Encrypt your Google chats and make the NSA sad
github.comThis would definitely be the level of security that falls under this statement from Snowden:
Q: Is it possible to put security in place to protect against state surveillance?
A: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."
(from http://www.guardian.co.uk/world/2013/jun/09/nsa-whistleblowe...)
Further thinking along this line: most people in the world today are dependent on their phones and internet for information and communication. A lot of people suspected total listening capabilities and now we mostly know that's the case. But what if the NSA had total interference capabilities, as Snowden's quote implies? I suspect it does.
I've been finding HN to be a hub for all the facets, ideas, and fallout from this news. And the snowball of issues (privacy, gov't, business, foreign relations, internationl trade, future of the internet) is worrying to me. But what if it were suddenly gone?
And just as I had that thought, I started getting errors reloading this thread and the main page. Maybe HN is straining at the traffic, but what if some of that traffic came from somewhere else or some server was remotely hobbled? What if your ISP had "disruptions" of traffic to _your_ IP addres, or your 3G/4G became spotty?
Imagine if someone with total knowledge could track the spread of keywords through networks (physical and social) and then enable "slow-downs" to keep the level of spreading below a critical threshhold? If I didn't see all the articles subitted to HN or didn't have time to read them all because the servers crashed, then I might not be so alarmed at the situation.
We in the US and other European nations go on happily enjoying freedom to access all this information, unlike many countries, but would we know if or when we couldn't anymore?
Coincidence or not: when I tried to submit this, I got a message saying "Oops, our bad. If you see this a lot, shoot us an email at info@ycombinator.com. Be sure to tell us your IP. Sorry, news.ycombinator.com is currently unavailable. Please try again soon." Maybe I need to take some keywords out of the text...
When I told my grandparents (who now live in Russia/former Eastern Bloc) about what's happening in the US, they brought up this exact issue (with a less tech-oriented example).
My grandmother said that this was the most terrifying part of living in the Soviet Union. Since most of my grandparents were high up military (doctors, not soldiers), aerospace research, and medicine in the Soviet Union, they saw the reality of the USSR with a lot less propaganda. When they went back home or visited family in other parts of the country, they would immediately enter into a surreal world where the reality described by propaganda was starkly different from the reality they had experienced.
What's even more terrifying is that by nature of their isolation from international news sources and dependence on TV, most of America already lives in roughly this reality. The world as they see it is shaped by television.
After living outside the US for a decade, this is how I feel when I go back and watch the news.
Today was the first day of WWDC 2013 which announced iOS 7, Mac Pro, OS X Mavericks, and iTunes Radio. Strenuous traffic load is expected this time of year.
Yeah, not sure what I should think about HN when NSA surveillance threads had more points, but Apple announcement thread (MacPro) had more comments (and typical fanboy and haters comments).
Well can they do that in Richard Stallman's laptop ? If so we are doomed :)
Possibly, if they had say, a backdoor in all Intel/AMD processors.
The question is what he meant by "We can plant bugs in machines."
Not even then. I remember reading about how he uses the freest (as in freedomest) setup he can get:
http://stallman.org/stallman-computing.html
He mentions its a Lemote machine which doesn't look like it uses an AMD/Intel processor, as it uses Longsoon:
http://en.wikipedia.org/wiki/Loongson
"Unlike processors from Intel, Advanced Micro Devices or VIA Technologies, Loongson does not support the x86 instruction set. The processor's main operating system is Linux, while in theory any OS with MIPS support should also work."
Actually, iirc the Chinese made that processor because they were afraid of the US putting backdoors in Intel and AMD chips
So they put theirs.
Just kidding, obviously. But one can't be sure their hardware's all right, unless they go way beyond what we'd consider reasonable.
"We can plant bugs in machines" to me sounds more like a clue that this guy really doesn't know what the hell he's talking about.
I think he meant bug as in: http://en.wikipedia.org/wiki/Covert_listening_device
whereas you might be understanding bug as in: http://en.wikipedia.org/wiki/Software_bug
Weird phrasing for starters. I mean that isn't how one would describe malware or a rootkit. I can't imagine hardware would be worth the effort if you can just as easily compromise the OS with physical access.
I just don't know what to make of this guys story. He has no high school diploma, started out as a security guard and was then given a diplomat cover as a system administrator?
He further claims that his job as a systems administrator gave him access to NSA analyst intercept software which I find difficult to believe. I can't imagine use of the software isn't physically locked to a machine in a secure environment. You wouldn't expect a systems administrator to have access to everything, which he claims he had, everything is compartmentalized.
