4 UX Problems Holding Back Crypto And Anti-Wiretapping Technology

Now that our worst wiretapping fears have been confirmed, millions of people are realizing that we need to start using decentralized, encrypted communication yesterday. Unfortunately, with the state these tools are in, billions of people are still going to choose convenience over security. The open source community has made amazing progress with crypto tools’ user-friendliness recently, but there’s still more work to be done before they can go mainstream.

Even if you’re savvy enough to comfortably use the most secure and decentralized technology, you should still care about mainstream adoption. Being the one of the few people in the world sending encrypted messages could make you more conspicuous, not less. This is why we need to make communicating securely as easy as using Facebook. You don’t get to 1 billion friends without having a damn good user experience.

So here’s what we need to work on. Some of these may be software engineering challenges, some of them social. Perhaps a little of both. Share your favorite solutions in the comments.

1. People Forget Passwords

Everyone forgets passwords from time to time. Then we forget where we wrote them down. Or our password manager didn’t save them for whatever reason. With centralized services, that’s generally okay: you can just click “forgot my password,” open an email or answer some questions, and you’re good to go.

With encrypted services, if you forget your password, all of your stuff is gone. Forever.

There’s (probably) no way to create a secure system that can tolerate you forgetting your password, though it’s certainly been tried. For OS X’s FileVault, Apple operates a service which will store your encryption key on their servers, in case you forget the password for your Mac. I hope I don’t have to explain why this isn’t a real solution.

This one could be as simple as a cultural shift in which people start taking their passwords more seriously. Alternatively, we might see hardware solutions — literal crypto “keys,” or maybe biometrics — becoming more popular.

2. Hosting A Home Server Isn’t Easy

This site is hosted right out of Rick’s flat. He’s fortunate enough to have the technical skills to do so. And the free time to set it up and maintain it. And high-speed Internet. And an ISP that allows home servers. And a home.

For the rest of us, having an always-online box to host our own personal mail server, Diaspora node, SparkleShare box, VPN, and everything else, can be problematic. This is why hosting services in datacenters are so popular: because somebody else can handle the technical stuff.

For those of us with homes, we need plug-and-play home servers which can configure themselves automatically. They should come with a package manager that’s as easy to use as the iPhone App Store. Open and hackable? Yes, definitely, but still usable by someone who doesn’t know what an operating system is. An Ouya for decentralized communications and storage.

People who move around a lot — students, traveling professionals, couchsurfers, homeless people — might be able to do something similar on their mobile devices. They can host the services right from their phone or tablet.

3. The “Cloud” Is Really Useful

Datacenters are really fantastic things, though. They can back up your hard drive in case your computer gets fried. They can host your website in case your electricity cuts out. In fact, the only real problem with datacenters is that we have to trust them not to hand over or destroy our data, or perform a man-in-the-middle attack with decryption.

Freenet stores all data by encrypting it, breaking it up into chunks, and randomly giving different chunks to different peers. Nobody knows whose data or what data they’re hosting. What if this idea could be expanded into a massive, global, completely anonymous and distributed “cloud”? Chunks of your encrypted private data would be hidden in plain sight on hundreds of different servers, computers, tablets, phones, and game consoles. There would be no need to trust a hosting company; neither of you would even know that you were a customer.

4. Some Things Won’t Work Without Sharing Data

To use DuckDuckGo, the favorite search engine of privacy advocates, you have to take the word of some guy in Pennsylvania that you’re not being tracked. To be fair, I do trust DuckDuckGo, but I trusted Google once too. Good news: right now, there’s a decentralized, P2P search engine called YaCy. Bad news: it kind of sucks.

The reason Google — and Bing, which is one of DuckDuckGo’s data sources — have such good search algorithms is because they can track a whole bunch of stuff. They collect a tremendous amount of data from their users, analyze it, and use it to make their search engines smarter.

Other Google services do this too. Google Voice’s transcription algorithm learns by analyzing millions of voice messages, getting better and better as it goes. Google Now on Android phones keeps track of everything you do on your phone to predict what you might want to know or do next, and it learns from everyone else’s phone too. Data from billions of Internet users does amazing things for AI research.

But that data — even when “anonymized” — can be used to find out very specific things about very specific people. Facebook can tell your sexual orientation based on your ‘likes’, for example. Combine that by getting a rough idea of where you live, who you’ve contacted, and a clever detective (or algorithm) can figure out who you are. This is the reason why many people want to keep their data private in the first place.

