1) The developer of the encrypted messaging app Surespot, Adam Patacchiola, stopped responding to questions about whether the app had received any governmental demands for information or requests to facilitate surveillance. 2) Surespot is used by supporters of ISIS but also many others seeking private communication. 3) The article expresses concern that like Lavabit, Surespot may have been secretly ordered to assist governments with surveillance, explaining the developer's unresponsiveness.
In December 2012, Yahoo! Inc. suffered a high profile data breach at the hands of a lone hacker. Using SQL injection attacks, the hacker gained full access for the server of the affected domain. Alarmingly, the exploited vulnerability likely belonged to a third party application that was neither coded nor hosted by Yahoo!. Yahoo! was responsible for the third party application's security, yet it only had limited control of the code. This presentation will analyze the tools and methodology employed by the attacker to bypass security, explore the dangers of hosting third party code inherited from partners, vendors, or via acquisitions, and provide procedural and technical steps for securing third party code.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
With online fraud cases on the rise, ClearScore's very first Darkpaper explores the UK's attitudes to the dark web and delves into consumers' experiences of online fraud.
Key findings
- A third (33%) of people in the UK have been victims of online fraud.
- Banking details were compromised in 58% of online fraud cases in the UK.
- Online fraud is most likely to cost to individuals between £101 and £500, with 8% of people surveyed losing more than £1,001.
- People in the UK are most likely to only rotate two to three passwords for their online accounts - although nearly a third (29%) have five to ten passwords.
- A quarter of UK residents think some of their data could be for sale on the dark web, although over 55s are most likely not to know (53%).
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
In December 2012, Yahoo! Inc. suffered a high profile data breach at the hands of a lone hacker. Using SQL injection attacks, the hacker gained full access for the server of the affected domain. Alarmingly, the exploited vulnerability likely belonged to a third party application that was neither coded nor hosted by Yahoo!. Yahoo! was responsible for the third party application's security, yet it only had limited control of the code. This presentation will analyze the tools and methodology employed by the attacker to bypass security, explore the dangers of hosting third party code inherited from partners, vendors, or via acquisitions, and provide procedural and technical steps for securing third party code.
The ClearScore Darkpaper: The danger of the dark web 2020Jayna Mistry
With online fraud cases on the rise, ClearScore's very first Darkpaper explores the UK's attitudes to the dark web and delves into consumers' experiences of online fraud.
Key findings
- A third (33%) of people in the UK have been victims of online fraud.
- Banking details were compromised in 58% of online fraud cases in the UK.
- Online fraud is most likely to cost to individuals between £101 and £500, with 8% of people surveyed losing more than £1,001.
- People in the UK are most likely to only rotate two to three passwords for their online accounts - although nearly a third (29%) have five to ten passwords.
- A quarter of UK residents think some of their data could be for sale on the dark web, although over 55s are most likely not to know (53%).
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Security Trends to Watch in 2010 - A Mid-Year Status Check Symantec
As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we're half way through the year, we've taken a look back and evaluated ourselves based on how our forecasts have panned out thus far.
Computer Security Guide to Pc Security
“Your Info Guide to Beefing Up Your Personal Computer’s Safety From Malicious Threats
As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Computer Security is very important
Social Engineering CSO Survival Guide, designing leading edge 21st Century Business Models go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearBob Wall
Presentation at the 2016 Big Sky Developers' Conference.
Overview of the dismal state of security on the Web, some suggestions for better app development processes to mitigate problems.
How to Protect Your PC from Malware, Ransomware, VirusHabFg
Your info guide to beefing up your personal computer’s safety from malicious threats! Inside this eBook, you will discover the topics about protecting your computer’s system, fighting spam, spyware & adware, phishing & identity theft, computer viruses… and anti-viruses, protection you can afford and so much more!
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
Ashley Hurst, a partner at Olswang in London, delivers his hit list on what all brands need to know to navigate the complex world of social media law. Hurst made this presentation at Social Media Influence 2012 on 12 June, 2012.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
Accessing Password Protected andor Encrypted Mobile DataAbstrac.docxnettletondevon
Accessing Password Protected and/or Encrypted Mobile Data
Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.
Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsAppI. Introduction
As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication dataonly to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.
The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.
Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.
As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law .
Security Trends to Watch in 2010 - A Mid-Year Status Check Symantec
As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we're half way through the year, we've taken a look back and evaluated ourselves based on how our forecasts have panned out thus far.
Computer Security Guide to Pc Security
“Your Info Guide to Beefing Up Your Personal Computer’s Safety From Malicious Threats
As we do these things on a more regular basis, we open ourselves up to potential hackers, attackers and crackers. While some may be looking to phish your personal information and identity for resale, others simply just want to use your computer as a platform from which to attack other unknowing targets. Computer Security is very important
Social Engineering CSO Survival Guide, designing leading edge 21st Century Business Models go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
The Internet Is a Dog-Eat-Dog World, and Your App Is Clad in Milk-Bone UnderwearBob Wall
Presentation at the 2016 Big Sky Developers' Conference.
Overview of the dismal state of security on the Web, some suggestions for better app development processes to mitigate problems.
How to Protect Your PC from Malware, Ransomware, VirusHabFg
Your info guide to beefing up your personal computer’s safety from malicious threats! Inside this eBook, you will discover the topics about protecting your computer’s system, fighting spam, spyware & adware, phishing & identity theft, computer viruses… and anti-viruses, protection you can afford and so much more!
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
Watch the full episode on Youtube: https://youtu.be/M5Gsjwsnxtg
More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”
Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.
Ashley Hurst, a partner at Olswang in London, delivers his hit list on what all brands need to know to navigate the complex world of social media law. Hurst made this presentation at Social Media Influence 2012 on 12 June, 2012.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
Accessing Password Protected andor Encrypted Mobile DataAbstrac.docxnettletondevon
Accessing Password Protected and/or Encrypted Mobile Data
Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.
Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsAppI. Introduction
As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication dataonly to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.
The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.
Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.
As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law .
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxmonicafrancis71118
CIS490 Lab 1: Social Engineering Audit
Social engineering attacks are the most prevalent types of attacks against IT systems. This is primarily due to the fact that they directly attack the weakest link in any IT system…the users. While there are many ways to lock down, or secure data residing on a computer or other device, securing data held in the brains of users is difficult to secure for a number of reasons. People have the ability to reason and even redefine rules, while computers do not. If you tell a computer to not allow access to a particular file by a particular user, the computer will do just that. However, a human can be tricked into giving up all sorts of information, often without even knowing that they have done so.
For this lab, you will conduct a social engineering audit on various social media websites. Almost every social engineering attack begins with the collection of data. The aim of collecting this data is to discover ways in which the target of the attack can be tricked into giving up potentially valuable information. This initial data can take many forms: birth dates, addresses, user names, pictures, phone numbers, names of co-workers or relatives, and much more. Often times this seemingly innocent data can be used to either directly impersonate someone the target trusts, or to build a collection of data which can be used to know more about the movements, personality, or general life of the target.
This lab has two parts, as described below:Part 1: Gathering data
To accomplish this part of the lab, you will access some social media sites of your choice. Obviously Facebook is a veritable treasure trove of personal data. However, there are many others like Flickr, Twitter, YouTube, LinkedIn, and Instagram, which you might also consider. Locate data posted by or about users (they could be friends and family, or people you don’t know) which you feel could be exploited in a social engineering attack. This data can consist of many different things, but should pose a potential security risk for the user, or others. For example, my sister-in-law recently posted a baby shower invitation on Facebook to all her friends. Since my sister-in-law is a heavy Facebook user, the invitation was undoubtedly viewed by many people my sister-in-law does not even know. A baby shower invitation might not seem like a big deal, but think about what it contained. My sister-in-law’s home address for sending gifts for non-attenders. A time frame when she will not be home (because she will be away at the shower), and the address of where she will be during that time. Do you see the potential security problem here? This is only one of many examples I see on social media sites all the time.Part 2: The analysis
After you have gathered data from various social media sites which you feel could be used in an attack, you will conduct an analysis of your OWN social media accounts. Look at the types of data you felt were potentially d.
