User: Password:
|
|
Subscribe / Log in / New account

Gräßlin: FLOSS after Prism: Privacy by Default

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 4:24 UTC (Sun) by Richard_J_Neill (subscriber, #23093)
Parent article: Gräßlin: FLOSS after Prism: Privacy by Default

I think we need to define more clearly who is the adversary (aka "Eve" in the Alice & Bob illustration). I don't think that it's really corporations who are the problem - whatever the sins of Facebook, Google, Doubleclick, etc may be, it's always possible for the consumer to opt out. The problem is clearly government and the (regrettably, usually legal) actions of the "security" services. These, we cannot opt out of, though they are far more of a threat. Also, the metadata is as much a problem as the data (the EFF explain it very lucidly here: https://www.eff.org/deeplinks/2013/06/why-metadata-matters ).

For example, I might (with reservations) be perfectly happy to trust Facebook not to be evil with a subset of my personal data. But I don't trust my ISP to carry the data back and forth without leaking it (or the metadata, if it's encrypted), I distrust the legal process which could subpoena it (from the ISP or FB), and I very much distrust the governments and agencies involved.

So, I think we actually need to fix the infrastructure. For example, Firefox should always embed Tor (and make it easy to run an intermediate node); Thunderbird should include enigmail; part of the setup for every Linux distro should include crypto; we need a genuinely trustworthy SSL certificate root (and perhaps a body such as the EFF to allocate free SSL certificates to every Linux installation: for example, when I set up apache, it should be able to get an SSL cert automatically, much in the same way that openssh-server generates a key on first run).

Also we need a solution for *routing*. I don't know how this could be done... for example, how do I make a DNS request without the DNS server's administrator knowing; or how do I send an email to a friend without leaking the metadata of the fact of that communication: who spoke to whom and when. [Has this been solved in any of the bit-torrent protocols?]

On the up-side, we now mostly have >10Mbit/s connections for most ADSL users... that means that most of the time, we could tolerate a 10x slowdown in data speed (especially if combined with pervasive, transparent use of rsync and compression). So Tor-by-default might be a good way to go.
Also, much of the world has smartphones now... so Android could implement encrypted, off-the-record messaging by default.

In my view, what we need now is leadership and co-ordination. While I'd like to hope we can defeat the NSA at the ballot box, we will probably have to do it in source-code: not just for ourselves, but for our less-technical friends and family, even those in the Windows world.


(Log in to post comments)

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 7:19 UTC (Sun) by maxiaojun (guest, #91482) [Link]

Are you proposing a totally anonymous Internet. If so, I guess would be a paradise for terrorists, drug dealers, pornographies, ...

If FLOSS people really love anonymity, why don't they try this idea in FOSS communities first?

Why LWN commenting requires an ID?
Why bug reporting requires registration and E-mail address?
Why mailing lists requires an E-mail address?
Why IRC channels requires a nick, sometimes even a registered one?
...

On the other hand, FOSS communication's archive is generally public accessible, isn't this a major source of privacy leaking?

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 15:51 UTC (Sun) by Richard_J_Neill (subscriber, #23093) [Link]

> Are you proposing a totally anonymous Internet. If so, I guess would be
> a paradise for terrorists, drug dealers, pornographies, ...

Not quite: I'm proposing a totally pseudonymous Internet.

The problem with computers is that we don't get shades of grey. Everything is binary. Either we build an fully encrypted network (and yes, this will enable some of the bad guys), OR we permit a complete surveillance state.

The lessons of history teach us how fragile democracies are, how easily they fall, and how little we should trust the "guardians" with power. Personally, I'll take the risk of terrorism over the risk of tyranny,

Off-topic: might I also suggest that the way many terrorists are created is by disenfranchisement. If governments were denied the illusion that surveillance is a magic solution to terrorism, it might just possibly encourage our politicians to seek proper solutions to the issues.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 12, 2013 7:46 UTC (Mon) by jezuch (subscriber, #52988) [Link]

> Are you proposing a totally anonymous Internet. If so, I guess would be a paradise for terrorists, drug dealers, pornographies, ...

Ah, the usual collection of boogeymen. I'm not going to let the 0,01% of wrongdoers spoil the Internet for the remaining 99,99%.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 12, 2013 10:49 UTC (Mon) by jwakely (guest, #60262) [Link]

> Are you proposing a totally anonymous Internet. If so, I guess would be a paradise for terrorists, drug dealers, pornographies, ...

