Comforting to see my own privacy stack is almost exactly the same:
Tails running specially configured Tor (five hop circuit, permanent guard nodes, and routes through countries unlikely to cooperate with one another), GPG for email, OTR for IM, Signal for mobile, and True Crypt + Apple disk encryption.
Funny thing is, I don't even have any particular use for it other than kicking around vulnerability and security discussions with friends and colleagues that I highly doubt anyone is even trying to intercept. But it is very comforting to know that it's the same set of tools relied upon by those with something highly significant at stake.
Thanks, it's mostly security nuts like me about security related topics.
Hopping through my own Tor nodes could be a bit counter-productive, as it would make attribution of my circuit quite a bit easier.
I use an extended hop relay with hand-selected nodes, which allows me to use five hops instead of the standard three, and hand-select fast relays that are in nations which are unlikely to share information readily. There's a few more tricks I use to counter e.g. stream watermarking, but at a certain point you reach diminishing returns, as the browser is only so secure.
If I was running a drug cartel, it'd be appropriate COMSEC, but for me its really more of an experiment than anything else.
Well, there are many uses. Impopular speech is in theory protected by free speech laws, but in practice you are only safe doing popular speech. Anyone that says something impopular should use COMSEC. It might not be needed today, but I'd use it to be safe tomorrow.
Free speech is an ideal I hold closely, and I would rather let myself be locked up, with all that entails, than acquiesce to governance that required I renounce it.
So if I no longer live in a country that feels as I do, which I very sincerely doubt, let come what may.
@tor_user, your comment is dead, but since I have showdead on:
I go beyond the .torrc config settings. I have a custom Python controller that uses Stem[0] to interface with the tor binary's control port to build my paths and circuits.
My tor binary has some customizations as well (stop sending 512 byte cells by default, random packet delays with large transfers, creative TLS and circuit multiplexing), and of course there's the standard use of obfsproxy[1], unlisted bridges[2], etc.
How do you use these things in the wild? Privacy stacks generally require that they are installed on both ends of the message. Trying to get my friends and family to exchange encrypted texts or OTR IMs is basically impossible.
Encrypted text messages are relatively easy to implement as the apps (textsecure/redphone - signal) in question 'stack' nicely on top of whatever they were using for SMS already.
Encrypted mails are more problematic but aslong as they are using web mail, get them Mailvelope. On android with the K9 mailclient (+ openkeychain/apg) PGP-inline is possible to use, while it's not something your 'friends and family' will enjoy.
I have a personal disdain for pidgin/adium (libpurple), but similar to encrypted text messages: Once setup OTR is out of the way of your standard IM usage and it comes down to understanding user authentication.
Tor's transparent and only my problem, Signal is easy to set up for laymen, GPGTools isn't hard to walk through (I know attorneys that use it just fine), OTR has plugins for everything that supports XMPP...
Assuming not all the machines are compromised, the longer the path, the less likely any agent is to follow it along in its entirety. Even if the whole path were compromised (but by different antagonistic parties) this would still hold.
Despite the more vocal members of the security industry basically hating the software, it turns out to be one of the few tools folks have successfully used to maintain their privacy.
Did it? Seems like a claim that could use some elaboration. In what way would her privacy have been compromised by not using truecrypt? How do we know her privacy wasn't compromised despite using truecrypt?
Greenwald and Snowden also used Cryptocat in Q1 2013. Now, there's no evidence to think that NSA decrypted all those messages... but in Q1 2013, Cryptocat was breakable; by NSA in June, and by anyone with a laptop from May all the way back to October 2011. These attacks are passive. If you've been hoovering up all the raw Internet traffic, you can go back through your archives and decrypt all the Cryptocat traffic from those time periods.
So my point being, when your adversaries are nations, there usually isn't going to be "evidence" that your comms were decrypted, at least not until you're indicted. You're right: that doesn't mean it didn't happen.
I don't think anything interesting happened with Truecrypt, though.
1. Stipulate that NSA is hoovering up all of Internet traffic, that being the motivating reason why people want encrypted messaging tools.
2. Cryptocat hosted egregious cryptographic errors for several years.
3. Those errors made it trivial for NSA, given a pcap file containing Cryptocat traffic such as would be generated by a Narus box, to decrypt and read Cryptocat messages.
4. Greenwald and Snowden used Cryptocat during this window of time.
5. Even if NSA didn't care about Cryptocat, Snowden, or Greenwald in June 2013, the vulnerabilities we're talking about allow them to retroactively decrypt those messages today, now that it's obvious that those messages were worth reading. We aren't talking about flaws that would let NSA MITM Cryptocat; we're talking about the worst possible vulnerability in a cryptosystem: retroactive arbitrary message decryption.
Which of these assertions to you dispute? We can go into lots more detail. I'm pretty familiar with Cryptocat's code[1], and I'd consider Steve Thomas a friend, in that he's been to my house a couple times and I gave a Black Hat presentation with him which in part involved Cryptocat.
[1]: 31580544b27c10736ebe1bdd05a56d96c486823d563d4493c317548976c3d8db --- I had to write my own CC client to get this, which is 2 hours of my life I'm never getting back :)
That's all very interesting, and the only thing I dispute is (1), where I'd just say I don't think we have any direct evidence that the NSA is literally logging every packet sent anywhere within the US. Maybe some indirect evidence, but nothing that points to all the packets.
I think your source of confusion is related to the association you may have in your mind between me and Cryptocat, though in actuality there is literally none. In my previous comment I was referring to TrueCrypt, not Cryptocat.
