#1
[account deactivated]
#2
it's not, close thread
#3
https://www.docdroid.net/2zof0Nj/basicpoliticsofmovementsecurity.pdf

"Even here, though, politics shines the farthest light. When a comrade once was offering me the favor of installing an "unbreakable" encryption program on my dusty old Apple, without his ever thinking about it a number of political decisions were involved. Was this so that i could have "sensitive" messaging and say dangerous things to other comrades without fear of the state? If so, that means i should be willing to risk prison for using that "security" measure. Prison or death for my comrades as well as myself. Betting that this particular technology is "unbreakable" or can never be defeated.

"Of course, our encryption does not have to be cracked to be overcome. The weakest link is the enduser. Any encryption does no good if your laptop itself has had remote control covertly installed on it, or if it is physically bugged. Journalists whose life's work depends on repelling state computer surveillance - such as those who worked with NSA leaker Edward Snowden - never let their laptops leave their sight. They always had the machines physically with them. It's a strict regimen, to be sure.

"If in five or ten years NSA or a band of brilliant hackers in Uruguay does succeed in cracking that code, NSA won't be nice enough to warn us. They'll want us to go right on blathering away telling them everything. Plus NSA has by their own admission saved every single email message ever sent globally since the birth of the internet, so if they ever crack that supposedly eternally invincible code someone's ass would be grass. Hmm, that's a lot to risk just for the privilege of talking indiscreetly. Nothing wrong with having computer encryption or using word substitution code in telephone calls or whatever, but i am for always being discreet and careful too."
#4
[account deactivated]
#5

Caesura109 posted:

how state agencies themselves interact with Tor - is there evidence that it is a breeze for them to crack,

Unless you personally understand the technology well enough to conclude definitively that it can't be cracked, then you should assume they can. The government could also probably just arrest you and say look, they were using Tor, a well known tool from the hacker tool kit, and the judge will be like Haha fuck them then

#6
[account deactivated]
#7
[account deactivated]
#8

drwhat posted:

shriekingviolet posted:

yeah no one involved in any kind of organizing should ever rely entirely on technology for security or privacy. all those technofetishist clickbait articles about how whatever new app or protocol is the cool new hip way for activists to evade the surveillance state exist to create false confidence in practices that will get you burned every time.
the "hacktivists" creating these tools at least come from (and keep up with) the same circles and often are the exact same persons as the consultants and analysts described above

like has already been said itt, this all agrees exactly with my experience as well, and people who really love calling themselves "hackers" with no trace of irony are absolutely convinced that e.g. Tor is completely secure and that the other tools they use are generally solid as well, and then you get "revelations" like the Heartbleed bug that the NSA knew about and may well have even introduced to the most popular cryptography code library, etc etc.

Tor is really simple: everyone participates by connecting to a bunch of other "entry nodes" (the node locations are published publicly) and then passing along encrypted traffic between each participant. eventually it exits to the normal, unencrypted internet on a semi-random exit node. the idea being that no one knows which traffic is yours or someone else's.

in truth it's all completely traceable if you either (a) can monitor all entry/exit traffic globally over the internet, (b) control more than 50% of Tor nodes, or (c) the encryption has a flaw. these things are still thought of by a lot of users to be practically impossible, but A is already done and B is quite possible.

and that's just tor. everything has holes. i would assume that nearly everything you've ever read or written online, whether you thought it was anonymous or not, is in an equivalent to google on US government servers and all anyone ever needs to do is type the right keywords to find you and then it's all there. deleting things is pointless. all you could hope to do is slowly shift your usage patterns into zero while creating some kind of entirely separate online persona with zero connections (credit cards, same passwords, friends, writing style, IP addresses) to the previous one, and you're probably not going to do that! so we can merely be conscious of the fact that everything is catalogued, forever, and we control nothing. we are sending every keystroke to the nsa.

hope everyone had a nice christmas!


