Kind of highlights that in this age, it's not enough to say "I'm neutral." You need to be able to say "I can guarantee that I'm neutral."
The difference is that the latter promise doesn't break when a malicious actor has access. Consider two VPNs, one of which promises never to misuse client-side IP data, while the other refuses to store that data in the first place. If both VPNs are infiltrated by a bad actor, the one that doesn't store data can guarantee slightly more privacy than the one that keeps data but promises not to use it.
Similar case: I think it's interesting to note that German usage of Tor dropped off when the Snowden revelations took place, while many other countries experienced greater uptake. Perhaps they recognized that Tor may not be as secure as it's claimed to be -- especially considering who initially funded it.
If you want an encryption product/service to be truly secure, you can't buy it on reputation alone. You have to think about where it came from and how it works.
>Kind of highlights that in this age, it's not enough to say "I'm neutral." You need to be able to say "I can guarantee that I'm neutral."
>The difference is that the latter promise doesn't break when a malicious actor has access. Consider two VPNs, one of which promises never to misuse client-side IP data, while the other refuses to store that data in the first place.
Why do you trust either company? Can you verify the claim that no data is logged intentionally or potentially even accidentally? Even companies that have been taken to court and shown an inability to produce logs in the past could have made recent changes behind the scenes that change this. There is a huge degree of information asymmetry when it comes to VPN providers and as a result you shouldn't completely trust them if logging is a make or break issue for you.
I think it's important to be realistic about VPN's. They can't keep you safe from Nation State Adversaries. They can keep you safe from spiteful nobodies or smaller orgs.
I don't know what it means, but I'm sure it's not good that my initial reaction to your statement was, "nothing can keep you safe from nation state adversaries."
Living in Mexico here, the cartels in this country do indeed fight back against nation state adversaries (specifically the U.S government and the federal and state government forces of Mexico and its 30+ states where they operate) but the example of them as a model for just about any other organization is grotesquely mistaken. Here's why:
For one thing, they partly resist by paying immense amounts of money in bribes to government and police officials at all levels of the Mexican state apparatus, and in some cases even to lower-mid level officials of the U.S government close to the border. This is not a policy for staying under the radar or being effective at a reasonable cost (unless you're moving billions in drugs and kidnapping money)
Secondly, they depend to a large extent on a known capacity for incredibly psychotic, grotesque levels of violence to intimidate officials inside Mexico's chronically weak state institutions so that their activities can be left alone as much as possible. This requires a willingness to engage in violent criminality that few organizations in the world can match and it also involves the use of thousands of low-level foot soldiers armed to the teeth and recruited from immense pools of poverty-stricken populations (again, not applicable to many organizations or groups that just want to stay off the radar of nation state adversaries while doing their business.)
Thirdly, despite all the above, the cartels are indeed under constant attack either among each other or from state level actors in Mexico and with U.S government pressure. Consequently, their attrition rate is monstrously high, with thousands, yes thousands, of their members dying hideously bloody deaths each year in endless gun battles with authorities and rivals. This is only sustainable due to the recruiting factors of my second point above and it's certainly no model for successfully evading nation state actors. They don't evade them much, they just keep feeding more "disposable" lives to them while a small leadership more or less staves off its own eventual death by bullet or supermax prison.
As a final point, despite all of the above measures being in place, even the highly protected, wealthy leadership of these cartels eventually almost universally suffers its own extremely high attrition from state level actors: Seeing as how virtually every single major cartel boss that was running things a decade ago is now either dead or in prison, the long term prospects for any one of them are awful, despite all their money and localized power.
As a final additional note, we could summarize what I wrote above by stating that:
1. the cartels by no means stay safe from state level actors in their activities or protection of their operators. The contrary, they're fully in the eye of a never-ending storm. This means nearly constant, active, life-and-death threat for every single one of their members.
2. However, they do survive in an institutional sense, as organizations, but only because both their leadership structures and overall street-level manpower are apparently highly fungible. Small consolation that to any individual member of said cartels hoping to life a long, healthy life of crime while evading the law; knowing that leader or foot soldier, he or she can almost certainly look forward to a bloody death or prison existence within a decade or less, even if the organization he/she belongs to may indeed survive institutionally. Very few people seeking to build a wealth-seeking illegal organization while avoiding the state would want to emulate such an existence.
A court can legally get an injunction that forces you to comply and keep your complicity secret. That's why "warrant canaries"[1] exist, a company will release a regular statement where they include a line like "We have never been forced to comply with the US federal government.". That way if it does happen they can simply remove the line from future releases to make it clear without violating an injuction.