A Guide to Internet Security For Businesses- Business.comBusiness.com
Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
Internet Privacy Essay
Internet Privacy Essays
Internet Privacy
Essay On Internet Privacy
Internet and Personal Privacy Essay
Essay on Internet Privacy
Internet Privacy Essay
Internet Privacy.
Internet Privacy Essay
Internet Privacy Analysis
1Running head CYBERPHOBIA3CYBERPHOBIA.docxRAJU852744
1
Running head: CYBERPHOBIA
3
CYBERPHOBIA
Cyberphobia
Cyberphobia by Edward Lucas is one of the books that perfectly suits readers of the 21st century. The 21st century can be considered as an era of technology. The information found these sources helps individuals to make informed choices. It is common to see people browsing the internet while sharing personal information on various websites. However, this habit exposes them to cyber terrorists that may dangerously use the data. In his book, Edward Lucas sheds light on essential issues such as identity theft, security, trust and the way they related to the internet. Even though none of the information in the book is new, most of the people tend to ignore it, and it has hard drastic effects in this era of the internet.
In the contemporary world, almost everyone especially students are compelled to use the internet as their primary source for research. This is because the internet has made it easier by providing any information we need at our fingertips. But people fail to ask how the internet is managing to do this. However, Edward Lucas suggests that if some thought is put into why and how the internet exists, it might dawn onto us that the internet may not be the best tool for us. It is only after putting in much thought we would understand the threat that comes with the internet. With the internet comes issues of security, trust, and identity theft, however, human beings of the 21st century have become very lazy to notice such matters.
Security over the internet has been an issue from the onset of technology. Even though the internet might seem to be safe because of the use of security checks as well as passwords, the information shared over it is not as private as we may believe since it can be accessed by anyone who knows the right buttons to press. As long as an individual understands to work his or her way around the internet, he or she can access our so-called private information without leaving a trace. The lack of privacy over the internet is a threat that not only affects individuals but also affects nations. Spies from other countries can easily access information from our nation through the use of the internet. Once the sensitive information is in the hands of wrong people things might turn from bad to worse. The primary reason as to why security, as well as the confidentiality of people and state information, has not been kept secret is because the internet was only made to serve people and not their security.
Lucas explains in detail that the inventor of the internet did not make it clear that the information found or shared on the internet is not entirely private. However, we got it wrong that information on the internet is not secure because of predators and cyber terrorists. The internet was not meant to be secure but only as a source of information. Therefore, keeping the information on the internet as secure as we wish is very hard. However, Lu.
This presentation tells about digital marketing meaning and crimes related to it.Any illegal behavior directed by means of electronic operations. that targets the security of computer systems and the data. processed by them is termed cyber crime.
The invention of computer and Information technology related software and equipment has revolutionized the way we do things in many fields.Especially in the science, education, business and commerce it has made far reaching changes.Without using a single sheet of paper, a lot of communications and transactions are done.Automation of businesses, financial institutions and the government records have become widespread.
Many transactions such as sale of goods, transfer of information, transfer of funds and even buying air tickets could be done through the use of computers. The existing laws that governs transactions and information did not address such issues as they were made before the IT era.
Similar to Developer’s silence raises concern about surespot encrypted messenger (20)
Developer’s silence raises concern about surespot encrypted messenger
1. AntiPolygraph.org News
News about polygraphs, voice stress analyzers, and other purported
"lie detectors."
Menu
Skip to content
Developer’s Silence Raises Concern About Surespot
Encrypted Messenger
Posted by George Maschke on 7 June 2015, 5:27 am
In June 2014, I suggested
Surespot Encrypted Messenger to visitors to AntiPolygraph.org as a secure means of contacting me, and I’ve
been including my Surespot address (georgemaschke) in my signature block on message board posts and e-
mails, as well as on AntiPolygraph.org’s contact page. Now I’m not so sure about Surespot. I fear the developer
may have received a secret demand to facilitate electronic eavesdropping on Surespot users, as did Ladar
Levison, who operated the now defunct Lavabit e-mail service.
