Armed Polite Society
Main Forums => Politics => Topic started by: longeyes on November 20, 2012, 11:38:14 AM
-
Well, I guess it's back to smoke signals, pigeons, and crumpled napkins.
No doubt cryptography will see a new resurgence.
http://news.cnet.com/8301-13578_3-57552225-38/senate-bill-rewrite-lets-feds-read-your-e-mail-without-warrants/?part=rss&subj=news&tag=title
-
Home servers and personal DNS registrations. Personal mail servers, not hosted "out there." Encrypted disks.
-
We can use some practical advice from our brethren on this forum on this one.
-
Home servers and personal DNS registrations. Personal mail servers, not hosted "out there." Encrypted disks.
Encrypted disks, yes. Home servers are only as secure as the software that runs them - which in most cases isn't very. Especially with the government able to run man-in-the-middle attacks.
-
Home servers and personal DNS registrations. Personal mail servers, not hosted "out there." Encrypted disks.
Encrypted disks, yes. Home servers are only as secure as the software that runs them - which in most cases isn't very. Especially with the government able to run man-in-the-middle attacks.
Linux, a bit of time making a good set of iptable rules (host based firewall), and postfix. You're more secure than 99% of companies on the planet earth. Use encrypted disks and encrypted backups, you're more secure than 99.999% of the companies or governments.
If you use an encrypted disk, and ssh your traffic, even if you're using a leased VPS, you're fairly secure even from warrants against your host. It's theoretically possible to do some interesting things through the CPU, but... Not very practical. They can ask YOU for the key, but they won't get much aside from traffic analysis.
That is one thing I wouldn't mind writing or assembling. A chat client (preferably server cached until verified delivery) for smart phones, that ssh's to a server. Secure alternative to SMS. Sort of like simplistic, retarded email but drastically easier than PKI.
-
one hundred percent method?
don't say anything you don't want heard or at least don't say it online
-
Linux, a bit of time making a good set of iptable rules (host based firewall), and postfix. You're more secure than 99% of companies on the planet earth. Use encrypted disks and encrypted backups, you're more secure than 99.999% of the companies or governments.
If you use an encrypted disk, and ssh your traffic, even if you're using a leased VPS, you're fairly secure even from warrants against your host. It's theoretically possible to do some interesting things through the CPU, but... Not very practical. They can ask YOU for the key, but they won't get much aside from traffic analysis.
That is one thing I wouldn't mind writing or assembling. A chat client (preferably server cached until verified delivery) for smart phones, that ssh's to a server. Secure alternative to SMS. Sort of like simplistic, retarded email but drastically easier than PKI.
This stuff makes my head swim. Is there a nice step-by-step with pictures type of tutorial out there?
-
I've always wondered what would happen if you started sending random PGP encoded strings inside of an MMORPG game like World of Warcraft's chat feature. Not aimed at any particular other character, just in the general chat window for a given 'zone.' Keep it in a low population density zone (not the trade channel at Stormwind, for example... maybe Arathi Highlands?).
Any idea how long it would take until your account got kaibashed and/or you got an interesting visit?
Anything in the EULA about using WoW chat to send encrypted information?
-
I've always wondered what would happen if you started sending random PGP encoded strings inside of an MMORPG game like World of Warcraft's chat feature. Not aimed at any particular other character, just in the general chat window for a given 'zone.' Keep it in a low population density zone (not the trade channel at Stormwind, for example... maybe Arathi Highlands?).
Any idea how long it would take until your account got kaibashed and/or you got an interesting visit?
Anything in the EULA about using WoW chat to send encrypted information?
Iono. While i'm waiting for the tank LFR queue to pop, i'll play around
-
one hundred percent method?
don't say anything you don't want heard or at least don't say it online
Not practical or possible these days. Perhaps you can do so, but for businesses or organizations?
Remember, there is no difference to the telephone company between your IP traffic, texts or phone calls. You calling your best friend is just as "online". They go over the same connections, on the same hardware. It's all just different types of traffic. ASCII or unicode is slightly easier to search, but speech to text is "good enough" when it comes to harvesting (especially when you're recording voice for later analysis if needed).
This stuff makes my head swim. Is there a nice step-by-step with pictures type of tutorial out there?
(Insert picture of cash) (insert picture of trusted associate) (insert picture of handing cash to trusted associate)
Step 1. Give money to someone you trust to do it for you.
-
Encryption. Hidden truecrypt partition so if you're "forced" to give up the key, you give up the key to the partition that doesn't matter.
-
most of what i do or say is safe for public dissemination. that which isn't? isn't and the rules for secrets are still in effect
-
that which isn't? isn't and the rules for secrets are still in effect
Let's say you do contract work. Would you be happy with your competition being able to intercept your bids? Or your calls to suppliers?
It's not "secret", but it's not necessarily information you want specific folks to have.
