Friam

gmail forums exploded

Classic

List

Threaded

26 messages Options

Roger Critchlow-2

Re: TLS encryption [was gmail forums exploded]

Ideally your VPN vendor would provide you the direct services that made sense, allow you to ramp up the stream cipher to the level which suits your paranoia, and the vendor's peering arrangements would allow your gateways to pop onto the public internet at interconnects around the world. This kind of vendor should be a completely generic system-as-service which might exist with no employees at all, just a collection of leases for racks of computers and bandwidth guarantees, and a database of account information. Such companies could organize themselves into an endless shuffling of accounts between shell companies such that the identity of the entity which provided service to a particular client would never be the same from one http request to the next. It's the basic scheme of frequency hopping spread spectrum communication applied to avoiding any "fixed abode" on the internet itself.

So that's how you could get privacy without bending yourself out of shape. Someone needs to build a business which embodies a pattern of computation without creating any associated persistent material structure that could be seized to enforce compliance.

-- rec --

On Sun, Aug 18, 2013 at 1:19 PM, Steve Smith <[hidden email]> wrote:

So... here's a paradox... or is it a conundrum:

I choose to live in a world with as little fear or paranoia as possible (some may not see that from my postings here, but I claim it to be true).

So, to secure my wireless network, to encrypt my e-mail, to encrypt my hard drive, to use obfuscating proxies in my network/computer life would be to invite a much more dangerous and scary world in than I want to live in. Just as adding deadbolts to my doors at home or putting a lo-jack in my vehicle, or keeping a loaded gun in my bedstand would feel like inviting in the bad things they are supposed to keep out. I've lived decades without any of those and I can't say I have any significant reason to feel like a chump about it, while I know folks (there may be some here) who are pretty sure that if they didn't shoot their triple-deadbolt and set their "armed response" security system every time they go through their door, that they would be victim of home invasion, etc.

On the other hand, I understand the logic of wanting erstwhile criminals to assume that "everyone owns a gun and knows how to use it", and the logic of sending private communication by sealed envelope, or using SSL/TLS for e-mail (and other) communication over an otherwise open network.

So is there a "best of both worlds"? I try to strike this by leaving my wireless network open to use by "anyone", but setting up my e-mail client with SSL/TLS and only sending sensitive information over the web via https . I can imagine using the disk-level encryption provided on my system as a matter of course, but I *can't* imagine setting up an obfuscating web proxy and insisting that all my co-mmunicants decrypt my e-mails with PGP, etc.

This all smacks so strongly of immune systems and complex population/prey/symbiote/parasite communities that I feel like I need to go back and review Stephanie Forrest's work again.
On Haystacks: There are two types of cracking that can occur to an individual

1 - Targeted: The bad guy (NSA, a malicious cracker...) is after you specifically.

2 - Non-Targeted: The bad guy casts a broad net, or inspects a big haystack, for exposed individuals

If 1), your chances are really low of avoiding being hacked unless the bad guy is novice.

2) is a double edged sword. Being concerned about encryption email routing and storage has merit if the trolling is simply putting up a wall, saying "move along, nothing here". But it also puts up a sign saying "I have a reason to hide"

My guess is that all of us using any sort of extra measures, such as encryption, are definitely on the NSA books.

-- Owen

On Sat, Aug 17, 2013 at 5:35 PM, Steve Smith <[hidden email]> wrote:

Marcus

Public advocacy for having ubiquitous secure transfers is a stronger signal for them to contemplate.

Agreed.

yes, these are the fruits of a paranoid mind, but just because you are paranoid, *doesn't* mean they aren't out to get you.

Speaking of paranoia, here's a little Thunderbird add-in that aims to check that all of the e-mail hops were secure. It's a little buggy, but a nice idea (double check its work if it gives you a happy face).

I get happy faces over the strangest things... and in fact, I like highwire work without checking the net before I go up... it just feels like bad juju. It is merely important (to me) to know that I *can* check the net if I choose to... that it is checkable and I am competent to do so and nobody gets too wIerded out if I do.

https://addons.mozilla.org/en-US/thunderbird/addon/paranoia/

- Steve

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels

Re: TLS encryption [was gmail forums exploded]

In reply to this post by Steve Smith

On 8/18/13 1:19 PM, Steve Smith wrote:

Just as adding deadbolts to my doors at home or putting a lo-jack in my vehicle, or keeping a loaded gun in my bedstand would feel like inviting in the bad things they are supposed to keep out.

I look at it not that differently from how I hope a legislator looks at a problem like this.
A legislator creates systems of rules which aim to serve his or her constituency and the country in general.   From this, at least in principle, products need to be reviewed for safety, health care providers are held to a standard of performance, buildings are built to code, people are entitled to see their credit reports, privacy is ensured, and so on.

Putting aside the secret law that allows for opportunistic use of intercepts, here, in the United States, there is the public law that search and seizure requires a warrant, and for that warrant there needs to be probable cause.   It's reasonable to be concerned about what probable cause means in the case of large scale data mining. It's appropriate to be skeptical about statistical integrity of conclusions drawn from a mechanism that's only useful purpose is to generate hypotheses -- the definition of data mining. If an analyst does not need to test the hypothesis from other independent observables, and argue to their case to critical ears, then it is just guesswork. The might as well type in a record in their database with the "50.001% suspicion" and begin their target intercepts. Assuming they even need to do that, it's not good enough. It's especially not good enough if some half-cocked search and seizure occurs without any strong technical system in place to record that it occurred, or any recourse to complain. This is a recipe for abuse. I think the overriding, long-standing public law needs to have some technical teeth to make sure it is enforced.