So the question is: can we have some of these wonderful things without giving up our privacy? Is there a way that encrypted, decentralized systems can replicate some of the spectacular results of Google, the suggestion features of Facebook, the recommendations of Netflix, and other very nice, very useful things?

Discussion

  1. iko

    I was thinking about distributed key recovery a few days before the shit hit the fan. I think the solution is to give several trusted friends pieces of a split key such that you need e.g 7 of 10 pieces to recover. If you loose your key, you ask your friends and hope enough of them haven’t lost their piece.

    1. Raymond Johansen

      brilliant dude!

    2. Natanael L

      There’s a cryptographically secure tool to do that right here;

      http://point-at-infinity.org/ssss/

      Note: Don’t use the web demo for other than testing, the web demo only uses a BAD random-number generator, it needs a good random number generator to be secure. Also, the web site could otherwise log your data too. But the tool you can download is safe, and your computer can provide good enough random numbers to the tool to be safe.

      It can split any kind of file in to any amount of pieces you want, with any amount of required pieces you want to reassemble it.

      Note: If you specify it to require 7 pieces to recover the file and you ONLY have 6 pieces (maybe you lost the rest), there is NO WAY AT ALL to recover it. You NEED to find as many pieces as you specified as required if you want to recover it! So don’t lose too many of them!

  2. Anonymous

    i dont think it’s gonna make any difference what technology comes along and what it can do. governments want to know what every single person in the world is doing, saying and thinking! it has very little to do with terrorism or catching terrorists. it has more to do with stifling the transfer of information from one person to another, one company to another and, even more so, one country to another. the internet has made it possible to tell everyone everywhere everything. when that is letting supposed democratic countries know about things that are happening in undemocratic countries that are frowned upon, there is a big thing about it in the media. that action is then condemned by the other supposed democratic countries. when it is discovered that something has been happening in a supposed democratic country that puts all the political posturing under the spotlight, it is then frowned on, not because that information has been learned by supposed undemocratic countries but because it has been found to be happening in a democratic country. this is a country that keeps telling others how bad they are when the same practices are being carried out there anyway!! the hypocrisy is unbelievable!!
    Theresa May has been trying to get the ‘snoopers charter’ into law in the UK. why? she has been spying on everyone anyway? what else does she think she needs to know? i’m sure they know everything now! what purpose can this have? what is it that the ones who make these decisions think they can do extra? i’m waiting for all the bull shit excuses to come out now, both in the USA and the UK. it seems to me that a person is safest having no mail, no tv, no phone and definitely no internet. even microsoft are getting in on the act. how many people think for aa second that touch screen monitors etc are only about that? do you think perhaps fingerprints are being collected and stored? who thinks that the new x-box will only take pics when you say it can, tape voice when you say it can? my advice over that is, no one has trusted microsoft up to now, why would they change?? they have been hand in glove with law enforcement for years, just as the USA and UK entertainment industries. they have managed to get new laws introduced that do nothing except better them and harm the people. as Fox Mulder said, ‘Trust No One!’

  3. Björn Persson

    For problem 1 I can think of two things:

    First, we need to teach people how to choose a passphrase that is easy to remember and hard to guess. (See XKCD 936.) Good passphrase practices ought to be taught in elementary school.

    Second, the usage of keyrings needs to increase. Most people can remember one good passphrase, or a few, but not dozens. I’m good at remembering my passphrases, but I often have to stop and think to remember which of my passphrases I should type. There are several keyring programs that can store your passphrases encrypted with a single master passphrase, but most of them need to be downloaded and installed as an add-on, or manually turned on, which means almost nobody uses them. Interoperability is also lacking. Gnome programs use the Gnome keyring, KDE programs use Kwallet, Mozilla browsers have their own solution, various other programs store passphrases unencrypted on the disk, and so on. They need to be consolidated. And really, why isn’t full disk encryption the default in modern operating systems? Instead of encrypting the keyrings one could encrypt the whole disk, protecting both the keyrings and all other data, and let the disk passphrase be the master passphrase.

  4. Austin Williamson

    For years, I’ve been telling people to encrypt- because Big Brother, and Your Boss are watching. I mean, there are things you don’t want your boss to know, like the fact you’re taking upgrading or are updating your resume. But, in this world of hacks and cronyism, it’s very easy to get access to a data collection centre- and track employees.

