40 comments

[ 2.9 ms ] story [ 94.4 ms ] thread
(comment deleted)
I'm not surprised by this. Getting the public at large's attention concentrated in the first place is hard enough; keeping it there is impossible. However, that's not to say that all this has been in vain.

The snooping revelations sent huge ripples through the tech community, and that is the community both most affected and most poised to make a change. A small group of dedicated people is all it takes to enact change, and it's clear to me there has been significant increase in the scrutiny of both government surveillance and existing businesses privacy policies and software. Maybe the public at large has moved on, but some people have adopted the cause, and a small focused group can be far more potent than a vague, if large, mass of people. Just ask Occupy Wall Street.

The main take-away here is that yes, the public will move on. As it always does. Nothing is going to hold the country's attention more than a couple weeks, and even that is pushing it. So use that momentum if appears, but don't depend on it staying. More important is whether a subgroup is galvanized to action and will commit to the long fight.

Parallels to consider: - the political influence of relatively small interest groups via lobbyists - the oft-repeated wisdom that for a startup it's better to have a core group that loves you than a million that think you're just pretty good

I'm also interested in the effect companies pushing for and enacting better privacy and encryption had. For instance, Google made sweeping and immediate changes, and Apple tightened encryption in iMessage and iOS, to the vocal chagrin of govnt agencies. Did visible actions like these help speed the public decline in interest because the public at large felt that major influencers had become their champions (naive though it may be)?
The research methodology seem to have looked at the amount of people looking for privacy tools, privacy statements, and usage of privacy tools. This seem to correlate with news article, and then die down a time afterward.

I am not very surprised by this. If one would look at global health news and news about diseases, and correlate that with purchases of health products, you would likely find similar pattern where you get initial peaks that is followed with a decreased interest which slowly returns to original levels. Once you have tried a product out, its hard to notice any difference and its thus easy to return to previous behavior after a initial scare.

What is hard to predict is if peoples risk analyses changes from reading such news. After Snowden, has help lines, priests, lawyers, and therapist seen a impact? If so, how much and for how long? The decision to try out tor for a week and then switching back feels inherently different from deciding to not call a help line in case someone might be listening in.

"Privacy" probably isn't a keyword that I would search for if I had new concerns about my online privacy. I think "secure" or "encrypted" as in secure browser, text, communication, etc. After reading a few Snowden related articles, I think a lot of people would also bypass simple keywords for more targeted searches such as "TOR", "OTR", etc. Also, as the author makes note of, I'd want to look at search data that wasn't from Bing, mainly because that is the default installed search engine for MS Windows. While anyone may choose to use Bing, its users will also include a large pool of unsophisticated users.
(comment deleted)
I have also sadly noted that there is little interest from my peers in such matters.

It is also hard to change. I work with technology everyday. I planned to:

- move away from Gmail to Fastmail

- move away from Dropbox to Spideroak or Owncloud

- move away from G+ Photos to ?

- move away from SMS and WhatsApp to TextSecure

The results? I'm still on Gmail. I still have a Dropbox account and I'm slowly moving stuff to Spideroak. I'm the only one who uses TextSecure and I end up sending SMS in the clear to my friends. I've tried a multitude of photo apps and none of them do what I want.

All a very sad state of affairs.

It's ok to admit you don't care enough to make the switch.

I've been on Fastmail for quite a while, don't use a Dropbox alternative, Smugmug for photos, and whatsapp mostly because my friends switched once long before Textsecure and don't see the benefit of switching again

It's really not that big of a hassle

There is also the "network effect" that is keeping users locked in these services. In other words:

"I leave only if my friends leave".

That's the problem https://www.iWouldDo.it can solve for you.

What does one gain by moving from gmail to fastmail? Do you think the AU government has no leverage? Or that the NSA is incapable of infiltrating their servers?
FastMail isn't scanning your emails to generate a profile of you in order to serve you highly targeted advertising all over the web.

https://support.google.com/mail/answer/6603?hl=en

And what does that have to do with snowden? Googles monetization strategy was well known long before. What did snowden reveal that makes one think fastmail is better than gmail?
Google's alleged involvement with the PRISM program however, wasn't.
And we know fastmail wasn't involved because...? That one prism slide listing companies was the exhaustive list of all of such programs?