I don't expect my non-technical friends and family to armor their systems. At this point I wouldn't bother myself, except as an intellectual exercise and as a bit of open source activism. But people do have the right to have systems that are armored, and that there is no reason to have bad juju about it. The way I would imagine it working at scale is that customers would create demand for hardware and services to show (say, by an automated process to bootstrap the appliance from source code and then run related open test suites to vindicate it) that the e-mail appliance they purchased was in secure to the best known practices. That, for example, a single byte would never hit disk/SSD or be sent over a wire that was unencrypted.   The bar for how secure is secure can be an ongoing discussion.   One could imagine the RAM buffers and caches holding the unencrypted data even need to have physical protection, like a TPM module does.

The bad guys planning their jihad over open e-mail or cloud services are a dumb and dying breed. It should be clear now that it is irresponsible for the U.S. to count on that working in the future.

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Steve Smith

Re: TLS encryption [was gmail forums exploded]

I think both your and Roger's point is well taken... bigger picture, greater good, all that.

Just as adding deadbolts to my doors at home or putting a lo-jack in my vehicle, or keeping a loaded gun in my bedstand would feel like inviting in the bad things they are supposed to keep out.

I look at it not that differently from how I hope a legislator looks at a problem like this.
A legislator creates systems of rules which aim to serve his or her constituency and the country in general. From this, at least in principle, products need to be reviewed for safety, health care providers are held to a standard of performance, buildings are built to code, people are entitled to see their credit reports, privacy is ensured, and so on.

Putting aside the secret law that allows for opportunistic use of intercepts, here, in the United States, there is the public law that search and seizure requires a warrant, and for that warrant there needs to be probable cause. It's reasonable to be concerned about what probable cause means in the case of large scale data mining. It's appropriate to be skeptical about statistical integrity of conclusions drawn from a mechanism that's only useful purpose is to generate hypotheses -- the definition of data mining. If an analyst does not need to test the hypothesis from other independent observables, and argue to their case to critical ears, then it is just guesswork. The might as well type in a record in their database with the "50.001% suspicion" and begin their target intercepts. Assuming they even need to do that, it's not good enough. It's especially not good enough if some half-cocked search and seizure occurs without any strong technical system in place to record that it occurred, or any recourse to complain. This is a recipe for abuse. I think the overriding, long-standing public law needs to have some technical teeth to make sure it is enforced.

That pesky little 4th amendment? It seems pretty fundamental to our culture (as well as our system and rules of law). It must really gripe the asses of myriad small-time law-enforcement (and maybe big time ones too) who have had (in their minds ) their "hands tied" by this little bit of forefather forethought over and over only to have it completely disregarded at the highest levels?

I don't expect my non-technical friends and family to armor their systems. At this point I wouldn't bother myself, except as an intellectual exercise and as a bit of open source activism. But people do have the right to have systems that are armored, and that there is no reason to have bad juju about it.

I am on the fence about this one. I agree that securing your private electronic communications should be no more a threat to national security than choosing to talk with someone in private or keep your documents in a safe or safety deposit box. The bad juju *I* think of is the one that has people (or more common, their kids) wearing crash helmets to walk down the street or moto-cross armor to ride their bicycle on a bike path.

While I suppose that the widespread adoption of car alarms might have done something to reduce the number of car thefts, it mostly just irritated the shit out of the rest of us when nobody could park their car without making their horn "chirp", leading everyone else in the parking lot to swivel their head if not jump, thinking they were being "honked" out of the way. Or the days when alarms would go off in the middle of the night and run on until the battery got too weak, or until an irate neighbor jacked the hood and unhooked the battery cable.

The way I would imagine it working at scale is that customers would create demand for hardware and services to show (say, by an automated process to bootstrap the appliance from source code and then run related open test suites to vindicate it) that the e-mail appliance they purchased was in secure to the best known practices. That, for example, a single byte would never hit disk/SSD or be sent over a wire that was unencrypted. The bar for how secure is secure can be an ongoing discussion. One could imagine the RAM buffers and caches holding the unencrypted data even need to have physical protection, like a TPM module does.

I agree that such should probably be(come) the standard just as firearms all come with a safety mechanism to prevent accidental discharge and perhaps "soon" they will come with something like trigger locks.

The bad guys planning their jihad over open e-mail or cloud services are a dumb and dying breed. It should be clear now that it is irresponsible for the U.S. to count on that working in the future.

Arms race... red queen gambit...

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels

Re: TLS encryption [was gmail forums exploded]

In reply to this post by Roger Critchlow-2

On 8/18/13 2:30 PM, Roger Critchlow wrote:

Ideally your VPN vendor would provide you the direct services that made sense, allow you to ramp up the stream cipher to the level which suits your paranoia, and the vendor's peering arrangements would allow your gateways to pop onto the public internet at interconnects around the world.

If I understand the proposal, Tor has a Socks interface that is almost that. It needs to be coupled with encryption.

http://code.google.com/p/torsocks/

Marcus

Marcus G. Daniels

Re: TLS encryption [was gmail forums exploded]

In reply to this post by Steve Smith

On 8/18/13 3:38 PM, Steve Smith wrote:

Arms race... red queen gambit...

Early on, the tone in the media from beltway types was "This is for your own good."
Hmm, they had it backward.

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels

Re: TLS encryption [was gmail forums exploded]

In reply to this post by Steve Smith

On 8/18/13 3:38 PM, Steve Smith wrote:

It must really gripe the asses of myriad small-time law-enforcement (and maybe big time ones too) who have had (in their minds ) their "hands tied" by this little bit of forefather forethought over and over only to have it completely disregarded at the highest levels?

Like these?

http://www.nytimes.com/2013/08/19/world/europe/britain-detains-partner-of-reporter-tied-to-leaks.html?hp&_r=0

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com