JetCityOrange

persistant montoring of our online traffic

Summary: Alice & Bob used to assume they were alone unless they detected Eve in the room. In this age of digital communications they must now assume that Eve is a constant presence. Therefore their threat model and defensive posture needs assume Eve is always listening (which means her evil twin Mallory can't be far away).

In simpler times of old, friends Alice and Bob communicated freely without fear of intervention. Bugging someone used to took more of an effort, both physically & legally, than it does today. You had to go out of your way to intercept communications.

We now live in a culture post 9/11 that all too often assumes suspicion if not outright guilt and acts preemptively to identify & isolate risks, both real or imagined. Eavesdropping is technically easier nowadays and the government is all too willing to set aside the letter of the law to win the war on terrorism. Today there's less restraint against Eve's tendency to eavesdrop and Mallory's inclination to act upon what Eve overhears. The arguement can be made that the war on terror almost dictates that Eve interject herself into every conversation Alice and Bob have. You know, to keep us all safe.

The NSA is supposed to only monitor international traffic, not listen in on fellow Americans. But spooks and spies lurk in switches, routers, and phone closets everywhere. Eve is in the room and privvy to all traffic.

Even if domestic traffic isn't recorded, stored or analyzed, traffic analysis is a powerful tool in and of itself. Eve gains knowledge by knowing who Alice called, when, how often, and for how long. Add a little data mining and Eve morphs from nusance to adversary. And that's before she shares what she gleans with Mallory.

Eve's constant monitoring means Alice and Bob no longer enjoy any measure of privacy. Now Alice and Bob must take steps to establish and defend their privacy. In the old days, they communicated in the clear, encrypting only what they deemed important.

If all conversations include Eve, Alice and Bob need to encrypt everything they share locally before transmission. Encrypted communications limit Eve to passive traffic analysis, leaving Alice & Bob free to communicate with some measure of protection. This remains true as long as Alice and Bob are confident that their hardware hasn't been compromised.

Securing a computer and protecting it from malware, viruses, key loggers, et al. is relatively straightforward. Securing a cell phone is more problematic. Computers operate as autonomous devices, touching the outside world only when they connect to the net. Cell phones are always connected to your wireless carrier and your choice of carriers is to a handful of large corporations, who despite their warm & fuzzy TV commercials, are not your friend.

Cell phones are uniquely identified for billing purposes, announce their location at all times to the nearest cell site, and run applications with permissions we have no control over. In many ways our phones own us as much as we own them.

Mobile phone users trade convenience and mobility for anonymity, privacy, and control. They represent a constellation of vulnerabilities Alice and Bob need to be aware of and take measures to guard against.

Until plain vanilla mobile phones running only software we approve of are available, we can't trust the phone in our pocket.

There's no turning the clock back. None of us wants to give up our phones or computers. The benefits of digital communications outweigh the risks but ignorance is also a risk.

tor     'introduction to tor' video     surf quietly     the nsa in bluffdale ut     surfing from a flash drive     hiding computers online
passwords & keys     crypto tools     silent ringtone     #OccupyYourCamera     reusing old computers
wiretap c-tone     wuala     dropbox     building websites     clocks     vodka     nerds in love     travel