They don't need to crack the traffic, if they de-anonymize the clients in and out of Tor, it's cleartext on both ends. With SSL and VPNs now being as wide open as cleartext and easily broken, it's a moot point.
http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html
And direct yourself and others to Project Meshnet:
Sorry, but it's now too easy to de-anonymize traffic within and around Tor. The more Tor nodes there are, the -easier- it becomes.
Read and learn, then direct everyone to start using i2p and Project Meshnet (https://projectmeshnet.org/)
http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html
They do not need to do real-time processing of the data: that is only necessary for filtering.
That may be true for passive surveillance (http traffic, emails, IMs), but most-definitely not for VPNs, as in this specific case.
You absolutely need to trap the packets in real time in order to actually break the VPN connection open so you can get at the actual payload (cleartext, post-decrypted) data within the stream. The initial cryptographic handshake has to be captured, in order for them to peel it open and get inside.
You can't do that days later, when all you have is an encrypted stream of bits.
<cite>http://www.groklaw.net/article.php?story=20110409161444432</cite>
So basically they Won.
They don't win unless we've stopped fighting. And we're a long, long way from that.
Eighty Nine Percent of New Zealanders oppose new legislation to broaden the powers of the GCSB, the New Zealand Signals Intelligence agency that has tradisionally been used to spy on other countries.
But wait, that also means that at least 51% of the population actually voted for those who put these laws and legislation into effect. Can the same people who voted them into power, also vote them out?
It doesn't matter if she was searching for 'pressure cooker bombs', because that is not illegal!
She has not committed any crime, nor should she be suspected of one. In fact, she shouldn't have let them in the house, because they have no warrant, nor any valid reason to suspect her of doing anything against the law.
Since when was curiosity or knowledge seeking a crime? Is that where we are now? Living in fear of learning more, because those who think they're holding the power, are looking at everything we do?
Sorry, no.
http://www.serendipity.li/wot/other_fires/other_fires.htm
Here's one example:
In October 2004 in Caracas, Venezuela, a fire in a 56-story office tower burned for more 17 hours and spread over 26 floors. Two floors collapsed, but the underlying floors did not, and the building remained standing.
See http://www.cbsnews.com/stories/2004/10/18/world/main649824.shtml
But... how do you KNOW they're doing what they say they're doing? Really? Without an intentional MiTM machine you can use to analyze what is ultimately being sent upstream to SpiderOak, you can't be sure.
Remember too, peeling apart and masquerading SSL/https sites is VERY easy to do, including certificate forging. Many companies do this today to decrypt (yes, decrypt) SSL traffic to then scan the plaintext content of the request. Heck, you can even set up Squid to do that if you want.
http://blog.blackfoundry.com/2011/06/02/break-open-dropbox-ssl-traffic-with-squid-proxy/
That's fairly easy to subvert: Don't ever use the same salt. Ever.
Look at something like PFS for where this is heading:
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Google is already using this today.
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
Google is already using this today.
His point was that the system maintainer might be forced by a spy agency to alter the code so that the password variable is not temporary, but instead logged in persistent storage.
That's easy: Build your hashing systems such that there IS no persistent storage. Make it out of DRAM, and enforce rules to scrub the memory and temporary storage before and after each password hashing request or attempt. Additionally, just create a tmpfs volume, encrypted with a one-way hash/salt, and write your scratch data there, then dump it and scrub those bits when done. Problem solved.
Except for private Twitter accounts and deleted/redacted Tweets. Only the Library of Congress has the originals, in context.
What you see via the public, port 80 web interface to Twitter or via their API is nowhere near to the full Twitter data stream.
You do realize that recording public officials, law enforcement and the like is going to land you in jail, right? Actually, it's already been demonstrated, when a black teen recorded a police officer publicly harassing and beating another black teen. So the one who got 8 months in jail and is facing 7 YEARS in prison? Not the 15 year old behind the police officer's baton, but the one who RECORDED the event with his camera phone.
https://www.youtube.com/watch?v=g1e9Htc6FMY
When it becomes legal and admissible evidence for an officer to bring in his dash camera footage, but ILLEGAL for a citizen to record an officer breaking the law, what have we become as a society? Seriously. This stuff is happening NOW.
And it scares the bejezzus out of me, and thousands of my compatriots.
Here's another of a fan running on a field, the cops chase him down, start beating him up ON THE FIELD in front of thousands of fans, when the fans storm onto the field and beat the crap out of the cops.
https://www.youtube.com/watch?v=rBfEh4aBt1g
With Google Glass, how soon before cops start smashing your $1,500 device, or shatter your phone, to prevent any evidence of their wrongdoing?
Maybe "The Final Cut", almost 10 years ago wasn't so far off:
http://www.imdb.com/title/tt0364343/
"A Zoë Chip is chip placed in your brain at birth to record your entire life. When you die, the footage from your life is edited into a “Rememory”-- a film shown at your funeral pieced together by an editor. A toy for the privileged, Zoë Chips are changing the face of human interaction, but there are those who are against this emerging technology, and believe that memories are meant to fade."
"I've seen it. It's rubbish." -- Marvin the Paranoid Android