    So, for SMS, TextSecure. Use a ZRTP client for voice calls- something like Twinkle on the desktop. Engimail for email. Truecrypt for the harddrive. I really don’t give a flying feck if you use the same crypto key for all the communication passwords- but for heavens’ freaking sake: use a PASSPHRASE. “John George Punted Karl Gustav Ten Miles”, for example.

    Not that there’s much I can do about data already stored on American servers, though. Ah, well. Lessons learned: encrypt all your crud.

  5. merethan

    [quote]Freenet stores all data by encrypting it, breaking it up into chunks, and randomly giving different chunks to different peers.[/quote]

    Although not really an important detail in this article, worth pointing out: Freenet hardly encrypts it’s stored content. The encryption key is hardcoded in the software and the sole point of this whole encryption thing is to discourage users from sniffing around in what Freenet is storing on their harddrive. Quite possibly because they really should not want to know.

  6. oz

    Seeks is another decentralized search engine, worth mentioning: http://www.seeks-project.info/site/

  7. Greg Lindahl

    Good article, but I’d like to disagree with the notion that what Google and bing are doing with long-term tracking is necessary to have good search results. blekko has its own crawl and index, doesn’t do any per-user tracking, and doesn’t even save unconnected and anonymized clicks if you have DNT set. We don’t use super-long personal session data to pick whether we show you Fox News or the NYT article on Prism. Our results could certainly be improved, but having a bigger crawl and more unconnected and anonymous clicks is how we’d improve them, not by making a huge database which could easily be used to reconstruct our users’ lives going back years.

  8. MeanderingCode

    We developers, especially those of us who consider ourselves activists, have been too slow to move this stuff forward. I’m fairly certain that is because most of us are, as you say, “savvy enough” to use the tools, etc.

    The tools /are/ out there, they just haven’t made the jump to the new UX people are now accustomed to from their corporate web- and mobile-app experiences.

    We at LEAP ( https://leap.se) are working on this very problem. We’re getting ready for public beta of our Encrypted Internet Proxy ( VPN for now, more features to come) and will be rolling out secure email, IM, SMS, and voice. All in an Open Source, Trust No One, user friendly way.

    There are many tools and services out there already, but the ones that the technology un-savvy can use happily mostly run in a centralized fashion, requiring that you trust your service provider. Would it were not so, but we live in an era where that trust is a vulnerability that we are seeing exploited.

    1. MeanderingCode

      I forgot to mention that we are also integrating calendar and contact management, as well as a proposal for a password manager. All syncing across your devices, all end-to-end client encrypted.

  9. Jeffrey

    Does Space Monkey (http://spacemonkey.com) work here? It seems to be what you as the solution to #2, except maybe its not so hackable.

    1. Zacqary Adam Green

      Given that you get the device “free with a one year subscription,” you’re probably required to sync with their backup service. Once again, you have to trust a centralized service.

      Although they do mention that their encryption methods will be auditable. Who knows what that means.

  10. Benjamin Rees

    Good post, it highlights a few thoughts of my own recently. Even my tech savvy friends seem to have nearly no experience or understanding of privacy, encryption, and big data. The learning curve is steep, but one quickly acclimates after learning the ropes, and beneath the cryptographic veil you go.

  11. Nosleep

    Did you really believe that any government, or parts thereof, in the world would not tap the vast resources that packet-switched networks or centralized services would offer?

    You do, why shouldn’t your government?

    I expected a “Told you so!” on schneier.com, to be honest. Most of the people just continue business as usual, that is also part of the problem.

    If you delegate your private, unsecured communications, behavioral data to any entity for a comfortable user experience, you did not want either security or privacy, and you won’t achieve it.

    Accept it.

    I am sorry to tell you, that security and privacy are not mainstream-able, and that is not the lack of an comfy ux that causes it.

    Software, with or without a fancy ux, does not automatically follow necessary procedure, create awareness, matures a user and let them take (back) responsibility for security or privacy (see the whole dilemma/fiasco around TLS/SSL certificates to further understand why).

