Forgot your password?
typodupeerror
Operating Systems Encryption Open Source Privacy Your Rights Online

Jacob Appelbaum on How OSS Improves Cryptography 35

Posted by timothy
from the dangerous-most-dangerous dept.
destinyland writes "Jacob Appelbaum, the Tor Project's main advocate, argues that Open Source software is necessary 'to both verify and improve' available cryptography. (Adding 'We also need that to ensure that everyone has a reasonable baseline — which is part of the cypherpunk ethos.') In this new interview, he's critical of a general public silence over government encroachments on privacy, but points to the current impact of the Tor network now as something that 'runs, is open and is supported by a large community spread across all walks of life.' And he ultimately identifies Tor as 'part of an ecosystem of software that helps people regain and reclaim their autonomy,' saying the distributed anonymous network 'helps to enable people to have agency of all kinds; it helps others to help each other and it helps you to help yourself.'"
This discussion has been archived. No new comments can be posted.

Jacob Appelbaum on How OSS Improves Cryptography

Comments Filter:
  • Till... (Score:5, Insightful)

    by Synerg1y (2169962) on Thursday March 14, 2013 @06:25PM (#43176929)

    They make running or using a proxy illegal. They have the power to do that you know. Doing that technologically though, is a whole different beast.

    • Re:Till... (Score:5, Insightful)

      by postbigbang (761081) on Thursday March 14, 2013 @06:35PM (#43176997)

      Tor might be an alternative, but the best way to deal with the issue is to attack the privacy problem, head on. The post claims that there is no general public outcry, and that claim is wrong. There's lots of outcry. There's no one bribing politicians-- and that's why every thing you do is tracked, and that tracking is for sale.

      • Re:Till... (Score:5, Insightful)

        by elucido (870205) on Thursday March 14, 2013 @06:43PM (#43177047)

        Tor might be an alternative, but the best way to deal with the issue is to attack the privacy problem, head on. The post claims that there is no general public outcry, and that claim is wrong. There's lots of outcry. There's no one bribing politicians-- and that's why every thing you do is tracked, and that tracking is for sale.

        Privacy is dead forever. Technological trends will render privacy dead no matter what laws you pass. Technology determines privacy not the law.

        • Re:Till... (Score:4, Funny)

          by postbigbang (761081) on Thursday March 14, 2013 @06:50PM (#43177099)

          Uh, no.

          Privacy is part of dignity, and despite technology, I'll have my dignity. Now take your marbles and go hom, Eric.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Privacy is only dead if you give it up right now. It's not dead yet. There are still people holding on to whatever bits of privacy are left (and there are some). You don't have to bring devices home with microphones in them or cameras. You can still get by without a cell phone. If you can't chances are you can simply turn it off when your not using it. It isn't a perfect solution although I work with someone who does exactly this. One of my employees isn't reachable while on the road. He does have a cell ph

          • by elucido (870205)

            Privacy is only dead if you give it up right now. It's not dead yet. There are still people holding on to whatever bits of privacy are left (and there are some). You don't have to bring devices home with microphones in them or cameras. You can still get by without a cell phone. If you can't chances are you can simply turn it off when your not using it. It isn't a perfect solution although I work with someone who does exactly this. One of my employees isn't reachable while on the road. He does have a cell phone. It is always off unless he needs to make a call. His wife calls him at work when she needs to reach him. You can use Tor to get privacy online in areas that you may not wish to be known for looking or things you may not want others to know you partake in or otherwise believe/speak.

            In the real world privacy is largely dead. It is sad that the law doesn't prohibit hidden recording devices in public places. Where cameras might be absolutely necessary (high security instillations) there should be notices posted everywhere that one might be within the range of the camera.

            A tin foil hat wont protect you from a high tech privacy invasion. There is no privacy and no way to defend yourself against the snooping potential of the electromagnetic spectrum.

    • by elucido (870205) on Thursday March 14, 2013 @06:41PM (#43177031)

      They'll just put anyone who uses it under the most intense surveillance, hack their computers, creep into their house when they aren't around, etc. This is effectively better than making it illegal because it gives users a false sense of security. While they use Tor, they are being monitored by the secret services.

      Tor does not prevent monitoring or surveillance. Surveillance that can see everything you do at your computer, everything you type, etc. What good is Tor under surveillance? It's useless if you're using it to go against the government.

      • by Anonymous Coward

        That kind of effort would generally require a significant amount of resources if applied to more than a few hundred people. The only practical widespread surveillance they could pull off is somehow infecting everyone's computers with malware.

        It would be far, far easier for them to just make it illegal and call it a day.

        • by Anonymous Coward

          The only practical widespread surveillance they could pull off is somehow infecting everyone's computers with malware.

          http://windows.microsoft.com/windows [microsoft.com]

          Your point is?

