Living with the surveillance state
Living with the surveillance state
Posted Oct 30, 2013 15:14 UTC (Wed) by raven667 (subscriber, #5198)In reply to: Living with the surveillance state by HIGHGuY
Parent article: Living with the surveillance state
Woah, strongly disagree. Technical solutions are by nature inflexible forcing people to circumvent them when their needs are outside the scope of the solution and you can't enumerate and prevent every kind of badness in the world, the effort of trying to do so is madness and leads to worse outcomes than the problems you are trying to prevent.
A strong audit capability, performed out in the open, is what works, and is what concepts like the warrant provide.
Also any proposal which begins with some variation of "If everyone would just ..." is dooooomed.
Posted Oct 30, 2013 17:06 UTC (Wed)
by PaXTeam (guest, #24616)
[Link] (28 responses)
> Woah, strongly disagree.
do you carry a key chain and lock doors? if you don't then please post your home and office addresses along with where you park your car. you should not have a problem with this since you must have a social solution to this problem already ;).
Posted Oct 30, 2013 18:20 UTC (Wed)
by mathstuf (subscriber, #69389)
[Link] (5 responses)
Posted Oct 30, 2013 22:14 UTC (Wed)
by PaXTeam (guest, #24616)
[Link] (4 responses)
Posted Oct 30, 2013 22:24 UTC (Wed)
by mathstuf (subscriber, #69389)
[Link] (3 responses)
And in the general case, your statement is wrong since a subset of all numbers (uncountably infinite) can be countably infinite (integers) or finite (integers uniquely representable by a single Arabic digit).
Posted Oct 30, 2013 22:41 UTC (Wed)
by PaXTeam (guest, #24616)
[Link] (2 responses)
Posted Oct 31, 2013 1:21 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
> state that a subset doesn't have the properties of the set
Did you mean to talk about *members* of the sets in question here?
What I was originally replying to is that ¬∀x.p(x) is not the same as ¬∃x.p(x). This is the conclusion you seem to have made given your reply here:
> > > Usually, a technical solution is superior to any social solution.
Posted Nov 1, 2013 22:35 UTC (Fri)
by PaXTeam (guest, #24616)
[Link]
> Did you mean to talk about *members* of the sets in question here?
yes i was being sloppy but thought it would be clear from the context, sorry if that made you misunderstand me. as for what i pointed out, it's really not hard: if you disagree with the elements of a set, you also disagree with the elements of any subsets of the set, unlike what you stated.
Posted Oct 30, 2013 19:08 UTC (Wed)
by nix (subscriber, #2304)
[Link] (11 responses)
No, what generally keeps everyone from getting robbed blind and society from collapsing is that in any system of this nature *cheating is rare* and there are systems in place to detect and punish cheaters to keep their numbers down: most of those systems are not technical but social and procedural. Among other things, just breaking a window is high-risk because there might well be someone inside who could hear you and send an alarm to a social cheater-deterrent system, to wit, the police. (Here I presume a police force consisting of thinking human beings, not a militarized horror like that in many parts of the US, which might well be considered by now a purely technical system without the ability to respond in a graduated or reasonable fashion!)
Of course, this doesn't mean that posting your home and office addresses and car location in response to a request to do so is sane: there is a low percentage of cheaters in any society, and one moderate-risk way of detecting potential targets might be to simply ask for relevant information while concealing your own identity. But just because a few cheaters exist, and that technical defences against those cheaters also exist, does not mean that the technical defences are the *primary* defences. Heck, on my street most of us have our front doors open most of the time during the summer days, sometimes even when nobody's home. Number of robberies: zero, despite the total absence of any technical measures against theft. We trust our neighbours to note any strange unshaven men leaving our houses bearing bags of swag, and any potential burglars realise this and don't try wandering in and nicking stuff. We happen to all know each other well enough that free-rider problems don't arise.
(I'm sure you've read Bruce Schneier's _Liars and Outliers_, in which he talks about all this at great length and much more clearly than you ever could. Perhaps you disagree with him?)
