Re: [jdev] Protecting IM From Big Brother
On Tuesday 27 November 2007 02:55:16 Andreas Monitzer wrote: On Nov 27, 2007, at 00:07, Jesus Cea wrote: http://it.slashdot.org/article.pl?sid=07/11/23/1324201 FYI, Adium and Pidgin implement OTR on top of XMPP. andy Not just these two. XMPP have specification for pgp usage on top of xmpp, I use it sometimes with Psi client and I am sure that at least some other clients support it as well. I'll explain it for the others who are less familiar with encryption: both methods (OTR and PGP) are the end-to-end encryptions. Big brother will never waste his resources to crack these unless you are highly wanted criminal (and even in this case it will be not too easy for him to crack it). -- Respectfully Alexey Nezhdanov
Re: [jdev] Protecting IM From Big Brother
On Tue Nov 27 16:19:38 2007, Alexey Nezhdanov wrote: Not just these two. XMPP have specification for pgp usage on top of xmpp, I use it sometimes with Psi client and I am sure that at least some other clients support it as well. And there's ESessions, and S/MIME, and XTLS... The problem isn't so much encrypting the traffic, which is simple enough, it's all the other additional properties. ESessions and OTR are both geared very heavily toward IM, whereas S/MIME and PGP both leverage existing cryptography designed for email and deploy it on IM, and finally XTLS treats chat sessions like connections, and does TLS over them. (That's SSLv4, in effect). I'll explain it for the others who are less familiar with encryption: both methods (OTR and PGP) are the end-to-end encryptions. Big brother will never waste his resources to crack these unless you are highly wanted criminal (and even in this case it will be not too easy for him to crack it). Well, you can - if you really want - calculate the computing power required to decrypt all XMPP messages. Note that you have to be able to decrypt them in near-real-time, at least, you need to decrypt as fast as you intercept, which amounts to more or less the same thing I think. Now, I don't know how much computing resource NSA, or GCHQ, actually, have, but we can do another calculation, too - we can translate the MIPs into Watts of electrical power, based on the power consumption of the individual CPUs required for this MIPpage. Then divide by 2*10^8. This magical figure will then tell you how many power stations will need to be fairly close by Fort Meade. (Or Cheltenham, for the Brits). (Of course, I'm assuming a 200MW reactor, here, as I can't really be bothered to look up what wattage a nuclear power station can generate these days). Once all this is done, simply count the power stations in the target area (Google Maps, or simply go and look - you can certainly drive around the Doughnut in Cheltenham). Now, if you see a vast array of power stations - big complexes with vast cooling towers, you can't miss them - conveniently located within a useful range of the big brother of your choice, then hold onto your tinfoil hats and grab your one-time pads, because it's the only chance you have. (And, please note, that's one-time pads generated very carefully.) Alternately, if you happen to notice that cooling towers are, in fact, conspicuous only by their absence in leafy Cheltenham, then you can simply reuse your tinfoil hat as a convenient bowl to hold your crisps in while you watch the lotto on telly purely to see if you've one. (The latter not being a hint to use it as the source for your one-time pad, of course, since that would be foolish in the extreme, of course). Of course, if you're a fully paid up member of the black helicopter spotting brigade, then you'll refute such arguments as being the ravings of an evil spook. But then, you'll also note that it's too late, because I've infiltrated you now. Dave. -- Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED] - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
Re: [jdev] Protecting IM From Big Brother
On Nov 27, 2007 12:17 PM, Dave Cridland [EMAIL PROTECTED] wrote: Once all this is done, simply count the power stations in the target area (Google Maps, or simply go and look - you can certainly drive around the Doughnut in Cheltenham). Here's another take on this: As it turns out, most people don't encrypt their IM traffic. If you're Evil Big Brother of Choice (EBBOC), picking out encrypted IM streams from the unencrypted haystack makes finding interesting needles much easier. At that point, you use some other exploit (undisclosed, unpatched vuln in OS of choice, for example) to install a keystroke logger. Much simpler, and fewer greenhouse gases emitted. [I]t would be nice if everyone routinely used encryption for all their email [and IM activity], innocent or not, so that no one drew suspicion by asserting their email [and IM] privacy with encryption. [1] It would be nice, but unfortunately, that's not currently the case. -David [1] http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html -- David Eisner http://cradle.brokenglass.com