Dick Cheney turns to a minion and says "I want to fuck up dombili's life. Get me his inbox." You think the minion is going to say "sorry, boss, he uses fastmail" and that's going to be the end of it?

Which given that PRISM just automated warrant/NSL compliance once the company's legal department agreed that the warrant/NSL was valid, means what exactly? Does FastMail get to ignore their country's own warrants if they wish?
We know the NSA was planting code and hardware and employees at will into our country's top infrastructure. It's highly unlikely PRISM was the only program which would get user data out of Google without their permission.

If you prove one of my servers is infected I'd be wrong to assume it's only got one backdoor.

I don't disagree with you. I'm not siding with Google or Fastmail and I don't use their services but I can see why would someone leave Google and choose Fastmail just because they don't want to be tracked by Google. Of course that's not to say their email is safer than it was with Google because the vast majority of people use Gmail anyway and your plaintext emails find their way to Google's servers one way or another. NSL's are also a factor, but that depends on your threat model. Not a lot of people will be bothered by the threat of government agents seeing their emails by getting an NSL, so eliminating the company tracking will be enough for them to feel secure. Which is, of course, a false sense of security and is bad.
I don't think most of those that you list are really substantive moves.

Certainly moving from dropbox to spideroak or ... someone like spideroak ... would give you the ability to encrypt independent of the provider, perhaps with duplicity[1] or this other method I like[2].

But moving from gmail to fastmail doesn't seem like ti buys you much.

I think the two biggest, substantial moves you can make are providing your own email and providing your own dialtone. I do the former, and have for almost 20 years ... but I haven't gotten my act together yet to do the latter.

What you gain, provided you own the equipment and rent the rackspace, is you are the recipient of lawful orders and legal actions. you are contacted and you are required to respond. Not your ISP, not your provider, not some third party ...

That's a big, substantial difference. Sure, you still need to worry about your traffic out in the wild, but as far as the host itself, you have complete control.

Cost is a difficulty, but consider a 3-4 year old 1U server from ebay ... more than ample to handle this very light workload ... and then maybe $50/mo for 1U of rack and power, given that you won't use much bandwidth at all. Then there's some kind of VOIP peering/connection/whateveridontevengetit that you can get for $x per month. Basically, instead of getting a POTS line in your rack, you get some kind of voip peer from a bigger voip provider. Or something.

But consider what you're buying here: You are a peer on the network. You're not a consumer - you are actually taking part in the Internet. Legally you are a peer as well, as you are a property owner, not a rentier, and you are secure in certain physical rights to your rented space.

That's a substantial step.

[1] http://duplicity.nongnu.org/

[2] https://news.ycombinator.com/item?id=6554313

> providing your own dialtone

Is that possible? How do you do it?

Yes, I'm very interested in this. Can someone point us to some good info on setting this up?
Convenience makes hypocrites of us all, as John Naughton wrote recently.

“We have our beliefs, our morals, our instincts. We have our dislike of douchebags, our mistrust of bad behaviour. We have all that. But in the end it turns out that if something’s 10% cheaper and 5% faster, we’ll give it all up quicker than we can order a sandwich.”

Convenience, in other words, makes hypocrites of us all. It explains why we may moan about surveillance but continue to use Gmail and Facebook; why we shudder in distaste at what goes on in the Chinese factories that make Apple products yet continue to enjoy our iPhones; and why we are horrified by lethal fires we read about in Bangladeshi sweatshops and yet pounce gleefully on T-shirt bargains in retail outlets whenever we can find them.

Interestingly, our addiction to convenience has recently received a powerful boost from another regrettable human failing – our craving for instant gratification . We’ve gone from being satisfied with “3 to 5 working days” delivery estimate to next-day delivery.

http://www.theguardian.com/commentisfree/2014/dec/28/uber-am...

I think the methodology to show "how much people care about privacy post-Snowden" is flawed in that regard.

I'll just give the most powerful example for this. So this study shows that there's basically little difference between people searching for privacy tools now and before Snowden, right?