Posted Oct 30, 2013 19:08 UTC (Wed)
by nix (subscriber, #2304)
[Link]
Posted Oct 30, 2013 20:50 UTC (Wed)
by khim (subscriber, #9252)
[Link]
Bingo. IT world lived under different rules for so long it forgot how people interact with a real world. Think one recent hoopla. What happens if real world “security professional” (someone who tests keylocks for living) will pick a code of some Mom&Pop store (or, even worse, General Motor's HQ), visit it and make a copy of a couple of confidential documents? Just where exactly he'll be if he's not affiliate of said company? Sure, people do pick locks on safes and crack other systems regularly for different reasons—read Feynman's book, or Wozniak's one, but they absolutely do expect to see repercussions if caught. The fact that computer “security professionals” expect to see easy acceptance for such an acts is baffling to me: sure, if you want to study security precautions of some firm or a website then you need need to negotiate it in some form. It should not be advertised widely among the compnay employees or site visitors, but some people “at the top” must know about your efforts. If you go and crack different sites willy-nilly to collect information for your Phd.D. and you are caught… well, your Ph.D. will be postponed for couple of years, I guess. The whole “technical problem” vs “social problem” is false dichotomy: few problems are purely social and few problems are purely technical. All the security measures in the world can not protect you if some government feels you house must be cracked… either NSA or MSS will crack it. And it'll not matter much how many locks and how complex you've attached to your door. But if something is perceived as totally socially unacceptable then some rare individuals will still try to do that and to repeal them you need things like keylocks. Why computers should be any different? It's the same story.
Posted Oct 30, 2013 22:33 UTC (Wed)
by PaXTeam (guest, #24616)
[Link] (8 responses)
yet you failed to post a single address. i think that fact alone speaks for itself (and against everything you said ;) quite well.
as for Schneier, i have over 2k rss feeds, his isn't among them. that you should tell you something.
Posted Oct 30, 2013 23:13 UTC (Wed)
by khim (subscriber, #9252)
[Link] (6 responses)
Well, it says something, all right. It shows that people trust their anonymity (which is form of their social protection) more than they trust their locks (which is form of their technical protection). In what kind of world this information can be used as some sort of confirmation for your crazy position I just don't know.
Posted Oct 30, 2013 23:37 UTC (Wed)
by PaXTeam (guest, #24616)
[Link]
as for the topic itself, if one doesn't value technical measures and believes in the power of some 'strong audit capability, performed out in the open' (i trust you did read the post i replied to, didn't you?) then surely disclosing addresses protected by those pointless technical measures should be fine? also not disclosing addresses is not anonimity, it's fear of getting owned (broken into) despite all those so effective social measures.
Posted Nov 1, 2013 21:52 UTC (Fri)
by nix (subscriber, #2304)
[Link] (4 responses)
I am not a moron and will not compromise my safety to prove something to an anonymous blowhard like PaXTeam. (I note that PaXTeam is trying to get me to post my address when his name and indeed number remains opaque. Hypocrite.)
Posted Nov 1, 2013 22:46 UTC (Fri)
by PaXTeam (guest, #24616)
[Link] (3 responses)
Posted Nov 1, 2013 23:11 UTC (Fri)
by nix (subscriber, #2304)
[Link] (2 responses)
Posted Nov 2, 2013 8:05 UTC (Sat)
by HIGHGuY (subscriber, #62277)
[Link] (1 responses)
Well, maybe this statement missed some necessary nuances to make it acceptable for most of you.
The first would presumably be that any technical solution must be backed by a supportive social "contract". If really everybody is fine with the NSA spying on them, then you should not instate cyptography that makes it hard(er).
The second would be that ultimately the social solution (when followed by everyone) and the technical solution have the same effect.
This statement actually has its roots on the workfloor. When you worked out a procedure that people should follow to prevent breaking things for everyone then applying technical measures to guide/force them into that procedure is better than relying on education only.
