pythonista (OP)
Newbie
Offline
Activity: 35
Merit: 0
|
|
June 22, 2013, 02:21:44 PM |
|
Im sure many people on this board are like me - sick at the sheer scale of government spying that has been revealed over the last few weeks.
Well here are my thoughts and suggestions on how to fight against it.
The only way to communicate securely is by encryption, but encryption has a huge hurdle to overcome in terms of momentum and ease of use before it can become widely adopted amongst regular people. This is the key to fighting the ubiquitous surveillance state - the tools & software to communicate securely must be ridiculously easy to use AND most importantly easy to share with the people you want to communicate with.
There needs to be a catalyst to increase adoption of software that is peer to peer, secure and censorship resistant. My suggestion is to manufacture a dedicated hardware device with these attributes:
-Preloaded with an open source Linux distribution installed with Torchat, Bitmessage and a Bitcoin client. The Tails distro could be good for this. -Cheap enough (as in Raspberry Pi cheap) to buy one and give another one away to your friends & family. Giving the devices away will build momentum behind using encrypted software. -Equipped with a NFC chip scanner to easily share public keys with the people you meet face to face. Alternatively, the device could show a QR code on its screen and the other device scan it with built in camera.
How cool would it be to meet someone at a conference and swipe his to device to instantly give him your Bitmessage and Bitcoin addresses?
The reason I'm fairly convinced that making a new dedicated device is the best way to do it, is that the existing phones dont meet these criteria in that they are too expensive to give away, and force you to use their closed proprietary software. Most manufacturers really don't care about your privacy, and would all bend over to put in a backdoor for the NSA in a heartbeat. This needs to be a community effort.
We could name this device the "Bitstick" or something. Im a developer so I would be willing to contribute time and funds to see this device made, as long as other people thought it was a good idea as well.
What do you guys think?
|
|
|
|
ASanerWorld
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 22, 2013, 04:37:44 PM |
|
I'm too much of a noob to really critique your ideas on this, but it certainly has potential and I would be interested in hearing more as time goes on. Surveillance is an issue for me, not because I'm doing anything worth hiding, but because because it flies in the face of the basic rights of the citizenry.
|
|
|
|
|
TTBit
Legendary
Offline
Activity: 1136
Merit: 1001
|
|
June 22, 2013, 07:48:01 PM |
|
I'm not a developer, but this reminded me: I have been looking for something I call "nuisance encryption", similar to hashcash. I give you an encoded message and the key to decrypt it. Your computer must do some work to come up with the final message. If you could get enough people to use it, it would become in-feasible to decode *everything*.
benefit for sender: you can push an encrypted message to anyone, don't have to have a public key - "You must download this app to read this message" or send them to a java page.
|
good judgment comes from experience, and experience comes from bad judgment
|
|
|
|
Insu Dra
|
|
June 23, 2013, 06:14:03 AM Last edit: June 23, 2013, 07:02:00 AM by Insu Dra |
|
Tbh to break the surveillance you will need to tackle the problem at a lower and broader level, a simple device that people buy might make it easier for users it still leaves to meany open holes or has to limit users to other device users. What you end up with is a subset of people like tor, freenode, .... while the majority of people still use the open net.
I have been looking at this for some time now but simply don't have time/money (and to some degree skills) to complete it.
The idea in my mind is to have every communication on the net to use public key encryption (and with every communication I mean every packet send over the wire), the major hurdle there is the that you need to get that public key to the other side without people intercepting and replacing it, aka the man in the middle. What meany people don't realize is that with bitcoin and namecoin we have the perfect solution to this problem, a key/value store that is distributed and secured, the only thing left is to tie this all together. Bitmessage is a perfect example of this ... but still limited. To make this more global and easy to use I'm working on domain names and id's in namecoin, think of it as dns/http/ssl v2.0.
Bob (Browser, Email, Chat, ...) looks up domain and/or id in the blockchain to get the public key, he then tries to communicate with Alice (server, peer client, ...) using that key and provides his id in the handshake message. Alice looks for the id she got from bob in the blockchain and send a encrypted reply with the pulblic key she got as a result. They are communicating on a encrypted channel without a direct exchange of key's, there was not a single unencrypted message between bob and alice! Sins a attacker can't forge the blockchain and has no idea where or how they perform the lookup the whole system becomes very resistant to a man in the middle attack.
The tools are out there all it takes is time and skill to make user friendly applications and infrastructure that implement this and we could end up with a new internet where all communication is based on public key encryption. On top of that we would get rid of centralized dns/ssl systems used to censor and spy on meany of the sites that threaten the status quo today (wikileaks, piratebay, liberty reserve, ...).
If that is done, specialized devises to promote the use dns/http/ssl v2.0 would be a very good thing.
|
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
whydifficult
|
|
June 23, 2013, 11:05:22 AM |
|
I think more encryption is a good thing but it is in my understanding that the NSA, for example, stores all encrypted data it comes across. This means that if the encryption would be crackable in let's say 20 years from now, the data would still get compromised. Storage is getting cheaper and cheaper every day and the it does not look like the survaliance infrastructure is going away any time soon.
I am a fan for initiatives like these but keep in mind that crypto does not guarantee privacy.
|
Gekko a nodejs bitcoin trading bot! Realtime Bitcoin Globe - visualizing all transactions and blocks Tip jar (BTC): 1KyQdQ9ctjCrGjGRCWSBhPKcj5omy4gv5S
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1005
|
|
June 23, 2013, 11:15:59 AM |
|
"You must download this app to read this message" or send them to a java page.