Okay, except pre-Snowden there's no way something like the Patriot Act wouldn't have been renewed again. Why has it failed to be renewed now then? Because many people do care about privacy and have called their Congressmen to act accordingly.

I'm also seeing much more interest in end-to-end encrypted apps. Pre-Snowden few knew about "end-to-end encryption" and what that means. I'm seeing many more comments online with people asking about it.

I think the biggest issue is that people feel "overpowered", so the solution usually becomes inaction. In other words it's not "I don't care about privacy" - it's "I don't care about privacy enough to learn to use complicated new tools or radically change my behavior online...but if you give me easy to use strong encryption, especially in the apps I'm already using, I'm happy to use it."

Let's assume sending (snail) mail wasn't secure, but pigeon messaging was. People wouldn't refuse to use pigeon messaging because "they don't care about privacy". They wouldn't do it because it's too complicated and too much of a hassle.

This is why convincing platforms and service providers to use strong encryption by default is so important.

It's not the user's fault. Unless mainstream services make privacy strong, simple, and pervasive all they are doing is marking the people who seek privacy for greater surveillance.

Google, Yahoo, and Microsoft need to step up and make it so my mom can have secure email. They have all the tools, especially the ability to use social graphs as the basis for web-of-trust.

Yahoo and Google are both working on end-to-end e-mail options.

https://github.com/google/end-to-end

https://github.com/yahoo/end-to-end

An even harder problem, maybe: how could we make it so communications intermediaries don't know your social graph? The most exciting idea in this direction I know of is AGL's Pond:

https://pond.imperialviolet.org/

But it comes with some more severe tradeoffs than just end-to-end encrypting your e-mail, like deliberately introducing delays in sending and receiving messages in order to create ambiguity about when communication took place.

There are many ways to find one's social graph, and that train may have left the station in the 1970's or early 80's with Project Daytona, which was rumored to be built for analyzing all the call detail records that could be gathered and entered in to a database.

The social graph is also an opportunity for securing key exchange through key signing and combining key exchange with real time communication that's hard to falsify and hence hard to MITM.

well imagine a decentralized facebook with absolute privacy. you don't need delays. traffic to and from "the server" is maintained at a flat rate of encrypted white noise type signal. whoever talks to whoever else through this black box is a mystery.
There's a tension between referring to it as decentralized and saying that it has a server.

This approach is great in general, but there are some known challenges about padding and latency.

One is that you have to use padding up to the maximum rate at which you want to send data, so if you want to have some service that can use 500 kB/s, you have to send and receive that much data all the time.

Another is that you may have to make server transmissions nearly synchronous; you can't send extra data in a window even if you have a backlog. If you break this rule, then an attacker who can delay one user's traffic can use that power to confirm a hypothesis that two users are talking to one another. This probably means that you can use it for e-mail and IM, but probably not voice. There may also be a problem if a user is momentarily or permanently disproportionately popular and hence wants to receive more data than the standard padding rate allows.

You may also have to overcome users' inclination to only use the service when they're talking to each other. If not, the time windows when particular pairs of people were active may eventually show a strong correlation, especially the times when both of them disconnected.

one: that limitation is obvious, technologies such as the following can assist

https://en.wikipedia.org/wiki/Multicast

two: i don't understand how encrypted traffic that maintains a noise level and hides encrypted data in the noise can be subject to traffic analysis.

third: popularity, that is a solved problem for the majority of limited bandwidth systmes, you get lag.

fourth users inclination: both endpoints being comprimised to that extent is beyond the scope of most counter surveillance technology that i have ever heard of.

of the criticisms only the one i labelled two seems really interesting to me, could you please elaborate?

i was able to run voice comms and play computer games simultaneously on isdn and modem lines and therefore the voice bandwidth concerns i don't think are realistic

It's possible that it might turn out to be voice-capable, I'd like to see how the Guardian Project's work with voice over Tor has gone. But there is a notion that more latency is better for anonymity, and clearly worse for voice, and we don't even necessarily know where the sweet spot is for anonymity. And the anonymity that you get from something like Tor is already of questionable value against either a global adversary or one who's already monitoring you. To make the anonymity stronger there, we have to make the latency worse.

