Topic: Sick of surveillance (Read 1999 times)

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/

- Bitmessage hides the sender and receiver of a message
- GPG has been around forever. Have you read Why Johnny Can't Encrypt?
- Bitmessage is designed to have throwaway accounts.
- Servers are not flood resistant like Bitmessage

BitMessage is good in some aspects, but it is unusable and will never get any real traction.

You do not need a peer to peer network for broadcasting messages. You just need a simple, address based encryption client. Geeks will set up their own servers that they fetch messages from. Others will probably use a public (funded via donations) or paid (eg a buck per X MB transfer).

Heck, just use Bitcoin addresses like GPG. You can communicate through insecure channels.

Two quotes say it all, the article linked is just euh .... aiming at mind boggling stupidity and/or ignorance.

Wrong. The one time pad has been proven to be mathematically secure.

Actually current encryption standards will be obsolete when quantum computers come out, everything is encrypted today is stored on an NSA hard drive somewhere waiting to be decrypted. The only way to fight it surveillance is stop using your fucking phones/email/forums/computers for private matters. It's very simple.

If you want to continue to use these things then new forms of encryption need to be developed to defeat quantum computers, and even then your communications are only encrypted until they are broken again.

Very disappointed in Daily Kos for publishing that. Sometimes they're actually rational 

bull shit. they retain everyones data indefinitely anyway regardless of whether the person is using encryption. so they use your data as an input in their research to learn how to break the encryption? big deal if you dont encrypt they just read it with out even having to attempt to break anything.

this sounds like a really bad bluff to me. they know they wont be able to break encryption for some time so they are trying to scare people into not using it.

lol have fun decrypting my communications.

Re: Tails Distro

I've tried without success to get Bitmessage running on Tails. Tails is based on Debian Squeeze, which ships with a horribly outdated version of SSL. It also doesn't ship with gcc, make, etc (), and after multiple hours of trying, I could not get a workable version of SSL installed. If you figure it out, please let me know.

This argument is synonymous to the argument that if everyone leaves their front door open, a burglar is less likely to choose your house. I agree with pythonista that we must have wide adoption of crypto.

Cryptography may not guarantee privacy but it protects work/messages from entities that can make allegations that aren't true.

Here is a good read for why you shouldn't use crypto to try to hide for the / a government:

http://www.dailykos.com/story/2013/06/24/1218418/-Don-t-Even-THINK-of-Using-Encryption-Software-to-Escape-NSA-Scrutiny

I would take that even further, crypto offers no privacy at all. It hides content but leaves all the meta data intact, by hiding the content it does make the meta data less useful and harder to identify/link. Even if this would be broken in 10-20 years it does not mean we should be making it easy for them today ...

The only reason this did not happen so far is that there is little money to be made, even the opposite being able to data-mine is very profitable for corporations like google, amazon, .... (*cough* ubuntu/Canonical). On the other hand you have convenience, people pick convenience over privacy not because they don't care (as most will tell you) but because they are to *lazy* to use/learn the complex systems required to add the extra privacy.

You're kidding, right?

"You must download this app to read this message" is a 99.9% sign of malware trying to install itself on your computer.
Someone who is not computer-savvy enough to install firefox+enigmail and give me their public key should definitely not install software from a download link that came over e-mail.

Onkel Paul

I think more encryption is a good thing but it is in my understanding that the NSA, for example, stores all encrypted data it comes across. This means that if the encryption would be crackable in let's say 20 years from now, the data would still get compromised. Storage is getting cheaper and cheaper every day and the it does not look like the survaliance infrastructure is going away any time soon.

I am a fan for initiatives like these but keep in mind that crypto does not guarantee privacy.

Tbh to break the surveillance you will need to tackle the problem at a lower and broader level, a simple device that people buy might make it easier for users it still leaves to meany open holes or has to limit users to other device users. What you end up with is a subset of people like tor, freenode, .... while the majority of people still use the open net.

I have been looking at this for some time now but simply don't have time/money (and to some degree skills) to complete it.

The idea in my mind is to have every communication on the net to use public key encryption (and with every communication I mean every packet send over the wire), the major hurdle there is the that you need to get that public key to the other side without people intercepting and replacing it, aka the man in the middle. What meany people don't realize is that with bitcoin and namecoin we have the perfect solution to this problem, a key/value store that is distributed and secured, the only thing left is to tie this all together. Bitmessage is a perfect example of this ... but still limited. To make this more global and easy to use I'm working on domain names and id's in namecoin, think of it as dns/http/ssl v2.0.

Bob (Browser, Email, Chat, ...) looks up domain and/or id in the blockchain to get the public key, he then tries to communicate with Alice (server, peer client, ...) using that key and provides his id in the handshake message. Alice looks for the id she got from bob in the blockchain and send a encrypted reply with the pulblic key she got as a result. They are communicating on a encrypted channel without a direct exchange of key's, there was not a single unencrypted message between bob and alice! Sins a attacker can't forge the blockchain and has no idea where or how they perform the lookup the whole system becomes very resistant to a man in the middle attack.

The tools are out there all it takes is time and skill to make user friendly applications and infrastructure that implement this and we could end up with a new internet where all communication is based on public key encryption. On top of that we would get rid of centralized dns/ssl systems used to censor and spy on meany of the sites that threaten the status quo today (wikileaks, piratebay, liberty reserve, ...).

If that is done, specialized devises to promote the use dns/http/ssl v2.0 would be a very good thing.

Frog is attempting this. https://bitcoinstarter.com/projects/98
It's been successfully funded, and I estimate on completing it by mid-August.

I'm not a developer, but this reminded me: I have been looking for something I call "nuisance encryption", similar to hashcash. I give you an encoded message and the key to decrypt it. Your computer must do some work to come up with the final message. If you could get enough people to use it, it would become in-feasible to decode *everything*.

benefit for sender: you can push an encrypted message to anyone, don't have to have a public key - "You must download this app to read this message" or send them to a java page.

https://www.freedomboxfoundation.org/ is doing exactly what you are proposing.

I'm too much of a noob to really critique your ideas on this, but it certainly has potential and I would be interested in hearing more as time goes on. Surveillance is an issue for me, not because I'm doing anything worth hiding, but because because it flies in the face of the basic rights of the citizenry.