    A comfy, mainstream-able ux is part of the problem, and is not the solution. As long as the individual does not feel the need for security or privacy, and the security and privacy of his peers, these individuals are doomed for (self-)compromise in the long term, it is called awareness. Let me elaborate a bit on your points:

    1. If you are not able to manage your keys, which includes a simple unencrypted key-backup, you are doomed. Even with a pretty interface. There is no need for a password on a copy of your master key if you are able to store is in a secure manner on any device of your choice. You have to take responsibility for your keys, certificates, there is no way around.

    2. If you insist on other people to take away the responsibility from you, or you you choose to delegate it, no service, hard- or software will provide security or privacy for you.

    3. You don’t need a cloud, when decentralized or local services cater you much better and faster. A decentralized, interconnected social medium is possible.

    4. Sharing data isn’t really a problem, it is the lack of transparency within the data collecting entity that creates all the problems. It is simply not necessary to store individual information related to behavioral information in most of the cases.

    To protect yourself and achieve security/privacy and to successfully utilize any tool-chain, software or hardware, you have to accept that responsibility isn’t comfy at all, and delegation thereof will lead to compromise.

    To achieve security and privacy you need to mature and take responsibility, no ux, no ui can do that for you.

    Zacqary, no offense, you know nothing about security, privacy, secure procedures or even cryptography, please stop blaming other people or the lack of colorful implementations for your or your operators inability to utilize them, in a mature and responsible manner.

    P.S: It is really funny that this site delegates data of my visit to Clicky and Google, not to mention the fancy other social suff you insist on using, which is part of the problem.

    1. Zacqary Adam Green

      No, smug, self-aggrandizing alpha nerds are part of the problem. Nearly all cryptography software is designed with that kind of “fuck you, figure it out” mentality. Do you really think people aren’t going to run into the caring arms of Facebook instead of listening to verbal abuse from people like you? Most of the planet does not want to prove that they are a bad enough dude to care about their security. Why write software at all? Why not just ask everyone to independently reinvent PGP from the ground up whenever they want to send an email? I’ll tell you why: people with skills and knowledge tend to help people who have lesser skills and knowledge than themselves. Because when you do that, it makes you not a fucking douche.

      No offense, but you know nothing about how brains, psychology, social relationships, communication, or human beings work. Please stop blaming other people for your inability to integrate with society in a mature and responsible manner.

      1. G

        “No offense, but you know nothing about how brains, psychology, social relationships, communication, or human beings work. Please stop blaming other people for your inability to integrate with society in a mature and responsible manner.”

        Woah, woah, woah… wtf, man? Nice judgements to the guy and nice way of saying you are the brains, psychology, social blala master. Please read your response again, I think it’s worse than what you criticized.

        Yes, UI an not being friendly is of course a problem, a huge problem. This prism-break webpage shows how all the tools need polishing, time, pretty stuff, etc. It’s an old-ass problem. You would hear how awesome Linux was and you had to CARE A LOT and try to fix everything. Nothing worked, no wi-fi, no ethernet, this, that. You had to really dive-in and love the shit and the idea behind it to get it working because the thing just needed more polishing. SO, yes, of course this is something we need.

        But having said that:
        “As long as the individual does not feel the need for security or privacy, and the security and privacy of his peers, these individuals are doomed for (self-)compromise in the long term, it is called awareness”

        is also true. People need to care, period. Most of people THINK they do not care. You can tell them all the examples you want, and yes, even if in the end you tell them “Ok, then let me go through all your mails, photos, texts” blabla they will reply to you with something stupid like “you are exaggerating now” or something, but won’t give in. Yes, the “free software community” could fix it by bringing something so cool and better for the masses where they would switch “because it is cooler than what we have, oh, and a friend told me it has some cool stuff with volunteers or something, it’s like linux, it’s gratis, yea, something like that, it’s cool, like Berlin and hippies.”.

        Or they need to be concious about the problem, organize themselves, and go for a change. This last one would be the ideal one, but…?

        THey are about to open a “city tunnel” in Leipzig. It’s some new train line with connects the city with the suburs, I think, anyway, the point is: there was a “walk in” day or something, 30.000 people went to it.

        But for a war demo or something you get 3.000.

        *shrug* Let us keep fighting.

        P.S. I am not saying “there is nothing which can be done”, please do not take my comment at all like that.