The traffic analysis comes in where you notice correlations between increased or decreased activity on one link and a corresponding change in activity on another link. Just having noise isn't necessarily enough to spoil those correlations; after all, so much of modern statistics is about detecting very weak signals given many noisy observations.

There is also research about active attackers shaping traffic flows (like delaying or blocking packets injecting additional packets). Then the notion is that the changed shape of a flow will be visible elsewhere on the network, and that's the destination. Unfortunately, this seems to work really well!

I don't think you have followed me at all. The intention is to send a noisy level of encrypted 'constant' bandwidth. The activity has the same random level of increased and decreased activity the whole time, active or inactive.

How are you not getting this?

endpoint0-n ---> 'server' ---> endpoint0-n

where ---> is a random level of encrypted noisy signal. the endpoint does not open a connection to the other endpoint, it opens it to the 'server'.

no amount of traffic analysis or packet injection is going to mess with that.

the absolute best traffic analysis can do is provide a 1/n probability based on active connections to the 'server' that endpointA was talking to endpointB.

> we have to make the latency worse.

> there's a notion that latency is good for anonymity

we have to do something because of a notion?

i give up.

So if you can guarantee that the probability distributions of the number of bytes sent between the endpoints and server in a time window are unaffected by whether or not communication was happening in that time window, your approach is totally valid.

Pond does have that property, if you use the defaults. I don't think a lot of other systems do. The tradeoffs are pretty steep in terms of delaying interactions until the next time window, sending and receiving cover traffic in every time window, and accepting hard limits on your data rate that are bounded by the cover traffic.

What I think you can't do safely, for example, is say "I have a cover traffic pattern that is a Gaussian distribution of amount of data transmitted and received, and now I have to send a bunch of data, so I'll just pick the high of the distribution and send a whole bunch of data at once". One reason this is unsafe is that you'll simultaneously skew the recipient's distribution, creating a statistical signal that you and the recipient were communicating.

the amount of traffic to the 'server' is completely random.

the traffic from the 'server' is completely random and unrelated to the traffic into it.

within this level of encrypted traffic noise, data is carried, smaller than the carrying capacity of that traffic.

> When the Web search engine DuckDuckGo, which advertises its superior privacy practices, attributed a rise in its daily queries to the PRISM revelation, it did not include user counts.

contrary to this article, duckduckgo showing a huge increase in the number of queries: implies an increase in number of users. it doesn't store user id's as a matter of policy, surprised the author doesn't mention that is why user count is not reported. the fact that it can't do so is the whole point.

would be interested in growth numbers for textsecure, redphone, firefox hello vs. skype, visits to glen greenwalds site and so on.

some background on the author:

Author

Sören Preibusch (http://preibusch.de/) is a user experience researcher at Google, Mountain View, CA, and was at Microsoft Research, Cambridge, U.K., when this article was written.

The general public can't do anything to improve privacy. They have no viable options. It's up to us, the hackers and entrepreneurs, to create new viable options.
God, that was the least informative research project I've ever encountered. The premise of the research is something akin to:

  Based on recent news reports, where a whistleblower
  revealed that tobacco farmers routinely fertilize 
  their crops with human brains, which then inadvertantly
  leads to contamination of tobacco products, leaving all
  smokers at risk of developing human prion related diseases, 
  we've conducted a study to see if this increased the 
  frequency of hits on the Phillip Morris website's 
  ingredients page. Our findings show that numbers only
  increased by 0.00001%.
Gee, thanks.

Nevermind questioning why anyone would look at the list of public ingredients, when the problem is contamination, which, by definition, means that unintended ingredients ruined the desired product.

Why would a company list an accidental poison as part of its normal product?

Why would Microsoft's privacy policy reveal any useful information about secret government programs?

At no point in time have I ever met anyone who would have imagined that Microsoft's privacy policy would protect them from the NSA.

It's almost like someone decided to study the things people DON'T do, after learning of some significant revelation.

Like, hey let's conduct a study of how many people prefer to watch Family Feud over Price Is Right after being in a car accident! Oh, interesting! The difference is barely measurable!