×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Ask Slashdot: Will the NSA Controversy Drive People To Use Privacy Software?

Soulskill posted about a year and a half ago | from the not-until-they-can-use-it-to-hurl-belligerent-anthropomorphic-avians dept.

Encryption 393

Nerval's Lobster writes "As the U.S. government continues to pursue former NSA contractor Edward Snowden for leaking some of the country's most sensitive intelligence secrets, the debate over federal surveillance seems to have abated somewhat — despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata. Even so, will the recent revelations about the NSA cause a spike in demand for sophisticated privacy software, leading to a glut of new apps that vaporize or encrypt data? While there are quite a number of tools already on the market (SpiderOak, Silent Circle, and many more), is their presence enough to get people interested enough to install them? Or do you think the majority of people simply don't care? Despite some polling data that suggests people are concerned about their privacy, software for securing it is just not an exciting topic for most folks, who will rush to download the latest iteration of Instagram or Plants vs. Zombies, but who often throw up their hands and profess ignorance when asked about how they lock down their data."

Sorry! There are no comments related to the filter you selected.

Reddit (-1, Offtopic)

Google Fanboys (2974975) | about a year and a half ago | (#44204293)

! ATTENTION !

Starting from 2013-07-06 I have decided to ditch Slashdot for Reddit [reddit.com] . Reddit is a much more fun site and more positive experience. There are girls [reddit.com] too! That is all.

Re:Reddit (-1, Offtopic)

Anonymous Coward | about a year and a half ago | (#44204347)

! ATTENTION ! Starting from 2013-07-06 I have decided to ditch Slashdot for Reddit [reddit.com] . Reddit is a much more fun site and more positive experience. There are girls [reddit.com] too! That is all.

Cool, so long, goodbye, thanks for all the ... the ... you only have five fucking comments on this site? Well shit, how will Slashdot recover from the loss of Google Fanboys?

Re:Reddit (1)

Black Parrot (19622) | about a year and a half ago | (#44204409)

Reddit is a much more fun site and more positive experience.

But does the NSA monitor them more, or less?

Re:Reddit (3, Funny)

peragrin (659227) | about a year and a half ago | (#44204449)

um who do you think the "girls" are? This is the internet, everyone loves games and all girls are really government agents spying on you.

Re:Reddit (0)

Google Fanboys (2974975) | about a year and a half ago | (#44204481)

Reddit is a much more fun site and more positive experience.

But does the NSA monitor them more, or less?

Considering how many people on this site are pirates, then yes, NSA monitors Slashdot more.

no (1, Insightful)

Anonymous Coward | about a year and a half ago | (#44204321)

two words: television, facebook.

With the exception of a few people, American's just don't care about anyting-- unless it interrupts their viewing pleasure.

Re:no (0, Funny)

Anonymous Coward | about a year and a half ago | (#44204439)

What is even worse: the most couldn't properly write down the plural of "American" even if their life depended on it.

Re:no (1)

camperdave (969942) | about a year and a half ago | (#44204653)

A - M - E - R - I - C - A - N - Watch out, there's an "S" coming - S

easy, (5, Informative)

etash (1907284) | about a year and a half ago | (#44204323)

no. People don't practically care plus they have the memory of a fish.

Re:easy, (5, Informative)

auric_dude (610172) | about a year and a half ago | (#44204375)

Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away/ [arstechnica.com]

Re:easy, (5, Interesting)

hairyfeet (841228) | about a year and a half ago | (#44204565)

The correct answer is zero, zero annoyance. as somebody who works with the normal folks 6 days a week i can tell you a shitload of them already just blast their entire existence onto their FB page anyway, and if having everything encrypted wasn't "clicky clicky" simple or actually cost a cent compared to your Gmails and Yahoo mails? Not gonna happen, they just won't use it.

And of course the bigger bitch is that for most of this software to work you have to get both parties on it so you are stuck with a network effect to where YOU can be encrypted but it won't matter because nobody you know will go to the trouble to use the software so you won't be talking to anyone anyway.

Re:easy, (5, Insightful)

hedwards (940851) | about a year and a half ago | (#44204661)

The problem with encrypted email is that you can only send it to people who agree that security is important.

And the people causing the loss of my privacy are numb nuts that post pictures of me to FB and various other places without my permission.

Re:easy, (2, Interesting)

CrimsonAvenger (580665) | about a year and a half ago | (#44204747)

Encrypted e-mail:

Since the NSA is logging (supposedly) metadata, and NOT the content of the messages, encrypting your email would have no effect at all.

Re:easy, (1)

Anonymous Coward | about a year and a half ago | (#44204797)

Encrypted e-mail:

Since the NSA is logging (supposedly) metadata, and NOT the content of the messages, encrypting your email would have no effect at all.

Actually, didn't they 'fess up and admit its not all metadata?

Re:easy, (2)

Black Parrot (19622) | about a year and a half ago | (#44204417)

no. People don't practically care plus they have the memory of a fish.

And a fine fish it was!