Surespot is a free, open source, easy-to-use app for Android and iOS that allows users to exchange encrypted
messages using public key cryptography. The source code is available on GitHub. Surespot is provided by
2fours, a small company run by Cherie Berdovich and Adam Patacchiola of Boulder, Colorado.
The Electronic Frontier Foundation’s Secure Messaging Scorecard gives Surespot relatively high marks:
2. Before recommending Surespot, being cognizant of the Lavabit saga, I e-mailed Berdovich and Patacchiola to
ask about any governmental demands for information, sending the following questions on 31 May 2014:
1 – Have you ever received a National Security Letter?
2 – Have you ever received a court order for information?
3 – Have you ever received any other request to cooperate with a government agency?
Berdovich replied that the “[a]nswer to all three questions is no.” Because Surespot’s website doesn’t include a
warrant canary, I wrote again on 12 Novembember 2014 asking the same three questions. Patacchiola, who
programmed Surespot, replied the same day: “1 and 2, still no, 3 we have received an email asking us how to
submit a subpoena to us which we haven’t received yet.”
The following day, I asked Patacchiola if he could say what agency or organization is seeking details on how to
submit a subpoena. He did not reply.
In April 2015, I sent Patacchiola a similar set of questions but received no reply. I wrote again on 25 May 2015,
asking:
1. Has 2fours received any governmental demand for information about any of its users?
2. Has 2fours received any governmental demand to modify the surespot client software?
3. Has 2fours received any governmental demand to modify the surespot server software?
4. Has 2fours received any other governmental demand to facilitate electronic eavesdropping of any kind?
If the answer to any of the above questions is yes, can you elaborate?
I have also attempted to contact Berdovich and Patacchiola via the Surespot app itself but have received no
reply. While its possible that they’ve simply tired of being pestered by me about government demands for
information, I don’t think that’s the case and suspect they are under a gag order.
Surespot is doubtless of interest to U.S. and British intelligence and law enforcement agencies because of its
adoption by English-speaking supporters of the Islamic State. In February 2015, the U.K. Daily Mail reported
that the Islamic State in Iraq and Syria (ISIS) was using Surespot to recruit British brides for jihadis:
3. And on 26 May 2015, the U.K. 4 News ran a story heralding “Intel fears as jihadis flock to encrypted apps like
Surespot”:
4. While Islamic State supporters may use Surespot, so too do a diverse group of people, including individuals
who wish to contact AntiPolygraph.org privately. The Google Play Store indicates that the Android version of
Surespot has been installed 100,000-500,000 times. It would be inappropriate for any government agency to
take action that would compromise the privacy of all users of a messaging service in the course of its effort to
5. investigate one, or a few. But that is what happened to Lavabit, the privacy-focused e-mail service used by NSA
whistleblower Edward Snowden. The government secretly ordered Lavabit’s proprietor, Ladar Levison, turn
over his server’s secret key, and forbade him from telling anyone about it.1
I fear something similar may have
happened to Surespot’s Adam Patacchiola.2
Update (12 June 2015): The day after this post went online, on 8 June 2015, the Surespot server
(server.surespot.me) experienced an outage, two references to which are to be found on Surespot’s Facebook
page. Two days thereafter, on 10 June 2015, the U.S. Department of Justice filed a Statement of Facts (PDF) in
U.S. v. Ali Shukri Amin that mentions the use of Surespot by the defendant, a supporter of the Islamic State in
Iraq and the Levant (ISIL):
11. In or about late November or early December 2014, the defendant put RN [Reza Nikbakht] in touch with an
ISIL supporter located outside the United States via Surespot in order to facilitate RN’s travel to Syria to join
and fight with ISIL.