My opinion is that the same thoughts can apply to society as well, in some cases.
In this last case you could say that this would mean that the cryptography in use should be strong enough to withstand mass cracking, but weak enough to allow case-by-case cracking. Which is a hard problem too, of course.
Posted Nov 12, 2013 21:29 UTC (Tue)
by filteredperception (guest, #5692)
[Link]
I was going to respond "not so hard, just traditional spying with picked locks and video or other bug capturing keys as and when they are used by the user". But that works onlysomuch when you have mathematically unbreakable crypto available, which is not a 100% for all time assumption one can make. So you are right, it is a hard problem. Because the first thought that comes to mind is that powers-that-be can (and I suspect do) try to solve it by making the methods of breaking the crypto a kind of orwellian 'unknowledge', that they will establish as such by truly any means necessary.
It's a jungle out there kids...
Posted Nov 1, 2013 21:49 UTC (Fri)
by nix (subscriber, #2304)
[Link]
Posted Oct 30, 2013 19:31 UTC (Wed)
by raven667 (subscriber, #5198)
[Link] (9 responses)
In any event the fanciness of your lock isn't what is keeping people out, it's the risk of social consequences which prevent bad actors from taking action much of the time. Having the ability to investigate incidents and increase the risk of consequences provides a ton of disincentive for bad actors.
There will still be incidents, you can't prevent that.
Posted Oct 30, 2013 22:23 UTC (Wed)
by PaXTeam (guest, #24616)
[Link] (8 responses)
and i'm still waiting for those addresses, actions speak more than words do, you know... no addresses = you believe in technical measures, simple as that.
as for what is an absolute technical measure, try to pick your own locks. i bet you can't. along with 99.9% (seems to be the random going measure here) of humanity. that makes locks an 'absolute' measure for 99.9% of humanity (including every single poster here ;). i wish we had anything close to that in other areas of life, computers or not.
Posted Oct 30, 2013 23:10 UTC (Wed)
by khim (subscriber, #9252)
[Link] (2 responses)
They have much better effect. The number one protection against burglar is privacy. If burglar knows where someone lives and knows that someone does not use two turns of key to lock the door every time (or, even better, if s/he knows that someone does not lock keys at all), well… this information is incredibly valuable for a burglar. THIS is why people don't publish it on websites. What does it change? You don't need to pick a lock. To pick a lock is akin to high-level rootkit which is totally stealthy and invisible. If you just want to take something from the apartment then you only need to have a strong scredriver: insert it into a lock hole and turn it with excessive force. All done. Often you can use just a flat screwdriver to move bolt. I think 99.9% (seems to be the random going measure here) of humanity can do that. Wow. Just wow. What kind of logic is that? Let me repeat once more: in a world with reliable locks (where technical measures dominate) this information will be absolutely worthless. Lock can not be picked up anyway, so why not publish it's location? In our world where lock is just a side-show and social aspect is the primary one… of course one will not give up their primary form of protection so easily! FWIW I've seen plenty of people who don't use large bolts on their doors and lock them only with a small latch. IOW: a lot of people are ready to neglect “technical measure of protection”. I've seen very few guys who post notes about their absence on a public website along with the address of apartment. On the contrary: a lot of guys arrange for the with neighbors pick of mail, periodic checking, etc to make sure it's not easy to notice that apartment is temporarily abandoned. IOW: they spent a lot of efforts on their “social measure of protection”. What does it say about relative merits of two approaches?
Posted Oct 30, 2013 23:52 UTC (Wed)
by PaXTeam (guest, #24616)
[Link]
and i thought you just said it was anonimity. make up your mind 'cos the two are different things. and never mind that it's also false as you clearly explain (and contradict yourself) in the rest of your sentence, good job ;).
as for picking a lock and whatnot, you clearly have zero experience with real life locks (and rootkits and other buzzwords, these things have about nothing in common) so maybe stay away from the topic, pretty please? ;)
as for the logic... it's really simple. if you state that you don't believe in technical measures yet you rely on them (=afraid of disclosing where exactly you do) then that's a clear case of hypocrisy, simple as that. my point is that the world isn't black and white where one or another measure dominates everything else, rather it's a careful balance that one has to adapt to his own circumstances (in different parts of the world you'll get away with a different mix of social/technical/etc measures).