What about a young lady with a stalker? Any electronic message gives locational information of some sort.
What about a person trying to expose union crimes?
What about someone trying to stomp on a union?
Suppose you're trying to leave your place of employment. Good luck without emailing resumes or other contact information.
None of these may involve secrets, just information you DO NOT want to pass on to specific parties. IF there is no accountability, it WILL be abused for all of these purposes and hundreds of others. Even with things requiring warrants, abuse and mistakes are relatively common.
I am quite and not sarcastically sure that you BELIEVE most of what you disseminate is safe. Trust me, gimme access to what Leahy is proposing, and I could find significantly more than you'd ever think possible. Technically, could do SOME of that legally at the moment. But the acceptableness is moving only in one direction. And it will become easier and easier to hang any innocent man.
-
Technically, could do SOME of that legally at the moment. But the acceptableness is moving only in one direction. And it will become easier and easier to hang any innocent man.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
----Cardinal Richelieu
-
I've always wondered what would happen if you started sending random PGP encoded strings inside of an MMORPG game like World of Warcraft's chat feature. Not aimed at any particular other character, just in the general chat window for a given 'zone.' Keep it in a low population density zone (not the trade channel at Stormwind, for example... maybe Arathi Highlands?).
Any idea how long it would take until your account got kaibashed and/or you got an interesting visit?
Anything in the EULA about using WoW chat to send encrypted information?
Not a gamer so I didn't follow all that; I think you're talking about inserting occasional high-strength-encrypted noise into a public forum that has *very* high readership, but where the noise will not be disruptive to the forum? That would keep some people busy...
@roo-ster: I wasn't expecting the Spanish Inquisition
-
Let's say you do contract work. Would you be happy with your competition being able to intercept your bids? Or your calls to suppliers?
It's not "secret", but it's not necessarily information you want specific folks to have.
What about a young lady with a stalker? Any electronic message gives locational information of some sort.
What about a person trying to expose union crimes?
What about someone trying to stomp on a union?
Suppose you're trying to leave your place of employment. Good luck without emailing resumes or other contact information.
None of these may involve secrets, just information you DO NOT want to pass on to specific parties. IF there is no accountability, it WILL be abused for all of these purposes and hundreds of others. Even with things requiring warrants, abuse and mistakes are relatively common.
I am quite and not sarcastically sure that you BELIEVE most of what you disseminate is safe. Trust me, gimme access to what Leahy is proposing, and I could find significantly more than you'd ever think possible. Technically, could do SOME of that legally at the moment. But the acceptableness is moving only in one direction. And it will become easier and easier to hang any innocent man.
you forget there is a world off line i send bids snail mail or even hand carry them.i am reminded of why i was not encouraged to use weapons over hands in martial arts. one has a tendancy to only want to use the weapon it becomes a limitation not an asset
-
you forget there is a world off line i send bids snail mail or even hand carry them.i am reminded of why i was not encouraged to use weapons over hands in martial arts. one has a tendancy to only want to use the weapon it becomes a limitation not an asset
No, I don't. I will say that one cannot grow or operate past a certain size offline without extreme hindrance.
On the plus side, we are now living the Dystopian Sci-Fi future, folks! Woot!
-
On the plus side, we are now living the Dystopian Sci-Fi future, folks! Woot!
Yup. Joy.
-
1) The law never offered protection to anything that was not "in transit". Not yet sent? Already read? All were fair game from day #1. That's how/why they gor into what's-his-name's email to and from what's-her-name.
2) The government may not use excessive coersion to make you release an encryption key, but they can incarcerate you until you do. Can't recall the specific case but a lady denies that she has the key to an encrypted hard drive that the feds have not been able to decrypt and need to do so in order to determine if what's on it is evidence. The feds, predictably, say she knows the key. The judge says the feds can hold her as a material witness till three weeks after Hell freezes over or she divulges they key, whichever occurs first, if that's what they want to do.
Do you want your gruel left-handed or right-handed?
stay safe.
-
>Give money to someone you trust to do it for you<
Willing to work for cheesecake and mead? ;)
-
>Give money to someone you trust to do it for you<
Willing to work for cheesecake and mead? ;)
Sold! :lol:
-
2) The government may not use excessive coersion to make you release an encryption key, but they can incarcerate you until you do. Can't recall the specific case but a lady denies that she has the key to an encrypted hard drive that the feds have not been able to decrypt and need to do so in order to determine if what's on it is evidence. The feds, predictably, say she knows the key. The judge says the feds can hold her as a material witness till three weeks after Hell freezes over or she divulges they key, whichever occurs first, if that's what they want to do.
You have to first prove whether the device even has an encrypted container in the first place.
Could just be random 1/0 noise from deleted file segments that have been overwritten in the past. See? Here's my password to the only encrypted container on it, right here. There are no other containers. :angel:
-
1) The law never offered protection to anything that was not "in transit". Not yet sent? Already read? All were fair game from day #1. That's how/why they gor into what's-his-name's email to and from what's-her-name.