Re:easy, (5, Insightful)

Seumas (6865) | about a year and a half ago | (#44204463)

Only a few people even give the slightest fuck about the current revelations, anyway. The distortion field of Slashdot and Reddit (ugh) give the impression that it's the biggest thing in the world and the entire population is angry, but that could not be further from the case. People didn't give a fuck about Echelon. People didn't give a fuck about the DMCA or The USA Patriot Act. They didn't give a fuck about all the signing statements that George Bush put down (basically, when a president goes through a passed bill and writes down little notes essentially saying how he will or won't abide by each part of the bill -- signing statements are how we wound up with authorized torture and claiming the Geneva Convention doesn't apply to Americans -- only to "bad guys"). People don't give a fuck about all the ones Obama has done. People didn't give a fuck about Kevin Mitnick spending many years behind bars without a trial or access to the evidence against him. People don't give a fuck about Gitmo. Whatever fuck people *do* give a damn about right now will be mitigated by the next big distraction coming down the pipe.

Slippery slope doesn't apply to civil liberties and surveillance in America -- but the thing about a slowly warming frying pan sure does.

Re:easy, (1)

amiga3D (567632) | about a year and a half ago | (#44204519)

They care about what's happening on Big Brother though. Gotta keep the important things in mind!

Re:easy, (0)

Anonymous Coward | about a year and a half ago | (#44204575)

This.

Encryption software has been widely available well in excess of 20 years. Virtually nobody bothers. People simply don't care.

Re:easy, (1)

war4peace (1628283) | about a year and a half ago | (#44204487)

I won't. I don't care at all. My electronic activity is mostly gaming-related. Apart from work-related stuff, I sent exactly 6 e-mails last month, I had a few phone calls with my wife and mother-in-law, plus a conversation on Skype with my sister.
The NSA can keep those records; it's a waste of space IMO. But it's their space, paid for by the Average Joe (not me, I don't live in the USA).

Re:easy, (1)

amiga3D (567632) | about a year and a half ago | (#44204527)

I encrypted my Granma's secret cookie recipe. Let 'em figure that one out.

Re:easy, (4, Interesting)

Seumas (6865) | about a year and a half ago | (#44204559)

I don't understand this attitude. It basically comes down to "this doesn't directly impact me, so I don't give a fuck". So I guess you have an opinion on very few things, then?

I'm not a billionaire, but I don't think rich people should be capped at a certain level of income. I don't have a uterus, but I support a person's choice to do what they want with their body. I'm not gay, but I fervently support that they be treated like every other citizen as per the Constitution. I'll never be under age again, but I still think rights and liberties should apply to those who are under age.

In fact, it is kind of a sick and disgusting attitude. Less so, maybe, that you're not in the states -- but plenty in the states have exactly that opinion...

Re:easy, (5, Insightful)

_xeno_ (155264) | about a year and a half ago | (#44204503)

Yep. If you've been following the news, you'll notice that it's all about catching Snowden, and not about the massive NSA surveillance program. Most people just don't care about it, and the media sure isn't helping by focusing on Snowden to the exclusion of everything else.

I'm sure that ultimately, we'll get some law to "increase oversight on the NSA" that will have no teeth, the NSA will go back to spying on all communications it possibly can, and Snowden will get to discover the true meaning of "extraordinary rendition."

No. (1)

khasim (1285) | about a year and a half ago | (#44204329)

If you send an email "through the cloud" (and how else are you going to send it today) then the NSA collects the "meta-data" (at least).

If your message is encrypted then the NSA also holds onto the message. Even if they do not decrypt it.

If you store your data "in the cloud" then the NSA can copy that as well.

Being able to erase stuff on your personal machine does not matter in these instances. Even if the average person could understand the issues.

Re:No. (2)

Mike Frett (2811077) | about a year and a half ago | (#44204545)

And also, how is any Privacy software going to help if the OS itself has the back-door or whatever?. It doesn't make any sense unless you use an OS that's Open Sourced. And like you say, even then you might as well just unplug your Internet. Even if the OS is secured, you still need to worry about services like the Cloud.

This is going to take more than Software to resolve.

a quote from Ross Andersen (4, Interesting)

BACbKA (534028) | about a year and a half ago | (#44204665)

Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security: "The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear." (See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf [cam.ac.uk] p31)

Will it? (2)

K. S. Kyosuke (729550) | about a year and a half ago | (#44204335)

That's an easy answer, Mr. Betteridge: no, it won't. (People are way too much comfortable with not being careful about their privacy, otherwise the whole Facebook thingy would never have gotten off the ground. Now you're asking them to become techno-savvy just because of privacy reasons?)

Is it even worth it? (1)

eggman9713 (714915) | about a year and a half ago | (#44204371)

We already know that the NSA flags encrypted traffic as suspicious and keeps it forever. If we assume they have enough computing power to target on a particularly interesting set of data (based on headers and routing info which can't be encrypted or it doesn't work), then how is it much better than having them store your data in the clear?

