Tollef Fog Heen writes ("Re: Possibly moving Debian services to a CDN"):
> I'm fundamentally of the opinion that if the NSA or a similar
> organisation wants to track you and is willing to expend that effort on
> tracking you in particular, there is just about nothing you can do about
> it.This is true, but largely irrelevant. That the NSA can get something if they really want to is true - but the question is how much of a price they want to pay. By making things more difficult for them, we reduce the effectiveness of their surveillance capability. They then have to be more selective in their targeting, or divert resources from other projects, etc. > As you note, we can't actually control it, just like we can't do it > today, so the difference becomes «lots of mirrors, vulnerable to smaller > attackers, but hard to coordinate MITM-ing» vs «fewer mirrors/CDN nodes, > requires more effort from attackers, easier to MITM». I don't think it > makes that much of a difference in terms of cost if the attacker has > that many resources and is willing to expend the effort. It seems you > disagree, and I don't really see us agreeing here, as it's a question of > tradeoffs and you weigh your tradeoffs differently than I do. In my view the important question is not whether an attacker like the NSA has the capability to get what it wants when it really cares. The important question for Debian in this context is how much attacks would cost (not just in money but also in risk, effort, political clout, etc.). It seems to me that obtaining blanket logs about Debian users from a commercial CDN (or small set of CDNs) would be easy and cheap for the NSA and give significant and valuable information (what packages are installed and what security updates are done) about the vast majority of Debian users. Indeed I would be amazed if the NSA don't already routinely collect or scan all traffic to the big CDNs. In contrast, some parts of our current mirror networks are weak against monitoring but it is very easy for a user to (for example) select a mirror they think will be more trustworthy, and attacking our current mirror network in that way would involve strong-arming, subverting or hacking a much greater set of organisations and systems. I imagine the NSA would want to confine such compromises to those mirrors where they think they're not likely to get caught. I share Ingo's privacy concerns. I don't see a clear explanation of what the motivation is to switch to a commercial CDN. Can you clarify ? That will help us understand what we would be giving up if we decline to make this change. Ian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