2) The government may not use excessive coersion to make you release an encryption key, but they can incarcerate you until you do. Can't recall the specific case but a lady denies that she has the key to an encrypted hard drive that the feds have not been able to decrypt and need to do so in order to determine if what's on it is evidence. The feds, predictably, say she knows the key. The judge says the feds can hold her as a material witness till three weeks after Hell freezes over or she divulges they key, whichever occurs first, if that's what they want to do.
Do you want your gruel left-handed or right-handed?
stay safe.
That's why we need to use torture.
-
Speak in riddles like The Joker or in parables like Jesus or learn an obscure Native American tongue, even better a dead language.
-
@roo-ster: I wasn't expecting the Spanish Inquisition
Nobody expects the Spanish Inquisition!
The chair is against the wall
John has a long mustache
I like pie
I=E/R
-
Linux, a bit of time making a good set of iptable rules (host based firewall), and postfix. You're more secure than 99% of companies on the planet earth. Use encrypted disks and encrypted backups, you're more secure than 99.999% of the companies or governments.
If you use an encrypted disk, and ssh your traffic, even if you're using a leased VPS, you're fairly secure even from warrants against your host. It's theoretically possible to do some interesting things through the CPU, but... Not very practical. They can ask YOU for the key, but they won't get much aside from traffic analysis.
That is one thing I wouldn't mind writing or assembling. A chat client (preferably server cached until verified delivery) for smart phones, that ssh's to a server. Secure alternative to SMS. Sort of like simplistic, retarded email but drastically easier than PKI.
If you figure out a system to bring all of that to your average interwebz user with convenience and little hassle, you should become wealthy beyond your dreams. Or end up in the Guantanamo-du jour.
one hundred percent method?
don't say anything you don't want heard or at least don't say it online
Self censorship. That IS what "They" dream of. No need for the special police if individuals police themselves. Kill the Idea, in the mind, before it escapes out your lips and infects the rest.
-
>Speak in riddles like The Joker or in parables like Jesus or learn an obscure Native American tongue, even better a dead language.<
Use Nostradamus' trick: mix languages
German grammar, words in Cantonese, French, Swahili, and Dutch (in different patterns)...
-
Speak in riddles like The Joker or in parables like Jesus or learn an obscure Native American tongue, even better a dead language.
Cait a bheil an taigh beag ?
:lol:
-
You have to first prove whether the device even has an encrypted container in the first place.
No. That is pure naivete.
The government will claim that you do have an encrypted container and hold you until you divulge the alleged key to the alleged data they claim you have, until the data looks like what they are looking for. That is the current reality.
I've been saying for years that people should encrypt everything, ESPECIALLY the mundane and boring stuff that you don't even care about hiding. If you read old cyberpunk SciFi (True Names etc.) it was assumed that in cyberspace, everything would be encrypted and everyone would be pseudonymous, because these pre-Internet pioneers could see the ramifications of doing otherwise.
We will probably get there eventually. Kim Dotcom (of Megaupload fame) got his mansion raided, cars and other toys stolen, and assets frozen for alleged criminal charges (mere copyright infringement wasn't enough to extradite him to the US; so the Hollywood shills at the FBI brought criminal money laundering charges instead). Now he's working on a new Megaupload concept where all content is encrypted by the user so that Megaupload itself doesn't know what the data IS, and so it can have perfect plausible deniability as to its legality, and also, the government can't find incriminating data even if it does raid their servers, because it would all be encrypted. Proper hackers have been saying 'well duh, that's the way you should have been doing it from the beginning' for decades now.
I have a feeling the next generation may have a much better understanding of public-key encryption and two-factor identification. And I'm not sure if I should be sad about that or relieved.
-
>Speak in riddles like The Joker or in parables like Jesus or learn an obscure Native American tongue, even better a dead language.<
Use Nostradamus' trick: mix languages
German grammar, words in Cantonese, French, Swahili, and Dutch (in different patterns)...
"... that seeing they might not see, and hearing they might not understand" (plus it would be really cool when you got good at it :cool:)
-
if using the encryption within the encryption method, would it be possible to use two passwords. one that gives you access to all your info, and the other that allows access to the first partition while erasing the second?
-
I have a feeling the next generation may have a much better understanding of public-key encryption and two-factor identification. And I'm not sure if I should be sad about that or relieved.
If they don't, they're going to have a rough time. But, laws will always exist to compromise security.
Problem is, PKI is annoying to implement correctly. Two-factor ID is better than nothing, but not very helpful if say, RSA's servers get hacked and they did such a crappy job that it compromises the folks that bought their two factor products.
if using the encryption within the encryption method, would it be possible to use two passwords. one that gives you access to all your info, and the other that allows access to the first partition while erasing the second?
Yes. Already exists.