Snowden Seeks To Develop Anti-Surveillance Technologies 129
An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."
Re:Biggest problem in IT security: ID-10-T errors (Score:5, Interesting)
Understand how "open source" telco layers over tame telco software and hardware can save any data on entry.
ie once your targeted all is privacy lost no matter the fancy open source app. The security services will be in every hop of any network into and out of your computer/device until they get full plain text.
Encryption seems to be the key until your use of it shows up at an endpoint under constant surveillance. Then the individual targeting starts on the new person.
The most easy step is to make encryption more gui, web 2.0 friendly. Then a lot more people will be flooding the net with random heavy code 24/7.
Use once hardware would be interesting. It would stop any longterm profile, any unique hardware numbers been sent. If you then work on really good crypto to hide voice, pic, file sent, text you could kind of have a one session. Snowden hinted a bit about association (you to the press), mixed routing, the need for unattributable internet access in the 1h+ talk.
A lot of steps to fix an internet that is now really like Tempora https://en.wikipedia.org/wiki/... [wikipedia.org] and what that can do to your message and a person in the press been watched.
The other aspect was education. A civic duty to teach, educate the wider public and press. The classic Sysadmins of the world, unite! also mentioned.
New SSL root certificate authority (Score:3, Interesting)
A nice step ahead would be the establishment of a new set of root certificates and an accompanying authority that signs other peoples certificates. All located in a country that doesn't play ball with NSA and other thugs.
This would do a lot to dampen the routine man-in-the-middle we see these days.