Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On 29/08/13 at 11:54pm, zooko wrote: The Least-Authority Filesystem does all of the above. We have some pretty good docs: https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst http://code.google.com/p/nilestore/wiki/TahoeLAFSBasics https://tahoe-lafs.org/trac/tahoe-lafs/wiki/FAQ I know, and for this point I (IMHO) consider your work as verifiable, without the necessity to take into account the Gödel's theorems (sorry if it wasn't clear from the first post). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
A naive comment. In his first email Zooko states: S4 offers “*verifiable* end-to-end security” because all of the source code that makes up the Simple Secure Storage Service is published for everyone to see A suspicious user may wonder, how can he be sure that the service indeed uses the provided source code. IMHO, end-to-end security can be really verifiable--from the user perspective--if it can be attested by examining only the source code of the applications running on the user side. Best, Nikos On Sat, Aug 17, 2013 at 11:52 AM, ianG i...@iang.org wrote: On 16/08/13 22:11 PM, zooko wrote: On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: Nothing really gets anyone past the enormous supply of zero-day vulns in their complete stacks. In the end I assume there's no technological PRISM workarounds. I agree that compromise of the client is relevant. My current belief is that nobody is doing this on a mass scale, pwning entire populations at once, and that if they do, we will find out about it. My goal with the S4 product is not primarily to help people who are being targeted by their enemies, but to increase the cost of indiscriminately surveilling entire populations. Now maybe it was a mistake to label it as PRISM-Proof in our press release and media interviews! I said that because to me PRISM means mass surveillance of innocents. Perhaps to other people it doesn't mean that. Oops! My understanding of PRISM is that it is a voluntary secret arrangement between the supplier and the collector (NSA) to provide direct access to all information. By 'voluntary' I mean that the supplier hands over the access, it isn't taken in an espionage or hacker sense, or leaked by an insider. I include in this various techniques of court-inspired voluntarianism as suggested by recent FISA theories [0]. I suspect it is fair to say that something is PRISM-proof if: a) the system lacks the capability to provide access b) the operator lacks the capacity to enter into the voluntary arrangement, or c) the operator lacks the capacity to keep the arrangement (b) secret The principle here seems to be that if the information is encrypted on the server side without the keys being held or accessible by the supplier, then (a) is met [1]. Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and Silent Circle. Therefore I think it is reasonable in a marketing sense to claim it is PRISM-proof, as long as that claim is explained in more detail for those who wish to research. In this context, one must market ones product, and one must use simple labels to achieve this. Otherwise the product doesn't get out there, and nobody is benefited. iang [0] E.g., the lavabit supplier can be considered to have not volunteered the info, and google can be considered to have not volunteered to the Chinese government. [1] In contrast, if an operator is offshore it would meet (b) and if an operator was some sort of open source distributed org where everyone saw where the traffic headed, it would lack (c). Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
Considering that it's designed to not trust the servers in the first place (just your gateway, which often will be part of your own client or otherwise run locally), it's not all too hard. If you've verified the client, then you can be sure your data is secure. 2013/8/29 Nikos Fotiou niko...@gmail.com: A naive comment. In his first email Zooko states: S4 offers “*verifiable* end-to-end security” because all of the source code that makes up the Simple Secure Storage Service is published for everyone to see A suspicious user may wonder, how can he be sure that the service indeed uses the provided source code. IMHO, end-to-end security can be really verifiable--from the user perspective--if it can be attested by examining only the source code of the applications running on the user side. Best, Nikos On Sat, Aug 17, 2013 at 11:52 AM, ianG i...@iang.org wrote: On 16/08/13 22:11 PM, zooko wrote: On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: Nothing really gets anyone past the enormous supply of zero-day vulns in their complete stacks. In the end I assume there's no technological PRISM workarounds. I agree that compromise of the client is relevant. My current belief is that nobody is doing this on a mass scale, pwning entire populations at once, and that if they do, we will find out about it. My goal with the S4 product is not primarily to help people who are being targeted by their enemies, but to increase the cost of indiscriminately surveilling entire populations. Now maybe it was a mistake to label it as PRISM-Proof in our press release and media interviews! I said that because to me PRISM means mass surveillance of innocents. Perhaps to other people it doesn't mean that. Oops! My understanding of PRISM is that it is a voluntary secret arrangement between the supplier and the collector (NSA) to provide direct access to all information. By 'voluntary' I mean that the supplier hands over the access, it isn't taken in an espionage or hacker sense, or leaked by an insider. I include in this various techniques of court-inspired voluntarianism as suggested by recent FISA theories [0]. I suspect it is fair to say that something is PRISM-proof if: a) the system lacks the capability to provide access b) the operator lacks the capacity to enter into the voluntary arrangement, or c) the operator lacks the capacity to keep the arrangement (b) secret The principle here seems to be that if the information is encrypted on the server side without the keys being held or accessible by the supplier, then (a) is met [1]. Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and Silent Circle. Therefore I think it is reasonable in a marketing sense to claim it is PRISM-proof, as long as that claim is explained in more detail for those who wish to research. In this context, one must market ones product, and one must use simple labels to achieve this. Otherwise the product doesn't get out there, and nobody is benefited. iang [0] E.g., the lavabit supplier can be considered to have not volunteered the info, and google can be considered to have not volunteered to the Chinese government. [1] In contrast, if an operator is offshore it would meet (b) and if an operator was some sort of open source distributed org where everyone saw where the traffic headed, it would lack (c). Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On 29/08/13 at 03:09pm, Nikos Fotiou wrote: A suspicious user may wonder, how can he be sure that the service indeed uses the provided source code. IMHO, end-to-end security can be really verifiable--from the user perspective--if it can be attested by examining only the source code of the applications running on the user side. I agree with you and I propose a simply protocol which follows your statement: - encrypt your data with a simmetric cipher and a private and robust key - make an hash of the encrypted data and store it securely (no loss possibile) offline - upload the encrypted data over some service. - download the encrypted data when you need it, check the hash and decrypt with the key used in the first pass. In this (simple) case, what is run server side does not nullify security properties (confidentiality and integrity in this example), provided that what is run user-side is ok. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Thu, Aug 29, 2013 at 02:44:37PM +0200, danimoth wrote: On 29/08/13 at 03:09pm, Nikos Fotiou wrote: A suspicious user may wonder, how can he be sure that the service indeed uses the provided source code. IMHO, end-to-end security can be really verifiable--from the user perspective--if it can be attested by examining only the source code of the applications running on the user side. I agree with you and I propose a simply protocol which follows your statement: - encrypt your data with a simmetric cipher and a private and robust key - make an hash of the encrypted data and store it securely (no loss possibile) offline - upload the encrypted data over some service. - download the encrypted data when you need it, check the hash and decrypt with the key used in the first pass. In this (simple) case, what is run server side does not nullify security properties (confidentiality and integrity in this example), provided that what is run user-side is ok. The Least-Authority Filesystem does all of the above. We have some pretty good docs: https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst http://code.google.com/p/nilestore/wiki/TahoeLAFSBasics https://tahoe-lafs.org/trac/tahoe-lafs/wiki/FAQ Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On 16/08/13 22:11 PM, zooko wrote: On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: Nothing really gets anyone past the enormous supply of zero-day vulns in their complete stacks. In the end I assume there's no technological PRISM workarounds. I agree that compromise of the client is relevant. My current belief is that nobody is doing this on a mass scale, pwning entire populations at once, and that if they do, we will find out about it. My goal with the S4 product is not primarily to help people who are being targeted by their enemies, but to increase the cost of indiscriminately surveilling entire populations. Now maybe it was a mistake to label it as PRISM-Proof in our press release and media interviews! I said that because to me PRISM means mass surveillance of innocents. Perhaps to other people it doesn't mean that. Oops! My understanding of PRISM is that it is a voluntary secret arrangement between the supplier and the collector (NSA) to provide direct access to all information. By 'voluntary' I mean that the supplier hands over the access, it isn't taken in an espionage or hacker sense, or leaked by an insider. I include in this various techniques of court-inspired voluntarianism as suggested by recent FISA theories [0]. I suspect it is fair to say that something is PRISM-proof if: a) the system lacks the capability to provide access b) the operator lacks the capacity to enter into the voluntary arrangement, or c) the operator lacks the capacity to keep the arrangement (b) secret The principle here seems to be that if the information is encrypted on the server side without the keys being held or accessible by the supplier, then (a) is met [1]. Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and Silent Circle. Therefore I think it is reasonable in a marketing sense to claim it is PRISM-proof, as long as that claim is explained in more detail for those who wish to research. In this context, one must market ones product, and one must use simple labels to achieve this. Otherwise the product doesn't get out there, and nobody is benefited. iang [0] E.g., the lavabit supplier can be considered to have not volunteered the info, and google can be considered to have not volunteered to the Chinese government. [1] In contrast, if an operator is offshore it would meet (b) and if an operator was some sort of open source distributed org where everyone saw where the traffic headed, it would lack (c). Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Thu, 15 Aug 2013 13:11, wasabe...@gmail.com said: To: and From: headers leak the emails/identity of communicating parties, but it's not the only place that happens. I've never used PGP but I've used OpenPGP allows sending messages without information on the used keys (e.g. gpg --throw-keyids). Folks using many secret keys need to have a bit more patience due to the required trial decryptions. keywrap structure. If the email is present, it will leak even if To/From were protected somehow. Even if the email is not present, maybe the cert A mail can easily be wrapped into an message/rfc822 container along with more innocent outer headers. This would allow to keep on using the existing mail infrastructure. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: Nothing really gets anyone past the enormous supply of zero-day vulns in their complete stacks. In the end I assume there's no technological PRISM workarounds. I agree that compromise of the client is relevant. My current belief is that nobody is doing this on a mass scale, pwning entire populations at once, and that if they do, we will find out about it. My goal with the S4 product is not primarily to help people who are being targeted by their enemies, but to increase the cost of indiscriminately surveilling entire populations. Now maybe it was a mistake to label it as PRISM-Proof in our press release and media interviews! I said that because to me PRISM means mass surveillance of innocents. Perhaps to other people it doesn't mean that. Oops! Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Tue, Aug 13, 2013 at 01:52:38PM -0500, Nicolai wrote: Zooko: Congrats on the service. I'm wondering if you could mention on the site which primitives are used client-side. All I see is that combinations of sftp and ssl are used for data-in-flight. Thanks! I'm not sure what your question is. The available interfaces to the gateway -- i.e. the cleartext side that is marked in red on [1] -- are: * the tahoe command-line tool [2] * your unadorned web browser, even with JavaScript turned off, pointed at the gateway over localhost (or over SSL to a remote host, or whatever you want) * your FTP or SFTP client * FUSE (although in a Rube Goldberg-esque setup where FUSE is chained to the aforementioned SFTP server through the sshfs tool; Like a Rube Goldberg device, it actually does work once you get all the pieces set up next to each other.) The semantics of what you can do with this are described in summary here: https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst#access-control And in much more detail in the documentation pages linked from there. Does that answer your question? Regards, Zooko [1] https://tahoe-lafs.org/trac/chrome/LAFS.svg [2] https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/frontends/CLI.rst P.S. This is a test of charset handling through GNU screen, mutt, and GNU mailman: ?? (That should be a superscript 1.) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Fri, Aug 16, 2013 at 2:11 PM, zooko zo...@zooko.com wrote: On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: Nothing really gets anyone past the enormous supply of zero-day vulns in their complete stacks. In the end I assume there's no technological PRISM workarounds. I agree that compromise of the client is relevant. My current belief is that nobody is doing this on a mass scale, pwning entire populations at once, and that if they do, we will find out about it. That's fair, and true-enough, although you never know. pwning everyone is a very costly operation: you can only do it once for each pwn, and the political risks and costs are high enough to put the entire concept at risk. But we've seen actors take some breathtaking risks in recent years (e.g., Flame)... My goal with the S4 product is not primarily to help people who are being targeted by their enemies, but to increase the cost of indiscriminately surveilling entire populations. That's fair, and a point that I should learn to make in general. We saw China back down from banning github -- that's a big clue that sufficiently popular services have leverage against foreign governments, and possibly local ones too. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