Note that terrorists, drug dealers, pornographers etc. can also use public transport, allowing them to travel anonymously from home to their place of business to freely conduct terrorism, drug dealing or pornography. They are also allowed to gather in public places to form their nefarious plots and schemes. They also buy food in shops, without having to identify themselves. We even allow them to view inspirational movies such as The Rock, Blow and Boogie Nights.

We must make every home a prison.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 12, 2013 10:52 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

>We must make every home a prison.
Don't give them ideas.

By now it's pretty clear that the US (and UK) governments use "1984" and "Fahrenheit 451" as instruction manuals.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 13, 2013 13:30 UTC (Tue) by Seegras (guest, #20463) [Link]

> Are you proposing a totally anonymous Internet.

Anonymity is actually a cornerstone of democracy. Because, you know, if it does not exist you could be blackmailed or strong-armed by somebody who wants you to vote his way. Or even more insidious, find out what you're likely going to vote, and try to suppress your vote by some other means, like black communities in the USA that were prevented from voting.

Anyone being against anonymity is likely an enemy of democracy.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 23, 2013 2:13 UTC (Fri) by elanthis (guest, #6227) [Link]

> Why bug reporting requires registration and E-mail address?

Actually, this is a severe usability problem. Almost every time a user wants to file a bug they have to (a) find the bug reporting site, (b) find and click "sign up", (c) fill in three pages of info, (d) wait for an email that does not always show up instantly, (e) go to a confirmation or login page, (f) finally start filling in a rigid form designed by people who think every user is an experienced QA lead, and then (g) potentially get stuck receiving email updates for the next 5 years on a bug that is apparently too contentious or difficult to just fix.

The vast majority of people never even get to step (a). A very large number of people getting past that stop at (b)-(e). (g) and the pain of going through the prior steps trains more people to not even bother with (a). The system is broken.

I've been very happy with an open bug report form using Akismet and some other strategies to eliminate spam. The form has an _optional_ sign up field offering Google or Facebook or OpenID login. The bug report entry is just a big text field.

If I get a low-quality report with no contact email, I just hit the big easy red "Ignore" button in the admin-side. The workflow is incredibly simple. I get a number of bug reports I'm quite certain I never would have gotten otherwise. For larger projects, we have trainers QA teams who filter the bugs from users before passing them to devs, so low-quality reports never waste a minute of engineering time.

The best systems collect as much information as possible (I realize the irony given the nature of this thread) and then filter things down to relevant kernels. Even if 90% of the bugs received are too low-quality to spend time trying to fix, trends of what kinds of bugs received, categories (selected by the triage team) and keywords, and so on all help build up very real and useful data that doesn't exist when only the most diehard and desparate users are filing bugs.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 8:41 UTC (Sun) by mgraesslin (subscriber, #78959) [Link]

See my second blog post to that topic: http://blog.martin-graesslin.com/blog/2013/08/floss-after...

I think you will find some of your ideas covered :-)

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 14:29 UTC (Sun) by raven667 (subscriber, #5198) [Link]

> I don't think that it's really corporations who are the problem - whatever the sins of Facebook, Google, Doubleclick, etc may be, it's always possible for the consumer to opt out. The problem is clearly government

I think those are one in the same, data collected by private companies is available to the government spooks and the problems with collecting this data are just as bad if private companies do it as when the government does it.

It's not a matter of opting out of modern living, like some sort of electronic Amish, its a matter of having clearly articulated standards of behaviour (laws) and then enforcing those standards with oversight (regulation). This can be accomplished if the populace is willing to work the levers of power (democracy) to make it happen, otherwise whoever else is working the levers of power (plutocrats) will have their way and no useful standard of behaviour will be enforced.

Personally I'd like to see privacy laws such that it would be illegal to hold personally identifying information from say web server logs for more than two weeks. You could anonymize your stats and roll it up into reports but not keep the full resolution data. Same for phone companies, do they even need to record call history for billing purposes any more, many plans are flat rate, unlimited calling, so we could require that call history not be recorded at all, or be destroyed at the end of the billing period and not be shared with outside parties or used for any other purpose.

> I might (with reservations) be perfectly happy to trust Facebook

Without transparency and oversight that "trust" is blind and very asymmetric, they can make a lot of informed guesses about you as a person but you have no idea how they are judging you.

> Also we need a solution for *routing*. I don't know how this could be done... for example, how do I make a DNS request without the DNS server's administrator knowing; or how do I send an email to a friend without leaking the metadata of the fact of that communication: who spoke to whom and when. [Has this been solved in any of the bit-torrent protocols?]