But unlike a rootkit, some HW listening device is resistant to OS reinstalls which I can imagine are pretty common with people that the NSA would target. And I can also imagine that it might be more 'cross-platform'.
Any experts firmware / low level OS hackers can chime in? I imagine this would be Windows focused, then I guess all bets are off. MS would surely cooperate.
Now what about an Open Source OS. NSA and DoD loves them some RHEL (Redhat Enterprise Linux). Would they pay RHEL enough to produce binaries that have backdoors in them? Yeah, CentOS compiles the sources and that's cool. But most organizations buy RHEL for support.
Well I would say they would be very stupid to do that as if it ever comes out it will immediately destroy their product.
Now, just like PRISM will most likely damage US companies using or offering cloud services, any revelation of an exploit that _could_ have been developed with cooperation form manufacturer would destroy that company's business.
The hardware would have the backdoor, independent of the software. Think magicpacket http://en.wikipedia.org/wiki/Wake-on-LAN but with a hypervisor rootkit. At least that is what I would do.
He doesn't use an Intel or AMD processor, he uses some kind of MIPS64 processor called Longsoon.
Why did he not give even a small technical overview on what they are capable of? He should've been able to given he has a lot of technical expertise and it would've helped his evidence a lot.
Did they figure out how to tap complicated SSL? Is it hardware based? He gave no hints but could have easily.
Instead it's this blanket statement that's supposed to imply that all encryption is pointless.
This is not my area, so excuse the ignorance, but this statement:
A: "The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."
Specifically the part about 'all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards'. Does that not imply they have found a weakness in TLS/SSL? Once the information is transmitted (say my Facebook password) to an https endpoint it is already encrypted, no? So them 'sniffing'/intercepting the packets would do no good, unless they could decrypt them.
He was a sysadmin and he didn't finish high school, let alone receive an actual technical education -- he's said a lot of very difficult to believe technical things. I don't mean to imply that only educated people know anything important, but unless he just had an amazing aptitude for learning this stuff on his own, I find it plausible that he had only a slight idea of how consumer encryption works and he actually didn't know what he was looking at when he saw whatever made him leak. Who knows without his documents -- I could be all wrong.
At some point I think he claimed that he could've copied the list of all US intelligence assets, even those undercover. Well, given that the NSA developed selinux to compartmentalize filesystem access in such a way as to make such a breach difficult, I am not sure how to reconcile his statements. I also find it beyond belief that a contractor could actually access what he claims he could've.
Intercept could also mean man-in-the-middle.
Which would be trivial if they had agreements with the various mostly US providers to quickly get man-in-the-middle signed keys from their CA's.
Although this seems like it would be quick to spot since if you were watching certificate fingerprints change then you'd see the switchover and switchback.
I use the Cert Patrol plugin ( http://patrol.psyced.org/ ) and I've noticed periods of a few days to a week where SSL certs on major sites like google have changed rapidly. Usually they were all from the same authority so I didn't think much of it. But now I am even more paranoid. Thanks man.
Me too, I stopped using that plugin because Facebook and Google would constantly change their certificates, so I'd end up just clicking OKOKOKOK, never looking at the certificate, defeating the whole point.
At the time, I assumed it was just a snag with the umpteen layers of caching and content-distribution networks that they must be using. Now it looks quite a bit more sinister.
Could you make a showhn or maybe just reply with a pastebin of security/privacy tools you would recommend?
Yeah, I know nothing about this area (so this is just speculation, ignore it as such if you wish), but it seems getting a firehose feed of all traffic would be easier and less exposure prone, than getting every ISP to allow a MITM and having absolutely no one in the computer security industry notice. Don't get me wrong, I would prefer a MITM, at least then you know they haven't broken crypto that is widely believed secure, the alternative is a bit scarier :)
"Does that not imply they have found a weakness in TLS/SSL?"
Would it not be simpler to get access to a root CA?
Perhaps he thinks that revealing technical details would actually hurt national security? (And I could easily see that.)
His goal wasn't to tear down the NSA, but to reveal what they've been up to domestically.
Glenn Greenwald said on Twitter that he was given the technical details and isn't releasing them.
Glenn Greenwald is a partisan hack, his opinion is worth basically nothing.
In what way is he a partisan? He has condemned as equally bad both the Bush and Obama administrations. When Bush was President, Democrats loved him because he regularly wrote scathing criticisms of Bush's overreaching actions, and now that Obama has carried on Bush's programs (and made them worse, apparently) and Greenwald's criticized him with the same level of intensity, Obama's supporters now seem to loathe him. Reading the things people send him on Twitter, it's disturbing how many people have an absolute hatred of him. It's such a coordinated attack against him, all repeating the same talking points, it brings this to mind:
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-oper...
