[sudo-discuss] BAD IDEA Re: Opt out of PRISM
Matthew Harbowy
hbergeronx at gmail.com
Wed Jun 12 17:48:35 PDT 2013
Yes!
Don't ignore the tools, use them. Understand them. Expose weaknesses, just
as I did. Don't think the solution to tools is a better tool. Better is
meaningless. Better is very often worse.
Your solution, which you look like you're trying to shame me with, is
TERRIBLE. Imaging everyone spamming the networks constantly with random
messages. Oh wait- they already do that, it's called spam. Lets fill the
bandwidth limited fat pipes with random, so that signal is obscured. Good
luck trying to do anything useful.
Furthermore, a little Shannon style filtering and you can easily defeat
that. You know, if only a few people all use one technique, they stand out
like a sore thumb. Hide in crowds: Facebook has its uses.
More advice: Don't provide recipes for anything. People are easier to track
when they follow directions, do the same thing over and over. Best advice I
got out of 9/11 era Bernie Kerik was to be random: don't always take the
same route. Don't develop habits. Thieves and other bad guys rely on you
following patterns so that they can find the right moment to strike. And
meta: don't always be random. Don't accept pre packaged anything all the
time, that's garbage. Bake your own.
As soon as someone says "solved", tell them to GTFO. Three hackers have
already cracked it. But there are things you can do.
The while benefit of the realm of shared experience is that it plays to the
strength of one time pads for encryption. Learn about the history of crypto
and one time pads, and arm yourself. They can take your freedom, but they
can't take your intelligence, ingenuity, or creativity; and an intelligent
or creative person is forever free.
Matt
On Wednesday, June 12, 2013, Paul Ivanov wrote:
> Hi Matt,
>
> Matthew Harbowy, on 2013-06-12 16:17, wrote:
> > I'm mystified how any of this helps.
>
> There is no silver bullet, so those recommendations won't be some
> magical privacy pixie dust you can just sprinkle and feel warm
> and fuzzy about, but at least encryption helps you secure the
> content of your communication (not the fact that communication
> occurred).
>
> One can imagine even the latter being obscured. I could automate
> the sending of randomly generated encrypted messages at a
> particular time of day (say at 16:17), but have that process be
> pre-empted by a real message, should I choose to send one (so not
> my randomly generated message gets sent out, but the one I want
> to actually send). One drawback, of course, is that if I queued
> up a message at half past four, it would be almost 24 hours
> before it got sent. (Though the upshot of a protocol like this
> would be that the intended recipient would know they'd only have
> to check their email once a day, if they're interested in
> receiving messages from me)
>
> Should more frequent communication be desired, you could switch
> to sending gobbledygook messages at a certain minute of every
> hour. Of course, the recipient has to "wade" through potentially
> more random messages with that, but that's the price you pay.
>
> > So, for my vote, following recommendations like this is a
> > terrible idea.
>
> Are you proposing an alternative, or should be just throw our
> hands up in resignation?
>
> best,
> --
> _
> / \
> A* \^ -
> ,./ _.`\\ / \
> / ,--.S \/ \
> / `"~,_ \ \
> __o ?
> _ \<,_ /:\
> --(_)/-(_)----.../ | \
> --------------.......J
> Paul Ivanov
> http://pirsquared.org
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org <javascript:;>
> http://lists.sudoroom.org/listinfo/sudo-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-discuss/attachments/20130612/ead44d05/attachment.html>
More information about the sudo-discuss
mailing list