Unfortunately this doesn't get you any sort of specificity in terms of what happened with what data or why so it's a pretty crude method. Also a court could force you to keep that canary statement active which renders the whole thing moot.
When the US intelligence community issues a warrant/national security letter, it’s sent to the company’s general counsel.
The general counsel often doesn’t share its existence with other executives, in order to allow them to honestly say “we’ve never executed a search warrant on behalf of an intelligence agency.”
This is why privacy reports reports from big companies are so important.
They imply, but don’t assure, that CEOs are actually asking “have we received any warrants” instead of remaining blissfully ignorant.
My source on this was an interview I saw with a general counsel at at FAANG. She used it as an example of information she kept from the CEO in order to prevent her from lying to investors- and thereby getting in trouble with the SEC.
I’m not certain if this applies to VPNs and ISPs in the same way.
You also have to prove that the lie occurred. If there is no evidence that the data exists of anything more than a hope and a prayer, then you can't prove there was a lie.
> Kind of highlights that in this age, it's not enough to say "I'm neutral." You need to be able to say "I can guarantee that I'm neutral."
I don't believe it's limited to this age. I think this is something that extends to all ages. Only the methods of implementing it have changed. During WW2 Switzerland again put comprehensive plans in place to gaurentee their neutrality (1).
> Kind of highlights that in this age, it's not enough to say "I'm neutral." You need to be able to say "I can guarantee that I'm neutral."
> Consider two VPNs, one of which promises never to misuse client-side IP data, while the other refuses to store that data in the first place. If both VPNs are infiltrated by a bad actor, the one that doesn't store data can guarantee slightly more privacy than the one that keeps data but promises not to use it.
> Similar case: I think it's interesting to note that German usage of Tor dropped off when the Snowden revelations took place, while many other countries experienced greater uptake. Perhaps they recognized that Tor may not be as secure as it's claimed to be -- especially considering who initially funded it.
Your point is absolutely correct. Claiming security is useless, it should be guaranteed in some way from the properties of the system itself. However, I think VPN services are the worst offenders. The architecture of a VPN (single point of failure) itself guarantees that achievable privacy facing an attacker is decidedly bad. It's impossible 3rd-party to show whether a VPN provider is keeping logs, it has a verifiability of 0. Governments can issue a subpoena to the VPN provider to force it recording traffic. You don't even need to plant any backdoor or technically compromise the system. And historically, law enforcement agencies have successfully used subpoenas to arrest many people.
On the other hand, Tor offers a much greater level of privacy guarantee that is better than all the large VPN providers, and this remains true regardless of who is funding Tor - unlike a VPN, you can't issue a subpoena to the Tor network, you must compromise the system technically using one way or another. This alone is already a good advantage. The architecture of Tor gives a clear map of exactly what can and cannot be compromised by whom. Since the protocol is publicly documented, we can know quite a lot of things. This list is not meant to be a exhaustive or comprehensive review, don't complain if something is missing, just to make a point on verification.
* The 3-hop entry-middle-exit design with randomized selection and layered encryption offers robust guarantee of security and privacy. The protocols have been reviewed by many cryptographers and relevant researches are available in various journals. There's no crypto vulnerability at the protocol level, and architecturally, the biggest flaws are end-to-end correlation (but it's a problem in all low-latency anonymizing networks) and its inability to defend itself from a global adversary (a well-known limitation). Assuming there's no implementation vulnerabilities, the attacker must control a large number of Tor relays (The classic attack of deploying malicious exit nodes is only a special case) and/or monitor multiple Internet backbones to reliably monitor or anonymize users at considerable expense [0]. Sure, we can assume the NSA has the resources to do targeted attacks, but it's not possible to magically decrypt the traffic or obtain a list of IP addresses. Nevertheless, it's possible to do it to a VPN service and the barrier is close to 0.
* Like VPN, law enforcement agencies have a record of arresting Tor users, but so far, the vast majority of attacks on the Tor networks that have been deployed in practice is browser exploits, software exploits, and social engineering. The fact that law enforcement agencies are exploiting the browser and userspace software rather than Tor indirectly proves that targeting the network itself is at least expensively.
* Assuming that the NSA wants to sabotage the security of Tor, implementation vulnerabilities can be introduced, allowing the NSA to perform a "magic encryption/deanoymization", but it has a non-zero probability of detection by auditing its source code. Certainly, the question is whether someone is able to find it or not, but a VPN doesn't even give you a chance.