Partisan means predjiduce in favor of a cause, one can criticize Bush and Obama and still be partisan.
Partisan towards... what? He is a very strong civil libertarian.
Here's Glenn either being intellectually dishonest or intellectually incompetent.
When I read that I see Sam Harris attributing things like "honor killings" to the doctrine of Islam as if Islam is a monolithic entity. He's equating the extremists with the mainstream and that is exactly what the islamaphobes do - insist that the crazies are the ones who have the true interpretation of islam and that the vast majority of regular muslims don't count because they aren't crazy. It is kind of like saying that all christians should be judged by the actions of the Westboro Baptists. The crazies get the headlines but they only define the fringe, not the mainstream.
FWIW, the one thing I can agree with Sam Harris on is that European integration of muslims (and other minorities) is slow compared to the US because they have less of a commitment to freedom of speech. For all of our racial problems, the US does a better job of integrating immigrant communities because we have a culture of airing our dirty laundry, of hashing out our feelings - bigotry and all - and thus working through the differences rather than sheltering people from possibly being offended. Its ugly and frequently unpleasant but in the long run I think we reach a level of accommodation a lot sooner.
FWIW, I'm an atheist who married a woman from an immigrant muslim family although I've probably been in more mosques than she has.
http://www.pewforum.org/Muslim/the-worlds-muslims-religion-p...
The _low_ end is 15-20% who think honor killing is rarely/sometimes/often justified. The high end is 60-70%. How is this "fringe"?
That survey is flawed because it's based on culturally influenced beliefs of Muslims in tribal-based societies where the concept of honor has a higher precedence than religion itself. I believe you would find similar results among Christian and Jewish populations in the Middle-east. For instance, in Egypt, where I've lived for a considerable time, Christians and Muslims share practically the same family values with varying degrees. If a Christian woman and Muslim man, or vice-versa, decide to elope then either of them risk being honor-killed or at the very least disowned.
And similar concepts in certain parts of the US, e.g. the South. "Honor cultures"; correlates with nomadic heritage. Why you can call someone an asshole in NYC and they shrug it off, but south of Mason-Dixon they have to make something of it.
The classic paper: http://mypages.valdosta.edu/mwhatley/7670/activity/honor.htm
I think it's fair to say "religion X causes honor killings" if and only if X's teachings encourage them (by explicitly saying there's no spiritual punishment for them, for example). It's also fair to say that "religion X doesn't cause honor killings" if there's no correlation between religion X and honor killings. I agree that correlation on its own is never enough.
So: do the teachings of those with a mantle of religion-X authority, on average, encourage or discourage honor killings? This is not a question we should avoid asking just because we want to be nice.
I don't see any evidence that Sam Harris has got this wrong.
Good point about being nice vs. reaching a permanent accommodation.
Greenwald has written many things, most extremely valuable. I also am critical of his exchange with Sam Harris but that's one discussion in hundreds or thousands.
Thanks for bringing that up. I'd have to agree that Glenn Greenwald is an intellectual rotten apple. You don't accuse intelligent atheists of "racist islamophobia" if you're a good actor.
That said, he might just have an irrational us vs. them "liberals vs. racists" complex and be able to speak sensibly on other matters.
Which makes him a partisan. Perhaps you should lookup the word, it doesn't mean what you seem to think it means.
I took that to mean that they have exploits they can run once they which will let them take over your machine and install keyloggers etc. to report back any further activity. It wouldn't take much for them to purchase or develop a suite of vulnerabilities for all the major operating systems/browsers which they keep current, and once they have that any encryption is pointless as they can see what you see/type/hear. He mentioned it right after talking about seeing your machine on the network and mentioned hardware bugs separately.
Some major military contractors (Raytheon I think is one, BAH another maybe) were looking to hire security experts to find vulnerabilities. There is a robust black market for 0days and I can't imagine the govt. isn't interested in playing. Especially after the cyber-terror war drum has been beating for a while and Chinese hackers scaring everyone's grandmas (most likely articles seeded by PR agencies in preparation for a major contract award to a military industrial contractor).
I thought it was common knowledge that governments actively buy and use 0days? They certainly do, just look at Stuxnet's astounding and ham handed usage of 4 0days (in the first version) for an easy example all the way back in 2010.
Interesting that he used the word "machines." I wonder if we're talking firmware hacks or even code in firmware that very few people are aware of. Could Intel say no to a NSL without breaking the law?
He says "plant bugs in machines" , so that would seem to imply malware of some variety.
