daily pastebin goal
75%
SHARE
TWEET

Untitled

a guest Sep 21st, 2013 196 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. No Secrets Allowed: You, me, and the NSA makes three - Steve Klabnik @steveklabnik
  2.  
  3. - NSA and privacy issues affect us all
  4. - Reality Check, A few trust, well-worn tools, "What do?"
  5. - Reality Check
  6.   - "This isn't new" the privacy issue has been in the news often recently
  7.   - Steve hasn't always cared about privacy and security
  8.   - "This is so frustrating, it doesn't matter - I can't win"
  9.   - [Google Map]
  10.     - A 17 minute walk to 2nd and Folsom
  11.     - Room 641A (NSA Fibre Tap)
  12.       - About '01
  13.   - COINTELPRO
  14.     - Counter intelligence (FBI and CIA) doing a bunch of things in the name of National Security
  15.       - Text from wikipedia article COINTELPRO
  16.     - Historical figures were investigated
  17.       - Eleanor Roosevelt, Sinatra, Marilyn Monroe...
  18.       - in the '70s
  19.   - Church Committee (in the '70s)
  20.   - 2013 Mass Surveillance Disclosures
  21.     - article on wikipedia
  22.     - a variety of things
  23.       - effectively any byte that leaves your computer unencrypted is basically public, period.
  24.       - "i have nothing to hide" means "I am under-informed."
  25.       - cell phones are inherently spy devices
  26.         - potential for gov. to turn on mic w/o interaction
  27.   - Meta-data
  28.     - Headers
  29.     - Who you are talking to and about what time may be more important to the conversation
  30.       - You can have the same appearance as someone doing something shady even if you are innocent
  31.     - Logically incongruent argument: Both innocent and vitally important counter-terrorism
  32.     - Example
  33.       - HBGary: tartan, meta-data analysis about who was talking to who
  34. - A few trusty, well-worn tools
  35.   - No tool is a panacea, they all have drawbacks
  36.   - Tor
  37.     - Three step process
  38.       - Alice's Tor client obtains a list of tor nodes from Tor servers
  39.       - Alice's client picks a random path through the graph of nodes
  40.       - Alice's client sends a message through the graph in a multiply wrapped encrypted packet which is unwrapped in transit
  41.     - Provides meta-data privacy
  42.     - Vulnerabilities
  43.       - end-to-end timing attack
  44.   - GPG
  45.     - for data you want to keep and send
  46.     - uses public/private key encryption mechanisms (not symmetric encryption)
  47.     - signatures and verification
  48.     - web of trust
  49.       - key-signing parties
  50. - Security Culture
  51.   - The human problem
  52.   - We can learn a lot of things from people who have been under government scrutiny
  53. - What do?
  54.   - Take some time to learn some basic concepts
  55.     - You do not need to understand factoring large prime numbers to use public key encryption
  56.   - Start using tools, even if you don't know what you're doing.
  57.     - At worst you're only making it mildly better for your self instead of heaps better
  58.   - Help out, especially with UI/UX
  59.     - GPG is pathological in its UI/UX
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top