On 08/07/2013 03:46 PM, Guido Witmond wrote:
On 07-08-13 20:47, Jonathan Wilkes wrote:
Anyone outside of the VPS and the attacker cannot know whether that
relay/exit node has been patched. Now just work with the NSA's
equivalent in the country of the exit node to make sure the VPS
remains unaware of any shenanigans (and why wouldn't they?). If they
do see something weird happening from the patch and make some noise
about it then just gag them as the Guardian reports show they are
quite good at doing.
No need to gag, thank the VPS provider publicly for spotting the hacked
node.
Good point.
Then run a Freenet/bittorrent/I2P/etc node on it to hide the spooks
traffic and sniff that with their fiber taps.
Roger-- how exactly would you check to make sure something like this
scenario isn't happening?
Hmm, That would be easy. Place some false flag mails about terrorist
attacks and check for raised alerts... :-)
Wouldn't that be difficult? When cross-referenced with the greater
social graph built from all available sources those false flag mails
would look like
stumps. They wouldn't connect up with cellphone metadata, social network
activity, people under targeted surveillance, etc.
Guido.
PS. The best thing is to discourage plaintext protocols. Encrypt
everything. Then the spooks have *only* the metadata if they manage to
trace the Tor paths end to end.
I posted an idea on the Bitmessage forum about putting a feature in that
queues up a message each day to be sent at 0 UTC (or else it sends garbage
to a random address), in order to make it harder to even get metadata.
Sounded like it wasn't practical, though.
I don't know enough to implement something that is practical, but I hope
the people
who have that kind of expertise revisit the feasibility of building such
metadata-
snooping resistant networks. Assumptions about what kinds of inconveniences
people are willing to put up with (like latency) have probably changed
quite a
bit, even in the past few months.
-Jonathan
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest, or change password by emailing moderator
at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest, or change password by emailing moderator
at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
