Forgot your password?
typodupeerror
The Internet Communications It's funny.  Laugh. Privacy Your Rights Online

Time For X-No-Wiretap HTTP Header? 202

Posted by timothy
from the tongue-boring-through-cheek dept.
Freshly Exhumed writes "A security blogger, acknowledging that the NSA methodically ranks communications on the basis of their 'foreignness' factor to determine candidacy for prolonged retention proposes, is proposing '...an opportunity for us on the civilian front to aid the NSA by voluntarily indicating citizenship on all our networked communications. Here, we define the syntax and semantics of X-No-Wiretap, a HTTP header-based mechanism for indicating and proving citizenship to well-intentioned man-in-the-middle parties. It is inspired by the enormously successful RFC 3514 IPv4 Security Flag and HTTP DNT header.'"
This discussion has been archived. No new comments can be posted.

Time For X-No-Wiretap HTTP Header?

Comments Filter:
  • by Anonymous Coward on Sunday September 08, 2013 @11:28AM (#44790065)

    The only way we are going to solve this NSA mess is to clean house...and the senate...

    • by Oysterville (2944937) on Sunday September 08, 2013 @11:46AM (#44790209)
      Somewhere along the line you were given the incorrect information that the US House and Senate have complete oversight of NSA, when in reality it's more accurately the other way around.
      • NSA.

        Amerika's blackmail clearinghouse.

      • Re: (Score:2, Informative)

        by Anonymous Coward
        The House and Senate do have oversight of the NSA. If only because they can just cut off funding and fire the NSA at will. That is oversight. If they want the NSA to stop doing something, they have only to tell them to stop and back it up by cutting funding.
        • Re: (Score:3, Insightful)

          by Z00L00K (682162)

          Unfortunately the NSA has enough on every individual in the government to make such a move extremely dangerous for the single individual.

          NSA, CIA, FBI and DoD have their own life and nobody that is sane would want to challenge them. We have to wait for the insane savior.

          • by lgw (121541)

            Congress is nothing if not masters of parliamentary process that obscures who's really at fault for any bill. If both parties wanted the NSA gone, it would be gone, as a rider to the "Declaration that terrorists are bad and pedophiles too" bill, passed unanimously by acclamation.

            Sure, there's little a sane single individual in the House or Senate could do, but if the tide of popular opinion turns against he NSA, such that congresscritters left and right were all hearing about it from voters? That would br

            • by HiThere (15173)

              When you talk about how democracy is supposed to work, you are corred. Many people do suppose that it works that way.

              At least as implemented in the US (and, AFAIK, in other countries) it doesn't.

              • by lgw (121541)

                That's an interesting claim, but I don't see it. Mostly when people complain that democracy isn't working on some issue, the reality is the majority don't care enough about that issue to change their votes: it's not actually important to people. Democracy responds to what the majority actually finds important, not what small groups think they should find important.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          The House and Senate do have oversight of the NSA. If only because they can just cut off funding and fire the NSA at will.

          No, they can't. Our overly corrupt president would simply write one of his "executive royal decrees" to give them all the "emergency" funding they need.

        • The House and Senate do have oversight of the NSA

          Hmm, I guess that's why after Congress voted down the Clipper Chip, the NSA gave up on all its plans to backdoor domestic encryption software.

          Oh wait...

      • by jonbryce (703250)

        They do have the power to reduce the NSA budget to $0, which is about the most effective oversight possible.

        • And then some information from the NSA servers about the politicians who initiated this would mysteriously find its way to WikiLeaks...

    • Yeah, that'll work.

      Protecting your messages with crypto is a start, and using traffic mixers like Tor and Mixmaster to resist traffic analysis, but it's a hard job when the Bad Guys have Moore's Law on their side and unlimited unaccountable budgets and politicians who want to keep it that way.

  • Someone can't set their date properly? :P

    • by t4ng* (1092951)
      The beauty of this is that people who don't RTFA enitrely, will out themselves by complaining how stupid this idea is.
      • by gl4ss (559668)

        OK it's not a stupid idea - it's a stupid joke(and the comment about him forgetting that it's not april 1st still stands).

        maybe I should just start adding "X-ILLEGAL-TO-WIRETAP" to my http headers. because if nsa intercepts them they're breaking the law.. if I went and got caught for wiretapping the local american embassy they sure as fuck would ask to extradite me.