The FBI already plants or at least attempts to plant malware on targets (recently: http://www.slate.com/blogs/future_tense/2013/04/25/texas_jud... and regularly: http://www.wired.com/threatlevel/2009/04/fbi-spyware-pro/ )
Also, judges can now order people to decrypt whatever ( http://www.wired.com/threatlevel/2013/05/decryption-order/ )
Technical details are in the remaining 37 slides he gave to reporters which they are refusing to release
This doesn't make sense to me. There are two main stages to having your data analysed by such an organisation.
In the first stage everybody's data is run through, let's call it, pattern matching, to narrow down a very specific number of cases that have the highest likelihood of doing, having done or planning "something".
In the second stage, you might apply more resources to gather more data from your suspects, for example, by planting bugs.
But if you avoid triggering suspicion in the first stage, you don't have to worry about their capabilities, you're just not on their radar.
You might then argue that anyone encrypting their chats would then raise suspicion. Ultimately, such organisations have a finite limit of human resources to apply, certainly not enough to deal with any wide-spread usage.
If this were to happen, think from those organisations point of view. They need to stop it and can't scale to deal with every single case. You'll then find that encrypting your chat becomes against Google's T&C, because someone lent on them. And round it all goes.
I was wondering the opposite: How do you get as many people as possible to trigger the match so that it becomes a losing proposition to do this sort of traffic monitoring.
Getting them all to make online friends in foreign countries would do it. Iran, Yemen, Gaza, lots of places would trigger I would think.
I don't know how many known terrorist organizations would you like to correspond with on a regular basis?
You wont catch me that easily Mr CIA Man ;)
#
I don't know, I mean that is is a concern: If not enough people fake the attributes you'll get shit-listed. My answer is really that it would depend on the terms of the activity.
I've thought of a couple of ways of doing it.
One is that:
You need to be part of something, I think, that's in general use and automatically sends junk data that can't be read (i.e. encrypted nonsense) between its nodes such that being part of a network isn't distinguishable from the junk connections that the program makes on its own.
The other way I can think of is that:
you have all communications public but encrypted and posted in one (or several depending on the throughput of the service) online bins. Since many people access the same bin and download the same data but can only read their own the meaning of the message becomes dramatically more worthwhile than the traffic-a stuff.
....
The second one might actually - kinda - be being done already in some form or another now I think of it. Encrypt your message, steg it into a meme-pic, stick it on a popular forum. Since the forum is accessed by thousands of people the knowledge of who it's downloaded by doesn't get you very much :/
What about the stage where they just process the hell out of all the data they have about you and keep a profile?
> We can plant bugs in machines.
I've long thought that NSA and CIA would be buyers of access to botnets with backdoor access to people's machines in the US and abroad. You can buy surreptitious installs of your own malware from other malware providers very cheaply - usually under $1. $300 million and you have the whole US covered. It wouldn't surprise me a bit if there is a budget for this, with agents actively interacting on forums, buying (and supporting) certain areas of the cybercrime economy.
Or you know, he's referring to actually physically bugging the machine with a hardware keylogger. Which, for someone you're interested in, is way more reliable then simply hoping they're still using unpatched Windows.
That seems like a lot of work and far more targeted than would be consistent with their recently revealed MO (although I am certain they do this in limited instances where "necessary"). These programs seem to have a primary aim of maximum efficiency and mass surveillance. Deploying hardware doesn't seem to fit that description.
I think he's referring to how the CIA was able to get the Stuxnet/Flame worm to disrupt the Iran nuclear centrifuges.[1] If the CIA or NSA want to put a virus on your machine, they can. Easily.
They can literally plant a worm or virus anywhere they want, because humans make mistakes. Heck, imagine they have hacked into the Windows auto-updater somehow and your own computer downloads and installs software on the first Tuesday every month without you even doing anything.
[1] http://www.news.com.au/technology/cia-suspected-for-super-we...
In other words, NSA is approximately as capable as your typical plugged-in "black hat" hacker.
it seems they would have to specially target you though, basic encryption can evade the passive dragnets. Which is most of the problem - we don't want our free speech of 2013 coming back to haunt us in 2023.
This talk about "bugs" in machines makes one wonder if that is related to why Intel was one of the companies mentioned in a recent article. Intel stands apart from the rest of the companies. Google, Apple, Facebook don't specialize in hardware.
Apple obviously does specialize in hardware and if you use iMessage it is already encrypted.
Why bother with bugs when they can just use van eck phreaking? I think it's safe to say that most cots hardware isn't tempest shielded.