        • Are you suggesting that there still are (common garden variety) computers that are not infected with malware?
        • by elucido (870205)

          Apparently you don't know the technology very well or the capabilities. Putting thousands of people under surveillance at a time is easy and is being done. I'm talking tens of thousands. It's expensive to scale up into the millions but millions of people wont be expert enough to use Tor and use it properly, and they probably know who all the most expert types are and are building files on them.

      • by Anonymous Coward

        No- but you can use a hardened environment with Tor and it becomes much more difficult to legally conduct surveillance until there is at least suspicion (and Tor doesn't equal suspicion). At that point it highly depends on what the person is doing. If they are posting copyright infringing material? Probably not going to draw the attention of the authorities where the authorities are going to be able to identify a person of reasonable intelligence. Bomb threats? (there are lots of these and identifying a per

        • by Synerg1y (2169962)

          Take a look at the majority of internet people: pedos, crackers, scammers caught online and you'll see a similarity of them leaking their personal info somewhere online (forum account, IRC, etc...), the only one I can think of that actually got reverse engineered and traced were the guys running a giant botnet serving malware to the tune of 6 million in supposed revenue. So unless you're doing something on that scope, the feds probably won't care. Oh, and they take missing kids & child abuse (porn wou

        • by elucido (870205)

          No- but you can use a hardened environment with Tor and it becomes much more difficult to legally conduct surveillance until there is at least suspicion (and Tor doesn't equal suspicion). At that point it highly depends on what the person is doing. If they are posting copyright infringing material? Probably not going to draw the attention of the authorities where the authorities are going to be able to identify a person of reasonable intelligence. Bomb threats? (there are lots of these and identifying a person could be difficult from a large crowd if its been passed through tor; example schools have lots of kids who would be potential candidates for such activity; few kids really like school). Child porn? Again- unless there posting pictures/video/etc that could be a tough one. I'm pretty confident that there are lots of people out there. Just given the significant number of reports every day and the utter hopelessness of police catching every perp....

          No it doesn't. They will find out you're using Tor and that is all they'd have to know to suspect you're a terrorist.We aren't talking about the USA.

    • Re:Till... (Score:4, Interesting)

      by fustakrakich (1673220) on Thursday March 14, 2013 @07:01PM (#43177205) Journal

      The technology doesn't matter. A prohibition is designed to give the authorities 'probable cause' to spy on you and enter your house as they please without having to worry about that silly old constitution.

    • by daem0n1x (748565)

      There will come a time when everything is illegal, and it will be left to the police or the government to decide who to prosecute.

      This way we can have the illusion of living in a democracy but in fact we'll be under the paw of an arbitrary power. Of course the normal guy who doesn't stand out will never notice it, but those who bother the rich and powerful will be quickly and effectively silenced, in a completely legal way. It's already happening, for example with patents and copyright.

      Wasn't this how

  • by elucido (870205) on Thursday March 14, 2013 @06:39PM (#43177019)

    If the source and implementation is closed it could be backdoored from the kernel to the compiler to the random number generator to the crypto algorithm implementation.

    Here is a problem though, since Windows is closed source what good is Tor or crypto in that environment? If you have to use crypto for any reason other than to protect your passwords then its probably at risk whether you use open source or not. Just one bug or backdoor allowing a RAT to interface with your computer and gain root/superuser or anything like that and all your keys are compromised. Key generation would have to be done in hardware. Entropy is also an issue you probably wont easily solve. There is a very long way to go before any crypto implementation will be secure and mainstream. Linux has not changed that game because you install one wrong piece of software and you've got a backdoor and it could be disguised as a legit piece of software. Since not every piece of software run on Linux is open source you don't know for a fact.

      • by DMUTPeregrine (612791) on Thursday March 14, 2013 @08:24PM (#43177931) Journal
        No one is saying that being open source makes your software invulnerable, just that it makes exploitation harder. Being open source is necessary but not sufficient for a software package to be considered secure. In this context open source can simply mean that the source is available to the customers and their auditors only, not the whole world.
      • Yeah, and Ken Thompson's proposal is very brittle. If I've got two C compilers that aren't rigged in exactly the same way, I can defeat his mechanism almost trivially, and detect it almost as easily. If you get all your software from one source (*cough*Microsoft*cough*), you can't trust it any more than you can trust its source. If it's closed-source (*cough*Visual Studio*cough*), you either try to reverse-engineer it from the binary or trust (or not trust) it as is.

  • by Skapare (16644) on Thursday March 14, 2013 @07:57PM (#43177593) Homepage

    In this new interview, he's critical of a general public silence over government encroachments on privacy

    That is an important issue. But what I see is an even greater silence over corporate encroachment on privacy. Left alone, I think corporations could cause even greater damage (in part because of it's huge influence on government). So this is where I focus my efforts. Things like big banks sharing out financial details ... just for profit.

Mathemeticians stand on each other's shoulders while computer scientists stand on each other's toes. -- Richard Hamming

Working...