Home page logo

dailydave logo Dailydave mailing list archives

Re: C...c...c..Cryptopocalypse!
From: Lurene <lurene () immunityinc com>
Date: Wed, 18 Sep 2013 11:56:54 -0400

"crypto-ninja-slash-stealth-sexy-leopard" is my new business card
title, bee tee dubs.

~ Lurene

On 09/03/2013 02:18 AM, Ben Nagy wrote:
Recently, a lot of people have been talking and possibly even
thinking about the "cryptopocalypse", surveillance, and the ideal
rate of exchange between liberty and safety. I have been vaguely
seeking the ideal derisive verse for a while, but this morning I
finally realised that it has already been sung.

"When you believe in things that you don't understand, then you

- Stevie Wonder [1]

Without quibbling over minor points, I think it's reasonable to
view the period since 2001 as one where privacy and fundamental
individual liberties have been at a steady ebb. Some might
characterise it as the 'theft' of those things by Governments, but
really, it's not. It has been driven by fear, and the belief that
"The Government" can provide protection against Dark Forces.
However, it's not the steady advance of ridiculous legislation that
I want to focus on. Those shavings of liberty can be counted where
they fell, as a simple matter of public record.

What's interesting is the use of the tools that these Governments
already have. Nothing fundamental changed in the last few months.
The NSA, GCHQ, MI5, DSD didn't SUDDENLY ramp up any ops. They
haven't gone rogue. They've just been doing the same thing they've
been doing for years, because people ASKED them for protection, but
weren't too bothered about asking for details. They may not have 
even had a concept of the missions of these organisations, except
as a nebulous part of "Government". They believed in things that
they did not, fundamentally, understand, and now we all suffer.

So now we, the super smart computer crowd, get to be all smug and
"I told you so!", because we called it, just like that guy with no
pants and a bird in his beard.

What I find hilarious, however, is the reaction. "Tor is the BEST
tool that fails to fix a different but related problem!", "You
should all use CryptoCat because I say sorry every time I screw
up!", "Hemlis messenger is totes unbreakable, and has nice graphic
design!", "5 Weird Tips to NSA-proof YOUR life!", "Try Silent
Circle! We have Beards!"

All of this rubbish is just as much Security Theatre as the shoe
removals, crotch-gropings and warrantless detention we've been
enduring at airports. Statically, you're just not a target, so it's
ALL going to be as "100% Effective" as Werewolf Repellent. So go
nuts, I guess. Use CraptoCat inside TorBB to update your location
on Facebook. Whatever.

If you happen to actually BE a person of interest, however, "better
than nothing" is actually worse than nothing. If you had zero
crypto, you might actually think about the content and traffic /
timing patterns of your comms. If you had no 'anonymisation' then
you might actually give a shit when and from where you connect. In
either case you might give some measure of incredibly serious
thought to:

- The known capabilities of your anticipated adversary - Your
operating risk - Your worst case outcome

Because if you don't have a strong mental picture of these things
BEFORE you start deploying tools and being all
crypto-ninja-slash-stealth-sexy-leopard, then you're going to see
exactly what that worst case outcome looks like from the inside.

I'm not saying it's "impossible". I'm just saying (to quote The
Grugq) " Nobody's going to go to jail for you", and that includes
the authors of these new (and old) "spook-proof" tools. The hard
truth is that the only way to stay 'safe' from state-level actors
is going to involve a consistently disciplined regimen of tools,
techniques and procedures, and any software that claims to make it
"easy" is flat-out lying.

Don't outsource understanding.

"When you believe in things that you don't understand, then you
suffer. Superstition aint the way."

( please now allow the best Clav riff EVER to stick in your head )

Baby Seals,


[1] http://www.youtube.com/watch?v=wDZFf0pm0SE (and if you need

_______________________________________________ Dailydave mailing
list Dailydave () lists immunityinc com 

Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]