How would you implement a decent backdoor in your hardware? Would it be supported by software? How do you force the TCP/IP stack of someone's FOSS operating system to send unwanted data?
IMHO he was referring to some backdoor in software. How about a nice ubiquitous piece of software? Windows? JVM?
While it's a bit tinfoil hat, it's not impossible that there could be hardware backdoors in processors or other hardware triggered by a very specific sequences of packets.
What would be hard is also making sure that packet sniffers in the middle wouldn't be able to detect it. Specially with all the varieties of router hardware. Are we going to have a backdoor in all of them that prevents passing on that data?
And you know, given the tens of thousands of people involved in chip design, are we to think that absolutely no one, anywhere, would've leaked that there was some anomalous circuitry in the chip designs which they were told not to worry about it?
It would probably be added pre-fabrication, not right in the chip design.
It could also be added in the firmware, either during manufacture, or via zero-day exploits in the firmware. The largest entries in /lib/firmware are all for network cards. Since the NIC has DMA access and can interrupt the CPU, the NIC firmware could be used to attack the OS.
There's still the question of packet sniffing by an intermediate device. The attacker would need to control (the network interfaces of) every device in the chain, use the ability very rarely to avoid detection, or hide data in packet metadata that is later decoded by interception equipment. This third option is probably fairly straightforward on any NIC with TCP checksum offloading.
"We can plant bugs in machines" doesn't mean that they can do it remotely. That would actually be a serious serious backdoor and would put all kinds of businesses in mortal danger - banking, credit card, online shopping, etc.
Imagine what one rogue NSA employee can do with that kind of backdoor access.
So ENCRYPT EVERYTHING, and don't believe this propaganda. If your hardware has a backdoor, you're fucked no matter what, but businesses are fucked much much more.
> So ENCRYPT EVERYTHING, and don't believe this propaganda.
One of the best things you can do to improve your OPSEC is to stop believing in meaningless panaceas like "ENCRYPT EVERYTHING". There are many weak points in cryptosystems beyond the algorithms (key generation, management, and distribution famously come to mind), and many weak points in data security systems beyond cryptography.
Spouting meaningless catchphrases doesn't help anyone.
I see no reason that this couldn't be true. There are probably many checkpoints to access the backdoors. The reason they don't use it is because once they admit it, there would be a huge backlash
Assuming all hardware has backdoors (an unlikely scenario) and giving up basic encryption that can protect you in case when there are no hardware backdoors (a likely scenario) is counterproductive.
I see no reason that Zeus shouldn't exist. Should I be worried that he would strike me with a lightning? Not until I see evidence of Zeus existing.
As far as I can tell, this is using CBC mode without any authentication: https://raw.github.com/mdp/gibberish-aes/master/dist/gibberi...
If that's the case, then this implementation is vulnerable to a variety of attacks.
It's worse that that. It uses a questionable javascript crypt library (written by a former twitter dev, not a cryptographer) and a fixed IV derived from the password which is re-used for each message. This is oh I read the wikipedia article on AES level cryptography deployed against people who would have written the Wikipedia entry if not for that fact that what they know is probably not public.
Better idea: Just make a plugin that uses OTR[0]. Don't try to roll your own crypto, especially when you are up against people who know what they are doing. [0] http://www.cypherpunks.ca/otr/
There are 64 bits of randomness (however, they come from Math.random which is not so good...).
The encrypted text produced by this has a distinct signature - all message will contain "U2FsdG". Here's how we break this if you're Google/can force Google to do stuff:
1) Detect messages containing that OpenSSL 'magic number'
2) If detected, push something like this:
This will zero all but the first 32 bits of the AES key, allowing easy brute forcing.// Should check to see if GibberishAES exists to avoid errors if it doesn't... // Grab target function as a string var keycode = '' + GibberishAES.openSSLKey; // Inject something evil keycode = keycode.replace('key = result.slice(0, 4 * Nk);','key = result.slice(0, 4 * Nk); for (var pos = 1; pos < 4 * Nk; pos++) { result[pos] = 0; };'); keycode = 'EvilGibberish = {}; EvilGibberish.openSSLKey = ' + keycode; // Execute the modified code to generate the new object eval(keycode); // Replace the 'good' keygen routine with the 'evil' one GibberishAES.openSSLKey = EvilGibberish.openSSLKey;Note that this is based on something I wrote for a CTF, and I haven't tested it specifically against GibberishAES, but the technique works.
It's definitely a questionable javascript library, I wrote it back in 2008 after reading the wikipedia article :)
It was designed to interop with OpenSSL's default command line AES crypto, which has some weak points, mostly around the IV selection.
