Great Firewall for make glorious U.S. internets!

[Prince Glittersnatch III]

Its dangerous to go alone. Take this.
\

[Adios]

The more information that comes in, the more it appears to be a world wide issue, not just a US issue. I have long suspected Magic Jack, the $19.95 a year phone company to be a tad more than it appears. Now the internet is being compacted to the point where it is anything but secure.

Cell phones, any electronic device or transaction is all suspect. Soon someone is going to come out with an implant that will allow you world wide access from anywhere.

Of course, that will surely be trustworthy.

The best way to subdue a people is to first cut off free and open communication, then to cut off any 'subversive' information. We all know what that means.

I think I will look at ways to begin reducing my electronic footprint.

[Remington]

Aaaaand it's time for me to learn encryption and Internet security.

[Adios]

Aaaaand it's time for me to learn encryption and Internet security.

My Spidey senses tell me it won't be enough.

[Remington]

Aaaaand it's time for me to learn encryption and Internet security.

My Spidey senses tell me it won't be enough.

I just hope AES doesn't have a backdoor in it.

Logic says it does.

[Mesozoic Mister Nigel]

Some boards are better than others.  /tg/ has been kinda amusing (though I've only been hanging out there a couple weeks, so maybe I just haven't noticed the endless repetition yet).

I drift in and out of /tg/. There's repetition, yeah, but there's also new stuff coming out periodically. Updates on various people' homebrews, neat game logs, etc. to keep it interesting.

CK is pretty good, if you're into that kind of thing.

[Requia ☣]

Aaaaand it's time for me to learn encryption and Internet security.

My Spidey senses tell me it won't be enough.

I just hope AES doesn't have a backdoor in it.

Logic says it does.

AES is one of the most heavily scrutinized encryption schemes out there.  I doubt it.  Besides, it'd be far easier to sneak a backdoor into say, the keygen program Microsoft includes with windows.

[BadBeast]

Aaaaand it's time for me to learn encryption and Internet security.

My Spidey senses tell me it won't be enough.

I just hope AES doesn't have a backdoor in it.

Logic says it does.

AES is one of the most heavily scrutinized encryption schemes out there.  I doubt it.  Besides, it'd be far easier to sneak a backdoor into say, the keygen program Microsoft includes with windows.

I got my Windows from Napster about 8 years ago. I upgraded to Vista last year, but 45 minutes later, scrapped that turd of an OP, and went back to XP. In future, if it ain't broke, I'm not going to try and fix it.

[Triple Zero]

It gets better:

http://antifascist-calling.blogspot.com/2010/10/crypto-wars-obama-wants-new-law-to.html

<really long article that anyone who cares for these matters would do VERY good to read in its entirety (looking at Ratatosk, Requia, ENKI, TenTonMantis, FictionPuss and other tech- and privacy-savvy peeps--and anyone else, if you don't understand what things means, feel free to ask me)>p

WOW.

summarizing the hypocrisy of the first (least scary) part:

It is Right if We do it, it is Wrong if They do it because We are the Good Guys and They are the Bad Guys.

One bit after that especially stood out to me:

In fact, as computer security and privacy researchers Christopher Soghoian and Sid Stamm revealed in their paper, Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL, secret state agencies have already compromised the Secure Socket Layer certification process (SSL, the tiny lock that appears during supposedly "secure," encrypted online transactions), and do so routinely.

First I was "WTF?! How did they do that, SSL is quite secure [when applied properly], they would need to have found a ground-breaking vulnerability in RSA itself .. no way", but then:

In March, Soghoian and Stamm introduced the public to "a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false* SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications."

So it's "just" Rubber-hose Cryptanalysis, which is WAY WORSE because you can always figure out new and better cryptography, but if they just hit you over the head until you give up the key, it's no use.

* btw I don't think they're "false", rather the agencies have the private key and can therefore easily decrypt the communications.

The intrepid researchers provided "alarming evidence" suggesting "this attack is in active use," and that a niche security firm, Packet Forensics, is already marketing "extremely small, covert surveillance devices for networks" to government agencies.

"Since then," Soghoian writes, "the Administrative Office of the US Courts has compiled an annual wiretap report, which reveals that encryption is simply not frequently encountered during wiretaps, and when it is, it never stops the government from collecting the evidence they need."

And THIS gives me shivers for the (near) future:

In their 2010 report, The Electronic Police State, Cryptohippie informed us that data retention "is criminal evidence, ready for use in a trial, and that "it is gathered universally ('preventively') and only later organized for use in prosecutions."

How does such a system work? What are the essential characteristics that differentiate an Electronic Police State from previous forms of oppressive governance? Cryptohippie avers:

"In an Electronic Police State, every surveillance camera recording, every email sent, every Internet site surfed, every post made, every check written, every credit card swipe, every cell phone ping... are all criminal evidence, and all are held in searchable databases. The individual can be prosecuted whenever the government wishes."

WHAT THIS MEANS is that they basically can (and will) build a database of prosecutable offences made by individuals. This database naturally will be too large to actually prosecute. Plus, they don't want to prosecute everybody cause they need to arbeit and pay taxes. But IF an individual ever becomes a "problem", they can just look up and cherry-pick an offence and prosecute you for that. And the worst is, by then there is nothing you can do about it because you did commit a crime and the prosecution has the records to show it!

I know it. They will do it, I'm sure. Because if they can do all this already (FUCK DAMN the rubber-hose cryptanalysis DAMNSHITPOOP), stuff that I thought "nahhh, that'll never happen" only a few years ago, it no longer makes sense to keep optimistic about it.

The American Civil Liberties Union denounced the proposal and called on Congress to reject calls "to make the Internet wiretap ready."

