Honeypots seem like a legitimate go-to tactic which can be relied upon to learn who has been exfiltrating one’s data, what it is, and what they use it for. A secondary effect has been that it can cause “bad actors” to re-think acting upon the data they steal, or even whether they should be stealing it at all.
As much as I am eagerly on board with the “carrot” of trying to persuade nominally democratic governments to not abuse their constituents, it occurs to me that there is not enough done on the “stick” end - the unpleasant area of demonstrating that their actions can and do have real consequences which will bite them in the ass. Governments like to assume that, despite their status as an extreme statistical minority, they might somehow get their way regardless of any valid criticism. They presume that the citizens have no teeth to their arguments, so their pleas for ethical treatment and insistence upon meaningful oversight can be ignored.
So, I am interested in ideas of how everyday deployment of honeypots in a surveillance culture can be used to make the practice of surveillance less useful and less profitable. Your drug and weapons empire which doesn’t exist? SWAT raids which fall down into abandoned mineshafts? What kind of traps can be used to snare the busybodies?
Could be… I am not sure how far “whatever you have in mind” goes as a marker of legality. But I will point out that LEOs, NSA, and other US groups do this very same thing, and put it forth as a legitimate strategy. So far as I know, false testimony in court is unlawful. But claiming IRL and in social media to be conducting illegal activity is not. This is assuming that the person or parties in question are not already engaged in other shenanigans they could be busted for! Another caveat is fraud - if you try to use claims of illegal activity as a means to secure work - legal or otherwise - this still counts as fraud. But if you and a buddy agree that you are trading in fictitious contraband or secrets, it is no crime. And if you weren’t being surveiled, nobody would ever know.
Completely not what I am talking about here. The whole point is not calling anything in. The beauty is that the LEOs or NSA find themselves in the shit because the only way they knew about this activity was by snooping on your private communications. “Sorry your operatives got trapped in that shipping container, but nobody told you fuckwits to play in it”.
The problem with authoritarians is that they can never define their terms well, because the role is more important to them than the law - which takes a distant second place at best. There is too much self-censorship and complacency from people who feel discouraged from doing anything which will actually make a difference. So I think that it is vital that some people at least do provide encouragement - that civic responsibility means alignment of thoughts, words, and actions. Fighting authoritarian attitudes can mean standing up for egalitarianism. Doing so and not doing so are both completely risky, But just ruminating upon “my country is destroying the planet, and I’d love to help, but I’d hate to get in trouble…” sounds rather daft when the outcome of complicity is so dire.
Bernie is great, but voting for him still does not absolve me or anyone else from our daily choices and involvement. That’s pretty much the game here: we participate, or else we “leave it to the professionals”. Who do you trust to dictate to you to terms of your life, and your participation in society? Getting involved is fun, vital, and one can have the clear conscience of being a responsible member of society, instead of cowering like a scolded child from a bunch of sociopaths for the rest of one’s life. The sociopaths who would otherwise inherit our children.
Sure, I can’t fault the game theory in your appraisal. But you don’t exactly want to be running headlong into cannon fire.
Look, imagine you made it as easy as possible. Wrote like a p2p app for spreading noise to mask any terrist signals out there, had a great angle for marketing it, and people actually started using it in some fraction of a meaningful number.
Probably before it has much effect, you’re on the hook for aiding terrists, and bang to rights in the minds of >9/10.
I totally appreciate your drive to make such bold attacks on The Man, but unless half of everyone else has your back, it’s suicidal. I’d argue you’re much better off, both personally and strategically, turning your thoughts to garnering hearts and minds. The first thing that occurs to me on that score, is all the folks who’d have your back, except for the fact they’re too disconnected (ask yourself why the US has such crappy broadband)… peeps on the internet need to crowdfund some kind of TV attack. Maybe we need a movie where the heroes have to destroy millions of TV aerials before the sleepers can awake. Find some way to make blockbuster cinema and/or primetime TV to send folks en masse to the net.
It sounds contradictory to me that I could somehow garner hearts and minds while simultaneously avoiding attention. It seems like these would both involve the same process of getting ideas out there.
Sure, but that is, again, not what I am talking about. It feels dishonest (although I know that is not your intention) that my idea gets dismissed on the basis of turning into something else in the form of the p2p app.