Re:Is it even worth it? (2)

SuricouRaven (1897204) | about a year and a half ago | (#44204671)

It stops trawling. Even if they have or will have enough computing power to break encryption, it's not going to be cheap - even the NSA doesn't have an infinite money cheat. Encrypting everything means they'd be forced by simple practicality to only snoop on people they have some grounds to suspect, rather than just collecting anything and everything they can get hold of for analysis in the hope they'll stumble upon something they can use.

Re:Is it even worth it? (3, Informative)

hedwards (940851) | about a year and a half ago | (#44204683)

The more people that encrypted trivial bullshit, the more they need to store and the longer it'll take them to crack it at any point in the future. And the less likely it is that they'll be able to pay attention to everybody.

Remember, the time it takes them to crack thousands of LOL cat videos is time they don't have to crack things we actually care about.

No (1)

kthreadd (1558445) | about a year and a half ago | (#44204373)

Some techies will, but most people won't. They don't care.

Re:No (0)

Anonymous Coward | about a year and a half ago | (#44204429)

More like they don't know how. If the Snowden's leaks have proven one thing, doing data security right is hard, even for the NSA.

Re:No (2)

hedwards (940851) | about a year and a half ago | (#44204693)

To be fair, if the NSA had competent security measures in place, this wouldn't have happened. It was a pretty substantial breakdown in policy that let him get to Hongkong with the data.

Re:No (2)

Seumas (6865) | about a year and a half ago | (#44204483)

Almost no techies will, either.

I would fucking LOVE to make regular use of, for example, PGP/GPG. Unfortunately, there is no way my family, friends, acquaintances, or colleagues would do this -- rendering it fucking useless.

Also, what does it matter? It might make retroactively gathering data on me (the new thing where a wire tap warrent doesn't just cover newly monitored communications but everything you've done -- ever), but if they really want to target you, they'll just find a way to infect your system and capture the data prior to the point of encryption.

Re:No (0)

Anonymous Coward | about a year and a half ago | (#44204893)

Highly unlikely that they'll be able to infect your system if you're competent.

US Media knows what it is doing (0)

Anonymous Coward | about a year and a half ago | (#44204377)

...despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata.

Looks like the MSM's tactic to make this all about the messenger rather than about the revelations has worked again!

Yes they will untill.. (0)

Anonymous Coward | about a year and a half ago | (#44204381)

The spooks decide to make using such tools a felony.

After all, they don't want people to NOT be spied upon now would they?

Use this software, and you are a criminal by default. You are nicked!
You don't have the right to remain silent and no lawyer will be made avilable to you.

Yes, some, but will it matter? (3, Interesting)

PapayaSF (721268) | about a year and a half ago | (#44204387)

The NSA gets a great deal of information through metadata and traffic analysis, so how much does encryption really matter? It might even call more attention to yourself: If you are just somebody surfing an Islamist website or emailing your school friend in Pakistan, the NSA will note it but possibly ignore it, if there's nothing else suspicious to connect you to. But if you are sending streams of encrypted data to those same locations, wouldn't that raise red flags?

Personal encryption tools need a UX overhaul badly (5, Informative)

Wonko the Sane (25252) | about a year and a half ago | (#44204391)

I made a tutorial [youtube.com] designed to help non tech-savvy people set up usable email encryption and even with the best narrator and script it's still terrible.

There are way too many steps involved, and in spite of how radically the usability has improved over the last decade or so it's still not at all user friendly. Default values are set poorly; things that should be completely automated and happen transparently in the background, like keyserver operations, require manual intervention.

It's almost enough to make me suspect a consipracy to keep these tools out of the reach of the average user, but realistically I suspect (unproductive) laziness combine with a lack of empathy for non-experts is the real culprit.

Re:Personal encryption tools need a UX overhaul ba (0)

Anonymous Coward | about a year and a half ago | (#44204611)

Make a video with fewer steps [youtube.com] .

Re:Personal encryption tools need a UX overhaul ba (0)

Anonymous Coward | about a year and a half ago | (#44204643)

I didn't watch your tutorial, but I found installing PGP virtually trivial. It was a matter of running it, and pressing "return" a few times to accept the default key sizes and such. That was it.

If, as a population, we've reached the point where doing that is considered "hard", then I weep for our species. It's all over - maybe the next intelligent species will do better than we did.

Re:Personal encryption tools need a UX overhaul ba (1)

Anonymous Coward | about a year and a half ago | (#44204667)

You're doing it wrong.

Re:Personal encryption tools need a UX overhaul ba (1)

Wonko the Sane (25252) | about a year and a half ago | (#44204719)

I didn't watch your tutorial, but I found installing PGP virtually trivial. It was a matter of running it, and pressing "return" a few times to accept the default key sizes and such. That was it. If, as a population, we've reached the point where doing that is considered "hard", then I weep for our species.

Please tell me you're not a software developer.

If you think the problem to be solved is as simple as making it easy for users to install PGP and create a keypair, you're like a contractor who pours a foundation and then declares he's just completed a skyscraper.

