xeni at September 5th, 2013 20:01 — #1
imb at September 5th, 2013 21:10 — #2
I wish someone would translate some of what is gobbledygook to those of us who are less well versed in technology. Also, he says some things that I suppose insiders understand like "use encryption not made by any major US company". Okay, I get that Apple is probably not a good source for encryption which comes with the computer. But how does someone find good encryption? How do you know where to look, and which ones always have a backdoor way in and which don't? I have many questions, but will read it all over again when I am fresh.
pjcamp at September 5th, 2013 21:12 — #3
Isn't it simpler if we all agree to use "Death to Obama, Long Live Osama" as our sigs?
I mean, if everybody is a terrorist, nobody is a terrorist.
kangorufoo at September 5th, 2013 21:18 — #4
Computer security and cryptography is very hard. Its up the the engineers and coders to do the heavy lifting for users. You can learn how to protect yourself better but it will take time. I'm afraid that technology is primarily constructed from gobbledygook.
imb at September 5th, 2013 21:20 — #5
kangorufoo at September 5th, 2013 21:22 — #6
We need more Schneiers in the world. What is required is an army of scientists armed with high math and engineering skills to protect the common person from spying eyes and invisible hands of any and all.
imb at September 5th, 2013 21:22 — #7
For a little while there, I was thinking of making my email signature, Fuck you NSA.
I'm not sure the intended recipients would appreciate that though.
kangorufoo at September 5th, 2013 21:28 — #8
I would start with gpg to protect the contents of your email. Gpgmail is a plugin for your apple mail application. Now this program will only work if the people you communicate with use gpg too.
Here is a demonstration of the problem. We have these great tools but they are hard to work with and they only work if they are broadly adopted. This is the challenge if you're an engineer, coder, or admin.
kangorufoo at September 5th, 2013 21:31 — #9
What you can do to make real change is call your representative and senator and give them an earful. Tell them that you vote and your are not happy. If enough people do this the NSA can be put in its place.
thetorchpasses at September 5th, 2013 21:56 — #10
I'd put that in my work sig, but I work for "the man." (Not El Presidente, but one of his departments.)
thetorchpasses at September 5th, 2013 21:58 — #11
I'd love to encrypt my email, but at best the people I email are indifferent about the surveillance, at worst they're supporters of it. Thankfully I don't write anything that would get me in troub...
zaren at September 5th, 2013 22:35 — #12
Yep, that's some sig material right there.
cowicide at September 6th, 2013 00:24 — #13
I get that Apple is probably not a good source for encryption which comes with the computer
Apple's DMG can use up to 256-bit AES and it's problematic to crack. With a tough password, it's possible, but it would take too many billions of years to do so.
Schneier seems to think it's safe:
Now, if someone knows of a backdoor in Apple's implementation of DMG, that's another story.
Overall, you're probably better off using something open source like TrueCrypt.
macrumpton at September 6th, 2013 01:47 — #14
our best defense is to make surveillance of us as expensive as possible.
Unfortunately this also has the side effect of making us pay more for our trouble, as the NSA will have to work overtime to decrypt all of our missives.
michael_r_smith at September 6th, 2013 05:40 — #15
Mostly it is the users who defeat security by giving away their passwords or using applications like facebook.
imb at September 6th, 2013 06:52 — #16
Yeah, I know, but in my experience, sometimes that brings the heat on you, especially if you are consistently vocal.
awjt at September 6th, 2013 07:10 — #17
Sir, come with us, please.
awjt at September 6th, 2013 07:17 — #18
Truecrypt is probably safe. But what he didn't really address in his article is WHAT you should encrypt. He has it all lumped together. Computer users do a few main things: work on local files, and communicate over the network, sometimes regarding those local files.
If all you are doing is working local on top s33krit sh1t, TrueCrypt and an airgap is your solution. But if you are hoping to communicate securely, you're going to need one of a few other solutions. Or maybe you don't care about encrypting your local work, but you only care about your communications.
See? Everyone needs to personally audit what is important to them, and what they need to keep secure... AND FROM WHOM.
Sometimes, it's not the NSA that is bothersome. For instance, I won't email personal stuff to my wife on her corporate email account. I don't want some slob at her company doing the Outlook backups reading our shit. Do I care if the NSA reads it, if they are listening? Well, no, and it's not worth the effort to encrypt it all. Easy solution: don't email her at her work; use her personal address.
So, long story short, my advice is to personally assess your computer use, what is important and what you need to encrypt, and who you are most concerned about. Then go from there.
jeff_fisher at September 6th, 2013 09:01 — #19
Basically it says you don't have a glimmer of a hope to secure your communications against NSA surveillance.
Even a noted security expert like Schneier finds it to be far to onorous to actually implement it for any but his most sensitive communications, and presumably he has some communications a lot more sensitive than you and many of the people he communicates with are also security experts.
imb at September 6th, 2013 09:19 — #20
My like was for translating for me, not that I like what the bottom line is.
next page →