That being said, the biggest weakness will always be that it's running in the browser and open to injection attacks.
But while I think there's definitely better crypto chat solutions out there, it's nice to see people taking an interest in the subject. And let's not kid ourselves, the vast majority of NSA data collection is probably less about sophisticated encryption attacks, and more about the clever application of political/police powers.
Oh cool, I am on stage 3 of the Matasano challenge which covers this. I am learning something useful. :)
Thanks, can you suggest me a better AES implementation ?
If you're asking that question, and really aim to write crypto safe from the NSA, then I think you have a lot more learning to do. Just naming off a different mode isn't going to cut it.
The Matasano crypto challenges seem to be popular lately. That would be a decent place to start.
I'm happy with AES and I don't want to write my own crypto.
I was asking for a better AES javascript library, because I found a couple of different js AES libraries, but, as you said, I don't know anything about cryptography, and I wanted to know if some are better than others.
thanks
You don't need a better AES implementation (well, you probably do, but that's just the start). You need higher level primitives. There a thousand ways to use AES, and most of them are insecure, including your implementation.
Your implementation is vulnerable to MITM attacks. That will be the case no matter which AES mode you choose.
You are on the tip of the greatest problem with modern cryptography, which is that there is no real way for widespread confidentiality to be created without trusting a third party such as a CA. But once you trust a CA, then you become vulnerable to the backdoors available through the CA community (not just one CA.)
Personally, I'm hoping for a bitcoin-like protocol (such as namecoin) to create a peer-to-peer trust network for distributing public keys.
PKI is only useful when the root are truly trusted and tightly controlled (or even supervised with highly transparent audit programs). The current generation of Internet CAs don't even come close - they are not trusted by anyone except themselves, and they sure are willing to take your money if it'll make you feel better!
Does bitmessage have anything to do with this?
Thanks, where will the man in the middle be ?
Wait, you're trying to beat NSA by writing your own crypto? This is worse than useless :), all you'll do is flag that communication for further research (which the NSA will then break within a couple of hours if need be), at least with plain text you'll stay in the noise of the masses.
I don't want to beat the NSA, I was just asking for a better javascript AES script. I have nothing to hide, that's why I would be very happy to get out of the noise of the masses and make the NSA waste a couple of hours :)
Don't get me wrong; I use crypto too (GPG), but NSA is not the ones I'm worried about. ;)
While this is a nice effort, why use Google Talk at all for chatting if you're going to do all this effort (per user configuration etc) if you could just use an XMPP client with OTR[1] support, or use an XMPP server you can trust?
Because then you'd be talking to yourself as nobody uses XMPP with OTR.
At least Adium, Gajim, Kopete and qutIM have built-in OTR support.
So, I guess, it's a bit more than nobody.
Yeah I remember using OTR on kopete when I was in college. I had one instance opened on my laptop and the other on my PC. It was pretty cool and easy to set up. What wasn't easy was finding anyone I knew to talk to with beside the few other linux nerds at school.
Because people don't know about it.
Nobody is using this solution either, and setting it up is harder than setting up OTR (provided your conversation partner is already using an app for XMPP).
I can explain my girlfriend and brother how to enable and configure OTR. I would have a hard time getting them to execute the instructions for this addon.
So true :( so sad. I've got a bunch of friends that know how to use it. They're just annoyed if I enable it. :(
I use it. So ... nobody+1 I guess?
I like this, but the easiest way to do this without pretty much any configuration is to log in to Google Talk with a Jabber client that has OTR support, such as Adium or Pidgin.
Google Talk is being replaced by Hangouts, it might not be practical to keep your existing Google Talk client long-tem.
Still waiting for Google to implement OTR and ZRTP in Hangouts by default...especially now after all this.
Have a good time waiting, sir. In the meanwhile you might be interested in the following fact:
1. Google is removing XMPP as protocol http://www.zdnet.com/google-moves-away-from-the-xmpp-open-me...
2. On the other hand, however, duckduck is giving us some alternatives https://duck.co/topic/duckduckgo-s-new-public-xmpp-jabber-se...
Forget about DuckDuckGo, it's based in the US. Better use Startpage.com, which is based in the Netherlands.
And you don't think the EU isn't already doing pretty much the same thing?
It's not the fact that US=bad, EU=good. The fact is that you can use free software programs over xmpp which support OTR cryptography.
Why use Google Chat at all when there're a lot of 3rd party community-run jabber servers available? Then you can use any client you want and get a level of protection you desire (including OTR).
