On Friday, July 5, 2013 4:49:33 PM UTC+2, Josh Berry wrote: > > > > > On Fri, Jul 5, 2013 at 10:26 AM, Reinier Zwitserloot > <[email protected]<javascript:> > > wrote: > >> In short: >> >> * You do need to trust google, but not very much. I would trust them >> enough for this specific case. >> > > It is more than just Google that you have to trust. One of the tough > points to get across to those that are worried about security is that you > have to have a ridiculously large chain of trust when working on the > internet. Just take a peek at the certificate authorities that are in your > browser for a good indication. (And... I realize that is far from > complete.) >
Even if this government has managed to convince a cert authority to give up the goods (where, again, their 'upside' is tiny and the potential PR nightmare is gigantinormous, so if I was a shareholder of a cert authority and they pulled that stunt, I'd consider a legal battle for gross mismanagement), it takes some serious tech skill to translate this into the ability to read the email. What would be scary is tools, presumably built by western companies, that automate the process. These may or may not exist. Let's hope they don't. There are ways to protect yourself against this though (such as verifying the signature of gmail's TLS certificate), and there are ways in which you can't stop this in any way or form whatsoever (if the government has compromised the very machine you're working on, there is nothing you can do, at all, assuming they have enough technical skill). > > > >> * PGP is not a solution whatsoever. There are still ways to use crypto >> here (steganographics), but it's very very tricky to use, and the tools >> aren't mature. >> >> > Do you think PGP could be good enough if a critical mass was using it? > Pragmatically speaking, no. Employers in the US and europe are already somewhat widely asking for facebook passwords, so imagine how well personal endemic encryption would go over in paranoid government situations. They'll just demand your keys and passwords, and if you fail to comply you will be jailed. Now, if at least large parts of the world's communities (especially trendsetting nations) routinely encrypt almost all traffic, it becomes more of a public outrage if a government does this to its people. This is perhaps the greatest loss of PRISM etc: It sets entirely the wrong tone. Western nations should always take the highroad. > Steganography is a neat idea and all, but the point of that is that you > are using what is essentially a known compromised medium to attempt secure > communication, right? That is, you know they can see the main carrier, but > you take steps such that they should not notice the message. Seems > standard crypto is a much better mechanism, in general. > standard crypto is certainly a lot less tricky from a technical perspective, but it is simply not a solution in the face of physical violence. Steganography is specifically the study of how to hide the fact that you're communicating at all, and that is _EXACTLY_ what you need to truly solve this issue. Yes, it is tricky. You send each other innocuous pictures of cats or something but if you take the lowest order bits of each pixel's RGB info (which will hardly affect the image much), line them up, and then use decryption on that, you get your message. One of the nice aspects of almost all encryption algorithms is that you can't tell the difference between encrypted data and random data. The main issue with steganography is that you need to be extremely tech-savvy to use it properly. If you aren't extremely familiar with how it all works it is very easy to leave something behind that indicates presence of steganographic data. For starters, you need a self-destruct mechanism or hide the software used to obtain and decrypt the data from the steganographic carrier (the images of kittens). If the malicious authority finds the software, the jig is up. One solution to this is multiple layers (where the first layer is not all that compromising, just barely enough that you can believably claim that you went through the effort of sending this data securely, but that data itself has MORE steganography in it, which the same tool could also unpack, provided you give the second password. This loop is endless, so if you are being interrogated, the interrogator doesn't know when you're 'done'. This is extremely difficult to do right, and generally requires huge data overhead). > > > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/javaposse. For more options, visit https://groups.google.com/groups/opt_out.