Re:Personal encryption tools need a UX overhaul ba (0)

Anonymous Coward | about a year and a half ago | (#44204777)

... because exchanging public keys with someone from that point is really, really hard?

Re:Personal encryption tools need a UX overhaul ba (1)

dirvine (1008915) | about a year and a half ago | (#44204847)

It can be done, the system needs an overhaul, as companies route data in an insecure or unencrypted manner then those companies are at least in a position to snoop. If these companies become excessively profit driven or are obliged to (Plc) then that data is a profit center and no longer private.

Encryption is no where near enough though! If anyone knows where our data is they can corrupt or steal it, or force you to give up passwords to it. It needs much more than pgp email or similar as these are layers on top of a currently brocken system. SMTP etc. will require servers and these can be snooped on and until we move away from servers and allowing others access to our data then it's going to continue as is with loss of privacy and ultimately liberty.

Huge disclaimer I work for this project novinet [http] it's open source (dual license) and aims to provide people with a network that ensures privacy and security in a manner that's invisible to people and this is key. It's very new and like all new ideas will have detractors, but when people dig into the detail it becmoes clear that this or something very like it is required if we want privacy ever again.

If hackers focus on this issue with the above project or other ideas to achieve the same end goals then it will be achieved. My contention, however, is that we need another way of putting our data on this Internet of ours and we need to do so in a manner that allows more options than today with much better user experiences. From experience though this is not a simple job and does require a lot of new thinking and more importantly it requires to be available to everyone, not a % of the code and ideas but 100% available, however that's achieved.

Re:Personal encryption tools need a UX overhaul ba (1)

Wonko the Sane (25252) | about a year and a half ago | (#44204897)

You're never going to bring masses to a new platform in order to get privacy. You've got to bring the privacy to them. Making it possible and easy for users to encrypt their messages does not protect metadata, but it's a significant improvement over the status quo. It will have a larger positive effect than asking users to abandon email for an entirely new platform - the network effect ensures that.

No they're sheeple content on eating Obamas grass (0)

Anonymous Coward | about a year and a half ago | (#44204397)

Polls showed that more than 1/2 of American's weren't bothered by the spying..

51% also voted for Obama a second time..

Coincidence?

Re:No they're sheeple content on eating Obamas gra (2)

Black Parrot (19622) | about a year and a half ago | (#44204435)

Polls showed that more than 1/2 of American's weren't bothered by the spying..

51% also voted for Obama a second time..

Coincidence?

Meaningless, unless you show correlation between the two sets.

Re:No they're sheeple content on eating Obamas gra (1)

RabidReindeer (2625839) | about a year and a half ago | (#44204851)

Polls showed that more than 1/2 of American's weren't bothered by the spying..

51% also voted for Obama a second time..

Coincidence?

Meaningless, unless you show correlation between the two sets.

More than meaningless, when you consider that Obama simply expanded on his predecessor's groundwork. Unless you're willing to consider that exactly the same people voted for Obama as voted for Bush in this era of polarized politics.

Hard - Complex - don't work easly (1)

btk667 (722104) | about a year and a half ago | (#44204403)

First of all, to use these software are hard to use for the average person. Second, some concept are very hard to understand, like what is man in the middle, and why does the NSA "keep" the encrypted information. (This is easy to understand for people in the business but not for my parents)

And finally, I have personally use some of them and they have "lots" of bugs.. I mean, does not work properly..

And you want me to trust some company that opened it's door less than 2 years ago ?

Re:Hard - Complex - don't work easly (2)

just_a_monkey (1004343) | about a year and a half ago | (#44204555)

You want me to trust some company? I trust Stallman. End of list.

Re:Hard - Complex - don't work easly (1)

meta-monkey (321000) | about a year and a half ago | (#44204743)

It's so sad it's come to that, but you're right.

Re:Hard - Complex - don't work easly (1)

fred911 (83970) | about a year and a half ago | (#44204573)

Math is hard....

Re:Hard - Complex - don't work easly (1)

Anonymous Coward | about a year and a half ago | (#44204659)

And you want me to trust some company that opened it's door less than 2 years ago ?

PGP has been available since 1991. GPG has been available since 1999.

Most people CAN'T (5, Insightful)

Kazoo the Clown (644526) | about a year and a half ago | (#44204419)

I'm in IT and I can't figure out the gibberish that passes for documentation on open source security products. Without exception, they presume you already undrstand the issues, or they explain them badly...

Re:Most people CAN'T (0)

Anonymous Coward | about a year and a half ago | (#44204791)

Those are pass phrases, not documentation. :-)

People do take an interest (2)

sjwest (948274) | about a year and a half ago | (#44204427)

On twitter recently #drm was trending over the ms new console. People might not think it issue 1 but somehow the eff have pushed in to people brains.

End to end encryption does not exist, a design flaw.

Ssl is tied to domain names, I had the recent experience of purchasing ssl on a site with no ssl. The irony of that statement i will let sink in

Re:People do take an interest (0)

Anonymous Coward | about a year and a half ago | (#44204789)

End to end encryption does not exist, a design flaw.

