Replying to you mostly for myself, to write down what I try to explain to people when it comes to what PGP actually is and if anyone gets edumacated by what I wrote, that's fine.

The problem is sending keys - and most users would just blindly well, email them around.

This is why we have public key encryption, e.g., PGP, in the first place.

You're supposed to post/email/etc the public key to your various contacts to encrypt. It doesn't matter what the channel is that you use to transport the public key - email, web page, broadcasting as a numbers station, shouting, etc. The public key can be intercepted all the time by TLAs and other nefarious mob-related organizations. It doesn't matter.

Alice: "Hey Bob, I'm trying to figure out this encrypted mail thing. Send me some encrypted mail. Here's my public key."

public key gets sent through normal email

Bob: "OK, got it." Bob then encrypts his message professing his undying love with the public key and sends it to Alice. He also sends his public key to Alice with it.

Alice decrypts with her private half (which she never gives out) of the public/private key pair and reads the email.

Alice says "I didn't know you loved me." to Bob.

Then there's key management because you have to import those keys into your contacts.

Modern MUAs handle these easily. It's up to the user to save the keys. There is just so much hand-holding that can be done.

>Other than PGP, such as anything using AES is problematic

>GPG

Both PGP and GPG are compatible with each other.

It's not just that MUAs aren't all configurable to use other encryption algorithms, it's that anything that uses symmetric keys, like AES, requires a key exchange out-of-band for it to be any practical use. And that is problematic in itself.

--
BMO

>So if they are not using to investigate crimes, what is the end game of this mass surveillance?

To pillage. To find who's got the money, boats, cars, etc., and are morally questionable/socially insignificant enough that the general public doesn't get up-in-arms about it when the DEA takes their stuff.

--
BMO

Increasing the wages of an auto-worker from 115k (average $55/hr) to 230k/yr doesn't mean that the price of the automobile goes from 30k to 60k. Wages are currently appx 10 percent of the cost of an automobile.

If you really believe that doubling wages doubles the price of goods, you don't know much at all about manufacturing.

--
BMO

Recent evidence has come to light that suggests that pyramid style chain
letters may have pre-dated Dave Rhodes by a considerable margin.
Palaentologists recently deciphered the following, painted on a cave
wall on the slopes of Kilimanjaro.
MAKE POINTY STICKS FAST!!!

Hello, not-tribe-member. Urk name Urk. Many moons ago, Urk in bad way.
Urk kicked out of cave by Thag. Thag bigger than Urk, Thag take Urk
spiky club, Urka (Urk wo-man). Urk not able kill deer, must eat leaves,
berries. Urk flee from wolves.

Today, Urk big chief. Urk have best cave, many wives, many pointy sticks.
Urk tell how.

WHAT DO: make one pointy stick and take to cave places below. Add own
cave place to bottom of list, take cave place off top. Put new message
on walls many caves. Wait. Many pointy sticks soon come! This not crime!
Urk ask shaman, gods say okay.

HERE LIST:

      1) Urk
            First cave
            Olduvai Gorge

  few) Thag (not that Thag, other Thag)
            old dead tree
            by laked shaped like mammoth

  few) Og
            big rock with overhang
            near pig game trail

Many) Zog
            river caves
            where river meet big water

Urk hope not-tribe-member do what Urk say do. That only way it work.

(c) Dave Hemming 1998. Circulate how you please, but keep my name on it.

The point of going dark is to make surveillance expensive. You want "them" to spend as much money as possible. Currently, just about everyone sends plaintext through the Interbutt, for example. Archiving all of this in a building in Utah and using search technology to sift through it, building "instant dossiers," is well within the budget capabilities of many governments.

If everyone uses encryption, there isn't enough computing power in the universe to sift through all of that. At that point, "they" will have to devote actual warm bodies to do surveillance, aka "spies." Spies cost money. They cost a not insignificant amount of money to train and require weekly paychecks. Plus they are quite a bit slower than computers sifting through plain text and unencrypted Skype calls.

What we want to do is break their budgets.

The only drawback to all of this is the instant you mention encryption to Joe User, you get this glassy eyed stare, dead eyes, like a doll's eyes, to butcher a line from Jaws.

--
BMO

"That's because Republicans believe in the free market not communism."

Funny, the current bunch Ds are typically to the right of Reagan.

And no, the Rs aren't in favor of any kind of free market either. And "free markets" don't exist, ever - they are an imaginary construct much like "friction free inclined planes" in physics.

--
BMO

It's these 3rd party ad server farms that get hacked and start serving out this shit. Doesn't matter if it's Yahoo, CNN, Drudge, MSNBC, Fox News...etc. If they have a contact with one of these ad agencies (and they all do), all it takes is for one of the infected servers to rotate into view for the end user. Really nasty stuff.