* There are multiple (currently 8?) trusted authorities in the Tor network that officially certificates the system consensus (list of available Tor relays and their status). If the NSA can compromise 5 of them, forged lists of Tor relays can be distributed. But there's no evidence that it has happened [1] in the past 20 years, unless the NSA is doing an unimaginably good job to hide it, but then, the consensus data is public and archived, it's likely only to be a targeted attack).
Overall, technically speaking, the architecture of Tor clearly offers quite a lot of technical guarantees that are significantly stronger than any VPN. Thus, I consider replacing Tor with a VPN (as in Germany) is mostly a bad idea.
[0] But more and more new relays are running on AWS, GCP, Digital Ocean, Linode, this is a potential problem.
[1] The closest call was the Debian's defective OpenSSL patch incident. Only 1 more vote was enough to control the network.
The thing that stands out in the article for me is that it wasn't such a well hidden secret after all. From the article I got the impression that an interested party could actually know that devices were rigged and pour disinformation into the channel.
From the main article [1]:
> The engineer, Peter Frutiger, had long suspected Crypto was collaborating with German intelligence. He had made multiple trips to Damascus to address complaints about their Crypto products and apparently, without authority from headquarters, had fixed their vulnerabilities.
> Frutiger “had figured out the Minerva secret and it was not safe with him,” according to the CIA history. Even so, the agency was livid with Wagner for firing Frutiger rather than finding a way to keep him quiet on the company payroll. Frutiger declined to comment for this story.
So not only Syrian customers discovered the vulnerabilities and complained about them, they actually got them fixed and then the engineer was fired for that, so things likely got ugly. Possessing the knowledge about a compromised system that you know was sold to dozens of governments, is itself a valuable diplomatic asset. I have hard time imagining it was never acted upon by no one. Which makes me think that the customer who'd actually done his homework could discover a lot of suspicious stuff.
> > Frutiger “had figured out the Minerva secret and it was not safe with him,” according to the CIA history. Even so, the agency was livid with Wagner for firing Frutiger rather than finding a way to keep him quiet on the company payroll.
And, at that point, Frutiger might've suspected what kind of perceived liability he might be, and been terrified. :(
Crypto AG was selling knowingly-weak products for decades in conjunction with US and UK agencies.
Post-war they commercially sold an Enigma variant, C-52, with documented vulnerabilities to nations that were considered to be 'of interest'. Cracking their encrypted messages was trivial. Meanwhile, trusted nations were allowed to buy the otherwise secret and secure CX-52.
Rumours of this arrangement surfaced in the 1970s and again in the 1990s. Why anyone still bought from them is a mystery.
I lived in Zug, Switzerland, also known as the "Crypto Valley", for a while between 2018 and 2019. The investors in my startup are based in Zug, as are many other large conglomerates (Siemens, Johnson & Johnson, Glencore, etc.). My apartment was a short walk away from Crypto AG's headquarters.
Zug is a very strange and interesting town, brimming with the sort of energy you'd expect from a little tax haven (also known as the "Cayman Islands of Switzerland"). It's now well known for the cryptocurrency foundations located there, from Ethereum to Tezos to Cardano.
Of course, at the time Crypto AG was founded, the Crypto Valley had nothing to do with cryptocurrency, but how interesting that cryptography was a key export since so long ago. To think I lived so close to a covert CIA operation — I had no idea!
Now consider what this suggests about Intel processors (IME) and GAFAM's software (including Raspberry Pi's firmware, ThreadX ?).
In completely unrelated news, OVH, Europe's biggest hosting provider, has announced a new partnership : OVH is going to use Google's closed(?) source software, Anthos, for its "Hosted Private Cloud" offering.
I used to take some comfort in the fact that big brother wouldn't have the technical capability to save and sift through everything. That you would have to first be on some narrow target list. I think we're now processer/storage/etc, advanced enough that it's no longer the case. They can, now, handle the firehose of everything, or most everything.
What I want to know is if the CIA had/has all this great intelligence why does international crime like money laundering and human trafficking still exist? What the hell did they use the intelligence for? Tearing down democracies and rigging bids and trade deals?
Data poisoning is 1) hard and 2) largely ineffective especially if 3) much of the data- or metadata-stream is cleartext or interpretable by your adversary/ies, meaning actual signal is available.
- You're emitting side-channel metadata all the time, most especially location and activity data (especially if you have any mobile devices) which is 1) useful 2) identifying and 3) very expensive to spoof.
- Purchase and other commercial / financial activity likewise. These are literally expensive, and hence credible signals.
- Unless you're spamming your contacts regularly, your social networks and interactions are also highly reliable and difficult to spoof.
- Dang would not be pleased by a sudden influx of GPT-3 posters on HN. Similar reactions likely for other online services.