It does for email, and has ever since RFC 2440, which is what, 15 years ago now or something?

The Better question: (0)

Anonymous Coward | about a year and a half ago | (#44204431)

Will the NSA controversy drive people to revolt against their government and overthrow these dictators?

Yes we live in a dictatorship - Any idea of a republic or a democracy is simple a lie, a sham, fabricated, completely false.

Seriously, fuck a privacy software. People need to handle things their own way - and I'm not talking about installing some privacy software to make the ass fucking more smooth.

What's different? (3, Interesting)

jtownatpunk.net (245670) | about a year and a half ago | (#44204433)

If all of the past disclosures and leaks haven't prompted them to do so, why would this one be any different? Did people really think the NSA put their toys away and went home after the Room 641A exposure? It's not like that was ancient history. It's the core of Congress' retroactive grant of immunity for warrantless wiretapping which was all over the news less than two years ago. And domestic spying was old news even before 641A.

Holy Crap, What A Bunch Of Pessimists (4, Interesting)

Jane Q. Public (1010737) | about a year and a half ago | (#44204443)

Most of the comments I have seen here have been depressingly (and unjustifiably, IMO) negative.

I think it is obvious that people are becoming more concerned about privacy, now that they see how much of it they have inadvertently allowed to be taken from them.

I only hope that when they start using "privacy protection measures", they don't forget to fight against the reason they need to: abusive assholes (at least half of whom seem to be in government).

Re:Holy Crap, What A Bunch Of Pessimists (0)

Anonymous Coward | about a year and a half ago | (#44204655)

Most of the data people have are not that valuable. And when I die I wish most (if not all) of that data will be public. But that's only a wish.

Re:Holy Crap, What A Bunch Of Pessimists (0)

Anonymous Coward | about a year and a half ago | (#44204703)

Most of the comments I have seen here have been depressingly (and unjustifiably, IMO) negative.

For some reason, more of the authoritarian bootlickers that dwell among the /. crowd seems to be present here on weekends.

Re:Holy Crap, What A Bunch Of Pessimists (0)

Anonymous Coward | about a year and a half ago | (#44204757)

> now that they see how much of it they have inadvertently allowed to be taken from them.

I'd rather guess that they are defeatist and depressed because they realize how much physical violcence and sacrifice would be necessary to get those rights back,and since they are not willing to fight and possibly die, they lose and they know it.

Yes. (0)

Anonymous Coward | about a year and a half ago | (#44204445)

With all the recent talk of internet privacy in light of this NSA business, I decided to start using tor.

Particularly because using tor makes one a target for NSA tracking.

I am sure the NSA will be extremely interested in the onion-routed search I did tonight: "Why do cats smell like ham?".

bigger picture (2)

Black Parrot (19622) | about a year and a half ago | (#44204457)

It may speed up adoption of FOSS (or homegrown) by other countries.

Though OTOH, I can't imagine any of them would have been blind enough not to see this coming.

As for terrorists, didn't aQ switch from cell phones to couriers about a decade ago? Anyone who gets found out on the basis of the activities we now know about is either careless or stupid.

tie them in their own chains (0)

Anonymous Coward | about a year and a half ago | (#44204459)

As mentioned, if enough people become that concerned enough that they'll encrypt all their communications, they'll all become targets of suspicion. At the same time if you can get enough people to encrypt their data, the NSA will drown in their own data flood. The problem is getting literally everyone on the net to start encrypting their communication. Would that be considered an act of protest or an act of treason?

But, unfortunately, before they reached that failure point they would have laws passed to make it illegal to protect your privacy via encryption.

And they are correct: (1)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#44204471)

Arguably, people are entirely correct when they throw up their hands and profess ignorance. The fishing-expedition style attacks that have been revealed so far appear to concentrate on a combination of sniffing out activity between nodes on the network(which are also the data required to route traffic between those nodes, which makes hiding it difficult) and getting wholesale dumps from collaborating companies(which you pretty much have to assume is all of them unless specifically proven otherwise on jurisdictional or architectural grounds).

The problem trying to counter that sort of network based attack is that you can't really 'just install security software' and have done with it. Everyone you wish to interact with has to as well. There is no software, however much expertise I am willing to bring to bear, that will allow me to send a message to user@gmail.com without showing up in the monitoring of his account. Same deal for phone calls, and others.

Re:And they are correct: (0)

Anonymous Coward | about a year and a half ago | (#44204917)

Everyone you wish to interact with has to as well

"The problem with email is that everyone you wish to interact with has to have it as well."

"The problem with putting up a web page is that everyone who views it has to have a web browser".