  • by CrystalFalcon (233559) * on Sunday September 08, 2013 @11:29AM (#44790081) Homepage

    Yes, of course!

    This is guaranteed to work almost as good as the Evil Bit, an extra field in IPv4 headers where senders of packets indicate malicious intent, so that people administering firewalls can discard such packets if desired.

    (The problem in the first place was that the people wiretapping didn't give a shit about rules, etiquette, and being decent. More rules and etiquette aren't the solution to that problem.)

    Rick

    • by Anonymous Coward

      For futureproofing, this should be generalized to an X-No-Evil header, optionally followed by a parameter list of evil the user does or does not want. Should the parameters be a whitelist or blacklist?

    • by MtHuurne (602934)

      The "evil bit" is from the mentioned RFC 3514 [rfc-editor.org].

    • by Vlad_the_Inhaler (32958) on Sunday September 08, 2013 @12:19PM (#44790475) Homepage

      The Evil Bit [ietf.org] is only defined under IPV4, time to update the specs.

    • by Freshly Exhumed (105597) on Sunday September 08, 2013 @01:40PM (#44791019) Homepage

      When I saw that this proposal "deprecates all the SSL/TLS ciphers in favor of Double CAESAR’13" (a.k.a. ROT-13) I knew it was going to be great. BTW, a big shoutout to my friends over in the Caesarian section! Okay, so I needed to run some sandboxed tests first. After using Double ROT-13 everything was going perfectly, according to the spec, but I decided to gamble on TRIPLE ROT-13. Big mistake. Don't do it! All I ended up with was a bunch of gobbledegook that I couldn't work with anymore, so I had to just delete everything and start all over again. Don't use TRIPLE ROT-13!!!!!!!1

      I wish I could have been FP to warn everyone. I'm glad this proposal sticks with Double!

      • by Culture20 (968837)
        Your mistake was in not doubling the triple. Always use triple rot-13 twice. It's sextuplely encrypted and you can use it easily.
    • by swillden (191260)

      Indeed, the author of the article specifically mentions that his proposal was inspired by RFC 3514, which defines the evil bit.

  • It'll certainly flag the packets to NSA as deserving of extra long retention!

  • by Anonymous Coward on Sunday September 08, 2013 @11:33AM (#44790115)

    You secure it by force.

    • by stooo (2202012)

      Yes, exactly.
      it's more than time for generic and generalized end to end crypto. And for a working web of trust PKI.

    • You and your friends don't have enough guns to outgun the NSA (who are typically not armed), much less the FBI, Pentagon, and Copyright police. If you want your data not to get wiretapped, you need to use crypto, end-to-end, and use various traffic analysis obfuscation services in the middle, and get enough people doing it to have some actual cover traffic (because being the one person using an anonymity service doesn't do the job.)

  • What, is it April 1st again already?

    I'm waiting for a header protocol that can tell when it's been intercepted or collected, and proceeds to blow up the TLA server on which it resides.

    • by DarkOx (621550)

      In Soviet America its always April 1st.

    • by DoninIN (115418)
      We should also ad an X-do not oppress field to everyone on Earth's birth certificate or equivalent? That way if they don't want to be oppressed, they can just say so, and surely oppressive governments will abide by the rational, peaceful and nicely expressed desire of their citizens to be, or not be oppressed. Right?
  • Will be a header code that says "do wiretap me, I have something interesting to hide!"
    • by Spamalope (91802)
      It's like emailing an 'unsubscribe' message to spammers, and will work as well.
      • by KiloByte (825081)

        It's like emailing an 'unsubscribe' message to spammers, and will work as well.

        Actually, it works pretty well. Obviously, you use a spamtrap account rather than your own as the sender. For best effects, make two: aaron@example.com and zzyx@example.com, to ensure your spam filter has a chance to autolearn first (most spammers sort their databases).

  • by H0p313ss (811249)

    No seriously... WTF?

    How could this be anything other than a flamebait article Tim?

    • http://dictionary.reference.com/browse/sarcasm [reference.com]:
      sarcasm (skæzm)

      — n
      1. mocking, contemptuous, or ironic language intended to convey scorn or insult
      2. the use or tone of such language

  • by Anonymous Coward on Sunday September 08, 2013 @11:45AM (#44790207)

    It is always so irritating to see that this discussion turns into "I am USA citizen, do not spy on me, dear NSA!" What about rest of the world?? How come that in your US centric viewpoint it's all ok to spy on anyone else, just not on US citizens?? What about Europe? Other NATO allies? All ok to spy on everyone else, on your viewpoint!! Love that fat bellybutton of yours!

