No Secrets Allowed: You, me, and the NSA makes three - Steve Klabnik @steveklabn

1. No Secrets Allowed: You, me, and the NSA makes three - Steve Klabnik @steveklabnik
2.  
3. - NSA and privacy issues affect us all
4. - Reality Check, A few trust, well-worn tools, "What do?"
5. - Reality Check
6. - "This isn't new" the privacy issue has been in the news often recently
7. - Steve hasn't always cared about privacy and security
8. - "This is so frustrating, it doesn't matter - I can't win"
9. - [Google Map]
10. - A 17 minute walk to 2nd and Folsom
11. - Room 641A (NSA Fibre Tap)
12. - About '01
13. - COINTELPRO
14. - Counter intelligence (FBI and CIA) doing a bunch of things in the name of National Security
15. - Text from wikipedia article COINTELPRO
16. - Historical figures were investigated
17. - Eleanor Roosevelt, Sinatra, Marilyn Monroe...
18. - in the '70s
19. - Church Committee (in the '70s)
20. - 2013 Mass Surveillance Disclosures
21. - article on wikipedia
22. - a variety of things
23. - effectively any byte that leaves your computer unencrypted is basically public, period.
24. - "i have nothing to hide" means "I am under-informed."
25. - cell phones are inherently spy devices
26. - potential for gov. to turn on mic w/o interaction
27. - Meta-data
28. - Headers
29. - Who you are talking to and about what time may be more important to the conversation
30. - You can have the same appearance as someone doing something shady even if you are innocent
31. - Logically incongruent argument: Both innocent and vitally important counter-terrorism
32. - Example
33. - HBGary: tartan, meta-data analysis about who was talking to who
34. - A few trusty, well-worn tools
35. - No tool is a panacea, they all have drawbacks
36. - Tor
37. - Three step process
38. - Alice's Tor client obtains a list of tor nodes from Tor servers
39. - Alice's client picks a random path through the graph of nodes
40. - Alice's client sends a message through the graph in a multiply wrapped encrypted packet which is unwrapped in transit
41. - Provides meta-data privacy
42. - Vulnerabilities
43. - end-to-end timing attack
44. - GPG
45. - for data you want to keep and send
46. - uses public/private key encryption mechanisms (not symmetric encryption)
47. - signatures and verification
48. - web of trust
49. - key-signing parties
50. - Security Culture
51. - The human problem
52. - We can learn a lot of things from people who have been under government scrutiny
53. - What do?
54. - Take some time to learn some basic concepts
55. - You do not need to understand factoring large prime numbers to use public key encryption
56. - Start using tools, even if you don't know what you're doing.
57. - At worst you're only making it mildly better for your self instead of heaps better
58. - Help out, especially with UI/UX
59. - GPG is pathological in its UI/UX