Too bad there isn't an actual RFC [ietf.org] for end to end email encryption, or something, to allow easy interoperability between mail clients in the realm of encryption. Maybe someone should get to work on that [ietf.org] .

yes (4, Interesting)

periol (767926) | about a year and a half ago | (#44204485)

several non-tech folks have stopped communicating with me except for face-to-face, simply because they don't want the government to read our conversations. my text and emails have gotten very matter-of-fact ever since the snowden revelations leaked.

as a result, i've been researching the available encryption resources out there so we can actually have private conversations without worry. there aren't many that are really simple to use and actually effective. i'm talking with a friend about setting up a home server we can VPN into for chat sessions until there's a workable solution for non-tech types.

i've wanted to do this for a while, but no one else around me cared. now they care.

Re:yes (1)

SuricouRaven (1897204) | about a year and a half ago | (#44204697)

Try Retroshare. I've set up a little network for myself and a few friends. Aside from its concerningly weak default key size, it seems good. I've had it working reliably doing file-sharing, chat and email. Not tested the forums much yet.

I expect the NSA could break it, but it'd take enough effort that they aren't going to bother without a specific reason.

Re:yes (1)

periol (767926) | about a year and a half ago | (#44204755)

looks interesting. we were thinking about using VPN connections to perform messaging on our own server, so they would have to break the VPN, or actually get into the server to get the communications. but retroshare does look interesting, although i worry about those keys too. i suspect breaking simple encryption is beyond easy for the NSA, as in it's already automated.

Re:yes (0)

Anonymous Coward | about a year and a half ago | (#44204879)

Currently Android-only, but there's RedPhone and TextSecure [whispersystems.org] for encrypted phone calls and text messages. I you're willing to move off text, OTR [wikipedia.org] is a great encryption protocol for IM with client support on most OSes including Android and iOS. For the high-effort version, you could even setup your own XMPP server (and setup accounts on it for your friends) so Google (or whoever you decided to use as an IM provider) wouldn't know who you were talking to and when.

E-mail encryption is simply as harder problem UI-wise because you have to pre-arrange keys. It doesn't help that most users access e-mail from a bunch of different devices; personally, I just don't bother with e-mail encryption and treat all e-mail contents as public.

Of course not (4, Insightful)

Le Marteau (206396) | about a year and a half ago | (#44204497)

Why would the average person give a fuck about their privacy? Most people have nothing to hide, and unless they are a fanatic or a hobbyist, they could not care less who reads their stuff.

This security stuff is NOT about the average guy, though. It's about movers and shakers... politicians, lawyers, businessmen, members of the media... people who have power in some ways to affect change, and who communicate in ways which REQUIRE privacy.

Likewise, the NSA monitoring the average person does not matter in the least. It is about them monitoring movers and shakers. It's about people who could potentially upset the powers that be.

So cut me a break with the ruminations about whether Joe Six Pack or Susy Soccer Mom is going to encrypt their email. The real question will be, will the next candidate for high office, who aims to shake things up, and who thinks the current Republicratic overlords need to GTFO... the question is... will he us it, and will he continue to be monitored.

Re:Of course not (0)

Anonymous Coward | about a year and a half ago | (#44204589)

You're wrong - monitoring "average" people matters if you're literally monitoring *all of them* and can use various sophisticated models to estimate higher level dynamics. You're right that they don't necessarily care to predict the daily routine of Joe Blow, but they *do* care about the aggregated thoughts and behavior of millions of Joe Blows, and will use these tools to both monitor and manipulate that.

Re:Of course not (1)

Anonymous Coward | about a year and a half ago | (#44204603)

I should add that it's never certain when or which Joe Blow will suddenly become Joe Of Interest, so having an omni-record is very useful even forgetting about higher level dynamics.

More likely to influence companies outside of US (3, Interesting)

dcavens (178673) | about a year and a half ago | (#44204507)

I think the whole fiasco is going to convince a lot more companies located outside of the U.S. to stay away from U.S. based cloud-providers and SaS. As a Canadian, I'm looking for a Canadian cloud provider that guarantees data is located in Canadian data centres, is Canadian-owned (U.S. law treats subsidiaries of U.S. companies as U.S. companies), and is only subject to Canadian laws.

I suspect many non-U.S. companies are going to do the same- I'd rather be subject to laws I have some influence over.

The problem is (1)

phantomfive (622387) | about a year and a half ago | (#44204511)

The problem is it's really a pain to use encryption on your email and the end result is no one will send you email, which defeats the purpose of having email.

It would be really great if SMTP had a way to query for a public key so it could be encrypted before sending automatically. That's the only way I could ever see encrypted email becoming common, and even then there are a lot of difficulties.

Re:The problem is (1)

SuricouRaven (1897204) | about a year and a half ago | (#44204709)

Can't trust the SMTP servers - they are run by ISPs or mail services, the NSA could change the key on those with a polite email. It has to be handled by the client.

Re:The problem is (1)

phantomfive (622387) | about a year and a half ago | (#44204911)

Yeap, that is true, but you can send your public key to ISPs or mail services without any problem. Then your client can do the decryption.

So it has to be a multi-step process.
1) Design an extension to the SMTP protocol to handle public/private keys automatically. Make it a dead simple protocol.
2) Get large mail services (Google would be a good one, but others can be sufficient to get things started) to implement it.
3) At that point you're not safe, but if you can upload your own private key, or run your own mail server, then you are safe.

The second step is by far the hardest, but it is something that can happen if 1 happens first.
I don't see any other way that we can all switch over to encrypted email.

Re:The problem is (1)

phantomfive (622387) | about a year and a half ago | (#44204919)

Dang it, I should have said:

3) ...if you can upload your own public key....

Although uploading your private key might accomplish......something.......

Re:The problem is (0)

Anonymous Coward | about a year and a half ago | (#44204745)

You can email it as an attachment to someone, and importing it is (depending on your mailer) just a mouseclick or GUI menu away. It isn't hard. If you're really paranoid, you can read them a hash to make sure nobody MITMed it, but at the moment that isn't really even necessary. Just PGP'ing all mails would be a huge step up.

The NSA story broke in 2006 (0)

Anonymous Coward | about a year and a half ago | (#44204529)

As a result, the US passed the Patriot Act, legalizing the mass surveillance of US citizens and providing retroactive immunity to those who broke the laws that were against such surveillance in the past.

So, now we're seven years later and some guy re-reveals the exact same mass surveillance apparatus, with some new evidence. The world is shocked, SHOCKED, that this sort of thing is going on.

I think the answer is safely "No".

Will the NSA Controversy Drive Slashdot To Use Pri (2)

Anonymous Coward | about a year and a half ago | (#44204531)

you get the idea.

Answer so far is no.

https? no way, i'm too lazy living off my fat slashdot editor salary.

This does not affect privacy if you're smart. (1)

Martyn Hare (2928045) | about a year and a half ago | (#44204537)

You can tip the system in your favour when you're being watched, you can have "them" know what you want "them" to know. Make everything you do on the Internet with companies as public as possible, so the authorities have nothing additional to what the rest of the world already knows. Treat the corporatocracy that is the mainstream Internet services like being outdoors in public and treat your own personal computer(s) as the private area and simply use encryption there. That way, when you use Free, Open-Source Software you'll maintain privacy on your own machine without arousing the suspicion of the authorities. The end result is transparency that even public figures do not have, "they" think they have everything but you still have real privacy on your own private network(s). When you need to communicate with friends privately, bridge networks using a VPN. Stick to common sense and enjoy your life, the NSA have won nothing if you use your brain and stick to keeping things you can't make public as private.

This is among the most sensible opinions I've read (1)

Michael Ahlers (2939579) | about a year and a half ago | (#44204769)

I've little to add besides my agreement. Privacy cannot be assumed in public spaces. Nothing's more public than the Internet. Act accordingly.

I am so embarassed ... (1)

Max_W (812974) | about a year and a half ago | (#44204539)

... that I still do not know what to think of it.

I thought that the "Skype" had a strong encryption. I did not know that my conversations with my spouse were supervised and recorded. Gosh ...

Re:I am so embarassed ... (1)

SuricouRaven (1897204) | about a year and a half ago | (#44204753)

Skype does have some good encryption in it. But it has two deep flaws:
1. Metadata is still easily intercepted. That alone can be used or abused quite well.
2. It has backdoors which allow the operator (Microsoft, now) to intercept communications on behalf of the NSA - and quite likely a backdoor for the NSA to use any time they want, too.

There's a common conspiracy theory claiming that Ebay's purchase of Skype was at the request of the US government in order to gain intercept and metadata-recording capability - before the purchase it was run from Luxembourg, out of the NSA's control. It seems a plausible conspiracy - there doesn't seem any other reason for an internet auction company to purchase an IM platform, and they sold it on in turn to Microsoft just four years later.

Re:I am so embarassed ... (1)

Max_W (812974) | about a year and a half ago | (#44204895)

Skype was used by some people for "Skype sleeping" http://www.urbandictionary.com/define.php?term=skype%20sleeping [urbandictionary.com] .

Some people do have to travel to get a work done. Sometimes for weeks or months.

It will never be the same anymore after there is a suspicion that a third party is watching or recording.

I am not sure about a personal encryption software but there will be definitively a behavioral tectonic shift now as people know for sure that it is watched and recorded. Or at least can be watched and recorded at will by some obscure organizations.

Snowden nailed it... (2)

Dj Stingray (178766) | about a year and a half ago | (#44204571)

Doesn't matter if you are on the "up and up". Things can be taken out of context. Might as well not give them ANY ammo to use. They say to always exercise your right to be silent. This is a preemptive way to do that.

I think you would be stupid not to try and keep your personal information away from strangers. Also make sure to kill your RFID chips in your credit cards. But for the rest of you, ignorance is bliss. Enjoy.

Feedback (1)

gmuslera (3436) | about a year and a half ago | (#44204613)

Worth the trouble? You should weight how much it costs you privacy vs what could cost you don't worry about it, but unfortunately, english is a bad language to realize how important the future is [ted.com] .