That sounds like a trap to me. The whole reasoning behind broadcast media is that it exists to facilitate huge groups like corporations and governments acting as gatekeepers. I would think that “mainstream” media being so lame would do more to push people to the internet than any simple entertainment I could possibly devise.
Also, it feels kind of defeatestly apathetic to me that making a show or movie about this stuff is somehow better than direct action. Fitting in enough to get one’s message out seems to be precisely how these people and messages get assimilated, co-opted into the dominant culture and sold back to people as mere commodity. Basically, it happens once all of the revolutionary potential has been leached out.
I agree, it’s extremely frustrating. But my day-to-day interactions with people and groups end up being so confrontational, that it seems it can’t be helped. So why not act now, rather than wait a week/month/year when I am out of the picture anyway? Biding time can itself be a dangerous game. Sure, it’s dangerous now - but extrapolating trends, are things likely to be more or less locked down 5/10/20 years from now? Basically, if people wanted to make up some lies to put you, me, or anyone else away, they could do that now regardless of what we do.
What distresses me more than anything are people who seem to agree in principle, but who insist that “anything which would make a real difference is probably illegal”. It seems so self-defeating, and discouraging to other people. It doesn’t even seem like real risk-assessment. Actions seeming “probably illegal” does not mean that they are, and the legality of an action is certainly not the deciding criteria of whether or not it is worth doing. I am willing to bet that each person on here does some things which are unlawful - both deliberately and through ignorance. Personally, I prefer to simply try to act ethically, whether this happens to be legal or not - whilst trying to be aware of actual laws, rather than simply guessing myself into inactivity.
ETA: One whole day later, an article on The Intercept about the FBI using honeypots. So does the US recognize this as legit or not?
Because I am not sure about it! Generally, like how other honeypots work in IT and “intelligence”. The current communications chatter probably breaks down into something like: 60% innocuous, 35% a bit naughty, 4.9% discussion with troubling implications which doesn’t go anywhere, 0.1% discussion with troubling implications by people who might pull it off. But basically, it seems like all of the heaps of surveillance data that is collected now can be mostly taken at face value. There are some real “bad actors” who are doing deeply unethical things, but they profit more from avoiding detection altogether rather than offering misleading data. The data collected is valuable because it is regarded as mostly accurate. So the only incentive to not conduct mass surveillance and harvest the data is the public not wanting them to… which evidence suggests they find a not-too-compelling reason for doing anything differently. Whereas a sizeable chunk of the data being misleading, even dangerously misleading, goes some ways towards disincentivizing it, because the data collection becomes less practically valuable.
Governments and corporate spies use this sort of thing all of the time, because it works. If I wander around a strange city asking to score drugs, hookers, and guns - I would need to be careful, because some offers are probably going to be from undercover cops. With police work it is usually “entrapment”. But if I steal files from The Military or Nabisco, how do I know for certain that they are “real secrets”, and not a honeypot from the “4 N00b H4XX0rZ LOL” folder? I don’t! If I give somebody a “secret” login and pass to the Pentadoodle, how do they know that the data there was not put there for them, which springs a trap when they act upon it? The beautiful irony is that nobody finds the trap unless they breach the security and exfiltrate the prank data.
So, what I am loosely considering is the same sort of thing for citizens. If you and I secretly coordinate shipments of refined weapons-grade McGuffinite at a certain time and place, and that place gets raided, and everybody falls through the balsa wood floor into the sewer, then they have only themselves to blame. That’s what happens when you geniuses bug Repertory Espionage Theatre of the Arts and assume that it is real intelligence info. Kimmo and I were just rehearsing. The idea is to push the signal to noise ratio away from profitability, with the side effect of bad actors getting punished when they act upon data they shouldn’t have.
I like a lot of his ideas, and have actually looked into doing similar projects. But my problem has been that I cannot abide the status quo of incorporation, earning and use of currency, and most of the other formal factors involved with making it happen. So my long-term goals involve creating networks to help people secede from existing countries, create their own kinds of currencies and corporations/organizations. It is not anything terribly “high-fluting”, I just need some basic social systems that my family and I can actually use to get on with other people, and I can’t implement these with the current monopolistic structures.