- So long as your legitimate / semantically significant activity is present with minimal obfuscation, that signal exists and is easy to tease out.
- If your activities are interactive and responsive, rather than scheduled, poisoning is less viable and more visible.
Data fuzzing / poisoning works fairly well (though not even always then) for systems such ss numbers stations: broadcast-mode distribution, regularly-timed transmissions, consistently encrypted (no cleartext), no location or movement signals from recipients, and no transactional activities --- whether financial mor social.
For all else, not so much.
I could see some value to, say, search-engine spamming (with spurious searches), or ads networks (fake clicks). For the rest, it's just plain hard.
Think threat models; what are you hoping to accomplish/protect, from whom, at what cost(s)?
I guess it's going to pretty expensive and impossible technically to protect oneself from a State player, and also very expensive and near-impossible to protect against a big "infrastructure" provider (Google, Apple, Big telecom, etc.). However, it should be doable if we could protect us from malevenent apps or non-state crackers.
it's going to pretty expensive and impossible technically to protect oneself
Pretty much. Ultimately this is a problem of law, markets, and norms rather than code (to draw on Lessig's four laws) or individual choice.
Code itself may help with the backing of other factors, the more so if technical protections are legally required. A huge problem is in establishing both the harms and relationships.
It struck me a few weeks ago that the major ills of information technology most often discussed --- censorship, propaganda, surveillance, and manipulation --- have one common root: monopoly.
And I'm not willingly accepting the fact, though attempting to avoid tracking and surveillence is hard and carries real costs. As with security generally, you can simply raise the costs of tracking, which is effective against most casual or commercially-motivated actors, though not a determined political or personal antagonist.
Ultimately making exploitation sufficiently expensive or painful may be necessary. Friends, and lots of them, with capacity to act.
Doctorow also mentions the monopoly-surveillance link. We're both beat by Wu by years, and arguably Zuboff by decades, on that one element. Though Doctorow does spend a lot of time talking abbout AdTech (mostly dismissing its significance, incorrectly IMO), and while he's certainly discussed both censsorsship and propaganda in his work generally, he doesn't quite bring the monopoly aspect and combined interreationship into focus.
Some cursory searching through the literature also seems to find this connection missing, though I'd be happy to be shown wrong.
(The Wu piece was found after my initial postings, and is absolutely a piece of this.)
You might be also interested by Olivier Rey's book Une question de taille (not translated into English yet AFAIK), which shows that this 'huge issue' that is the 'matter of size' goes much farther than just the GAFAMs (though they are probably unprecedented in their growth speed ? Maybe only Alexander comes close ?)
We have substantial evidence from this very article:
* There exist agencies that are trying to compromise your communications.
* They have no scruples.
* They are actively causing people to lie about what products do.
* They are willing to act through corporations.
Waiting until there is overwhelming evidence of a specific act of wrongdoing is a strategy so ineffective it may as well just be saying "I don't care about securing my communications". Not to say that no strategy is unreasonable, maybe people don't care.
Assuming everyone is telling the truth about being honest and ruling them out one by one when there is a large report or a Snowden-style leak is all but guaranteed to have the same result as ignoring the problem. Evidence is coming to light years after the event, and the spies in this article used Switzerland as part of a strategy of targeting the most trusted places for corruption.
I'm not sure that we have the same definition of 'suggest'...
If we're lucky, we'll only get actual evidence after many decades, like with Crypto AG.
(But of course we already have some evidence, for instance about ECHELON and PRISM (Skype...))
If we're unlucky, black hats (criminals and/or anti-West countries) are going to lay their hands on those backdoors first, like with the NSA/Shadow Brokers leak :
Huawei products have been banned in a number of countries without any evidence, while US manufacturers like CISCO [0] have a pretty rich and regular history of weird backdoors in their products and actively harassing security researchers to suppress the reveal of that information [1].
Now consider the fact how one of the top search results for "Intel me NSA" is this article [2] telling people how they can totally disable that nasty ME thanks to the apparently very well meaning NSA.
I don't claim to be nearly well versed enough to understand if that NSA advise is actually useful, but I'm sure as hell skeptical enough when a burglar wants to tell me how to best secure my home from break-ins.
> telling people how they can totally disable that nasty ME thanks to the apparently very well meaning NSA.
> I don't claim to be nearly well versed enough to understand if that NSA advise is actually useful
Why do you think that it's thanks to the NSA, and not despite what the NSA wanted ? What NSA advice ?
Also, Dell supposedly can sell you IME-disabled (?) (thanks to this?) Intel CPU computers if you're a large enough organization.
Of course it could be that it's actually a fake way to disable IME – can we really know without having the firmware source and checking the hardware, which is likely to be a monumental task considering the level of miniaturization these days ..?
Video by Brendan O'Connell showing how Intel is infiltrated and compromised. He would be considered fringe, but there's plenty of info to be gleamed. Don't shoot the messenger
FYI, the menorah is actually the Mossad logo, though it doesn't change the point you're making. I've not watched the video yet, but as it's entitled "How Russia and Israel Destroyed the Intel Corporation" I'm not sure what else I'd be using as an intro graphic.
edit: Having watched about 10min of the video please don't take my defence of the title screen as defence of the contents of the video.
Serious question. How does one know that any secure communications provider is secure? I use tools like Signal and protonmail, but this article has me thinking that those might as well be government ops.
Presumably the governments who purchased systems from Crypto AG had people educated in security do some due diligence on Crypto AG's products before purchasing them. If they didn't realize that the products were compromised by the US, what chance do I have?
This is why the UNIX philosophy of distributing only source code and building locally for apps is important. You can never 100% know for sure if that code doesn't have a security backdoor, but at least you have the opportunity to self audit.
Reproducible build [0] is the modern solution to this problem, it generates the same binary output on everyone's computer by carefully controlling the compiler version and input data to the build system, thus allowing users to independently verify that an official binary is a faithful build from its source code. Although it's not a silver bullet (compiler bootstrapping is still vulnerable), but still greatly increases the level of confidence. Signal adopted reproducible build since 2016 [1].
> This is why the UNIX philosophy of distributing only source code and building locally for apps is important. You can never 100% know [...], but at least you have the opportunity to self audit.
My comment was a reply to "distributing only source code and building locally for apps is important", and I pointed that reproducible builds enabled an alternative method to achieve the same without requiring everyone to rebuild from scratch (which is arguably worse from the perspective of uncertainty). And that's all. I didn't have anything to say on the audit question.
But if you want to nitpick, yes, this reply is incomplete, and to defend my comment properly, I should've quoted the first (and only the first sentence) from the comment which I was replying to clarify my point. On the other hand, I think it would be painful to do a full-time proofreading of every single comment I'm going to make.
Sure, but I don’t have time to read the EULAs that come with the stuff I buy as it stands, and that’s arguably easier to read and shorter than it would be to read all of the source for a service that I want to use. Not only that, but to be fully confident, you would need to review the source code after every single update.
As an example, OpenSSL is open source and widely used, yet even they missed heartbleed.
Of course. None of us, individually, have the time to do that. Collectively, however, we at least have the ability to do so and that, in and of itself, is a big reason for TLAs and such to not try to hide backdoors in products.
Being open source doesn't magically make software perfect or free of bugs.
> Presumably the governments who purchased systems from Crypto AG had people educated in security do some due diligence on Crypto AG's products before purchasing them.
Presumably they didn't. The article states "employees in the engineering and research departments repeatedly identified vulnerabilities in the products’ designs that they were mysteriously prevented from fixing", which implies that all it takes is for competent people to view the source code to expose the sort of fraud that was happening here.
The difference is that the operation of the Crypto AG machines was secret. Only the employees of the company had access. The operation of some contemporary systems is available to the whole world in the form of source code. In some cases multiple entities with no particular connection actually work on that source code. The trick is in insuring that the source code is the only thing that contributed to the program you are running.
As a fairly extreme example, consider what it would take to backdoor GnuPG. It is distributed to multiple platforms/OSes, most of which allow anyone to check both the signatures on the source code and then recreate the binaries.
If you use GnuPG on a system with any unverified-build and audited for security compliance software / hardware, can you be certain GnuPG is behaving as expected?
For what it's worth, Debian's gnupg2 package builds reproducibly[0]. That doesn't mean that the Debian-specific patches[1] have necessarily been widely audited though, even if the upstream code itself has enough eyes on it.
Also it's not exactly clear how an end user would discover that the Debian package they installed had a different checksum from the version that was reproducibly built, or if sufficiently independent teams are re-creating these checksums and have a way of notifying people of discrepancies.
You don't need the other software on a system to be audited for security compliance. You just need to know that it is not actively malicious. So any run of the mill Linux or BSD not running proprietary software.
> How does one know that any secure communications provider is secure? I use tools like Signal and protonmail, but this article has me thinking that those might as well be government ops.
We need independent crowdfunded external audits for that like the one performed for TrueCrypt.
I still actually wonder what actually happened to TrueCrypt. Did a dev get threatened with a NSA or FBI NSL? Did they get asked to implant a bug so they shut it down instead? So many questions.
Also, the first letters of "unfixed security" are "U.S." which could be another hint.
Plus, "Using TrueCrypt" -- "UTC". According to Wikipedia, UTC is "a successor to Greenwich Mean Time" -- Greenwich, London, England. GCHQ is in England! So, obviously, it was a partnership between NSA and GCHQ!
Surely we can come up with even more irrefutable evidence^W^Woutrageous theories if we devote a few minutes to it.
Seriously, this is why I strongly encourage people to find alternatives to Signal. The program even ties an unique short identifier which cannot be changed at will by the user, a phone number, to the account. There are alternatives.
I use signal because it's "good enough" and has a lower barrier to entry for less technical people, but having reviewed MM's stance on many issues, I honestly wouldn't be surprised to find out he or his company are a sort of Adrian Lamo 2.0 (obviously a bad comparison but I think you get my meaning). The bottom line is that if you are trying avoid nation states... and this is going to go against almost everything you have been taught and heard... you should probably be rolling your own crypto. It might be more doable than you think, but once again you run into the problem of how do you get others to adopt? I first heard this stance from former NSA technical director William Binney, and balked at first, but after ruminating on it for some time I think he has a point. Especially when so many of these crypto compromises happen because there is a central org thats easy to focus target (the main weakness in MM's position), vs having no central org or even being on any radar other than NSA data hoovers. Autoanalysis of comp'd communication systems wouldn't work if they don't have your crypto-comms in the list, but the thing to be aware of there is the ability for them to "walk the cat back" on comms if they do break it later.
Don't forget also that these organizations heavily participate in forum ops to sway opinion on these topics [1] so operating by consensus can be very dangerous imho. I remember one particular example being the allegations about the FBI paying contractors on ipsec to backdoor it [2]. Which was then met with all kinds of "analysis" about how it wasn't true, and that sort of became the consensus response for a while after, except a year or so later I found a post by one of the devs explaing further detail and it became obvious to me that ipsec had been backdoored and they had just engaged in "consensus cracking". Of course only a few years later Snowden leaks confirmed that ipsec was weak by design and had been being intercepted for quite some time. Also worth noting that while Snowdens doc were released in 2013, the actual docs were mostly from ~2007 era. Think about how much tech has changed since then, and then imagine just how much more powerful the systems are today. Not just the technical systems, but the organizational structures designed to prevent any kind of truly secure crypto from emerging.
PS. Also worth noting that Eben Moglen talked about how after the gov lost the crypto wars, he heard a chilling comment about how basically they wanted to do away with anonymity also. I think it's worth noting that anonymity and crypto are hand in hand tech, and if you comp one pivoting into the other is much easier. The gov has worked on comping both quite extensively.
Signal is probably safe for the data[†], but as we know, the NSA cares even more about metadata – and since Signal's centralized servers are (all?) located in California…
[†] - then, considering stuff like this, even vetted open source code might be at risk (remember that the NSA can afford the best programmers in the world !) :
If you're worried about metadata, then you're probably best off publishing encrypted gists. Yes you have to poll to get the update, but it's better than getting hit by timing analysis.
What people? Vetting how? The problem remains: If you don't read and understand all the code (which is basically impossible for most people), then you have to trust some source of information, which in turn is based on some other source etc.
In short: You can basically never know for sure if any complex product is completely secure. You can make guesses, and the more research you do, the closer you get to an answer. At some point, you have enough information to deem a solution "secure enough" for a specific use.
For regular users, it's mostly a question of belief.
<< FinFisher malware is installed in various ways, including fake software updates, emails with fake attachments, and security flaws in popular software. Sometimes the surveillance suite is installed after the target accepts installation of a fake update to commonly used software.[2] Code which will install the malware has also been detected in emails.[17] The software, which is designed to evade detection by antivirus software, has versions which work on mobile phones of all major brands .>>
no backdoor is needed when a users behaviour will let you in. it helps greatly when the service provider co-operates
Interestingly, the report states that the collaboration of the Swiss Intelligence Service with the CIA and BND was known to only a small group of people; even the Federal Council supposedly did not know about it.
This reminds me of Operation Gladio. In each country only a selected group knows about its existence and many politicians had no idea that it existed in their country.
Indeed, though the only commonality is high secrecy.
Operation Gladio meant NATO's stay-behind armies. The original intention was that in the event of a Soviet/Warsaw Pact attack the stay-behind armies could organize guerrilla resistance and fight back.
Crypto AG was essentially a clever intelligence operation.