…
18. On January 16, 2015, an overseas ISIL supporter communicated to the defendant via Surespot that the group
of ISIL supporters, including RN, had successfully crossed over into Syria.
The Statement of Facts does not specify how the Department of Justice came to know these details. Under terms
of the plea agreement (PDF), Amin “agrees to provide all documents, records, writings, or materials of any kind
in [his] possession or under [his] care, custody, or control directly or indirectly to all areas of inquiry and
investigation.”
In addition, Amin also agrees that, at the request of the United States, he “will voluntarily submit to polygraph
examinations, and that the United States will choose the polygraph examiner and specify the procedures for the
examinations.”
1. Levison contested the secret order in court, but lost. He ultimately turned over his secret key after shutting down Lavabit entirely.
He was threatened with arrest for closing his own business. [ ]
2. On 22 May 2015, the Daily Mail reported that Cherie Berdovich “left the [Surespot] organisation last summer.” [ ]
Filed under Other | Tagged surespot | 3 Comments | Permalink
3 Comments
1. Terry Moonshine
9 June 2015 at 9:19
It’s probably no coincidence the Surespot guys keep quiet; I can’t imagine they stopped responding
because they got tired of answering your questions (given what it must lead you to believe, that’d be
incredibly stupid).
6. Have you heard of Threema? This secure messenger is based in Switzerland, where strict privacy laws
prevent such government interventions.
Reply to this comment
o aix
11 June 2015 at 23:30
Even if an app is developed in a good jurisdiction, it is delivered to your device by a US
company (Apple, Google, or Microsoft) which can be legally compelled to give you (or ‘update’
you to) a modified version or sideload a bit of covert surveillance code. NSA simply will not
allow “secure communications” apps to operate unchecked.
Reply to this comment
2. Steve Kinney
9 June 2015 at 16:27
Thanks for publishing this. It’s relevant to security issues way beyond antipolygraph.org, and any
attention it draws to your own work is also a Good Thing.
The problem at hand is a special case within a larger context: No product or service can guarantee
confidential or anonymous communication. People need to examine their security needs vs. the
adversaries who create those needs on a case by case basis, and find best fit solutions. The objective is
not to make it impossible to breach one’s security – that is impossible – but to make it cost likely
adversaries more than it is worth for them to do so, without spending more than it is worth to protect
your own assets. In this context, good enough solutions are usually available.
If I wanted to communicate “very privately” with your organization under adverse conditions, such as
protecting a lucrative security clearance, my first option would be “do not do it at all.” I might ask a
trusted friend or family member to download and print documents for me.
My second choice would be to use TOR via the TAILS operating system at an open residential WiFi
router, download any documents I need and wrap it up quickly. Using any “anonymous” communication
tool that does not have a long track record and/or has not received substantial peer review would be out
of the question, as would using any application however trustworthy, on an inherently insecure platform
i.e. a Microsoft operating system or any “smart phone.”
Another factor, relevant when State adversaries are included in the threat model, is that some methods of
breaking network security are “too secret” to be disclosed by using them against low level adversaries,
because this might lead to much more important targets learning that the attacks in question exist. This
may be a very relevant factor for visitors to antipolygraph.org, since the hostile actor in this instance is a
clusterfuck of State Security services.
Personally, I am quite sure that the TOR network (and all other remix networks) are vulnerable to a
simple but rather expensive attack that enables tracking of most users, most of the time; but also, that
this capability is “really” secret and used for genuine military intelligence purposes only. If private
7. parties using TOR, i2p, Mixmaster or etc. were penalized for policy or legal violations discovered
through de-anonymization, no intelligence service or “terrorist” organization, however low budget,
would continue to use those networks. The continued value of attacks in this category depends on not
using the intel they make available except in cases of genuine importance to The National Interest. (We
used to say “National Security” but nowadays aggressive trade wars have displaced that as DoD’s
principal mission.)
Anyhow, thanks again. I have been a fan for a long time and I use any excuse I find to promote
antipolygraph.org.
Reply to this comment
https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/