Probably not gonna happened, but it would solve so many problems with public key crypto. Key distribution? No problem, tie your public key to your gmail account. Need to communicate with someone? Just send them your public key. Goole would verify that key X belongs to mail Y, another problem solved. Mix it together with some javascript library (source code available by design) and you have almost perfect and simple to use public key crypto for masses. Oh well time to wake up….
Except for the minor issue that, in the context of PRISM, the NSA mostly collects metadata - who corresponded with who, when and how much.
Public key cryptography is great for this, because it means if you match one person to a key, you've then reliably matched every message they sent and have fairly strong proof it's the same person.
Both Google and Facebook are in excellent position to actually bring public key crypto to the masses in a usable, it-just-works, kind of way. But of course both have every incentive not to do it.
Also, they can't. Be. Trusted.
I thought Google were being fingered as complicit? I wouldn't trust them, even if they totally super-secret pinky promise they're not handing everything over, honest!
Still requires you to trust the holder of your private key....
Why would Google do that? They are cooperating (regardless of their public statements) with the NSA to spy on us. I for one don't trust the lies.
"A" for effort, but I won't be happy until something like this also obscures who you are talking to.
Be happy: https://github.com/prof7bit/TorChat (description: https://github.com/prof7bit/TorChat/wiki )
Wow -- that does make me happy. Thanks for the link!
(Also: Pascal?! I guess I can't complain -- I'm just glad this exists :)
Why doesn't Google up the security in its own apps? The government may "force" them to provide access, but can it "force" them to remove safeguards like encrypting email/chats/etc? Even if they just gave us the option to check a box, and it wasn't on by default. The problem I'm seeing with all these solutions is that they're very specific to two users, they both need to have everything set up. Well, great, the NSA will see one less conversation when they peek through your stuff. I'd like to have ALL my messages encrypted.
can't force them not to encrypt emails but it can force them to give out the keys
for some reason, it won't let me delete my duplicate comments that were created because of errors on postings...
tptacek doesn't seem to have found this thread yet, but he's said many, many times here that doing crypto in js is a bad idea: http://rdist.root.org/2010/11/29/final-post-on-javascript-cr...
Google, Yahoo, and Microsoft could all make the vast majority of email vastly more secure by implementing PGP-by-default. Send: You enter an email address, a little key appears beside it if it's recognized as having an associated public key, and a warning appears that the email can't be encrypted if an additional email address is entered that doesn't have an associated key. Receive: email encrypted with your public key is colored "green" (for "secure") and the from address is colored "green" if it's been appropriately signed. With (and, I'd argue, only with) a webmail client can PGP be rapidly deployed and almost completely transparent.
But, this would make "intercepts" far more difficult, now, wouldn't it ...
this would make "intercepts" far more difficult
Yup, Google is doubtless completely in cahoots with the NSA.
... Really? Is that what you are thinking? Apply some rational thinking here. It's simpler than that. Google advertises to you based on the contents of your email. It is not in Google's interests to prevent themselves from being able to read your email, and if they can read it so can the NSA.
I don't understand why everyone seems to think this is an issue. It's as though the only alternative to the status quo is local host browser-level crypto.
The implementation I'm referring to doesn't preclude Gmail from reading emails it has of yours. It just means that only Gmail can read them, because only Gmail has your private key, a private key that's associated with two-factor authentication, and a private key you could optionally use elsewhere, too.
That would work fine, if all the NSA did was sniff traffic on the backbones.
The idea that the biggest reason to have PGP is to protect ourselves from some nefarious gov't entity is silly, though in the longer-run it can definitely help make this happen. PGP/PKI affords incredible technological advantages. If webmail providers offered it, OpenID (etc., etc.) would become quickly redundant (e.g.).
This will only work for average email users if you can pull it off without ever using any of the industry language, or requiring anybody to ever actually do anything with a key. Find other descriptive language to use, and make it require zero extra effort, and you've got a winner.
We learn all the time how to do complicated things on the internet. Facebook isn't instantly trivial to use (though it seems that way now that we know how to use it). Neither is Google+.
The whole problem with PGP is that it's not worth learning to use because it depends necessarily on network effects. If Gmail deployed it, the network effects problem would immediately disappear. At first it would only work within the online webclient, obviously, and enabling it would have big consequences for how/whether client-based access (IMAP and POP) worked.
Most people aren't going to get themselves into webs of trust - and certificate authorities and webmail servers and the like can be compromised. The only thing you can vest any significant trust in, with NSLs and so on flying around, is what's on your computer.
And, if you want to be really sure, what's on a computer with no radio protected by an airgap into which you never insert removable media....
I'm not talking about deploying/using PGP to be secure from gov't (or Gmail) monitoring. I'm talking its use in the context of 99% of normal interactions online. Yes, we wouldn't have tinfoil-hat-level security if it was managed by Gmail, Yahoo, etc. But we'd be lightyears further ahead in our ability to interact securely with others online.
Okay, I'll bite for that - what's your threat scenario here?
These aren't threat scenarios. They're advantages to having PGP
Eliminate most spam. Talk with your bank/do trades over email. Talk with your physician. Sign documents.
With webmail-based PGP, people are strongly incentivized to use this to avoid requiring users to sign in to other websites.
I don't think having to sign into other websites is that much of a bother, nor that people are that motivated to talk to their bank or physician on a regular basis that would drive adoption of this sort of thing.
And in return you have to stick all your eggs in one basket, get what would probably end up being a single persistent online identity that goes under your real name (if it's tied to an email address you use for business stuff), and that's owned by a company and may not even be willing to give them back to you (would you even own the private keys if it was being implemented on the server?)
There's really an amazing lack of imagination here, both from a threat avoidance perspective and a potential awesomeness one.
The deployment model is this: one large webmail provider starts doing PGP by default via its webclient. Maybe it provides your with private keys, maybe it doesn't. Fact is that it doesn't much matter, because as soon as a large webmail provider starts doing PGP/PKI, the two biggest problems with adoption (namely, that there's no one to use it with, and it's kind of a pain to use anyhow) are basically solved. And as soon as this happens, there starts being a competitive market where providers can begin improving on each other's implementations. Any provider that doesn't give users their private keys won't have much of an ethical argument for doing so, and so it probably would, anyway. There will, as always happens, be a feature war, except with PGP involved some of that war will involve privacy/encryption/reliability concerns.
(PGP also makes spear phishing much harder).
That would probably break email search and ads.
Where would the private keys be stored? How do you handle the use-case of a non-technical user losing their laptop?
I'm talking about the non-extreme-security case of where the online email provider stores your private keys.
So, in practical terms, how would this be more secure than what we have now? The main crux of PRISM is that they have highly automated mechanisms of accessing user data from many major internet companies. If you store your private keys alongside that, what are you trying to protect against?
The point isn't to hide data from the NSA. The point is that widely-used PGP would be really useful for all kinds of reasons, but that we don't have it because it would be inconvenient for the NSA if we did (they wouldn't be able to read the world's email, e.g.).
In practical terms, it would mean we could talk with physicians, brokers, banks. We could sign documents. We could get rid of nearly all spam. I mean, the advantages of widely deployed PKI are MASSIVE. And the quickest way to get there is to have webmail providers deploy it.
Where would the private keys be stored? What happens if I lose my laptop?
XMPP on a Raspberry Pi box with minimal raspbian and OTR. Gives you some control and a minimally-hackable box.
Some interesting related reading on the XMPP with Raspberry Pi:
[1] http://russelldavis.org/2013/01/18/setting-up-prosody-on-the...
[2] http://oskarhane.com/make-your-raspberry-pis-and-other-serve...
Somewhat relevant(IRC for gmail): https://github.com/progrium/irc-for-gmail
Also, it sucks that this AES plugin for gmail uses greasemonkey. There are a bunch of exploits abusing greasemonkey really.
I would prefer to see a plugin that implements OTR instead of this half baked solution.
I've been using encryption with Adium for a long time, but the problem I have is switching between clients (laptop and mobile) results in me seeing gibberish on the mobile side. I have yet to find a mobile client that supports encryption.
For Android, see the Guardian Project's work, especially Gibberbot: https://guardianproject.info/apps/gibber/
For iOS, you could try ChatSecure: http://chrisballinger.info/apps/chatsecure/
If you want to use the same key on both clients (which carries some additional risks if, say, your phone gets stolen, given that key is stored in plaintext) you may find the Guardian Project's documentation of different OTR key file formats useful: https://github.com/guardianproject/otrfileconverter
Thanks! I'll take a look at Gibberbot.
There's also Xabber which has OTR support (and can speak MSN, which is very helpful).
For android, but:
I might be missing something here, but where is the passphrase negotiated? Apart from calling or talking to the other person, the only way to define this common key that I can see would be electronically. Isn't this a bit of a problem?
I think a better solution to say hello to NSA would be by sending a letter to your local senator (and other representatives) that you are not going to vote for them in future unless they raise their voice in the concerned house.
I'm sure they are more interested in who you talk to than what about most of the time. I would assume they want to track people close to persons of interest they know about.
I think just attach files full of random noise to emails.
Is it possible to use gAES with Google Chrome?
Delete your Google account and make the NSA sad.
Doing that today.