Yeah. It's also worth pointing out that it is more or less impractical to secure email. The result is paper-success-reality-fail. This has been an observation for a long time. For recent evidence see Silent Circle's decision to drop their secured email offering. I would say it is mostly because they knew that it is practically impossible and a WOFTAM to try to secure email. The better direction is this: stop using email, use something like a secured chat system, which can be secured, because we can avoid email's terrible assumptions and context. iang On 15/08/13 14:11 PM, wasa bee wrote: To: and From: headers leak the emails/identity of communicating parties, but it's not the only place that happens. I've never used PGP but I've used SMIME, so I'll refer to SMIME here (that may also apply to PGP anyway). In SMIME, the keyWrap (which contains the AES key encrypted under each recipient's public key) has some sort of headers that the recipient parses. The header contains info about the intended recipients' certs, like issuer, SN and email. sometimes it even contains the entire recipient's cert (if memory serves). So one has to be careful of what info is contained in the keywrap structure. If the email is present, it will leak even if To/From were protected somehow. Even if the email is not present, maybe the cert info provided for the decryption of the keyWrap still leaks enough info about recipients... for e.g. it might be enough to identify people by their cert rather than by their email. Another example where all this matters is in BCC headers. In Firefox (last time i checked was 2 years ago i believe), Firefox would send the same message to both To,CC and BCC recipients. The BCC header of course is not present in the message so recipients don't have access to it. However, going thru the keyWrap structure leaks the fact that the message has also been encrypted for an extra recipient so it breaks the BCC purpose. It seems to me that as long as a long-term info is transmitted in each message, it can be used for tracking who's talking to whom. Or one needs to build some sort of deniability into the crypto scheme. On Tue, Aug 13, 2013 at 7:53 PM, ianG i...@iang.org mailto:i...@iang.org wrote: On 13/08/13 20:16 PM, Peter Saint-Andre wrote: On 8/13/13 11:02 AM, ianG wrote: Super! I think a commercial operator is an essential step forward. How so? Centralization via commercial operators doesn't seem to have helped in the email space lately. Centralisation works when the server doesn't have any information of value. Presumably the most that LeastAuthority.com can say is that a certain company has X GB of documents and updates that set at rate Y. Not a lot of value there... The reason email space providers are suffering is that even when the content is encrypted, the To: and From are not. This enables a fairly dramatic capability -- seeing who's writing to whom. In contrast to the bland GB number, this would provide all a business's customers, all a dissident's contacts, all an insniding trader's leakees, etc etc... iang _ cryptography mailing list cryptography@randombit.net mailto:cryptography@randombit.net http://lists.randombit.net/__mailman/listinfo/cryptography http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Wed, Aug 14, 2013 at 09:47:09AM +1000, James A. Donald wrote: On 2013-08-14 6:10 AM, Nico Williams wrote: - it's really not easy to defeat the PRISMs. the problem is *political* more than technological. For a human to read all communications would be an impossible burden. We're rapidly approaching that point where judge, jury and executioner are completely automated. As such neither scaling issues of Stasi (at some point some half of the population were informants) nor quis custodiet are a problem. Instead, apply the following algorithm. Identify people of interest. Read communications between persons of interest. If several people of interest talk to Bob, then Bob may well also a person of interest. /Then/ read their communications. If significant, add Bob to the list of people of interest. IIRC there's already collection on three degrees of separation in place, and that is already a fair fraction of the global population so at least part of the judging is already automated. Looking at communication patterns, Identify the more central nodes among people of interest. Make a special effort to crack the communications of the most central nodes. The technological counter to this is the cypherpunks remailers, which are unfortunately user hostile, especially when used with a permanent identity. How badly bitrotted is the codebase? With the current threat model it looks like high-latency anonymous networks could well use a revival. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
Super! I think a commercial operator is an essential step forward. Q: do you have some sense of how long the accesses take? E.g., I'm at the end of a long ping, will I expect the actions to take ms, s, or ks? iang On 13/08/13 18:56 PM, Zooko Wilcox-OHearn wrote: Dear people of the cryptography@randombit.net mailing list: For obvious reasons, the time has come to push hard on *verifiable* end-to-end encryption. Here's our first attempt. We intend to bring more! We welcome criticism, suggestions, and requests. Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com Freedom matters. --- LeastAuthority.com Announces A PRISM-Proof Storage Service Wednesday, July 31, 2013 `LeastAuthority.com`_ today announced “Simple Secure Storage Service (S4)”, a backup service that encrypts your files to protect them from the prying eyes of spies and criminals. .. _LeastAuthority.com: https://LeastAuthority.com “People deserve privacy and security in the digital data that make up our daily lives.” said the company's founder and CEO, Zooko Wilcox-O'Hearn. “As an individual or a business, you shouldn't have to give up control over your data in order to get the benefits of cloud storage.” verifiable end-to-end security -- The Simple Secure Storage Service offers *verifiable* end-to-end security. It offers “end-to-end security” because all of the customer's data is encrypted locally — on the customer's own personal computer — before it is uploaded to the cloud. During its stay in the cloud, it cannot be decrypted by LeastAuthority.com, nor by anyone else, without the decryption key which is held only by the customer. S4 offers “*verifiable* end-to-end security” because all of the source code that makes up the Simple Secure Storage Service is published for everyone to see. Not only is the source code publicly visible, but it also comes with Free (Libre) and Open Source rights granted to the public allowing anyone to inspect the source code, experiment on it, alter it, and even to distribute their own version of it and to sell commercial services. Wilcox-O'Hearn says “If you rely on closed-source, proprietary software, then you're just taking the vendor's word for it that it actually provides the end-to-end security that they claim. As the PRISM scandal shows, that claim is sometimes a lie.” The web site of LeastAuthority.com proudly states “We can never see your data, and you can always see our code.”. trusted by experts -- The Simple Secure Storage Service is built on a technology named “Least-Authority File System (LAFS)”. LAFS has been studied and used by computer scientists, hackers, Free and Open Source software developers, activists, the U.S. Defense Advanced Research Projects Agency, and the U.S. National Security Agency. The design has been published in a peer-reviewed scientific workshop: *Wilcox-O'Hearn, Zooko, and Brian Warner. “Tahoe: the least-authority filesystem.” Proceedings of the 4th ACM international workshop on Storage security and survivability. ACM, 2008.* http://eprint.iacr.org/2012/524.pdf It has been cited in more than 50 scientific research papers, and has received plaudits from the U.S. Comprehensive National Cybersecurity Initiative, which stated: “Systems like Least-Authority File System are making these methods immediately usable for securely and availably storing files at rest; we propose that the methods be further reviewed, written up, and strongly evangelized as best practices in both government and industry.” Dr. Richard Stallman, President of the Free Software Foundation (https://fsf.org/) said “Free/Libre software is software that the users control. If you use only free/libre software, you control your local computing — but using the Internet raises other issues of freedom and privacy, which many network services don't respect. The Simple Secure Storage Service (S4) is an example of a network service that does respect your freedom and privacy.” Jacob Appelbaum, Tor project developer (https://www.torproject.org/) and WikiLeaks volunteer (http://wikileaks.org/), said “LAFS's design acknowledges the importance of verifiable end-to-end security through cryptography, Free/Libre release of software and transparent peer-reviewed system design.” The LAFS software is already packaged in several widely-used operating systems such as Debian GNU/Linux and Ubuntu. https://LeastAuthority.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On 8/13/13 11:02 AM, ianG wrote: Super! I think a commercial operator is an essential step forward. How so? Centralization via commercial operators doesn't seem to have helped in the email space lately. Peter -- Peter Saint-Andre https://stpeter.im/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Tue, Aug 13, 2013 at 5:16 PM, Peter Saint-Andre stpe...@stpeter.im wrote: On 8/13/13 11:02 AM, ianG wrote: Super! I think a commercial operator is an essential step forward. How so? Centralization via commercial operators doesn't seem to have helped in the email space lately. It helps because we at LeastAuthority.com (https://LeastAuthority.com/about_us ) can spend our days improving the performance and reliability of our ciphertext storage servers and contributing patches back to the free-and-open-source client (https://Tahoe-LAFS.org ). If we weren't running LeastAuthority.com, we would presumably have to get different jobs which would take a lot of time away from LAFS hacking! It helps our customers because they can avoid doing the effort and expense of setting up and managing servers, and instead pay us a monthly fee to maintain those servers and the storage of their ciphertext. Also our customer and business partners like having the option of hiring us for support when they are integrating the free-and-open-source LAFS software into their own products. Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com Freedom matters. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On 8/13/13 12:53 PM, ianG wrote: On 13/08/13 20:16 PM, Peter Saint-Andre wrote: On 8/13/13 11:02 AM, ianG wrote: Super! I think a commercial operator is an essential step forward. How so? Centralization via commercial operators doesn't seem to have helped in the email space lately. Centralisation works when the server doesn't have any information of value. Presumably the most that LeastAuthority.com can say is that a certain company has X GB of documents and updates that set at rate Y. Not a lot of value there... Although presumably there would be value in shutting down a privacy-protecting service just so that people can't benefit from it any longer. When the assumption is that everything must be public, any service that keeps some information non-public might be perceived as a threat. The reason email space providers are suffering is that even when the content is encrypted, the To: and From are not. This enables a fairly dramatic capability -- seeing who's writing to whom. In contrast to the bland GB number, this would provide all a business's customers, all a dissident's contacts, all an insniding trader's leakees, etc etc... Sure, that problem is well-known by now. :-/ However, I'm not convinced that email providers have been shut down (or have done so proactively) only because they send around To and From addresses. Peter -- Peter Saint-Andre https://stpeter.im/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Tue, Aug 13, 2013 at 12:02 PM, ianG i...@iang.org wrote: Super! I think a commercial operator is an essential step forward. A few points: - if only you access your own files then there's much less interest for a government in your files: they might contain evidence of crimes and conspiracies, but you can always be compelled to produce those - if you share files then traffic analysis will reveal much about what you're up to, and there may be much interest in getting at your files' contents. - commercial operators who give you software to run can compromise (or allow governments to compromise) you even if they are not technically an end-point[*] for your end-to-end protocols. - it's really not easy to defeat the PRISMs. the problem is *political* more than technological. - i'm not trying to detract from Tahoe-LAFS -- it's a spectacular idea, I wish it well, and I generally endorse filesystems of this sort. [*] In Tahoe-LAFS, ZFS, and any other similar filesystems, there is only one end-point: the client(s); the server, in particular, is NOT an end-point. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Tue, Aug 13, 2013 at 2:09 PM, Peter Saint-Andre stpe...@stpeter.im wrote: Although presumably there would be value in shutting down a privacy-protecting service just so that people can't benefit from it any longer. When the assumption is that everything must be public, any service that keeps some information non-public might be perceived as a threat. This is the only way in which crypto helps against the PRISMs: when legitimate business interests come to depend enough on services that can neither easily be compromised by the PRISM nor easily be shut off because of the large dependence on those services. That's really more a political effect than a technological one, though facilitated by technology. Nothing really gets anyone past the enormous supply of zero-day vulns in their complete stacks. In the end I assume there's no technological PRISM workarounds. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On Tue, Aug 13, 2013 at 01:09:15PM -0600, Peter Saint-Andre wrote: On 8/13/13 12:53 PM, ianG wrote: On 13/08/13 20:16 PM, Peter Saint-Andre wrote: On 8/13/13 11:02 AM, ianG wrote: Super! I think a commercial operator is an essential step forward. How so? Centralization via commercial operators doesn't seem to have helped in the email space lately. Centralisation works when the server doesn't have any information of value. Presumably the most that LeastAuthority.com can say is that a certain company has X GB of documents and updates that set at rate Y. Not a lot of value there... Although presumably there would be value in shutting down a privacy-protecting service just so that people can't benefit from it any longer. When the assumption is that everything must be public, any service that keeps some information non-public might be perceived as a threat. The reason email space providers are suffering is that even when the content is encrypted, the To: and From are not. This enables a fairly dramatic capability -- seeing who's writing to whom. In contrast to the bland GB number, this would provide all a business's customers, all a dissident's contacts, all an insniding trader's leakees, etc etc... Sure, that problem is well-known by now. :-/ However, I'm not convinced that email providers have been shut down (or have done so proactively) only because they send around To and From addresses. This comes to mind when I read that: http://lavabit.com/ Peter Saint-Andre slainte mhath, RGB -- Richard Guy Briggs -- ~\-- ~\hpv.tricolour.net www.TriColour.net-- \___ o \@ @ Ride yer bike! Ottawa, ON, CANADA -- Lo___M__\\/\%__\\/\% Vote! -- greenparty.ca_GTVS6#790__(*)__(*)(*)(*)_ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] LeastAuthority.com announces PRISM-proof storage service
On 2013-08-14 6:10 AM, Nico Williams wrote: - it's really not easy to defeat the PRISMs. the problem is *political* more than technological. For a human to read all communications would be an impossible burden. Instead, apply the following algorithm. Identify people of interest. Read communications between persons of interest. If several people of interest talk to Bob, then Bob may well also a person of interest. /Then/ read their communications. If significant, add Bob to the list of people of interest. Looking at communication patterns, Identify the more central nodes among people of interest. Make a special effort to crack the communications of the most central nodes. The technological counter to this is the cypherpunks remailers, which are unfortunately user hostile, especially when used with a permanent identity. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography