SoylentNews is people
SoylentNews
According to TechDirt:
It's beginning to look like a US-based encrypted communications platform may be headed for a Lavabit-esque future. As we're well aware, agencies like the FBI and NSA are firmly opposed to encrypted communications, which is something Surespot -- a text-messaging service -- offers.
Surespot has been in the news lately, thanks to terrorist groups utilizing encrypted services to keep their communications secret. UK's Channel Four looked into Surespot and found that 115 "ISIS-linked" people "appear" to have used the service in the "past six months." Because UK 4 wasn't able to get this information from Surespot directly (because Surespot doesn't store personally identifiable information or users' communications), it has only been able to infer this from messages on social media services that refer to Surespot.
What this means in terms of terrorists "flocking" to encrypted apps is still very vague, but there's no doubt any additional layers of secrecy are welcomed by those wishing to hide their communications. What 115 ISIS-linked users means in terms of an installed user base of at least 100,000 is also open for discussion, but it's quite obvious there are plenty of non-terrorists using the service as well.
[..]
George Maschke of Antipolygraph.org has been periodically sending emails to Surespot, unofficially acting as the service's warrant canary. For several months, his questions have been answered. But as of May 25th, he has still received no response to his canned questions.
There's good reason to believe this is true. A recent plea agreement by a 17-year-old Virginia native charged with providing material support to ISIS (via instructions on how to use Bitcoin to provide anonymous donations) specifically mentions Surespot.
Original Submission
(Score: 2) by kaszz on Monday June 15 2015, @03:43PM
Any idea on how to keep bad people out of secure services while still allowing for people that actually need to make use of it?
It's going to be a tough question. The answer will not likely be perfect but perhaps one can improve the probabilities?
(Score: 2) by Nerdfest on Monday June 15 2015, @03:53PM
I don't think there is. Part of the problem is that when one of these companies gets a request, they cannot disclose. This requires them to use a warrant canary which to anyone with a clue indicates that the entire service may now be compromised. If they were allowed to disclose the number of warrants and their scope (number of accounts, duration), people could make a more informed decision on whether or not to use the service. This would also perhaps help force the NSA, etc to keep the scope of warrants as small as possible. I have the suspicion that the current scope of these warrants is basically everything though.
(Score: 5, Funny) by Whoever on Monday June 15 2015, @03:55PM
It's quite simple, just require use of the evil bit [wikipedia.org]
(Score: 2) by BsAtHome on Monday June 15 2015, @04:36PM
I always have my Evil Bit enabled on all packets. It is obvious that any and all information has a potential for harm. Therefore, by extension, all data that is transmitted, however innocuous it may seem, must be a potential threat and requires to be marked as such.
I am proud to serve all my data with the Evil Bit set. Take that you poor innocent reader!
(Score: 2, Interesting) by DECbot on Monday June 15 2015, @06:43PM
ACK! Your point if view has infected my thinking! I too must set the Evil Bit on everything. If you'll need me, I'll be in my basement downloading Gentoo, readind man pages about compiling with the Evil Bit, and booting without systemd on a modern kernal!
cats~$ sudo chown -R us /home/base
(Score: 2) by Fnord666 on Tuesday June 16 2015, @02:35AM
You wouldn't have a pointer to a Github repository for your IP stack implementation would you?
(Score: 1, Funny) by Anonymous Coward on Tuesday June 16 2015, @06:57AM
Get the binary from sourceforge, the evil-bit is already pre-set.
(Score: 4, Interesting) by Runaway1956 on Monday June 15 2015, @04:10PM
Some pretty smart people have decided that it's NOT possible. Visit https://geti2p.net/en/ [geti2p.net] It is perfectly safe to download and install their software, I've done it numerous times. Fire up an instance of the service, and browse it. It might take you a few attempts to get it all configured so that it works, but almost anyone on this site should manage. Give it some time to integrate into the network. Then, go browsing.
Be warned, you will find child porn available. You don't have to look, but it will be available. Make note of it, and move on. Look around for the forums, including the support sites. There is a lot of talk about banning or otherwise dealing with the pedophiles - but nothing can be done. Compromising the pedos would mean installing backdoors in order to go after them. Doing so would compromise the legitimate uses of the network.
THIS is the "darknet", not that silly Torbrowser. Notice that people are getting busted on Tor, but no one is announcing busts on I2P. I2P security is at least an order of magnitude higher than Tor.
(Score: 2, Informative) by Anonymous Coward on Monday June 15 2015, @11:57PM
Only has about 60k nodes currently online worldwide. Its highest routing throughput is around 100 megabit for the LARGEST node. For comparison there is a Tor router running either 1 or 10 gigabit on an overclocked i7 4790 with 3ghz DDR3.
That said: If some of you who are java or c++ programmers get off your asses and start providing technical support to i2p, it already has provisions in the protocol for a variety of unimplemented countermeasures to help it anonymize even better than tor's hidden services. And unlike Tor, i2p can handle both tcp and udp connections across it. If the users among the soylent community can provide high-uptime routers so they become floodfills and high speed links, the network as a whole will greatly improve.
- An occasional i2p user.
(Score: 2) by Hairyfeet on Tuesday June 16 2015, @07:45AM
I would NOT consider that "safe" if it works in any way, shape, or form similar to Tor (in that you are a peer and some data will be routed through you like Tor and Freenet) because in the USA and a good chunk of the EU if a single .jpg that goes through your connection turns out to be CP? Then YOU sir are guilty of distribution. Look at how they busted the big Tor nodes in Germany...set up some honeypot CP servers, wait for somebody to access the files, bust the node that connected to the honeypot.
From reading their about page [geti2p.net] they are working no different than a P2P so all a LEO has to do is 1.- use I2P, 2.- Request CP, 3.- Bust whichever IP address is the final one before his, lather rinse repeat....got a spare $50K or so for a good defense attorney? Because you sure don't want a public pretender when its 10+ years a .jpg.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 3, Interesting) by Runaway1956 on Tuesday June 16 2015, @01:55PM
Yeah, you're kinda right - but you're more wrong. You can't get an IP address off of I2P unless your setup is badly mis-configured. Peers could be right next door to me, or halfway around the world, I have no way of knowing. I run I2P in a virtual machine, and I don't use that machine, let alone the browser, for anything else.
You're right to be concerned about CP - gubbermint won't think twice about busting anyone if they even THINK there's CP involved. But, no one is getting busted on I2P. Not the worst of the worst, so, I really don't think you have anything to worry about if something crosses your router that you don't like.
But, I'm not trying to convince you. All of us have to make up our own minds about that crap. If you uses I2P, you will have to coexist with the swine. If you can't tolerate the thought of it, then don't use I2P. ;^)
(Score: 2) by Hairyfeet on Thursday June 18 2015, @01:04PM
Then please explain how EXACTLY my machine can connect to I2P without my system learning of even a single IP address? Because I really want to hear how they can magically do routing without any actual addresses to route them to. And if I can see a single IP address, even one? So too can the LEO that will break down your door, steal all your assets, and lock you in a box for a year or two while you wait for your case to wind its way through the courts. I should know as I have a friend in the state crime lab and one of the subjects we talk most on is how truly fucked up the CP laws have gotten, especially distribution. Theoretically with the way the laws are written in most states a stick figure drawing labeled "nekkid spread 12yo" could get you as much time (in some places more) than if you actually molested a child!
So I really want to hear how they have managed to figure out how to route packets from one point to another with NOBODY in the chain actually having an IP address to send those packets to, because I have yet to hear of any system where an address of some sort wasn't required, even if that address is only to the first node that would be enough to send the owner of that first node to jail for life.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Runaway1956 on Thursday June 18 2015, @02:42PM
.i2p
'I2p' is a pseudo-top-level domain which is only valid within the I2P overlay network scope. .i2p names are resolved by browsers by submitting requests to EepProxy which will resolve names to an I2P peer key and will handle data transfers over the I2P network while remaining transparent to the browser.
ONLY the EEP resolver EVER sees your IP address.
https://en.wikipedia.org/wiki/I2P#Terminology [wikipedia.org]
If Gubbermint found and confiscated the resolver, then everyone who had anything to hide would be in serious trouble. But then, I really have nothing to hide. If they kick my door down, there are no images of CP in my cache, or anywhere else. Traffic may or may not have crossed through my connection, but I didn't view it, and it left no evidence of any kind on my machine. They have to actually FIND SOMETHING before they can convict you, and I have nothing at all. A good forensics guy would see that I have visited political sites which might be considered to be seditious. They can find that I have visited militant sites around the world, such as http://kurdishdailynews.org/2015/06/17/syria-refugees-return-to-border-town-after-is-defeat/ [kurdishdailynews.org] They can find boatloads of political crap on me, if they ever get my computer - but they WILL NOT find any CP - not even manga, or any of that oriental cartoon stuff. No metrosexual crap, no bronies, nothing. It aint't there, they can't convict. End of story.
If they could convict based on the fact that I am part of a network where the stuff exists, then they would have to haul all the officials of the ISP's off to prison as well.
(Score: 2) by Hairyfeet on Friday June 19 2015, @12:04PM
Man...I REALLY hate to break the news to ya friend, but the current CP distribution laws? You DO NOT have to have actually seen anything, had access to anything, ALL THEY NEED is a log that says CP crossed your network and that is enough to get you as a CP distributor!
The way my crime lab friend explained it is as thus...."Imagine I hand you a safe. You have NO way to get into this safe. You have no key, no way to pry the door, for all you know the safe is full of cookies as you have no way of finding out. Now you agree to transport this safe to the next city and you get pulled over, the cops take a blowtorch to the safe and find CP. Now even though you had zero access or knowledge you facilitated the commission of a crime by agreeing to move that safe and with the CP laws in most states this is all that is required because the distribution laws are THAT vague and open ended." Can you beat it? Probably....if you have at least $30K for a good lawyer to fight it, and of course I hope you don't need a job or anything because the local paper will be running a "suspected child pornographer" story with your name and mug on it. If you are found not guilty? You MIGHT get 2 lines on page 6, but the damage by then will be done.
Don't think its just that easy to lose everything? Guess again [digitaljournal.com]. Note that in this case 5 minutes with wireshark would have proved this guy was innocent, it was just THAT simple...what did it cost him? A cool quarter million, his career, his home, his life STILL has not recovered. Now is this completely fucked up and wrong? You betcha, but so was the red scare or the satanic child abuse scare of the 80s and in both of those people lost everything from their freedom to in some cases their very lives.....are you REALLY willing to bet the rest of your life in a prison hellhole simply to run this program? Remember the state has to prove nothing because it will take a year to a year and a half before you even get your day in court and by then? The damage is done.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Runaway1956 on Friday June 19 2015, @01:46PM
Hairyfeet - from a young man, this would sound like blowhard braggadacio. But - yes. I would be willing to battle this all the way to the Supreme Court. I'm nearing retirement age - I don't WANT to work much longer. And, the laws are simply WRONG. Someone needs to fight the fight, so that the law stops fucking innocent people. Better for me to fight the fight, than for one of my sons to get fucked over. THEY all NEED their jobs for the next couple decades, at least. I'm not raising children, I have a place to live, and my requirements for the rest of my life aren't all that extravagant. Yes, I would be willing to spend the rest of my life fighting a boatload of unjust laws. In fact, my posts above may or may not be enough to trip some dilrod's trigger, and cause him to come after me. If that be so, well, he's going to have a fight on his hands. This stubborn old bastard WILL NOT plea bargain, will not "waive your rights", nothing like that. It will be a jury trial, and appeals all the way to those nine high muckity mucks in Washington D.C. I'm a citizen of the United States of America, and I still have the right to a trial by a jury of my peers.