We aren't a NATO member, so there was a scandal after the cold war ended, when it came to light that NATO had been operating a stay-behind in our country as well.
Perhaps the reason the U.S. is pushing its allies to ban Huawei from 5G networks is because of their own past (and possibly current) experiences using puppet corporations for spying.
I would suspect the EU to be complicit, not a victim, considering their companies (e.g. Ericsson and Nokia) stand to benefit as the US-proposed alternatives.
Dang, typical CIA though sell the company and not disclose that it was basically a shell company for shady operations where they happily charged countries lots of money and then bragged about it to essentially spy on them.
I feel really bad for whoever bought the company not knowing about its secrets this greatly devaluing the name and forever tarnishing the brand. There's got to be some type of repercussions and avenue for their deceit to the innocent people that ended up suffering here.
Regarding "not knowing about its secrets" -- There were much earlier reports, as an example, from the Wikipedia article, there was an article in The Baltimore Sun, 1995:
"America's National Security Agency hid what may be the intelligence sting of the century. For years, NSA secretly rigged Crypto AG machines so that U.S. eavesdroppers could easily break their codes, according to former company employees whose story is supported by company documents."
And also in the same Baltimore Sun article a much earlier report about the company founder, Boris Hagelin (1982) is mentioned:
"Writer James Bamford added more clues in his 1982 book on NSA, "The Puzzle Palace." Discovering in Mr. Friedman's letters references to a mysterious "Boris project," Mr. Bamford concluded that Mr. Friedman had extracted from Boris Hagelin an agreement to cooperate with American eavesdroppers."
There are people who think that Protonmail is a government front. I don't think so, but who am I? What's a little bothersome is the new administration is more likely to push for the impossible backdoor into encryption. Swiss companies are under an MLAT, so yes, they will cooperate with American government agencies if they request information. CTemplar looks promising, but in a way, all of these "secure" email hosting companies are really pushing security theater.
It's difficult to trust third parties with your data, even if you are not a dissident, journalist, or someone who actually needs to protect their life.
I'm not looking forward to this upcoming administration's tactics as regards big tech. I didn't like Trump's administration much (what there was of it). Biden is looking to put Eric Schmidt somewhere up high as relates tech. He's buried into the American military industrial complex already and just purchased Cypriot citizenship. Conflict of interest? I'd be lying if I said I wasn't at least more concerned over the Democrats and their view of encryption/back doors and company compliance. Why can't we have a transparent government like Finland?
> There are people who think that Protonmail is a government front. I don't think so, but who am I?
It seems that many people have a wrong (read: unrealistically high) expectation of security on Protonmail to begin with. If you are just using Protonmail as a plain mail service, it's nearly as vulnerable as any other emails providers: all incoming mails can be monitored at the originator's mail provider, or at Protonmail, all outgoing mails can be monitored at Protonmail or at the receiver's mail provider. These security properties are natural conclusions from the architecture of SMTP. No backdoor is needed. If the government wants to subpoena your mail, they can simply require Protonmail to intercept all incoming traffic at the SMTP server before it's encrypted locally. Also, the fact that Protonmail is subjected to subpoenas is publicly announced on their website, and they state that they'll cooperate as far as the degree allowed by cryptography.
No backdoor conspiracy is even needed to begin with. End-of-end encryption is only used in-browser when you're sending mails to another Protonmail user.
Don't get me wrong. I use Protonmail and I'm a paying user. The only major advantage of Protonmail is data-at-rest encryption, once the plainmail arrives to your inbox, it's not possible to be leaked retroactively without your passphrase. And this advantage alone is enough for me to use it, since it's as insecure as any other mails at worst, and a bit more secure at best, I have nothing to lose. If a higher degree of security is desirable, it's still your own responsibility to use end-to-end encryption, preferable, one should also use Protonmail's official client (with source code) to access Protonmail locally, which ensures that malicious JavaScript can't be injected from the server side to reveal the passphrase to your inbox.
Finally, if you must find a credible conspiracy from it (I'm not a fan of doing it, 90% of the time the arguments are all vague "backdoor" or geopolitics rather than a technical security analysis), Protonmail can be considered a PR hack supported by the NSA that misleads non-technical users to think it as a silver bullet, thus actually impeding the progress of developing better end-to-end encryption for email communication.
> Why can't we have a transparent government like Finland?
In case this is a genuine question, I think it is because U.S. government has the largest power in the world and this is a benefit to many people who want that power protected and available to them. In a transparent government, this control by would bother regular citizens more and would destabilize things.
All thing aside, the final graph describes how the company was bought from the CIA by an entrepreneur...except he didn't know it was CIA owned at the time and now that company he bought is probably effectively worthless. That sucks pretty bad.