    • by stooo (2202012)

      >> "I am USA citizen, do not spy on me, dear NSA!" What about rest of the world?

      Being a citizen of country X or Y does not change anything, nobody cares in intelligence agencies. Being a citizen gives you no protection.

      • by kthreadd (1558445)

        Yep. The UK does the same thing. Sweden does the same thing. France do the same thing. I can only assume that pretty much everybody does the same thing.

      • Header is read by smart switch/routers and they ensure that the associated packets do not get routed to any US-addressed (or US-puppet-addressed) host or router.

        To do this one properly, an AVOID_US bit in the IPV6 packets should be used instead.

         

    • by Anonymous Coward
      Because from a very young age Americans are fed the belief that they are somehow better and more free than anyone anywhere in the rest of the world and that people in other countries have a hard time even conceiving of the true concepts of "democracy and freedom". Those other people are foreign nationals and the ones that don't want to immigrate to America and emulate out way of life must certainly be jealous of it and out to destroy it.
      • by kthreadd (1558445)

        Ehm no, not at all actually. Americans are of course not "better" or "more free" than anyone else. What do you actually base that statement on? You might confuse better with proud. Most Americans are proud to be Americans. Is that bad? That says absolutely nothing about anyone else.

    • by eheldreth (751767)
      For people in the US they are two very different questions. Domestic spying in this regard is a violation of the citizenries constitutional rights. Foreign intelligence is a separate legal issue though with obviously connected mechanics. Most people int the US would feel it is wrong to spy on the citizens of an allied nation but this is a matter of priorities. Foreign policy can never be fixed so long as internal policy is so uncontrolled. In this case it is likely either the NSA will be scaled back r
    • by AxeTheMax (1163705) on Sunday September 08, 2013 @01:14PM (#44790801)
      Yes, Americans who think they value their liberty have a tendency to forget that their liberty depends also on the liberty of others. Starting with the slaves who their founding fathers conveniently forgot, now it is terrorists, criminals, citizens of 'enemy' countries, and finally all non citizens. As has been seen recently, spying on non-citizens gives the means to spy on citizens. What Americans have really is not liberty but power, and the Golden Rule (reciprocity) is inessential when you have power.
      • by kthreadd (1558445)

        The majority of people that opposes the NSA spying of course wants the entire operation to cease. I don't understand what some people get anything else from. However, spying on foreign nationals is unfortunately not as tightly controlled as domestic spying. The NSA is forbidden (or should in theory be forbidden) from spying on domestic traffic. It's bad enough that they have been spying as widely as we now know, it's really bad if they actually are breaking the law as well.

      • by swillden (191260)

        Starting with the slaves who their founding fathers conveniently forgot

        They didn't forget them. They're explicitly mentioned in the Constitution. Not in what you'd call a good way, but you can't say they were forgotten.

    • Intelligence agencies have always, always, been mandated to spy on foreigners. (Of course, they've virtually always spied on non-foreigners too in practice.)

      Should the CIA and NSA stop spying on Brits, Israelis*, etc? Well, only if MI-6 and Mossad stop spying on Americans. Which they won't.

      * OK, I must admit that list is purposely short because I can't remember the names of most of our allies' intelligence agencies. You can fill in the rest though.

  • the ones that need spying on come from foreign sources? Seriously.

  • by lurker412 (706164) on Sunday September 08, 2013 @11:53AM (#44790265)
    Few American commentators seem to be questioning the unstated assumption that spying on non-Americans is perfectly OK, even if there is no reasonable cause for suspicion. By that logic, it's perfectly OK for other countries to spy on all Americans.

    Aren't we all entitled to a little privacy?
    • by BitZtream (692029)

      We accept that if we enter your country, you might spy on us. When your data enters our country, we might spy on you. Facts of life. As American's 'thats the way its been'.

      Of course, as we're seeing, thats not the way its been, but thats the way it was supposed to have been before they found a Hadoop cluster to process the data for them and spy on everyone.