"wiretap ready"

(and this is where I copy/paste the post to notepad for not losing it)

ooh nice, I coded stuff like that too. different, but similar. problem is, who's gonna use it?

Aaaaand it's time for me to learn encryption and Internet security.

My Spidey senses tell me it won't be enough.

I just hope AES doesn't have a backdoor in it.

Logic says it does.

No it doesn't. That's why they have to fall back to the rubber-hose cryptanalysis for SSL, and that's why they have to legislate peer-to-peer communication protocols like Skype and Blackberry to implement backdoors.

The difference is, AES is one of the (many) core building blocks of cryptography. It's been tested very extensively, and to crack it you need a mathematical revolution. You can't build a backdoor into an algorithm. There's testing suites widely available: encrypt plaintext X with key Y and unless you get exactly ciphertext Z, you don't have AES (and no AES tool will accept it).

That's the mathematical part. They can't backdoor that. But there's another equally important part to secure cryptography*, which is the whole negotiation, key-exchange, authentication, verification, digital signing, hashing and perhaps down to cipherblock chaining modes. That stuff can be backdoored, possibly.

* which is also much easier to understand, btw. if you want to get "into" cryptography, skip the math part and assume it works as advertised primitives to work with. I do. I tried but it's too hard for me. But this bit just requires a hard analytical mind, it's still not easy because you can go wrong in so many ways, but it's totally figure-out-able. It even leaves room for creativity if you figure out how to use the primitives in a novel way (just be sure you don't accidentally open a new hole).

HOWEVER Charley/Henny is right in that it's probably not enough. But that's not because the cryptographical primitives can be cracked (government may be powerful and hire smart people but this stuff is pretty good), it's because of the whole legal rubber-hose thingy.
What you need to do is not only learn to use encryption, but also keep a close eye on how well you can trust the software that uses your encryption. For this goes: Open-source is better. Actually, no: Open-source is the ONLY option. That means Skype is right out, if it wasn't already. It also means I might have to drop Opera in favour of Firefox to browse the web with some day

There are just two (somewhat related) things that I think may help if (when) this comes to fruition:

- there's just too much data. think of all the data on the internet. multiply that by the amount of people using it every day. it's orders of magnitude. it's going to be a very tough nut to crack if they want to get everything out of it.

- steganography. http://en.wikipedia.org/wiki/Steganography there was this recent sort of proxy like thing called Haystack, which was hyped a lot, supposed to help Iranians hide their internet communications inside innocuous-looking other internet communications. Unfortunately it sucked donkey-balls because the guy who made it had no clue what he was doing and wouldn't tell anyone exactly how it worked (which is, granted, an important part of Stego, so I don't blame him for that, it just sucks).

[BadBeast]

Well, if yuor not duing anyting ilegle, then yuo havnt got anyting to worry aboot, havve you? And it willl stop childe pron, and teh terrerists freom steeling yuor ID, and spending teh money on boms. And that is good, rite?

[Cain]

WHAT THIS MEANS is that they basically can (and will) build a database of prosecutable offences made by individuals. This database naturally will be too large to actually prosecute. Plus, they don't want to prosecute everybody cause they need to arbeit and pay taxes. But IF an individual ever becomes a "problem", they can just look up and cherry-pick an offence and prosecute you for that. And the worst is, by then there is nothing you can do about it because you did commit a crime and the prosecution has the records to show it!

I know it. They will do it, I'm sure. Because if they can do all this already (FUCK DAMN the rubber-hose cryptanalysis DAMNSHITPOOP), stuff that I thought "nahhh, that'll never happen" only a few years ago, it no longer makes sense to keep optimistic about it.

I've considered this to be a possibility for a while.

Apparently, 60% UK citizens commit a crime every week, give or take.  And even the best criminal lawyers don't actually understand more than a fraction of the law....making it virtually impossible for the vast majority of the population, especially anyone who may be inclined to make trouble, to avoid prosecution.

I've already planned for that eventuality, though.  If I'm ever dragged in front of an open court, I'm just going to keep on blurting out stuff that should be under the Official Secrets Act until I'm offered a deal.

[BadBeast]

Yeah, they'll just take you round the back, and shoot you in the head. Like poor ol' Yeller. . . .

[Cain]

That's probably better than going into some prisons in this country. And the lead up is far more amusing.

[trippinprincezz13]

WHAT THIS MEANS is that they basically can (and will) build a database of prosecutable offences made by individuals. This database naturally will be too large to actually prosecute. Plus, they don't want to prosecute everybody cause they need to arbeit and pay taxes. But IF an individual ever becomes a "problem", they can just look up and cherry-pick an offence and prosecute you for that. And the worst is, by then there is nothing you can do about it because you did commit a crime and the prosecution has the records to show it!

I know it. They will do it, I'm sure. Because if they can do all this already (FUCK DAMN the rubber-hose cryptanalysis DAMNSHITPOOP), stuff that I thought "nahhh, that'll never happen" only a few years ago, it no longer makes sense to keep optimistic about it.

True, but, granted I don't know much outside of MA law, but aside from murder (and in federal cases, any crimes punishable by death, and some acts of terrorism), there is still a statute of limitations for prosecution of most crimes. So even with this giant database of crimes, they would still need to prosecute you within the appropriate timeframe (with the noted, exceptions above) to get you for that crime.

/optimism

Of course, that's assuming they don't find a way to get rid of/get around the statute of limitations. That, and I suppose if they really wanted to get you, they could find a way to shove you into one of the crimes without limitations and/or otherwise get around this. 

Back to regularly scheduled Big Brother

[Requia ☣]

that's where the whole 'one crime a week' thing comes in.