Posted Nov 1, 2013 21:54 UTC (Fri)
by nix (subscriber, #2304)
[Link]
Posted Oct 31, 2013 4:49 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (2 responses)
I don't see people commonly going around testing doors, and when there are home invasions I don't see basic door locks being a factor.
> and i'm still waiting for those addresses, actions speak more than words do, you know... no addresses = you believe in technical measures, simple as that.
That's ridiculous, but whatever, I guess I'm too dumb to back down, whois raven667.org
> as for what is an absolute technical measure, try to pick your own locks. i bet you can't. along with 99.9% (seems to be the random going measure here) of humanity. that makes locks an 'absolute' measure for 99.9% of humanity (including every single poster here ;). i wish we had anything close to that in other areas of life, computers or not.
I don't see how that is relevant since 99.9% of people aren't commonly trying to break into my house. The risk can be increased if there are more people willing to transgress, if they are desperate for example, and if there is a failure of investigation and remediation, police don't come to your neighborhood for example, but that just makes my point that the strength of societies norms comes from the consequences of violating them, not from technical and authority systems which could prevent you from violating them if you desired to.
Posted Nov 1, 2013 22:56 UTC (Fri)
by PaXTeam (guest, #24616)
[Link] (1 responses)
Posted Nov 2, 2013 20:05 UTC (Sat)
by raven667 (subscriber, #5198)
[Link]
Thanks man, I love you too. 8-)
> why did you post a pointer to some data
Because I know that information is out there if you have two brain cells to rub together to find it, you can also find out where I work, how much I am paid and what my house is worth among other things. I know that I'm not truly anonymous when I speak online unless I have gone to significant effort to create an anonymous identity separate from my "normal" identity which I have not done.
I think the root of the disagreement is in the perception of risk. You seem to believe that my risk of a home invasion, or something bad happening to me, has been materially changed in some way and I disagree with that assessment. I also don't think you are actually going to jump on a plane and steal my toaster, or that our local drug addled poor are just waiting to read the lwn.net comment section to figure out which houses to rob. You could of course try and pull some juvenile prank which might change my risk assessment slightly but that would also say more about you than me and I am presuming that you are an adult.
A risk assessment which includes means, impact, and most importantly likelihood is useful for everyday living and as humans we are naturally bad at it. All risks seem highly likely and greatly harmful when they are not.
Posted Oct 31, 2013 5:34 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Let's see if your locks are going to help you.
Posted Nov 1, 2013 22:48 UTC (Fri)
by PaXTeam (guest, #24616)
[Link]
why would i want to contradict myself?
Posted Oct 31, 2013 18:22 UTC (Thu)
by HIGHGuY (subscriber, #62277)
[Link] (1 responses)
You are right that not all problems lend themselves well to being merely technological problems (with no social impact) and that sometimes what you're protecting against has legitimate use-cases (DRM, anyone?).
The point is that by making something illegal or socially unacceptable doesn't stop it from happening. That's why a technical solution is usually superior than a merely social solution.
Posted Oct 31, 2013 22:19 UTC (Thu)
by hummassa (subscriber, #307)
[Link]
A technical "solution" does not prevent it from happening or make it impossible, either. At most the technical measure would make it harder, but the NSA has infinitely more resources than the spied entity, and an infinite number of attack vectors to obtain the sought information.
> sometimes what you're protecting against has legitimate use-cases (DRM, anyone?).
DRM, as I have reiterated many times, is neither a legitimate cryptography application (because it seriously hinders protected-by-law Fair Use) NOR a technically or mathematically sound cryptography application (because B and E are the same person.