  12. Jacob Cook

    Check out my project for managing easy and cheap (Raspberry Pi) decentralized hosting servers at https://ark-os.org — Working hard to tackle problem no. 2 as you have listed here 🙂

    1. Zacqary Adam Green

      That looks fantastic! I’m having trouble telling what it’s currently capable of, though. Is it just a basic web server at the moment, or are there one-button installs of, say, an email service or a Dropbox-alike?

      1. Jacob Cook

        It’s currently in development, so you can’t do much with it. But the framework is mostly complete. It’s a plugin-based system, meaning for any piece of software you want to manage with it (whether that be a webapp like WordPress or ownCloud, an email server like Postfix, or anything really), you just need to whip up a quick Python frontend to integrate it into the management app. Over the next few months I will be developing these plugins, and hope to have it mostly functional by the end of the year.

  13. Alex

    Yes, I would like to have a Linux router with NAS + TrueCrypt + Raid + DLNA, VPN, Exchange (calendar + contacts) and email server.
    Can somebody send me a link to the system image?

    1. Elmo

      I’ve been looking to NAS solutions, and FreeNAS seems great. It has reliability, speed through software raid (better than the hardware type for most things), possibly DLNA, it’s based on FreeBSD, but I don’t know if it’s reasonable to expect from it functionality unrelated to NAS. I really can’t accomodate too many machines heating this small apartment 🙂

    2. Stephan

      Have a look at TurnKey Linux Fileserver(TKL). FreeNAS does not support a builtin firewall. TKL has LVM and backup solution as an alternative to raid. LVM supports adding harddrives with different sizes and changing the total size of your storrage. FreeNAS and raid is more strict on about that. I have just installed a TKL fileserver with a huge storrage of different harddrives I had available. TKL uses a secure web admin, ssh and has dhcp and firewall.

  14. […] traduzione a cura di Maruo Pirata del Partito Pirata Italiano Fonte originale http://falkvinge.net/2013/06/08/4-ux-problems-holding-back-crypto-and-anti-wiretapping-technology/ […]

  15. Elmo

    Checkout FreedomBox, it’s a project trying to solve at least some of these problems.

  16. jimbo1qaz

    After reading this article, I’m more than somewhat concerned about my privacy.

    This is very worrying news. So what should I do to reduce government surveilance?

    1. So what is the best way to secure my email?
    Should I (a) run my own SMTP server (isp disallow???) (b) wait for Startmail or (c) use Tormail (honeypot?) Or are there any better ideas?
    2. Should I use Tor for practically everything?
    3. Should I be using Truecrypt? Does it “mesh” well with internet access, or is it not secure?

    1. Autolykos

      I’m more of an interested amateur than an expert, so take this with a grain of salt:
      1. No idea, never played around with any of these. Just using PGP or OTR-Messaging for stuff you don’t want to be public should be enough (if you can convince your friends to do the same).
      2. In principle, you should use Tor for everything you would not also write on a poster and glue to a wall at the city square (which may well be “practically everything”, depending on how much of an exhibitionist you are). Be aware though that using Tor with services that require registration/login is a waste of time (and may even compromise your anonymity). Its bandwith is also too limited for large downloads, and enabling Javascript (or, God help you, Flash) with Tor is pretty ill-advised, which will limit the sites you can visit with it.
      3. Most definitely. Once you’ve started the system and entered the password, you won’t even notice it’s there. It won’t protect you against Trojans targeting your system specifically, but that’s not what it’s meant to do anyway. Setting up a Dual-Boot environment with (TC-encrypted) Windows and Linux can be kinda finicky (but is definitely possible; I’m doing it right now). The only real drawback I’ve encountered so far is the inability to use anti-virus software on a live-CD (like the Kaspersky Rescue Disk) because it’s unable to decrypt your OS. But if you suspect to be infected, you should wipe and rebuild your system anyway as it may well be compromised already.

  17. Ano Nymous

    Actually, I think one of the biggest problems is that people now expects services to just about predict what they will do next and do it for them. That is pretty much incompatible with privacy.

    I don’t mean things like search term autocomplete – that can be done without linking search terms to people – I mean things like YouTube’s “recommended for you” videos, Facebooks (discontinued?) facial recognition for tagging, etc.

    Also, people don’t care. The least bit of resistance, and I really mean the least bit, and almost everyone chooses the easy way instead of the safe one. I’m not sure it’s possible to even get someone who, when asked, says “I don’t care if foreign or domestic governments read all my communication” to use a service if it requires him to use both upper- and lowercase letters in the password. Much less a mixed, long password.