      Keep your data within your own borders, then you have a much easier challenge in obtaining privacy. In theory anyone, obviously, in practice we're fu

      • by pjt33 (739471)

        So the only way to even have a reasonable assumption of privacy is to forego all communication with people from other nations? To close ourselves off from other cultures and hunker down in our fragmented fortresses? What a waste of potential!

    • Few American commentators seem to be questioning the unstated assumption that spying on non-Americans is perfectly OK, even if there is no reasonable cause for suspicion.

      I don't know that this is true at all. What I suspect is that most Americans simply don't care. The Snowden Affair gets a lot of press, but that press gets very little traction except with a minority of Americans, which the rest think are wearing tin-foil hats.

      But here's another thing to remember: Some Americans may be fixated on the idea of spying on Americans for both selfish reasons and also the fact that the NSA specifically isn't supposed to spy on Americans.

    • by Arker (91948)
      It is a sad and shameful fact of American society that we have become more, not less, tribal since the Constitution was written, and a large number of us today do not seem to understand that other people have rights to.
    • by Ken_g6 (775014)

      Few American commentators seem to be questioning the unstated assumption that spying on non-Americans is perfectly OK, even if there is no reasonable cause for suspicion. By that logic, it's perfectly OK for other countries to spy on all Americans.

      Furthermore, we assume that it's perfectly OK for America to share its intelligence with other nations and for other nations to share their intelligence with America. By that logic, it's perfectly OK for America to spy on everyone, as long as it's not technically Americans spying on Americans.

  • We are expecting people who bend the rules to play nice.. Slick.. real slick..
    • I would like to introduce you to my dear friend, sarcasm [reference.com] (skæzm):

      — n
      1. mocking, contemptuous, or ironic language intended to convey scorn or insult
      2. the use or tone of such language

  • When confronted with a government entity that believes itself to be above the law and is routinely breaking the law, yeah, asking them not to hold on to your data. That will work. Right?
  • Because no one would lie and terrorists are always foreign?

    If we're going to solve this problem, let's state it clearly.

    Small groups of people, with a limit now tending towards one, are acquiring the ability to inflict damage, now tending towards death, on larger and larger numbers of people, now tending towards everyone.

    How can we stop them before they do that ? How do we need to arrange or change the things ion the world so that that never happens?

    All of this Snvowden, NSA, War on Terror, WMD al Queda st

  • Using an X-no-wiretap header is like putting your emergency flashers on when illegally parking. http://www.youtube.com/watch?v=CIcHXgY0KKo [youtube.com]
  • The number of commenters failing to understand that the article is satire is staggering. Hell, look at the "department" the article is from.
  • If you're concerned about privacy and NSA can see your HTTP headers, then you're holding it wrong.

  • If you're not tracked by the NSA, you're tracked by some other nation's spy agency.

    Headers are only voluntary.

    So what, precisely, does this "new header" gain anyone except a circle-jerk of self-congralatory "we did something"?

  • Remind me again where in the fourth amendment it says we only have protection against unreasonable search and seizures for information not crossing international borders?

    And what on earth makes you think they'd honor these flags regardless? They've already proven they don't give a shit what the laws are, they're just going to keep doing whatever they want. Notice after a bunch of noise early on, the media and congress quickly moved on to Syria without so much as even publicly addressing the issue beyon
  • I thought I'd RTFA before leaping to judgment here. It's brilliant. The proposal is to send your full name and SSN in cleartext in the HTTP headers! I kid you not. There's a couple paragraphs of attention paid to the obvious questions, which basically amount to "don't worry, it'll work out for the best in the end!" To quote:

    When what's at stake is the American way of life, it's easy to put aside things that don't really matter.

    Which is right up there with "think of the children!" as a s

    • by St.Creed (853824)

      Congratulations, you RTFA'd. That's 5 points right there. However, you didn't click on the links, and you missed several of the pretty obvious signs that this was satire. But you get another point for replying with legible comments.

      All in all, I give you 6 out of 10.

      On the other hand, the article is a rather nice example of why Poe's law is valid.

  • Oah yes, I am completely American, absolutely, you betcha! Mom and apple pie, verry good. Uncle Sam, hooray! I will be doing this for you every time, so you will be verry satisfied with this service.

  • It's easier to insert an X-Copyright-2013 header; if the NSA decides to infringe on any of our literary works, it'll be $150,000 a pop. Not that they can't afford it...
  • by joseph90 (193138)

    I presume this is a joke.

10 to the 12th power microphones = 1 Megaphone

Working...