How it could affect you? You can check what have the FBI/NSA about you [dailykos.com] . You can see precedents of what NSA did with private information [go.com] (if that the respect that soldiers in the battlefield deserve, good luck about you). You can see the starting [cnn.com] trend [theblaze.com] of misusing information and how it could impact you in the future.

I think that the widespread perception of the danger is not enough... yet. But as jailing/killing the people that could inform you about the real situation is the new normal, you probably won't be aware of why you should had done it before until it hits you. Or won't have the chance, as the next salvo probably will be outlawing consumer encryption (it already started [slashdot.org] ). Some of the things that you can do could be complex or cumbersome to do, but you can start progressively with this tools [prism-break.org] , taking the path of least resistance, it will protect you not just from the NSA, but from other evil people and organizations too.

No not really and here is why... (0)

3seas (184403) | about a year and a half ago | (#44204625)

.... in a word "Sheeple" for the spying on the people is not to find so called terrorist and it never has been, but is as a part of the manipulation of the people feedback loop for which the controlled news media often refereed to as MSM (Main Stream Media) is the other part. To make the spying useless the sheeple need to stop watching or reading MSM and awaken into being real people aware of all the corruption the government is involved in at the expense of the tax payers. Reading the Declaration of Independence would be a real good start in waking up. Applying the instruction the founders wrote in it, would prove one is awake.

TPTBs are already dealing with it (1)

boorack (1345877) | about a year and a half ago | (#44204679)

Our corporate overlords are already dealing with those pesky users daring to hide their online activity [slashdot.org] from prying eyes of NSA. Expect more measures to dismantle last remains of privacy - including choking off privacy tool vendors, labeling users of such tools as 'terrorist suspects', somewhat skewed patent lawsuits, outright banning certain classes of tools etc.

mmmm (1)

houbou (1097327) | about a year and a half ago | (#44204701)

Privacy software will be a red flag, they will see this coming a mile away, hell, I wouldn't be surprised if the NSA wasn't indirectly funding a few of these apps themselves just to give you some false sense of security.

In the end, if you want your privacy, well, keep it private! :)

But beware social media and most of all, be smart. You don't want people to know, then don't use electronics for your very sensitive stuff, or at the very least, keep it hush, sneaker net, or word of mouth.

Sure you could be a genius and create your own e-mail and electronic data transfer app with your own private key system for security, using your own encryption, and perhaps, passing this info and software only to those in the 'need-to-know' and then, use the old snail mail system to distribute the software and the key(s), etc..

If you have need for this, well, you lead a way more complicate life than I would want for myself! :)

Most Americans want NSA spying (0)

Anonymous Coward | about a year and a half ago | (#44204707)

Despite claims to the contrary, most Americans approve of NSA spying. If they cared, the people in power would be voted out of office. I would be willing to bet that roughly 99% of all votes cast in the next election will go to the ruling Republicrat party and absolutely nothing will change. It may even get worse. I will be voting for a third party like I always do, but I seem to be an oddity.

Okay... (2)

SeaFox (739806) | about a year and a half ago | (#44204759)

...despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata.

Really? Maybe the submitter needs to learn to use the Internet better.
http://www.buzzfeed.com/ellievhall/40-best-signs-from-the-restore-the-fourth-rallies [buzzfeed.com]

Privacy Software Not An Option Or Answer (0)

Anonymous Coward | about a year and a half ago | (#44204785)

Privacy software is no answer. It is only a panacea and does not address the disease.

The disease is the perception of power that the National Security Agency and its bureaucracy gives to the President and Federal Government agencies who answer to the President.

The only way to rid this disease from the USA is Civil War to destroy the Federal Government and all its institutions and current employees.

However the USA may not be at the point of Civil War with the Federal Government for many years to come.

The disease will continue to grow and spread as long as there is food to nourish it.

When the rate of growth exceeds the rate of food consumption the disease will be unsustainable and weaken.

If the reproduction rate of the disease can also be attacked then unsustainability will be strengthened and the disease further weakened.

Hopefully, it will (1)

WindBourne (631190) | about a year and a half ago | (#44204823)

Perhaps more importantly, it will lead to use developing new protocols that employ decent security. This is needed. For example, all email should be sent encrypted, not clear text. In addition, email should be re-developed so that it pushes a distributed architecture while removing the spam.

More interest in Portland, for sure (2)

LandGator (625199) | about a year and a half ago | (#44204825)

My classes in Internet Security at http://www.freegeek.org/about/classes/ [freegeek.org] were pretty well packed yesterday.

Can't be bothered (0)

Anonymous Coward | about a year and a half ago | (#44204891)

I could encrypt my communications in order to drive up the marginal cost of Prism-like surveillance. However, since I have nothing interesting to hide, I'd do it if the cost was minimal (transparent in my apps), and it was transparent to my receivers, i.e. zero effort on their side.

However, as long as the most important data, the metadata, is still plain to read, I'm not that interested. If I can't hide that I'm sending an email to person X or a text message to person Y, then I don't really have any privacy with encryption either.

you Fa1l It! (-1)

Anonymous Coward | about a year and a half ago | (#44204913)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?