[freenet-support] HUSH! Usability and Security Hackathon
Hi, I'd like to invite the Freenet project to the HUSH! Usability and Security Hackathon at Cardiff University in June. Please drop me a line if you have any questions! Cheers, Michael HUSH! Usability and Security Hackathon 18-19 June 2015 Cardiff University, UK The DCSS Project (Digital Citizenship and Surveillance Society) is hosting a two-day hackathon for usable and secure software in conjunction with the Surveillance and Citizenship Conference. The conference and hackathon will take place at Cardiff University on 18-19 June. The goals of the hackathon are: * To build relationships between designers, developers and users of security tools * To share ideas, experiences and skills for creating usable and secure software * To understand the communication needs of activists, journalists and civil society groups * To sit in a dark room hacking away at our laptops while the sun is shining outside REGISTRATION IS FREE if you give a lightning talk about your work. http://www.dcssproject.net/ The hackathon will take place in Cardiff, the capital of Wales. Cardiff has an international airport and is easily reachable from Bristol Airport and London Heathrow. Cardiff is two hours from London by train. For information about the hackathon, please contact Michael Rogers: mich...@briarproject.org For information about the conference, please contact Jonathan Cable: dcssproj...@cardiff.ac.uk Conference organizing committee: Dr Arne Hintz (Cardiff University), Prof Karin Wahl-Jorgensen (Cardiff University), Dr Lina Dencik (Cardiff University), Prof Ian Brown (Oxford University), Dr Michael Rogers (Briar Project, Technical University of Delft), Dr Jonathan Cable (Cardiff University) signature.asc Description: OpenPGP digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] [Tech] Some issues and considerations
Hi Stephen, In the UK, a new law has been brought in which would make it a crime for a suspect who has encrypted data on his computer to fail to reveal the password to the police. The police can only issue a disclosure order if they believe on reasonable grounds... that a key to the protected information is on the possession of the person in question. I'm not a lawyer but that suggests a defence on the basis that you don't have, and have never had, the key in question. http://www.opsi.gov.uk/acts/acts2000/ukpga_2023_en_8#pt3-pb1-l1g49 And in the USA, users with encrypted content are curently protected by a constitutional right to privacy which prevents police from compelling them to disclose their passwords. But right now even that right is being put into question with an important test case taking place (see link below)... The test case relates to users who know a password but refuse to disclose it; it does not relate to users who don't know a decryption key (which would be too long for most people to memorise anyway). It is also important to point out that at least in the USA the NSA avails itself to the use of advanced programs that can carry out advanced 'dictionary analysis' to permute nearly every possible combination of letters and numbers for a 'brute force' attack to discover the password for an encrypted file - a process that can take years. Again, this is not strictly relevant - a password can be cracked using brute force, but a 256-bit encryption key can't. Secondly, there are government installations in the UK (for instance a new MI6 building on the London enbankment, which has the national internet traffic channeled through it) which carry out surveillance of communications including internet communications. This surveillance includes not just keyword profiling but also several other different kinds of intelligent and statistical analysis of the traffic itself, even where encrypted files are involved, and an significant intelligence perspective can be obtained in this way. Yes, traffic analysis is a very important issue. Freenet does its best to frustrate traffic analysis by using a transport protocol with no unencrypted header fields, delaying and coalescing small packets to disguise timing patterns, and padding packets to disguise the size of the payload. Nevertheless I'm sure it's possible to design a rule for a deep packet inspection engine that will identify Freenet traffic. A possible direction for future research would be hiding Freenet traffic inside other application-layer protocols (HTTP, BitTorrent, RTP etc). Cheers, Michael ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] [Tech] Some issues and considerations
Hi Stephen, > In the UK, a new law has been brought in which would make > it a crime for a suspect who has encrypted data on his computer to fail > to reveal the password to the police. The police can only issue a disclosure order if they believe "on reasonable grounds... that a key to the protected information is on the possession of" the person in question. I'm not a lawyer but that suggests a defence on the basis that you don't have, and have never had, the key in question. http://www.opsi.gov.uk/acts/acts2000/ukpga_2023_en_8#pt3-pb1-l1g49 > And in the USA, users with encrypted content are > curently protected by a constitutional right to privacy which prevents > police from compelling them to disclose their passwords. But right now > even that right is being put into question with an important test case > taking place (see link below)... The test case relates to users who know a password but refuse to disclose it; it does not relate to users who don't know a decryption key (which would be too long for most people to memorise anyway). > It is also important to point > out that at least in the USA the NSA avails itself to the use of advanced > programs that can carry out advanced 'dictionary analysis' to permute > nearly every possible combination of letters and numbers for a 'brute > force' attack to discover the password for an encrypted file - a process > that can take years. Again, this is not strictly relevant - a password can be cracked using brute force, but a 256-bit encryption key can't. > Secondly, there > are government installations in the UK (for instance a new MI6 building > on the London enbankment, which has the national internet traffic > channeled through it) which carry out surveillance of communications > including internet communications. This surveillance includes not just > keyword profiling but also several other different kinds of intelligent > and statistical analysis of the traffic itself, even where encrypted > files are involved, and an significant intelligence perspective can be > obtained in this way. Yes, traffic analysis is a very important issue. Freenet does its best to frustrate traffic analysis by using a transport protocol with no unencrypted header fields, delaying and coalescing small packets to disguise timing patterns, and padding packets to disguise the size of the payload. Nevertheless I'm sure it's possible to design a rule for a deep packet inspection engine that will identify Freenet traffic. A possible direction for future research would be hiding Freenet traffic inside other application-layer protocols (HTTP, BitTorrent, RTP etc). Cheers, Michael