    The quote is unfortunately taken straight from reality. A relative said that to me a few days ago. There’s nothing more hope-killing than people with that attitude.

    I’m not immune myself, either. I have started using Enigmail, but not TrueCrypt. I have thought many times “I should do that”, but there’s always something a little more important, urgent or interesting to do…

    Another problem with Enigmail is that while the message is encrypted, it is clearly visible who is communicating with whom.

    I’m no expert in cryptography so correct me if I’m wrong, but isn’t this type of cryptography inherently crackable? The NSA is storing all traffic that passes their nodes (which includes mine, I could only find an American free email service that supports clients and not just webmail) and can crack it the second the first quantum computers goes online. If they can’t already with existing computers, I don’t know about all weaknesses in encryption algorithms.

    1. Zacqary Adam Green

      Existing computers can’t break most of the widely-used ciphers out there. AES, interestingly, was actually developed by the NSA to act as a cipher even they couldn’t crack, kind of like how the US Navy built Tor (No, this doesn’t mean there’s a backdoor in AES; they wouldn’t encrypt their own stuff with it if they knew of a security hole that any bright Chinese or Iranian hacker could find).

      But you’re right. AES, OpenPGP (which Enigmail uses), Blowfish, etc. are only safe with current technology. Ciphers are being developed that won’t be immune to quantum attacks, but I don’t know of any software that implements them right now. So encrypting your stuff is an act of buying time. Hopefully we’ll be able to have these databases destroyed before quantum computers come online.

      It’s true, though, that not many people have the time, energy, or resources to practice total security. I certainly don’t. I’m far from perfect. Ideally, everyone should be self-sufficient and not have to trust anyone else to secure their data. But perhaps as a least-bad solution, form local cloud co-ops? If one in every 30 (or so) people has the skills to manage a web server, they can take care of hosting secure email, data storage, and other services for people in their local community. Spread the sentiment that you shouldn’t trust anyone with your data unless you can walk down the street and knock on their door.

      1. Ano Nymous

        Is it impossible to have a hole that could only be used with a special code or something? Like encryption with an encrypted backdoor?

        I suppose you mean ciphers that WILL be immune to quantum attacks. Wouldn’t it be possible to make a program that uses a one time pad that’s, say 8 GB long and is sent on a USB stick? Of course, used parts should be erased and overwritten. At least in Sweden, secrecy of correspondence via snailmail is still strong, and one can always deliver it oneself.
        Will it be a problem to make random enough numbers? From the little I’ve learned, as long as the numbers are random there’s no way of knowing if a break attempt is correct, for example it could either be “Hi, Tim” or “yes two” if spaces aren’t encrypted which they of course would be in a real application. Is this a correct understanding?
        Of course, this system will not attract regular users either, but would it be secure and quantum-resistant?

        Clearly, you are too optimistic. With the massive brainwashing taking place, people in general are at best indifferent and at worst WANT this kind of surveillance to go on. The only chances of the databases being destroyed before quantum is either if quantum proves impossible or an enormous natural or man-made disaster happens. Quantum-insecure cryptography may only be making us falsely confident that our data is safe.

        You are missing the point. People in general isn’t just not practicing TOTAL security, they barely practice security AT ALL. It seems like it has become the norm to not have any secrets and be suspicious of anyone who does. One of very few exceptions is when it comes to money. Internet banking is done with a device that one enters numbers into and get other numbers back, that is supposed to increase security, and people happily accepts that. Of course, there is no such thing as security when it comes to banks, but the communication resulting in transfers is, supposedly, secure.

        1. Autolykos

          I wouldn’t be too paranoid about quantum computers. For one, there are quite a few unsolved *physics* problems left to tackle, before engineers can even think about building anything practical. Also, while they are really good at factoring numbers (which insta-breaks RSA), they aren’t nearly as good at breaking other cyphers, especially symmetrical ones. From what I’ve heard, they will cut the effective key length of symmetric cyphers in half (so you just need to switch to 512-bit keys, and you’re fine again.).
          And with One-Time Pads, the devil is in the details. They are easy to screw up, even for experts (just ask the KGB…). You need absolutely bulletproof protocols, true random numbers (PRNGs just won’t do, even good ones), good opsec, and, of course, never, ever, ever use them twice.

  18. Russell

    Realistically “The Government” is not going to target you individually unless you are doing something exceptionally effective against the interests of the corporations behind them. That’s a concern but not a reason for Joe Blow to worry.

    1984 style tyranny never came to pass because (even before Orwell) the ruse of electoral democracy combined with the propaganda system gave the corporate-state complex the means to manufacture consent instead of ruling by coercion. In other words, if you know what you’re doing, it’s easier to fool than to force.

    The real threat to freedom inherent in Faceboogle is the marketing value of the data gathered and the fact that that serves to strengthen the hold of capital over society by improving the effectiveness of propaganda / marketing. Personally indentifying data really only plays a small part in that, I think, through the opportunity to personalise propaganda and through the opportunity to better understand public susceptability to propaganda by network analysis.

  19. Adam

    Give The EncryptKeeper a shot and let me know what you think. It’s as simple as crypto gets and it’s on the verge of being able to work with either a new or (certain) existing decentralized networks. For now, you can cut and paste in email or your favorite chat program. If you want to contribute, let me know: adam [at] adamtakvam dot com.

    https://github.com/AdamTakvam/EncryptKeeper/wiki

  20. Patrik

    Unless it’s already been done, I suggest setting up a wiki for creating step-by-step guides on, for instance, creating your own dropbox, setting up your own email server + domain, web server complete with mysql and so on. Not that they all don’t exist already, but most require quite a lot of experience with really geeky stuff. I have plenty of geekiness in me, but most people have no idea what ‘that text-thingie (terminal) on my screen does’.

    I guess what I’m saying is, people need more geek in them. 🙂

  21. CWood

    Have a project at the moment (albeit not very advanced) to tackle the cloud thing. Chief problem, in my eyes, is that the marketing Suits have convinced us that the ‘cloud’ is their servers, meanwhile the marketing Suits from another company convince us of the same thing of their servers.

    What we end up with is a large collection of data centers, all forming mini ‘clouds’. Whereas, the cloud should be, in my eyes, decentralized, separated, and with no central authority. My project aims to combat this, from a storage perspective, by taking something similar to Freenet, but building on it further.

    It also has a few added benefits, such as (if I get round to some of these features) better file sharing – files will be stored as a series of blocks (size to be determined) that have a list of user IDs associcated with them; those users ‘own’ said block. If a user deletes said block, their name will be removed from the list of owners. This benefits in the fact that file sharing/downloads are quicker, consume less space (only need to store blocks once, maybe twice for backup purposes, rather than several times), and also allows for ‘partial’ file association.

    Case in point, lolcats. The images are, by and large, the same, but with a different caption either top or bottom. Why store the same image on the network thousands, maybe even hundreds of thousands, of times? One time, and many a gigabyte is saved. With the partial file association, even more is saved – the common part of the image, everybody associates to, and with the caption, different people associate to, depending on who has what image. That way, the image body is stored once, and each caption is stored separately, again once.

    That is, of course, only the beginning; this also assumes that files aren’t encrypted. Hence, because security is also a pretty big part of this, there will be (at least) 2 options: encrypted and not. I don’t know whether or not to set the encryption method as configurable or not yet, but I’ll jump over that hurdle when I get to it. However, while it is rather important that bank statements/password keychains are encrypted, things such as public domain images etc. can be stored unencrypted, as there is no point even bothering to encrypt them.

    Furthermore, as well as making things globally more secure, it allows persons files to be accessed anywhere in the world, abstracting the ‘cloud’ away to a local hard drive. Lots and lots of work to be done, but I’m getting there, and I think that this particular issue is arguably the biggest currently on the list.

    When I said the project isn’t very far along yet, at the beginning, I mean I literally opened the editor for the first time on this last week. It will, however, be released as FLOSS when it is in a semi-usable state (which it nowhere near is yet…)

  22. Http://www.Youtube.com/

    Melinda works to get him to remember, and succeeds after much difficulty and skepticism on the part of her friends.
    People watch Dancing With The Stars episodes and find, that
    it is inspired by the British BBC Star plus dramas show, Strictly
    Come Dancing. Setup is often a no brainier – you should only have to access the General Setting, discover
    the VPN option, transform “ON” and type in the information provided to you with the VPN
    company.

Comments are closed.

arrow