Home page logo
/

nanog logo nanog mailing list archives

RE: Just Carnivore (was: Yahoogroups and Carnivore)
From: Roeland Meyer <rmeyer () mhsc com>
Date: Tue, 18 Sep 2001 00:42:17 -0700


|> From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
|> Sent: Monday, September 17, 2001 11:27 PM
|> 
|> On Mon, 17 Sep 2001 22:36:53 PDT, Roeland Meyer said:
|> > So, Bruce Schneier, when posing that problem, must have 
|> had his imagination
|> > disengaged. There is more than adequate cover story for 
|> passing huge JPGs
|> > around.
|> 
|> No, he actually had his brain engaged.  His point was that 
|> if you're trying
|> to use steganography to move data around under the nose of a 
|> government that's
|> actively trying to catch you at something, you can't just 
|> start sending
|> files around, because that would set off traffic pattern 
|> analysis warnings.
|> 
|> http://www.counterpane.com/crypto-gram-9810.html#steganograph
|> y  for the whole story.

Yes, and neither of you have yet been to www.ofoto.com have you? One of my
clients is yet another photo sharing site. In two years, customer photos
took up over 3 TeraBytes worth of RAID space. Snapshots are 1) original
content, 2) very large, 3) numerous as hell, 4) not porn, and 5) there are
LOTS of innocent people doing it. Also, when folks upload photos, they don't
do just one. They do half a roll, or more, so you don't have to embed a
message in every one of them. In addition, one could encrypt the message
prior to embedding it. Since it is original content there is no other
picture to compare it to, in order to detect alteration. No one else has
access to the original, but you. You can further, destroy all non-steg
enhanced originals.

For a news site that publishes original content, the arguments are the same.
What are you going to compare the photos to? It's the original that's been
"doctored". If you have support of the local government, there are no
"Secret Police" issues, and your "photos" get sent to every web-browser that
takes a peek. If you don't keep visit logs then no one knows who has seen
the pretty pictures and decoded their content.

After having read the article (thanks), I think that Bruce was being
improperly dismissive. He applied special case arguments (a specific
context) to the general case. The cutter had a dull knife that day ... it
happens. The true operational model is quite different from the one that
Bruce envisioned in his argument.

This is a more complete reason why I suggested that we all start observing
the proscription lists, from US State. A site like www.lybia.com or
www.taliban.com, operated with such intention, and hosted in a US colo
facility, and fed through an SSH tunnel, can otherwise operate with
impunity. We would never even know otherwise. We have no such "Secret
Police" and I'd really rather not have them. KGB was sufficient trouble in
the USSR. We don't need FBI thinking/acting like them. CALEA is bad enough,
thank you. Understandibly, I have personal reasons for wanting to see that
photo sharing sites remain unmolested and none of the ones, I have mentioned
here, are on my client list. Yes, there are counter-measure that those sites
could take. They aren't taking them right now. Equally, there are ways
around those counter-measures. 'nuff said.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault