[Dailydave] C...c...c..Cryptopocalypse!

Ben Nagy ben at iagu.net
Tue Sep 3 02:18:55 EDT 2013


Recently, a lot of people have been talking and possibly even thinking
about the
"cryptopocalypse", surveillance, and the ideal rate of exchange between
liberty
and safety. I have been vaguely seeking the ideal derisive verse for a
while,
but this morning I finally realised that it has already been sung.

"When you believe in things
 that you don't understand,
 then you suffer."

     - Stevie Wonder [1]

Without quibbling over minor points, I think it's reasonable to view the
period
since 2001 as one where privacy and fundamental individual liberties have
been
at a steady ebb. Some might characterise it as the 'theft' of those things
by
Governments, but really, it's not. It has been driven by fear, and the
belief
that "The Government" can provide protection against Dark Forces. However,
it's
not the steady advance of ridiculous legislation that I want to focus on.
Those
shavings of liberty can be counted where they fell, as a simple matter of
public
record.

What's interesting is the use of the tools that these Governments already
have.
Nothing fundamental changed in the last few months. The NSA, GCHQ, MI5, DSD
didn't SUDDENLY ramp up any ops. They haven't gone rogue. They've just been
doing the same thing they've been doing for years, because people ASKED
them for
protection, but weren't too bothered about asking for details. They may not
have
even had a concept of the missions of these organisations, except as a
nebulous
part of "Government". They believed in things that they did not,
fundamentally,
understand, and now we all suffer.

So now we, the super smart computer crowd, get to be all smug and "I told
you
so!", because we called it, just like that guy with no pants and a bird in
his
beard.

What I find hilarious, however, is the reaction. "Tor is the BEST tool that
fails to fix a different but related problem!", "You should all use
CryptoCat
because I say sorry every time I screw up!", "Hemlis messenger is totes
unbreakable, and has nice graphic design!", "5 Weird Tips to NSA-proof YOUR
life!", "Try Silent Circle! We have Beards!"

All of this rubbish is just as much Security Theatre as the shoe removals,
crotch-gropings and warrantless detention we've been enduring at airports.
Statically, you're just not a target, so it's ALL going to be as "100%
Effective" as Werewolf Repellent. So go nuts, I guess. Use CraptoCat inside
TorBB to update your location on Facebook. Whatever.

If you happen to actually BE a person of interest, however, "better than
nothing" is actually worse than nothing. If you had zero crypto, you might
actually think about the content and traffic / timing patterns of your comms.
If
you had no 'anonymisation' then you might actually give a shit when and from
where you connect. In either case you might give some measure of incredibly
serious thought to:

- The known capabilities of your anticipated adversary
- Your operating risk
- Your worst case outcome

Because if you don't have a strong mental picture of these things BEFORE you
start deploying tools and being all crypto-ninja-slash-stealth-sexy-leopard,
then you're going to see exactly what that worst case outcome looks like
from
the inside.

I'm not saying it's "impossible". I'm just saying (to quote The Grugq) "
Nobody's
going to go to jail for you", and that includes the authors of these new
(and
old) "spook-proof" tools. The hard truth is that the only way to stay 'safe'
from state-level actors is going to involve a consistently disciplined
regimen of tools, techniques and procedures, and any software that claims to
make it "easy" is flat-out lying.

Don't outsource understanding.

"When you believe in things
 that you don't understand,
 then you suffer.
 Superstition aint the way."

( please now allow the best Clav riff EVER to stick in your head )

Baby Seals,

ben

[1] http://www.youtube.com/watch?v=wDZFf0pm0SE
    (and if you need this WHY ARE YOU SO YOUNG??)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130903/9d0c24d4/attachment.html>


More information about the Dailydave mailing list