> The point is that by making something illegal or socially unacceptable doesn't stop it from happening. That's why a technical solution is usually superior than a merely social solution.
That's where IMNSHO you have it backwards: there is never a perfect technical solution, and that's why you MUST have a social solution if you want to have any chance of making the "something" happen less.
An analogy: we will NEVER have zero murders. Currently, there is no technical protection against being murdered, but even in a Dune-like future where you can't be murdered by projectile weapons, people will murder each other with knives and poisons, or just putting each other in the pool and removing the ladder. Now, if murder is socially acceptable, there is no reason NOT to murder the people in front of me in traffic. So we make murder socially unacceptable with the objective that we have less murders.
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
> > Woah, strongly disagree.
> do you carry a key chain and lock doors? if you don't then please post your home and office addresses along with where you park your car. you should not have a problem with this since you must have a social solution to this problem already ;).
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Even there, a social solution (that a reasonable man does not burgle others' houses, and reports burglars seen burgling others' houses, and that when called to a burglary in progress the police bother to turn up) does 99.9% of the work.
Living with the surveillance state
> during the summer days, sometimes even when nobody's home. Number of
> robberies: zero, despite the total absence of any technical measures
> against theft.
Living with the surveillance state
yet you failed to post a single address. i think that fact alone speaks for itself (and against everything you said ;) quite well.
Living with the surveillance state
Living with the surveillance state
so much nasty ad hominem, i'm hurt! more seriously, why don't you get familiar with the dictionary and look up what a hypocrite is. then quote me back where you think i said something that makes me one ;). asking for your address while not publishing mine isn't it: i stated already that i do *not* believe in black&white measures (only this or only that), but in a mixture of them, so keeping information secret is perfectly fine for me, as is using locks. but if someone believes that technical measures are superflous because he lives in such a nice neighbourhood, go ahead and prove it. you have yet to back up your statement with actual action. IOW, you're just trolling as usual.
Living with the surveillance state
Living with the surveillance state
i stated already that i do *not* believe in black&white measures (only this or only that), but in a mixture of them, so keeping information secret is perfectly fine for me, as is using locks.
In that case, please stop posting until you have the ability to express yourself in a fashion that does not cause complete misunderstanding by everyone involved. Your initial response in this thread strongly implied that you agreed with the grandparent poster, that
Usually, a technical solution is superior to any social solution.
This is the arrant insanity I disagree with. From your post, I thought you agreed with it. From other responses to you it seems that I am not the only person to think so.
Living with the surveillance state
If people have legitimate reasons for doing something, there can be no social contract and thus such a technical solution should be optional at best.
If in the ideal world of the social solution nobody cracks cryptography, then the technical solution of using cryptography everywhere is superior because it actively enforces the social solution and makes offenders 'impossible'. (With the notion of course that cryptography is merely delaying it's cracking rather than outright preventing it).
Of course, some users should still be allowed to force other behavior, considering they know what they're doing in these very special cases.
When we're all in favor of banning spying, it's better to prevent it altogether through technical measures than to rely on the goodwill of the spooks. Of course, some users should still be allowed to "spy" (think og law enforcement with a warrant), considering they have a legitimate reason to do so in these very special cases.
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
let's make it simple: would your social measures (deterrents) have the same effect if you did *not* have the technical measures in place or not? yes/no?
as for what is an absolute technical measure, try to pick your own locks. i bet you can't.
and i'm still waiting for those addresses, actions speak more than words do, you know... no addresses = you believe in technical measures, simple as that.
Living with the surveillance state
Living with the surveillance state
Let me repeat once more: in a world with reliable locks (where technical measures dominate) this information will be absolutely worthless. Lock can not be picked up anyway, so why not publish it's location? In our world where lock is just a side-show and social aspect is the primary one… of course one will not give up their primary form of protection so easily!
Again you were clearer than I. Exactly so.
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
Living with the surveillance state
On the other hand, when technological countermeasures are implemented to stop the ongoing spying it makes it impossible.
Living with the surveillance state