[jdev] [Fwd: [foaf-dev] Announcement: WebCamp workshop on Social Network Portability]
This may be of interest (notice the mention of XMPP)... /psa Original Message Date: Tue, 27 Nov 2007 12:36:41 + From: John Breslin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [foaf-dev] Announcement: WebCamp workshop on Social Network Portability I am happy to announce the Social Network Portability workshop (co-located with BlogTalk) to be held in Cork, Ireland on the 2nd March 2008. You can view the wiki page for this event at http://webcamp.org/SocialNetworkPortability At this workshop, we will combine presentations with breakout sessions to discuss all aspects of portability for social networking sites (including accounts, friends, activities / content, and applications). I would like to invite members of the FOAF-Dev mailing list to submit ideas for presentation on the wiki page. Topics of relevance include, but are not limited to, social network centralisation versus decentralisation, OpenSocial, microformats including XHTML Friends Network (XFN) and hCard, authentication and authorisation, OpenID single sign-on, Bloom filters, categorising friends and personas, FOAF, ownership of your published content, SIOC, the OpenFriend format, the Social Network Aggregation Protocol (SNAP), aggregation and privacy, permissions and context, the Extensible Messaging and Presence Protocol (XMPP), the social graph and the giant global graph. You can register for this workshop in conjunction with BlogTalk 2008 at http://www.amiando.com/blogtalk2008 (a nominal fee of €50 to cover food and room costs). If you are interested in speaking or otherwise participating in the workshop, please add your name under the Speakers or Participants headings on the wiki page at http://webcamp.org/SocialNetworkPortability Please feel free to e-mail me with any questions about the event. Thanks, John. -- http://www.johnbreslin.com/ ___ foaf-dev mailing list [EMAIL PROTECTED] http://lists.foaf-project.org/mailman/listinfo/foaf-dev smime.p7s Description: S/MIME Cryptographic Signature
Re: [jdev] Protecting IM From Big Brother
Quoting Alexey Nezhdanov [EMAIL PROTECTED]: On Tuesday 27 November 2007 02:55:16 Andreas Monitzer wrote: On Nov 27, 2007, at 00:07, Jesus Cea wrote: http://it.slashdot.org/article.pl?sid=07/11/23/1324201 FYI, Adium and Pidgin implement OTR on top of XMPP. andy Not just these two. XMPP have specification for pgp usage on top of xmpp, I use it sometimes with Psi client and I am sure that at least some other clients support it as well. I'll explain it for the others who are less familiar with encryption: both methods (OTR and PGP) are the end-to-end encryptions. Big brother will never waste his resources to crack these unless you are highly wanted criminal (and even in this case it will be not too easy for him to crack it). Depends which country of course.. you are talking about. They crack codes for a variety of reasons... begs the question; if you are not a highly wanted criminal.. why encrypt ? :-) David
Re: [jdev] Protecting IM From Big Brother
2007/11/27, [EMAIL PROTECTED] [EMAIL PROTECTED]: begs the question; if you are not a highly wanted criminal.. why encrypt ? For example, because you don't want the highly wanted criminal to capture the password of your bank account which you are receiving in real-time over a secured XMPP connection... For example, because you are a reporter in a country like Myanmar. For example, because you don't want other people to capture your gossips using a tool like Wireshark. For example, because you use untrusted wireless access points. -- Mvg, Sander Devrieze.
Re: [jdev] Protecting IM From Big Brother
Dave Cridland wrote: On Tue Nov 27 16:19:38 2007, Alexey Nezhdanov wrote: Not just these two. XMPP have specification for pgp usage on top of xmpp, I use it sometimes with Psi client and I am sure that at least some other clients support it as well. And there's ESessions, and S/MIME, and XTLS... The problem isn't so much encrypting the traffic, which is simple enough Oh really? So why have we done such a bang-up job of it? :) /psa smime.p7s Description: S/MIME Cryptographic Signature
Re: [jdev] Protecting IM From Big Brother
Quoting Sander Devrieze [EMAIL PROTECTED]: 2007/11/27, [EMAIL PROTECTED] [EMAIL PROTECTED]: begs the question; if you are not a highly wanted criminal.. why encrypt ? For example, because you don't want the highly wanted criminal to capture the password of your bank account which you are receiving in real-time over a secured XMPP connection... For example, because you are a reporter in a country like Myanmar. For example, because you don't want other people to capture your gossips using a tool like Wireshark. For example, because you use untrusted wireless access points. Yes... well I believe you are right in those examples :-) Take care David