Still useless as they have control over the big irons on the net and the cooperation of SSL certificate authorities. Specialized MITM routers are available:Heater wrote:Then again the same is true of SD cards, USB hardware, network hardware, disk controllers etc etc.
If you want to be really sure you are going to have to build everything yourself from the ground up.
As I just said on another thread here, we have to assume that all the certificate authorities are compromised by the NSA at this time. We cannot trust them.There's nothing wrong with TLS/SSL
But RSA in and of itself still looks to be secure, so long as your keys are big enough.Heater wrote:cyrano,As I just said on another thread here, we have to assume that all the certificate authorities are compromised by the NSA at this time. We cannot trust them.There's nothing wrong with TLS/SSL
While I don't like the "what have you got to hide?" argument, I do agree with the rest of it. It's enough to say what could potentially, theoretically happen, throw in 'NSA' and people get all up in arms. It's like people are discovering for the first time that there whatever you do online doesn't stay on their computer.Speedwell68 wrote:IMHO all of this business about the NSA and GCHQ needs to be taken with a pinch of salt. The media seem to be blowing out of proportion with the basic sensationalist reporting style they seem to use these days. Also, what have you got to hide? Why would they be looking at private law abiding individuals. Does anyone really believe they are reading everything we do online?
Are you sure you know who "they" is? The info is in the hands of guys in government positions with friends in business. Info goes around. Corruption can always make use of it. There has already been stories out about guys using this info to snoop on their ex-wifes/girlfriends. Someone wants to find out what you are up to with your latest business plan? Perhaps they can find out with a little help from their friends. And so on.Also, what have you got to hide? Why would they be looking at private law abiding individuals.
I wouldn't say no benefit. The certificate system is no more broken than it ever was: it's only as strong as the certificate authority, and they're not exactly fool proof. If this forum had it's own self-signed certificate, communication between you and it would be secure, it's just tricky to completely confirm it's the forum you're talking to. But with the US government always having been able to have a hand (this is my speculation) in the DNS and CA system, nothing's changed.Heater wrote:There is of course a lot of technicalities of TLS that I don't understand but the general idea seems to be:
1) Before I offer my password, or any other "secret" info to the forum I would really like to know that I am actually talking to the forum. Not some other evil entity who is just pretending to be the forum.
2) To do that the forum offers a public key which is signed by some trusted third party. I can use certs that I have from said trusted authority to verify the public key is what it says it is and comes from who it says it does.
3) It's a bit like receiving a hand written letter and asking a hand writing expert who knows the sender to verify that it really was written by who it says it was. That it is not a forgery.
4) Clearly if the certificate authority. (The hand writing expert in my example) is compromised he can tell me anything he likes for whatever purpose.
5) I have a strong suspicion that those third parties who offer certificates, the certificate authorities, are compromised by the the NSA.
6) Ergo, the whole TLS system is vulnerable and broken.
TLS has no benefit for users of the forum. It makes no difference how long your keys are.
Nothing Pi specific here of course. It's far more pervasive than that.
I don't think the issue is with those the honest law-abiding employees, but with the bad bananas. Lawyers looking for illegal activities? That's a start, but it seems like lawyers are to advice what is legal and what isn't rather than track down illegal activity. I would hope that it would be impossible to arbitrarily access people's information without some sort of warrant. Why is the system such that employees can monitor their exes in the first place? How is Snowden a bad banana? Isn't it your duty to speak up if you're being asked to do something you think is not morally justified.I worked in the Intel Community (IC) and while there are a few bad bananas of the Snowden type, as well as those who abuse their position of trust to monitor exes, etc., by and large the agencies are full of law-abiding, hard-working stiffs who use the "would I want this done to me?" test every day. There are hordes of lawyers looking for illegal activities and they find and have them dealt with the way most of us would want.