I don't think is the path to go down, at best it might be useful for those people who have a high tolerance for operational security but it's probably fundamentally impossible to communicate the way we normally do without leaving a lot of metadata for traffic analysis.

> In my view, what we need now is leadership and co-ordination. While I'd like to hope we can defeat the NSA at the ballot box, we will probably have to do it in source-code: not just for ourselves, but for our less-technical friends and family, even those in the Windows world.

I think that if you don't fix this stuff at the ballot box then, while you might have a few cypherpunks patting themselves on the back about how clever they are, the rest of the population is just going to be herded into the wood chipper, metaphorically speaking. Hopefully just metaphorically, the tools the NSA wields and the data that Google and Facebook have, should not be handed on a silver platter to the next Stalin, as if that kind of great evil can't happen again or can't happen here.

The only way to keep data safe is to not have it at all.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 15:35 UTC (Sun) by NAR (subscriber, #1313) [Link]

"Same for phone companies, do they even need to record call history for billing purposes any more, many plans are flat rate, unlimited calling, so we could require that call history not be recorded at all, or be destroyed at the end of the billing period and not be shared with outside parties or used for any other purpose."

A couple of years ago a band of people started kill minority (roma) persons randomly in Hungary. Went to a secluded house, set it on fire, then shoot down the fleeing inhabitants (including a four years old boy). Part of the evidence against them was mobile phone call history, because the same SIM cards were used where the murders were committed. I don't know how key was this information, but it was definitely used to found the criminals.

I know there's a cultural difference between the US and Europe (especially Eastern Europe) about privacy - but maybe having that information is not that bad. If you don't trust the handling of that information, why do you think they wouldn't keep the data even if you require them to not keep it?

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 11, 2013 16:12 UTC (Sun) by Richard_J_Neill (subscriber, #23093) [Link]

> I think that if you don't fix this stuff at the ballot box then, while
> you might have a few cypherpunks patting themselves on the back about
> how clever they are, the rest of the population is just going to be
> herded into the wood chipper, metaphorically speaking.

I absolutely agree with you, and with your proposals for strong privacy laws. But sadly, the majority of people do not truly appreciate the dangers, and for those that do, there is no clear choice of political party that will really stand for freedom (and have the nerve to take on the national-security apparatus, and that has a chance at the election). By the time privacy truly hits the political headlines, it will be too late.

Obama just said: "It's true, we have significant capabilities. What's also true is that we show a restraint that many other governments around the world refuse to show..."

I don't want a world where businesses usually obey the civilian laws, but everything can be monitored the instant that the NSA choose to refrain from restraint.

Therefore, I think that we need a technical solution. If this is done properly, we can protect the entire World, not just the privacy-aware techies in the West. The majority of the Internet runs on FOSS. So, let's bake strong privacy into the Linux kernel, Apache, Firefox, BIND, etc, and let's also make it really *easy* for non-experts to harden their systems.

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 12, 2013 7:59 UTC (Mon) by jezuch (subscriber, #52988) [Link]

> Obama just said: "It's true, we have significant capabilities. What's also true is that we show a restraint that many other governments around the world refuse to show..."

That's... disastrous. This is very much subject to the Murphy's Laws, as originally formulated by Murphy: if there are two possible ways to do something and one of them leads to a disaster, sooner or later someone will do it the wrong way. The corollary is that an existing capability begs to be used. If there is a capability that can be used to catastrophic ends, sooner or later (or rather sooner than later) someone, authorized or not, will use it this way. Restraint be damned...

Gräßlin: FLOSS after Prism: Privacy by Default

Posted Aug 14, 2013 11:43 UTC (Wed) by Arker (guest, #14205) [Link]

"there is no clear choice of political party that will really stand for freedom (and have the nerve to take on the national-security apparatus, and that has a chance at the election)"

There is the LP which will clearly stand for freedom and have the nerve, and it already has a history of clearing the massive ballot access hurdles, so for a third party it's the obvious choice.

There is a developing left-right coalition that just needs to coalesce fully to be able to displace the current duopoly. Neither the traditional left nor the traditional right sides of that coalition can accept the LP platform whole, the lefties fail economics and the righties fail reproductive rights, but both sides are ever so slowly coming to accept that we have to shut down the national insecurity state first, and there is no point in arguing the rest until after that is done.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds