- No Secrets Allowed: You, me, and the NSA makes three - Steve Klabnik @steveklabnik
- - NSA and privacy issues affect us all
- - Reality Check, A few trust, well-worn tools, "What do?"
- - Reality Check
- - "This isn't new" the privacy issue has been in the news often recently
- - Steve hasn't always cared about privacy and security
- - "This is so frustrating, it doesn't matter - I can't win"
- - [Google Map]
- - A 17 minute walk to 2nd and Folsom
- - Room 641A (NSA Fibre Tap)
- - About '01
- - COINTELPRO
- - Counter intelligence (FBI and CIA) doing a bunch of things in the name of National Security
- - Text from wikipedia article COINTELPRO
- - Historical figures were investigated
- - Eleanor Roosevelt, Sinatra, Marilyn Monroe...
- - in the '70s
- - Church Committee (in the '70s)
- - 2013 Mass Surveillance Disclosures
- - article on wikipedia
- - a variety of things
- - effectively any byte that leaves your computer unencrypted is basically public, period.
- - "i have nothing to hide" means "I am under-informed."
- - cell phones are inherently spy devices
- - potential for gov. to turn on mic w/o interaction
- - Meta-data
- - Headers
- - Who you are talking to and about what time may be more important to the conversation
- - You can have the same appearance as someone doing something shady even if you are innocent
- - Logically incongruent argument: Both innocent and vitally important counter-terrorism
- - Example
- - HBGary: tartan, meta-data analysis about who was talking to who
- - A few trusty, well-worn tools
- - No tool is a panacea, they all have drawbacks
- - Tor
- - Three step process
- - Alice's Tor client obtains a list of tor nodes from Tor servers
- - Alice's client picks a random path through the graph of nodes
- - Alice's client sends a message through the graph in a multiply wrapped encrypted packet which is unwrapped in transit
- - Provides meta-data privacy
- - Vulnerabilities
- - end-to-end timing attack
- - GPG
- - for data you want to keep and send
- - uses public/private key encryption mechanisms (not symmetric encryption)
- - signatures and verification
- - web of trust
- - key-signing parties
- - Security Culture
- - The human problem
- - We can learn a lot of things from people who have been under government scrutiny
- - What do?
- - Take some time to learn some basic concepts
- - You do not need to understand factoring large prime numbers to use public key encryption
- - Start using tools, even if you don't know what you're doing.
- - At worst you're only making it mildly better for your self instead of heaps better
- - Help out, especially with UI/UX
- - GPG is pathological in its UI/UX
a guest Sep 21st, 2013 213 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data