There are lots of government operations that were kept secret. The Manhattan project being one example. Then there are all the ones if found out about way after it was no longer important, like MK-UTLRA. It seems naive not to assume that there are operations going on right now that most people would find abhorrent. But yes, these things to leak, you only have to look as far as Snowden, Manning and Vanunu to see that (and how these people are treated afterwards).The problem with massive conspiracies is that they have to be kept absolutely secret by everyone involved and that's just against human nature. People screw up the most mundane things all of the time, and yet they're supposed to be able to somehow turn off the mistake/bravado/arrogance/lie/etc., facets of their personalities from 9 to 5 every day of every week, month in and month out, year after year, blah, blah, blah. Who are these superhumans and how do we make more of them who can be flawless in their every move and action?
I don't think that's what wikileaks was supposed to reveal, but gunning down journalists and children from apache helicopters is not an example of people doing their jobs properly.WikiLeaks was supposed to reveal to the world that governments, especially the supposedly all-powerful U.S. Government, were massively evil and out to control every aspect of our lives. Instead, it just put a lot of confidential informants at risk of death and much worse, while showing that the known $#!t birds (KSBs in the professional IC parlance) were at least as bad as expected and occasionally worse. It also demonstrated that our officials basically got things right and tried to do their jobs properly, with some occasional doozies of screwups. It was the Saudis who wanted us to take out Iran, other countries' ambassadors who bad-mouthed Sarcozy and Berlusconi, etc.
The issue is that we're spying on our allies (who are in turn spying on us) and our citizens, not that we're spying on regimes that are a potential threat.Spying on other countries is what intelligence agencies do, both ours and theirs. There are over 50 stars on the wall in the public entrance to the CIA, and most have no names or stories associated with them there, but they do inside the secure areas. They're a constant reminder that there really have been Napoleons, Hitlers, Stalins, Kim Il Sungs, Mao Zedongs, Pol Pots, Idi Amins, Milosevics, and legions of others too numerous to count.
Because there are other issues that affect the world, does not mean that these are any less important.If you want to take on a conspiracy, I would focus on the unelected business people who run the credit rating agencies, investment rating agencies, banks, retailers, advertisers, lawyers, and hundreds of thousands of others who do real and permanent damage to millions of peoples' lives every day through mistakes, incompetence, maneuvers, manipulations, and lies that are nearly impossible to fight successfully. Where are the perps who nearly destroyed the financial systems through their arrogance and betrayal, for which the five year statute of limitations is about to expire?
Where is the outrage over the obscene amounts of money that are spent on political media campaigns that are essentially just garbage pits full of refuse? Those are our public airwaves, not theirs, and they have no more right to claim freedom to do what they please with them than any of us do. U.S. Senators are virtually all millionaires, the few who aren't are well on their way, and the usual path to Senator is through the House of Representatives. Representatives of whom, you may ask? Certainly not me or anyone I know, that's for certain, but I hang out with a fairly well-informed crowd, especially those who gather around the warm glow of the screen here and similar forums.
This argument is made everywhere in response to discussions like this.Personally I'm not bothered if they're checking people emails if they have nothing to hide then they have nothing to fear.
funny i always thought mind disruption seemed far more likely/achievable/easilly distributed than control ,gsh wrote: Slugworth... ..strange anti-matter ...
Obviously we did exactly what they said because the mind control drugs were really good.
redhawk wrote:Putting backdoors into the Pi or any other computer would be difficult if not impossible with such a variety of different hardware and not to mention the fact you still need someway of communicating with them.
Just imagine a RFID like little NSA hardware piece, which collects energy from the interrogating EM field, process the command and send the result over over radio waves.Heater wrote:They have enough transistors in the Raspi Soc to put a backdoor in the hardware.
Then again the same is true of SD cards, USB hardware, network hardware, disk controllers etc etc.
Kudos for the Charlie and the Chocolate factory reference! (IIRC)gsh wrote:Yeah while we were designing the 2835 processor, we were approached by a man in a bowler hat who went by the name Slugworth...
He said that we had to add a special nuclear particle made from a strange anti-matter which enabled them to spy on people's downloading activities... Obviously we did exactly what they said because the mind control drugs were really good.