That Crypto AG had sold vulnerable machines was not a secret when he bought it. He either didn't want to know, or was so stupendously bad at due diligence that he didn't find out what anyone with 15 years history on cryptography could have told him. Either way, I'm not crying for him.
But the revocation of unrelated export licences this year by Switzerland out of embarrassment was deemed illegal, and that really is too bad. Bern killed a company, and cost Zug 80 jobs. Not cool.
PX-1000 was a handheld message terminal, also known as a pocket telex, developed in 1980 by Text Lite in Amsterdam (Netherlands) and sold worldwide by Philips and others. Some versions of it had built-in encryption capability. In the initial version, the DES algorithm was used, but this was later replaced by another algorithm at the request of the US National Security Agency (NSA).
I'm guessing its programs like these which make some Senators completely ignore experts on the whole backdoor into encryption thing. They don't know the difference they just see results from the NSA.
> Crypto’s international business was purchased by a Swedish entrepreneur, Andreas Linde, who said in an email exchange with The Post earlier this year that he was not aware of the CIA’s ownership when he purchased the assets. Export controls imposed by Swiss authorities in the aftermath of public disclosures about Crypto earlier this year have threatened the company’s survival.
If Andreas Linde is not a cover that's pretty fucked up. They couldn't have just run the "business" into the ground?
This sheds a lot of light on why statutory declassifications keep getting extended and reinstated here in the US, as the sources continue to have effects on national security and it isn't just an excuse.
Automatic declassification is largely governed by executive order in the US. This stems from the fact that the president has more or less unilateral constitutional authority to determine what's classified and what isn't.
More about DOJ automatic declassification, as an example:
Littered with exemptions, determined unilaterally by each federal agency.
Let's look at a few in the context of Crypto AG
> 25X1 – reveal the identity of a confidential human source, a human intelligence source, a relationship with an intelligence or security service of a foreign government or international organization, or a non-human intelligence source; or impair the effectiveness of an intelligence method currently in use, available for use, or under development;
> 25X3 – reveal information that would impair U.S. cryptologic systems or activities;
> 25X6 – reveal information including foreign government information, that would cause serious harm to relations between the U.S. and a foreign government, or to ongoing diplomatic activities of the U.S;
> 25X8 – reveal information that would seriously impair current national security emergency preparedness plans or reveal current vulnerabilities of systems, installations, or infrastructures relating to the national security;
This doesn't require a court or tribunal, it just requires the passing rationale of a random pencil pusher in any agency to stonewall the archivist and anyone else.
But going back to my point, its also easy for it to be true with 70 year old operations like Crypto AG existing, being just discontinued in 2018 and sold to a now screwed entreprenuer
While the geopolitical ramifications continue for a long time more, with this Swiss report not nearly being the end of it, let alone whatever hardware or software they sold.
What makes them better vassal states than any of the EU/NATO and the rest of the democratic™ first world countries? They were/are just doing what Uncle Sam says because "You're with us or you're against us."
I understand what you are saying, but if you really want to know I can draw a distinction.
So Leichtenstein is not in NATO, or the EU, while being geographically surrounded and it uses this flexibility opportunistically. It functions more-so as a vassal state of Switzerland, as it is not Switzerland either nor bound by its constitution or direct democracy, while using its currency directly via the Swiss Central Bank instead of the Euro. Leichtenstein lawyers arranged for the purchase and management of Crypto AG shares, this is no accident, and the entrepreneurs in Leichtenstein (the lawyers and many other services providers there) are willing participants in this geopolitical financial game.
Zug is nice because of the general optimization towards science and technologies. Cantons in Switzerland enjoy a high degree of autonomy and decision making while being relatively sparsly unpopulated. So getting something approved really means the agreement of the 2 people acting as regulator in a town of 100,000 people, and inheriting the brand and sovereignty of Switzerland. It is great for business, practically unparalleled.
The difference is that the latter promise doesn't break when a malicious actor has access. Consider two VPNs, one of which promises never to misuse client-side IP data, while the other refuses to store that data in the first place. If both VPNs are infiltrated by a bad actor, the one that doesn't store data can guarantee slightly more privacy than the one that keeps data but promises not to use it.
Similar case: I think it's interesting to note that German usage of Tor dropped off when the Snowden revelations took place, while many other countries experienced greater uptake. Perhaps they recognized that Tor may not be as secure as it's claimed to be -- especially considering who initially funded it.
If you want an encryption product/service to be truly secure, you can't buy it on reputation alone. You have to think about where it came from and how it works.