Screw unjust laws, and screw all the rat bastards who apply them unjustly.
(Score: 2) by Hairyfeet on Friday June 19 2015, @07:02PM
Allow me to give you some advice given to me by a former prosecutor with a flawless track record.....NEVER TAKE A JURY TRIAL because that old joke about "12 people too stupid to get out of jury duty"? Very VERY true! He said "when it comes to juries? Evidence doesn't matter, throw in some appeals to emotion, make it feel like 'LA Law' and smear the defendant? Its a slam dunk, they couldn't care less about actual evidence". My mother didn't believe me....until she ended up getting picked for jury duty. When she came back she was white as a sheet and said "You were right, NEVER pick a jury!" as she had to deadlock a jury. They had an arson case where there was ZERO motive as he didn't even have enough insurance to pay off the building, the investigator said he didn't know what started the fire, yet they went 11-1 to convict...why? "Because he is Italian and Italians are in the mob and burn buildings for insurance...haven't you seen Goodfellas?" Yep they were gonna give a guy 20 years for a stereotype based on a movie!
As for "fighting to the supreme court"....good luck with that, I hope you are 1.- in incredible physical condition and can bench at least 250, as the cops like to throw CP suspects in general pop as they tend to get "disposed of" by other prisoners, 2.- Have a metric assload of money because if you have less than 200K? You ain't getting jack shit to the supreme court as that is for the rich or groups like the ACLU and if you look groups like ACLU treat CP charges like the plague as they are poison when it comes to fundraising. And remember that this is a classic "red scare" situation, just like the satanic child abuse insanity of the 90s so no evidence is required, especially when it comes to juries. Sorry I can't find the stats again but when it comes to conviction rates? The only thing higher than CP charges is terrorism, we're talking a better than 95% conviction rate!
So I hope you are in great shape and your family can live without you for several years, you don't require any kind of income, and you don't mind spending 1 to who knows how many years in prison...oh and that you don't live in a state where they have asset forfeiture because one of the first things they do is grab everything they can and they will NOT give it back, just ask that guy in I believe its NM who was arrested for running a Tor exit node. Cops there snatched more than 35K in electronics and even though he was found not guilty has he seen a single piece of his gear since? Nope. So good luck friend, just realize that if they grab you you'll be treated about as same as the McMartins...remember them? One died in jail, the other has never recovered.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 3, Informative) by mojo chan on Tuesday June 16 2015, @07:45AM
The best way to use I2P is to download Tails and boot your machine into it (or at a pinch use a VM). That way you can be sure you are not leaking information outside the I2P network.
const int one = 65536; (Silvermoon, Texture.cs)
(Score: 1, Insightful) by Anonymous Coward on Monday June 15 2015, @04:12PM
No. That's the point of encryption. Your bad people are another man's freedom fighters. While it's easy to point fingers at ISIS and the like, one should keep in mind that abolitionists used to be "bad people" too.
(Score: 2, Insightful) by Ethanol-fueled on Monday June 15 2015, @04:52PM
I hate Durka-durka scum as much as any right-thinking Westerner, but ISIS rose only because of needless U.S. meddling in the Middle-East. Whether you believe that ISIS rose because of America's failure to secure the region or because they are American-funded useful idiots, or both, is moot -- the fact is that ISIS exists because of poor decisions made by the US Government.
It's really convenient how American citizens now need to be kept afraid and protected from the very mistakes their government caused.
(Score: 2, Insightful) by Zal42 on Monday June 15 2015, @04:15PM
It's impossible without severely compromising security (thus rendering the system pointless).
In the first place, you'd have to define "bad people". That's not nearly as straightforward as it may seem. But assuming that you can manage to do this, you'd have to keep a list of the "bad people" who are to be refused service. But for that kind of scheme to work, you have to be able to determine the identity of people and keep those identities in a database.
