Forgot your password?
typodupeerror
Privacy Security Technology

Snowden Seeks To Develop Anti-Surveillance Technologies 129

Posted by samzenpus
from the snowden-brand dept.
An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."
This discussion has been archived. No new comments can be posted.

Snowden Seeks To Develop Anti-Surveillance Technologies

Comments Filter:
  • soviet era crypto (Score:1, Insightful)

    by Penn (308504) on Monday July 21, 2014 @05:37AM (#47498999) Homepage

    And I'm sure Russia will have absolutely no influence over what Snowden is working so hard to bring us too!

  • by Stolpskott (2422670) on Monday July 21, 2014 @05:40AM (#47499009)

    Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
    You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.

    Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.

  • by ChristW (18232) on Monday July 21, 2014 @06:12AM (#47499067) Homepage

    If making people realise that their basic rights are being trampled makes me a traitor, then I'd want to be a traitor any day...

  • So Slashdot... (Score:5, Insightful)

    by Anonymous Coward on Monday July 21, 2014 @06:30AM (#47499101)

    "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day,"

    Looking at you Slashdot.

    When are we going to have access to this site with https? You can stop pushing down out throats your fucking annoying beta and do something useful for everybody instead.

  • by NotInHere (3654617) on Monday July 21, 2014 @06:33AM (#47499109)

    As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
    The russians could only say "this is too secure, design something that can be broken more easily".

  • by Anonymous Coward on Monday July 21, 2014 @06:48AM (#47499137)

    Bull shit... OpenSSL is open source and look at all the crap they found this quarter alone...

  • by Anonymous Coward on Monday July 21, 2014 @08:13AM (#47499473)

    Bull shit... OpenSSL is open source and look at all the crap they found this quarter alone...

    They found all that *because* OpenSSL is open source. How much have they found in closed source versions of SSL libraries?

  • It doesn't have to be perfect, it just has to increase the cost of mass surveillance to a level where it is no longer feasible. Surveillance is too cheap because much of the data is just there for collection, unprotected.

    For example, the UK government just pass emergency data retention laws that require all ISPs to continue logging the domain names of every web site every subscriber visits. If more people started using VPNs regularly that capability would become far less useful, and while I'm sure they could attack the VPN providers or crypto or even the individual target's computers the cost would be much higher than simply requiring the ISP to run a large database. They would be forced to stop bulk collection and only target people of genuine interest, which is the reasonable.

"I have more information in one place than anybody in the world." -- Jerry Pournelle, an absurd notion, apparently about the BIX BBS

Working...