphone in the trash and unplug my computer from the internet and only plug it back in when I need to access the SVN repository.
So Kudos to Bruce Schneier for addressing his call to the engineering community, but now it begs a question: aren't engineers, including those outside the NSA/DEA/FBI, somewhat responsible for creating this creepy user experience? I don't think they're suddenly going to wake up one day and fix it; a significant subset has embraced the creepiness and fundamentally doesn't understand why it might be a problem for others.
Re:What is Bruce Schneier's game? (Score:4, Interesting)
In both of these cases nobody pays you a penny and you go broke real fast.
So you can't make money off the code. Who cares? Vine is free, yet they sell cute stickers in app. They make a ton of money and the messenger app is just the vehicle to sell stickers. What is to stop anyone making a messenger app with strong end to end encryption that is open source and also happens to sell these copyrighted stickers? Oh, right, nothing. That's a very easy, proven way to make money.
Want to add some trust to the build for regular people? Post a page stating "We have never received a request by the NSA to distribute a broken product" and leave that page posted so long as it is true. If the page goes down, someone not related to the company can post a build, post the same message and again, as long as it is true, the message stays up. If you think that third party is the NSA and lying, you have the build instructions. Build it yourself, just to be sure. In fact, the build instructions could be as simple as install java, click this .jnlp that installs a hudson build server locally which does the build for you.