This. So much this. And there are ad networks that will host anything given the right amount of money and lack of care. I sure as hell don't allow ad networks to display their crapware on any machine, no matter the architecture/OS. With adblock-plus, privacy badger, and ghostery installed on a client, third party crap gets enough of a heave-ho to make even going to places like gawker "inoffensive."

--
BMO

The post didn't exactly disappear. It's on the Wayback Machine.

https://web.archive.org/web/20...

Playing "Mr. Language Person" aka Dave Barry:

It's not "want to do." It's "wont to do."

--
BMO

The "tinfoil hat brigade" as you put it has gone from loonies to prescient given the facts from the last 20 years.

http://en.wikipedia.org/wiki/X...

Just one example.

Oh, and hello there Cold Fijord.

--
BMO

"so where do we get the next generation of major league players from?"

Brown & Sharpe (now a tiny little division of Hexagon AB) used to be the preeminent machine tool manufacturer in the US.

One of my previous bosses was told by one of the Sharpes that the day the company died was the day they stopped training apprentices.

Short-term-profits-at-any-cost amounts to eating your seed corn and then sowing the ground with salt.

--
BMO

Yet another self-obsessed legal "expurt" suing over a ham sandwich"

Horace Edwards, who identifies himself as a retired naval officer and the former secretary of the Kansas Department of Transportation, has filed a lawsuit in Kansas federal court that seeks a constructive trust over monies derived from the distribution of Citizenfour. .

Court: Does he have standing
Court looks
He hasn't been damaged, You must have some sort of injury, financial or physical, or whatever, to have any standing in a tort.
Court: Come back when you have standing, now go away and stop wasting our time.

The only "person" who can bring an action that has any weight behind it is the US Government, or some other person who has been directly harmed. That would be under the purview of the Justice Department or one of the armed services or someone who has suffered some loss that must be made whole.

Granted that I have a "GED in Law," but that's my best bet as to what's going to happen.

--
BMO

So, assuming Microsoft is sincere

That's a pretty fuckin' big assumption there, guy.

>BMO goes back to read the Halloween documents

The Easter Bunny, Santa Claus, A Sincere Microsoft Board Member, and a Rabbi (a Rabbi is required in every joke) come to a 4-way stop/intersection at the same time.

Who goes first?

The Rabbi, because the others don't fuckin' exist.

--
BMO

Otherwise it's potentially just a matter of inserting a tiny reprogramable USB stick when there are few cashiers on and the cashier who is on isn't looking for a few seconds (ie two people walking into a Staples store can pull this off really easily).

Indeed, so much this.

I've seen open USB ports on all sorts of POS terminals and it just boggles my mind, especially because I've been in industrial environments in small companies where hot-gluing USB ports shut is a matter of course.

You can buy a USB flash drive that sits almost flush and if you take a little bit of elbow-grease and sandpaper, you can get it to sit flush easily.

So I don't see how big companies like Staples, who have the actual budget to look at security this way, don't even bother to do the basics like this. It's time we start fining/class action lawsuit-ing firms that don't even do the least bit of security, with amounts of money that actually hurt and not take "5 minutes of profits" to pay.

--
BMO

Peer Name Resolution.

The problem is that it's patent encumbered, by Mickeysoft, so it's useless.

There is also something called Hierarchical DHT-based name resolution.

Abstract:

Information-centric network (ICN) architectures are an increasingly important approach for the future Internet. Several ICN approaches are based on a flat object ID namespace and require some kind of global name resolution service to translate object IDs into network addresses. Building a world-wide NRS for a flat namespace with 10^1^6 expected IDs is challenging because of requirements such as scalability, low latency, efficient network utilization, and anycast routing that selects the most suitable copies. In this paper, we present a general hierarchical NRS framework for flat ID namespaces. The framework meets those requirements by the following properties: The registration and request forwarding matches the underlying network topology, exploits request locality, supports domain-specific copies of binding entries, can offer constant hop resolution (depending on the chosen underlying forwarding scheme), and provides scoping of publications. Our general NRS framework is flexible and supports different instantiations. These instantiations offer an important trade-off between resolution-domain (i.e. subsystem) autonomy (simplifying deployment) and reduced latency, maintenance overhead, and memory requirements. To evaluate this trade-off and explore the design space, we have designed two specific instantiations of our general NRS framework: MDHT and HSkip. We have performed a theoretical analysis and a simulation-based evaluation of both systems. In addition, we have published an implementation of the MDHT system as open source. Results indicate that an average request latency of (well) below 100ms is achievable in both systems for a global system with 12 million NRS nodes while meeting our other specific requirements. These results imply that a flat namespace can be adopted on a global scale, opening up several design alternatives for information-centric network architectures.

http://dl.acm.org/citation.cfm...

--
BMO