Nick on Fri, 26 Jun 2009 20:54:39 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> FW: When technology is utilized against us.


Hi list. I'm new here; recently found this place from a reference to 
a Jeffrey Juris interview, and I'm very interested in the 
discussionn here.

I am also in agreement with Morlock's analysis, as harsh and 
condescending as the tone may have been.

I have some disagreements with Evan's points though:

Quoth Evan Buswell:

> On the internet, the main problem is not actually encryption,
> silencing, it is trust. We can't see each other; we have little
> tangible physical relationship. Nobody can be sure whether their
> messages are consistently going to the same place or not. If that
> problem is not solved, then encryption is just ensuring that no other
> government agents are intercepting the communication between you and
> the government agent that, unbeknown to you, you are speaking to,
> and is in turn speaking to somebody else on your behalf. This is the
> certificate hell that all internet security has entered into. For the
> company I worked for, that issue boiled down to everyone trusting the
> service providing company to sort out the identity of everybody else.
> And of course, the more completely the problem is solved, the more
> complete control over everything that one company has, with the limit
> being just about the same hypothetical vulnerability that everyone
> else has sending it all in the clear and trusting the ISPs forwarding
> the packets not to legally or illegally be monitoring packet flow.

There are a host of schemes to prevent Man In The Middle attacks; 
see OpenPGP signing or ZRTP for example.

And the trust issue is been addressed by 'web of trust' models, as 
practised with OpenPGP, or Freenet. No centralisation needed. At 
all.  (though voluntarily some centralised services can be used, for 
convenience, e.g. OpenPGP keyservers).

> Which brings me to the second point: anonymity is a very different
> problem than encryption. The messages being posted from Iran are
> public, by design. Because all IP records both source and destination
> address, in the absence of random message delays, all that the Iranian
> government has to do is monitor packet flow and correlate that with
> the times when suspicious messages publicly appear. It doesn't
> actually have to read anything that those packets contain. I have no
> idea what "deep packet analysis" is supposed to mean, but I would
> imagine that the analysis I'm talking about here is all Iran is doing.
> It seems like probably all they need to do.

Again, isn't this solved by using web of trust, associated to an 
identity which is different to one which could readily incriminate 
'the real' you?

And deep packet inspection/analysis is looking inside an IP packet 
at the content, e.g. if a series of HTTP packets contained a video, 
it could be fingerprinted and compared against a database of 
'forbidden' content, and the stream could be closed by a hostile 
ISP.
 
I'll be interested to hear what others on the list have to say.

Nick White

-- 
GPG     : 0x04E4653F / 9732 D7C7 A441 D79E FDF0 94F6 1F48 5674 04E4 653F
IM /OTR : njw@jabber.org / 7E3C82CC D6AB2CEA E8000300 E429A122 D984111B
SIP/ZRTP: njw@ekiga.net
WWW     : http://www.njw.me.uk


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mail.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org