Once you're doing that, then your service is no longer trustable.
(Score: 2) by Anal Pumpernickel on Monday June 15 2015, @05:38PM
That isn't necessary, and would only compromise good people. The real question is: How do we keep the government from violating our rights? That's the real threat, not "bad people" making use of encryption.
(Score: 3, Insightful) by forkazoo on Monday June 15 2015, @08:26PM
You put the bad people in jail. If they haven't been convicted of anything, they aren't bad people. If they are in jail, you can control what they do. If you don't have certain proof that somebody committed a real crime, they are free to send private correspondence however, whenever, with whomever, and about whatever they please. If that isn't the case it's some sort of police state/doctatorship situation, and only people who demonstrate loyalty to the party/state can get any freedom-like bonus perks like privacy.
(Score: 1) by fido_dogstoyevsky on Monday June 15 2015, @11:14PM
You put the bad people in jail.
Sounds like the Pratchett solution [wikipedia.org] really is the answer then.
I still haven't worked out if he meant it in jest.
It's NOT a conspiracy... it's a plot.
(Score: 2) by forkazoo on Friday June 26 2015, @09:29AM
It would certainly be the sensible thing with Illinois Governors.
(Score: 5, Insightful) by edIII on Tuesday June 16 2015, @01:26AM
The answer is a firm, and absolutely perfect, "no you can't keep bad people out". Such a wish is logically precluded, and often accompanied by the realization that a true loss of power and control must occur.
Any technological answer must be socially agnostic if you take my meaning. Both "good" and "bad" are judgement calls, and all too often, are decided by cultures, and those in charge of them. What's good and bad again? I have a feeling we could argue about this forever, and that's where government wants you trapped, IMHO. It's the only way to successfully crap up the logical arguments with appeals to emotion. "Oh noes! The pedophiles!". Yeah, a child getting buggered is pretty damn bad, but then again.... ISIS selling little girls into sexual slavery every day is an even bigger one. We can all agree that amongst all cultures (nearly), that sexual activities with children are prohibited. However, to prevent all instances of pedophilia are we willing to sacrifice everything else? The first initial reaction is, "at all costs", but what really sucks is when you need to stand back and say, "ummmm... yeah, but Frank, just what are those costs again? Just so we all know". We can become ISIS trying to fight ISIS all too easily.
The answer, and it's not perfect, is the following:
1. It's far too dangerous to allow unsecured communications, as unsecured communications can be viewed by all Actors, or groups of Actors, some of which are possessing massive power and information asymmetry WRT to the average Actor.
2. All communications must become secured communications beyond the ability of any Actor, other than those involved, to decrypt the communications.
3. When tempted to weaken security because of any one smaller group of undesirable Actors, for all reasons considered Good, Bad, or Ugly, please see #1.
Now, my far-too-dangerous-argument was difficult to use historically due to the blinding effect of the Tin-foil hat most days, but thankfully many have been able to take off that hat when speaking about the dangers of mass surveillance :D
It's just a fact now, and no longer disputed that is in actuality fairly dangerous to let governments have access to all data. We can see that what the government has, just about everyone else can have too for a price. Given that so much of it is privatized anyways, we can basically just assume that corporations are battling each other for control and use of this data as well. Which is not a stretch given how forcefully Big Data has exploded in the last few years, and how it has demonstrated value to both corporations and governments for its ability to mine large collections of data for predictions.
We've entered a brand new world where bad Actors such as criminals and governments (kinda redundant) have forcefully, and painfully, reminded us of our power and information asymmetry. Governments can use this to abuse people, and bored teenagers can use it to send SWAT teams to people homes. As more examples (humbling and crushing instances of careers ending on Facebook/Twitter) of privacy as foundational security for life arise, more people will understand that everyone has something to hide, and everyone is guilty in the eyes of somebody. Or in other words, beware all ye who enter here. You shall only find judgement, and nothing else.