What's the point of an encryption tool that only works if your adversary can't see your raw packets? That's like a health insurance policy that only pays out if you never get sick.
Later: sorry, I missed the other question you had; here's an answer:
I think you've mentioned CryptoCat more than I have in this conversation, and someone I know (and you surely adore) once said, "Fun message board trick: someone says something dumb about crypto? Search for their name and “cryptocat”."
If I gave you/anyone a TrueCrypt volume, could you/anyone crack it? No? Then stop trashing it. It's that simple.
Edit: I'd just like to say I'm glad you're developing a sense of humor regarding our conversations. I was worried you were a robot.
25 comments
[ 4.7 ms ] story [ 57.0 ms ] threadTails running specially configured Tor (five hop circuit, permanent guard nodes, and routes through countries unlikely to cooperate with one another), GPG for email, OTR for IM, Signal for mobile, and True Crypt + Apple disk encryption.
Funny thing is, I don't even have any particular use for it other than kicking around vulnerability and security discussions with friends and colleagues that I highly doubt anyone is even trying to intercept. But it is very comforting to know that it's the same set of tools relied upon by those with something highly significant at stake.
Hopping through my own Tor nodes could be a bit counter-productive, as it would make attribution of my circuit quite a bit easier.
I use an extended hop relay with hand-selected nodes, which allows me to use five hops instead of the standard three, and hand-select fast relays that are in nations which are unlikely to share information readily. There's a few more tricks I use to counter e.g. stream watermarking, but at a certain point you reach diminishing returns, as the browser is only so secure.
If I was running a drug cartel, it'd be appropriate COMSEC, but for me its really more of an experiment than anything else.
So if I no longer live in a country that feels as I do, which I very sincerely doubt, let come what may.
I go beyond the .torrc config settings. I have a custom Python controller that uses Stem[0] to interface with the tor binary's control port to build my paths and circuits.
My tor binary has some customizations as well (stop sending 512 byte cells by default, random packet delays with large transfers, creative TLS and circuit multiplexing), and of course there's the standard use of obfsproxy[1], unlisted bridges[2], etc.
[0]https://stem.torproject.org/
[1]https://www.torproject.org/projects/obfsproxy.html.en
[2]https://bridges.torproject.org/
Encrypted mails are more problematic but aslong as they are using web mail, get them Mailvelope. On android with the K9 mailclient (+ openkeychain/apg) PGP-inline is possible to use, while it's not something your 'friends and family' will enjoy.
I have a personal disdain for pidgin/adium (libpurple), but similar to encrypted text messages: Once setup OTR is out of the way of your standard IM usage and it comes down to understanding user authentication.
2. Do you only use the EntryNodes, ExitNodes and ExcludeNodes to shape the Tor path (country to country), or something else?
Working on an open source project that could benefit. Thanks!
[1] https://www.torproject.org/docs/tor-manual.html.en
Won't that make your circuits more predictible as a consequence?
It's not adequately studied, and I'm operating based upon my own research and intuition there, so I wouldn't necessarily recommend it.
Despite the more vocal members of the security industry basically hating the software, it turns out to be one of the few tools folks have successfully used to maintain their privacy.
Nobody is ever required to prove a negative. That's not how logic works.
So my point being, when your adversaries are nations, there usually isn't going to be "evidence" that your comms were decrypted, at least not until you're indicted. You're right: that doesn't mean it didn't happen.
I don't think anything interesting happened with Truecrypt, though.
Besides, "anyone with a laptop" hasn't been "hoovering up all the raw Internet traffic", and frankly the NSA hasn't been either.
Again, there's wild speculation, but there's no evidence. Again though, here you are preaching the fear and the wild speculation.
1. Stipulate that NSA is hoovering up all of Internet traffic, that being the motivating reason why people want encrypted messaging tools.
2. Cryptocat hosted egregious cryptographic errors for several years.
3. Those errors made it trivial for NSA, given a pcap file containing Cryptocat traffic such as would be generated by a Narus box, to decrypt and read Cryptocat messages.
4. Greenwald and Snowden used Cryptocat during this window of time.
5. Even if NSA didn't care about Cryptocat, Snowden, or Greenwald in June 2013, the vulnerabilities we're talking about allow them to retroactively decrypt those messages today, now that it's obvious that those messages were worth reading. We aren't talking about flaws that would let NSA MITM Cryptocat; we're talking about the worst possible vulnerability in a cryptosystem: retroactive arbitrary message decryption.
Which of these assertions to you dispute? We can go into lots more detail. I'm pretty familiar with Cryptocat's code[1], and I'd consider Steve Thomas a friend, in that he's been to my house a couple times and I gave a Black Hat presentation with him which in part involved Cryptocat.
[1]: 31580544b27c10736ebe1bdd05a56d96c486823d563d4493c317548976c3d8db --- I had to write my own CC client to get this, which is 2 hours of my life I'm never getting back :)
I think your source of confusion is related to the association you may have in your mind between me and Cryptocat, though in actuality there is literally none. In my previous comment I was referring to TrueCrypt, not Cryptocat.
As for your citation, what's that for?
Later: sorry, I missed the other question you had; here's an answer:
https://hn.algolia.com/?query=author:diminoten%20cryptocat&s...
If I gave you/anyone a TrueCrypt volume, could you/anyone crack it? No? Then stop trashing it. It's that simple.
Edit: I'd just like to say I'm glad you're developing a sense of humor regarding our conversations. I was worried you were a robot.