On 09/24/2013 09:56 AM, Michael Rogers wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/09/13 05:21, Jonathan Wilkes wrote:
Is Briar able to hide metadata that describes who is messaging
whom within the network from an attacker with a splitter on the
internet and a $50+ billion budget?
We'll see. :-) Briar moves communication off the internet wherever
possible, and when communicating across the internet it uses Tor
hidden services to conceal social relationships. So it may justify the
attacker's budget more than current systems do.
But I take your point that all digital communication is vulnerable to
surveillance, and that our individual choices to communicate digitally
may threaten our collective freedom. The question is, what should we
do about that? Even the postal service is digitally surveilled these
days - should we restrict ourselves to face-to-face conversations?
What about hidden microphones - should we have all our conversations
naked, inside Faraday cages?
It's clear that we can't stay sane and guarantee that we're free from
surveillance. So we have to make tradeoffs. I believe that P2P social
networks offer a better privacy/convenience tradeoff than centralised
social networks. They don't guarantee absolute privacy against an
adversary with unlimited powers - nothing can. But they're less bad
than current systems.
It's probably better to say that goodwill does not address such
moral hazards. People can develop and maintain friendships over
the internet, but currently doing so creates a toxic waste that
silently eats away at our collective freedom.
Thanks, I understand better now what you mean by moral hazard. I don't
have an answer to your question of how communication tools should
explain that moral hazard to their users. I'm not sure it's even a
matter of explanation - informed individual choices may still lead to
collectively detrimental outcomes.
Surveillance is a collective problem, and as such it requires a
collective solution, which is to say a political solution. But that
doesn't mean technology is irrelevant - it can contribute to a
political solution in two ways. First, it can raise the cost and lower
the effectiveness of surveillance, making surveillance harder to
justify politically. Second, it can support political action by
enabling people to speak, associate and organise, in private and in
public.
Are you saying that your social network
could give activists a private communication channel over the
internet, at least at some time in the near future?
It may make sense for someone like me who has an
aversion to advertisers and site admins hurling nested
Russian dolls of javascript at my head to say that I can
attain some semblance of privacy by leveraging Tor. But
for anything beyond local political organizing, NSA level
spying is a real threat.
Roger Dingledine has said that his biggest fear is that the
NSA has found a way to break Tor, and they whisper what
they know to other agencies only in those cases where
doing so wouldn't risk letting the cat out of the bag. We
don't have enough information at present to judge how big
a threat something like that is, but if I took as gospel the
biggest fears from respected cryptographers of the
past decade I'd probably have a damn good track record
so far.
I'm not saying don't work on systems that are better than
centralized ones, I'm just saying we should be very realistic
and skeptical in claiming what such software can achieve.
It could certainly improve things, but if mid- to large-scale
political organizers need privacy in certain situations they
should not be using the internet. That doesn't mean
"don't ever use the internet," it just means know their limits
and probably using different tactics (like ensuring there's not
a small group of organizers who are a central point of
surveillance and failure).
Btw, I don't think we've done a very good job on the flip
side-- that is, making tools to let people know what inferences
can already be made based on the data they've put into
centralized databases. Facebook knowing you're gay is
one thing, but that they and Google probably know the
sexual preferences of teens who don't even know it themselves
is a way bigger market for abuse.
Does anyone have a tool where a Facebook user can
mine their own data and guess what inferences are being
made about them? I know there are some apps, but I mean
the user accessing only their own data.
Best,
Jonathan
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at [email protected].