I'm afraid you need to accept that this really is an all-or-nothing proposition. In order for you to find your protection, you will need to accept that all undesirable communications become protected. Or, in short, all communications become fairly indistinguishable noise till they reach their destinations, no exceptions. Not nobody... not nohow.... and it must be this way because the greatest threats we face are not from Actors that transmit child pornography, but from much more powerful and scary Actors instead. Who are we trying to be safe and silent from again? Why? Hint: It's not the pedophiles and their pictures...
As an American, I'm pretty sure my Founding Fathers never even conceived of a world where the British could be recording every conversation in every tavern, making a copy of every parchment, being able to see Paul Revere's Tweets as he made his nighttime ride. If they could have seen what was coming, I'm firmly under the belief they would have outlawed most data collection practices, and strongly made efforts to both enumerate and protect rights of privacy and anonymity. They didn't, not because they weren't important, only because they were considered too fantastic or the "realm of Gods". Ben Franklin was just starting to work out electricity, much less its ability to transmit copies of his notes!
We're having these conversations now, and then juxtaposing them against our current needs for "security" and justice. Although, in truth, I'm far darker on just what our needs are leaning towards thinly veiled bigotry and other such mental failures. I believe that we are finding out that the government was able to experiment with privacy and anonymity while were sleeping and didn't understand them properly, and that we've suffered greatly for it. I'm off the mind that we need to protect ourselves against the biggest Actors causing the most harm to our freedoms and economies, and quite frankly, pedophiles and small time criminals are an order of magnitude less important at least.
All of that being said, I would agree to a key-escrow proposition.... if and only if .... the keys were jointly held by 12 other Americans that I don't know. Government wants to access my data it requires my fellow citizens to open up. In general, I think the technology that is destroying us right now, could be used to introduce a 4th check and balance in the U.S system - The Citizens. I don't trust judges since they can be bought off. I don't trust district attorneys because they can be bought off, and are not impartial (they only care about winning, not truth). Likewise, my feelings about Congress and Senators don't need to be reiterated here (it involves bondage with donkeys). An average every day American? Far more likely to enforce the Constitution if given the chance. That's about the only idea I have, which as you notice, is still isolating and greatly weakening the powers of the strongest Actors and pushing the control to the weakest Actors by design.
(Score: 2) by kaszz on Tuesday June 16 2015, @06:56PM
My approximate idea was say a service that didn't had the capability to transmit images for the sake of argument. That would make the service less attractive to CP traders, but it would not exclude them or rely on anyone making judgments. I know from a strict technical point enough text messages will make a picture possible and so on. The early internet required technical skills so only such people did interact on the network and so on. But it didn't really forbid anyone.
It's that way subtle and passive gate guarding I'm thinking of.
(Score: 2) by Bot on Tuesday June 16 2015, @09:55PM
> We can become ISIS trying to fight ISIS all too easily
That's the goal of terrorism. Terror has always been the tool of those in power, from Herod, to Vlad, to the way the French revolution submitted readily to emperor Napoleon, to black and red terrorists in the 70s, some of whom, strangely, are nowadays more integrated in society than war veterans, to ISIS. Of course they don't need big conspiracies, like you don't need a big conspiracy to inspire dogs for illegal dog fights. You just starve the lot and help the angrier.
When I see terrorism that is not an emanation, or a great ally, to those already in power, I'll let you know.
The only way to fight terrorism is to prevent ANY fallout from those acts, other than punishing those involved as ordinary criminals. Because when political or legislative fallout can occur, terrorist acts become palatable for somebody.
Account abandoned.
(Score: 3, Insightful) by kadal on Tuesday June 16 2015, @01:27AM
Child pornographers use USPS too. Should they open and check all packages?
(Score: 2) by Fnord666 on Tuesday June 16 2015, @02:31AM
Who gets to decide who the "bad" people are? You? Me? Congress? MI-6?