You're kidding, right? "You must download this app to read this message" is a 99.9% sign of malware trying to install itself on your computer. Someone who is not computer-savvy enough to install firefox+enigmail and give me their public key should definitely not install software from a download link that came over e-mail. Onkel Paul
|
|
|
|
Insu Dra
|
|
June 24, 2013, 11:15:06 AM |
|
I am a fan for initiatives like these but keep in mind that crypto does not guarantee privacy.
I would take that even further, crypto offers no privacy at all. It hides content but leaves all the meta data intact, by hiding the content it does make the meta data less useful and harder to identify/link. Even if this would be broken in 10-20 years it does not mean we should be making it easy for them today ... The only reason this did not happen so far is that there is little money to be made, even the opposite being able to data-mine is very profitable for corporations like google, amazon, .... (*cough* ubuntu/Canonical). On the other hand you have convenience, people pick convenience over privacy not because they don't care (as most will tell you) but because they are to *lazy* to use/learn the complex systems required to add the extra privacy.
|
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
|
el_Tico
Member
Offline
Activity: 88
Merit: 10
"Fly you fools"
|
|
June 25, 2013, 10:19:03 PM |
|
This argument is synonymous to the argument that if everyone leaves their front door open, a burglar is less likely to choose your house. I agree with pythonista that we must have wide adoption of crypto.
Cryptography may not guarantee privacy but it protects work/messages from entities that can make allegations that aren't true.
|
|
|
|
nimda
|
|
June 25, 2013, 10:45:13 PM |
|
Re: Tails Distro I've tried without success to get Bitmessage running on Tails. Tails is based on Debian Squeeze, which ships with a horribly outdated version of SSL. It also doesn't ship with gcc, make, etc ( ), and after multiple hours of trying, I could not get a workable version of SSL installed. If you figure it out, please let me know.
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
June 25, 2013, 11:17:37 PM |
|
lol have fun decrypting my communications.
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
June 25, 2013, 11:21:20 PM |
|
bull shit. they retain everyones data indefinitely anyway regardless of whether the person is using encryption. so they use your data as an input in their research to learn how to break the encryption? big deal if you dont encrypt they just read it with out even having to attempt to break anything. this sounds like a really bad bluff to me. they know they wont be able to break encryption for some time so they are trying to scare people into not using it.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
nimda
|
|
June 26, 2013, 12:02:29 AM |
|
Very disappointed in Daily Kos for publishing that. Sometimes they're actually rational
|
|
|
|
JohnyBigs
|
|
June 26, 2013, 12:51:51 AM |
|
Actually current encryption standards will be obsolete when quantum computers come out, everything is encrypted today is stored on an NSA hard drive somewhere waiting to be decrypted. The only way to fight it surveillance is stop using your fucking phones/email/forums/computers for private matters. It's very simple.
If you want to continue to use these things then new forms of encryption need to be developed to defeat quantum computers, and even then your communications are only encrypted until they are broken again.
|
|
|
|
nimda
|
|
June 26, 2013, 12:53:54 AM |
|
Actually current encryption standards will be obsolete when quantum computers come out, everything is encrypted today is stored on an NSA hard drive somewhere waiting to be decrypted. The only way to fight it surveillance is stop using your fucking phones/email/forums/computers for private matters. It's very simple.
If you want to continue to use these things then new forms of encryption need to be developed to defeat quantum computers, and even then your communications are only encrypted until they are broken again.
Wrong. The one time pad has been proven to be mathematically secure.
|
|
|
|
Insu Dra
|
|
June 26, 2013, 06:53:24 AM |
|
bull shit. they retain everyones data indefinitely anyway regardless of whether the person is using encryption. so they use your data as an input in their research to learn how to break the encryption? big deal if you dont encrypt they just read it with out even having to attempt to break anything. this sounds like a really bad bluff to me. they know they wont be able to break encryption for some time so they are trying to scare people into not using it. This argument is synonymous to the argument that if everyone leaves their front door open, a burglar is less likely to choose your house. I agree with pythonista that we must have wide adoption of crypto.
Cryptography may not guarantee privacy but it protects work/messages from entities that can make allegations that aren't true.
Two quotes say it all, the article linked is just euh .... aiming at mind boggling stupidity and/or ignorance.
|
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
June 26, 2013, 09:13:50 AM |
|
BitMessage is good in some aspects, but it is unusable and will never get any real traction.
You do not need a peer to peer network for broadcasting messages. You just need a simple, address based encryption client. Geeks will set up their own servers that they fetch messages from. Others will probably use a public (funded via donations) or paid (eg a buck per X MB transfer).
Heck, just use Bitcoin addresses like GPG. You can communicate through insecure channels.
|
|
|
|
nimda
|
|
June 26, 2013, 01:51:01 PM |
|
BitMessage is good in some aspects, but it is unusable and will never get any real traction.
You do not need a peer to peer network for broadcasting messages. You just need a simple, address based encryption client. Geeks will set up their own servers that they fetch messages from. Others will probably use a public (funded via donations) or paid (eg a buck per X MB transfer).
Heck, just use Bitcoin addresses like GPG. You can communicate through insecure channels.
- Bitmessage hides the sender and receiver of a message - GPG has been around forever. Have you read Why Johnny Can't Encrypt? - Bitmessage is designed to have throwaway accounts. - Servers are not flood resistant like Bitmessage Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own.
|
|
|
|
|