#9
Tor is mostly safe if you use it for its intended purpose of buying drugs on line.
#10
...But we can all agree that Signal is complete woo, no?
#11
i never really understood the relevance of this debate for most people. i mean it's interesting to think about but yeah. i would guess you need to think in terms of an overall security plan for yourself or your organization. for the vast majority of people, i doubt the weak link in their current plans is "intelligence agencies can theoretically read our communications if they aren't encrypted". if you are that important to intelligence agencies then you are probably already monitored in all sorts of other ways. if you have wildly important information to send then you should probably be using traditional codes too. but whenever they release chat logs from these things they are always people who seem manic just talking in plain english or whatever.
#12
the only Tor i'd hide behind, is the famous Tor Johnson mask


#13
Everyone in my DSA chapter uses signal for like everything. It's really obnoxious getting that fucking plunking notification sound when it's just someone asking if I'm going to the bar tonight or whatever like do we really think cops are fucking poring over our texts just to find out that we endorsed the same state senator as their union did?
#14
If the P=NP problem is ever solved (I forgot whether it needs to be proven or disproven) then I think a whole slew of encryption methods will become useless, according to one of my old math profs
#15

rolaids posted:

Everyone in my DSA chapter uses signal for like everything. It's really obnoxious getting that fucking plunking notification sound when it's just someone asking if I'm going to the bar tonight or whatever like do we really think cops are fucking poring over our texts just to find out that we endorsed the same state senator as their union did?

I was thinking about Signal as a form of "security theater" that affirms the user's political significance. Then I thought, maybe the name Signal means, by refusing to use it, i Signal to all the quasi-liberals about me, that I don't respect them enough to think their plans need to be furtive. And that made me so sad I had to eat a banana to recover..

#16
[account deactivated]
#17
its pretty easy to write a bash script to generate one-time pads but good luck safely distributing them prior to use
#18

toyotathon posted:

wouldn't we notice the internet losing, and responding to losing, its encryption pretty soon after it happens? regular use of encryption-breaking algorithms or machines would not be able to stay a state secret for long or exclusive state property.



so, i do agrew with basically everyone here saying that you have to be important enough to merit someone's attention to actually care about any of this - otoh, the problem with the zero effort omni surveillance state is that once you are a person of interest, there's already a stack of data on you, so maybe it does make sense to be a psycho security nerd before you're interesting to anyone with a three letter job.

anyway, broken encryption. would we know? it seems really unlikely. the kinds of eggheads who are into cryptography are also extremely into the game theory of not blowing the fact that you have broken someone else's cryptography. presumably the nsa (or whoever else) has paid for more encryption methods to have backdoors in them than just the one Reuters broke in 2013. they're not going to broadcast this capability, they're going to selectively tip off other more public agencies to look into something and give away as little as possible each time.

when ww2 ended it was found out that the germans never figured out that the allies could read Engima, but it had been broken for years. i am pretty sure everyone in the nsa knows that story.

#19

Bukku_Man posted:

...But we can all agree that Signal is complete woo, no?



its epic woo, unlike the flying spaghetti monster which is epic for the win

#20

swampman posted:

I was thinking about Signal as a form of "security theater" that affirms the user's political significance. Then I thought, maybe the name Signal means, by refusing to use it, i Signal to all the quasi-liberals about me, that I don't respect them enough to think their plans need to be furtive. And that made me so sad I had to eat a banana to recover..



downloading the app signals to an automated system somewhere that focusing on you through other channels will be more likely to result in an arrest

#21
[account deactivated]
#22
All us rhizzone posters will be round up in the first wave of bourgeois political terror so leave good posts for posterity that's what I say.
#23
shitpost out of spite
#24
because of our good posts we will be swept up by the FSB and brought to russia to train to become superposters when they unleash hybrid war over the mexican border.
#25
[account deactivated]
#26
when the Seymour Hersh story about Osama bin Laden's death came out, one of the things that struck me as particularly more realistic vs. the official US story was how they found bin Laden in the first place. in the US' story, it was straight out of '24'...high-tech surveillance, "TRIANGULATE THE POSITION AND ENHANCE", with some good ol' waterboarding that *really made the difference.* in the Hersh version, the Pakistani government just bribed the shit out of Pashtun villages until someone gave him up.

this is what crypto-nerds do not get about intelligence agencies: most of their solutions are "all too human." the FBI does not need to spend countless hours researching if there are loopholes to a properly executed Diffie-Helman key exchange in order to spy on your communist org. they just get a snitch in there. the entire intelligence industry is powered by infiltrators, snitches, sell outs, useful idiots, and blackmailed schmucks.

the point that Yasha was trying to make isn't that Tor's algorithms are unsound. who gives a shit if they are? his point was that, judging by the number of military contractors and state department actors involved in the creation of Tor, the US is clearly not worried about Tor as any kind of real threat, despite what guys like Snowden might think. why would they be? until there's a Google Glass plugin that automatically points out informants, there's not much that Silicon Valley is going to do that'll affect how the CIA does business.

t's much more likely that the US would try to weaponize in use against Iran or China than it ever being used to successfully circumvent the US intelligence industry in any kind of serious way