dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
493
85160670 (banned)
"If U know neither the enemy nor yoursel
join:2013-09-17
Edmonton, AB

2 recommendations

85160670 (banned)

Member

When Strong Encryption Isn't Enough to Protect Our Privacy

Nice ...." “None of the claims of what comsec works is to be taken saltless: Tor, OTR, ZTRP are lures.” —Cryptome [3], Dec. 30, 2014

In the aftermath of Edward Snowden's disclosures, the American public has been deluged with talking points that advocate strong encryption as a universal solution for protecting our privacy. Unfortunately the perception of strong encryption as a panacea is flawed. In this report I’ll explain why strong encryption isn’t enough and then present some operational guidelines which can be used to enhance your online privacy. Nothing worthwhile is easy. Especially sidestepping the Internet’s global Eye of Providence.

Anyone who reads through privacy recommendations published by the Intercept [4] or the Freedom of the Press Foundation [5] will encounter the same basic lecture. In a nutshell they advise users to rely on open source encryption software, run it from a CD-bootable copy of the TAILS operating system, and route their Internet traffic through the TOR anonymity network.

This canned formula now has a degree of official support from, of all places, the White House. A few days ago during an interview with Re/Code, President Obama assured [6] listeners that “there’s no scenario in which we don’t want really strong encryption.” It’s interesting to note how this is in stark contrast to public admonishments [7] by FBI director James Comey this past October for key escrow encryption, which is anything but strong.

So it would appear that POTUS is now towing a line advocated by none other than whistler-blower Snowden who asserted [8] that “properly implemented strong crypto systems are one of the few things that you can rely on.”

Only there’s a problem with this narrative and its promise of salvation: When your threat profile entails a funded outfit like the NSA, cyber security is largely a placebo."....[ »www.alternet.org/print/n ··· -privacy ]

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

A fascinating, though sobering, read. My favorite quote:
quote:
Given the reality of mass interception let’s look at mobile phones as a case study. They’re essentially portable Telescreens, glorified tracking beacons that double as walkie-talkies. In private, when NSA spies feel comfortable enough to speak candidly with each other, iPhone users are referred to as zombies who literally pay for their own surveillance. This is not an exaggeration and it speaks yards about how intelligence officers view society. You’ve been warned.
(BB note: my emphasis)

StuartMW
Premium Member
join:2000-08-06

StuartMW to 85160670

Premium Member

to 85160670
My favorite bit.
quote:
...let’s look at mobile phones as a case study. They’re essentially portable Telescreens, glorified tracking beacons that double as walkie-talkies.
Or as I've been saying "tracking devices that happen to be able make phone calls."

Ian1
Premium Member
join:2002-06-18
ON

Ian1 to 85160670

Premium Member

to 85160670
Strictly speaking, as a generally law abiding person, I am less concerned with Government surveillance than I am with relentless marketing data collection. I am not worried about the Government knowing my Social Insurance Number (they already do), I am worried about it, or other details, being harvested online from a leaky private company.

And, even if I weren't so law abiding, it seems that you could use some of the technology in your favour.

If I were to engage in something that might attract scrutiny, like whistle-blowing, it seems that it would useful to be already ready. Purchasing a throw-away burner phone after you're already being looked at might appear suspicious. But if you've owned it for a while? And you might want to already pump a portion of your browsing through TAILS and TOR to establish a pattern. Suddenly doing so would stick out, I would think. Send encrypted email just because. No reason mail to tech-savvy Grandma shouldn't be encrypted.
Shady Bimmer
Premium Member
join:2001-12-03

1 recommendation

Shady Bimmer to 85160670

Premium Member

to 85160670
(Not disputing, just adding my $0.01)
said by 85160670:

Unfortunately the perception of strong encryption as a panacea is flawed.

Unfortunately there are too many assumptions that it must be all-or-nothing.

Encryption is one vital part but it is not the solve-the-worlds-problems solution.

I've seen articles that say not to trust encryption, and since you don't trust it don't use it. That's the pendulum swinging all the way in the opposite direction.

So it would appear that POTUS is now towing a line advocated by none other than whistler-blower Snowden who asserted [8] that “properly implemented strong crypto systems are one of the few things that you can rely on.”

Relying on something to work as intended and expecting it to be the solve-all solution are two completely different items.

Security is hard and proper behavior is to leverage layered solutions, each targeted to addressing particular concerns.

The same questions always remain: What am I trying to protect, who am I trying to protect it from, and what are the implications if I fail to properly provide that protection? Saying "I want to protect everything from everyone all the time" is an absolute that is not based in reality. If you truly believe you absolutely must do so then you should not be using technology, period (and there are those that practice exactly that philosophy)
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to 85160670

MVM

to 85160670
quote:
Ultimately there’s no ironclad formula for protecting your identity. No guarantees. Privacy isn’t something I can give you, it’s something you must attain on your own through hard work. In summary, expect security tools to fail, compartmentalize to contain damage and apply the Grugq’s core tenets of anti-forensics. Don’t put blind faith in technology. Focus your resources on maintaining rigorous procedures. When things get dicey it’ll be your training and preparation that keep you secure.
My major takeaway....

Regards

Ian1
Premium Member
join:2002-06-18
ON

2 recommendations

Ian1 to 85160670

Premium Member

to 85160670
Good article by Bruce Schneier including points about how we're basically victims of our own laziness when it comes to privacy and security.

Map applications work because they know where we are. etc.. Encrypted email is relatively easy to set up, but nobody seems to want to manage keys.

»www.schneier.com/blog/ar ··· ts_.html

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by Ian1:

Good article by Bruce Schneier ...

»www.schneier.com/blog/ar ··· ts_.html

Thanks for that reference!
quote:
... the fact that we have persisted for decades without solving these (security) problems is partly because they're very difficult, but partly because there are lots of people who want you to be secure against everyone but them.
An accurate statement with some of the most profound implications I've yet come across.

And yet another:
quote:
The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices. Those "someones" will necessarily be able to violate our privacy... We'll never solve these security problems as long as we're our own worst enemy. ...
I have long admired Schneir's ability to cut to the core of the situation.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to Ian1

Member

to Ian1
Keep forgetting your canadian so started to type ssn instead of sin lol but any how...
If your worried about your sin number being harvested then don't keep it on your computer or your cell phone etc. Simply put that card number belongs in one or 2 places at best. A fire safe or your wallet.

My phone includes zero real info about me as do all my computers. Nothing on the device it self can leak any personal information about me as none exists.

Ian1
Premium Member
join:2002-06-18
ON

Ian1

Premium Member

said by Nanaki:

Keep forgetting your canadian so started to type ssn instead of sin lol but any how...

Actually I have both a SSN and SIN to lose. Spent half my time in the US. Double the identify theft, double the fun!
85160670 (banned)
"If U know neither the enemy nor yoursel
join:2013-09-17
Edmonton, AB

85160670 (banned)

Member

$MILE ...."Actually I have both a SSN and SIN to lose." we are all SIN_ner
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to Ian1

Member

to Ian1
Lol.