Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:How to escape being compelled to decrypt your d (Score 1) 279

Please help refine this by pointing out shortcomings of this scheme.

The shortcomings is that the encryption is visible to the average guard and unnecessarily raises eyebrows.

How about this (on Android)? You install two operating system images on the phone, say, two instances of CyanogenMod, one encrypted, and the other non-encrypted, and you setup the boot loader TWRP so that it usually boots the unencrypted one. So, if the unsuspecting guard boots the phone, he'll be able to login and see a perfectly regular OS. But if YOU want to access your confidential files, you reboot the phone into TWRP with the usual key combo, and then you boot into the encrypted instance of the OS. Added bonus: you modify TWRP so that it doesn't even display that encrypted OS in the list of available bootable partitions.

Shortcomings: forensics will show that there is an encrypted partition on the phone... if they ghosted it. But if it is just the guard booting up the phone and nosing around a little bit, you're pretty safe.

Comment Always use a "clean" phone when travelling abroad (Score 1) 279

It's worth repeating ad nauseam: when traveling abroad, always use a new clean phone, i.e. another phone with a new SIM card that is not linked to your Google and other accounts... It's not just the US that seizes or snoops on phones at its borders, foreign countries do so as well. Basically, once they got hold of your phone and take it out of your sight for a couple of minutes, you never know if it hasn't been copied, and bugged. And when you're back home, always assume the phone has been physically tampered with, and make sure to throw it away (or sell it e.g. on eBay to some poor unsuspecting buyer, fair warning would be nice though). Sorry, but that's the way it is.

Comment Still waiting for that damn Windows 10 download (Score 1) 151

On one of my Windows 7 machines, I actually reserved the Windows 10 upgrade many months ago, but nothing happens. Clicking on the icon in the task bar always shows "Your upgrade is reserved... blah blah blah". So it's kind of funny to be nagged by GWX, and at the same time to wait in vain for a download that never completes. Not that it matters that much to me, it's just funny. If it doesn't complete by the deadline, that machine will stay on Windows 7 which runs just fine. I got an upgrade on another test machine without any problems; and all this is only to analyze the behavior of Windows 10 w.r.t. security. Real work with sensitive data I do on Linux and FreeBSD anyway.

Comment Re:Different expectations (Score 1) 1592

Indeed. And even if we opt for a USE, there are different models for such a USE: a centralized ideal French-style, a federalized one German-style, ... and economically, a more socialist-authoritarian one French/German-style, a more capitalist-liberal one British/Eastern-European-style. Trying to find a common ground and to converge towards a model that is acceptable by all member states is nearly impossible. Just look at the total fiasco that the single currency Euro turned out to be: due to different financial philosophies between North and South, the whole Euro-Zone is shattered, and their central bank is printing billions of Euros like there's no tomorrow, heading right towards a super crash. Frankly, the anti-USE in the UK have won, and it pains me to say: they were right. I too was hoping for some kind of USE, but I grew disillusioned. I think right now that the EU should be rebooted and rebuilt (much more carefully) from scratch. On the second try, things could improve. As it stands now, keeping working on it will only add more misery to an utterly broken design, IMHO.

Comment Re:Next: France? (Score 1) 1592

Why would France wants to leave the EU? Unlike Britain, they get more from the EU in the form a subsidies than they pay into it. Those wanting to get out of the EU are those people who are feeling that they are constantly paying more than they are getting back, like the Brits (and the Germans, Finns, Dutch...). The financially poorer "Club Med countries" like France would stay as long as they can find financially more stable countries in the EU like Germany, the Netherlands, Finland etc. would will be more or less willingly footing their bills. Greece, Italy, France, Spain, ... would be the last to leave. I'll be more worried about the northerners, and, maybe the easterners at this point in time. What we're seeing right now is an "Who is John Galt?" kind of Ayn Rand-ish moment, Euro-style. Maybe more countries will quietly vanish from the EU as times flies by...

Comment Re:Opting out (Score 1) 85

Actually, very long-term sysadmin here, responsible for huge number of servers and users. Believe it or not, once you're herding a certain threshold of users/machines, you stop being curious about individuals' behaviors, porn, lives, whatever... it becomes totally irrelevant.

Those guys working at 3/4 letter agencies are in the same position: I'll bet what you want that most of them are bored senseless when they are alerted by the algorithms that they have to look into some real-life data, just to find out that it is in 99.9% a false positive, again! Sure, you'll have some rogue PFY in there too with BOFH phantasies doing his or her thing w.r.t. their near relatives, but hey, that's bound to happen anyway, with or without surveillance agencies. That's NOT the rule, that's the tiny exception.

Personally, I'm not worried at all about that kind of surveillance and their personnel; as I've said, I'm more concerned about keeping THEM and their commercial and criminal counterparts out of networks they persistently try to infiltrate for industrial espionage purposes. THAT's where they are a nuisance, not their amateurish-organized mass-surveillance business that is still in its infancy, despite claims to the contrary.

Yes, I'm strongly pro-privacy, but I'm too long in this area to be easily impressionable: there are simply logistical and physical limits to what such a system of mass surveillance can achieve; limits that can't be overcome, no matter what efforts are being put into it. Some will be worried by this fact, others will be reassured by it, but however we see it, that's life. I'd rather prefer life to be somewhat random, and not totally under control, and I think it will always remain this way, thankfully.

Comment Re:Opting out (Score 1) 85

I'd think that doing this would put a bigger target on you.

What's so bad about this? I mean, seriously? You'll be drawing a couple of mW and CPU cycles of NSA/GCHQ's computers more than they would have wasted otherwise, and occupied a couple of additional bytes in their storage system. That's all there is to it. No more, no less. As long as your behavior doesn't trigger an alert that forces a human operator to briefly look at your data, no harm has been done. And if a human op has to look, the only harm done is his or her wasted time, time that would be better put to use to investigate real targets instead of false positives. They don't care about your petty life, that's not what their mission is about.

Mass surveillance is widely overrated, IMHO. Even directed surveillance is not as effective as it should have been... so relax. The only ones who should be worried are foreign corporations whose trade secrets are being systematically spied upon, and, of course, governments who have traditionally always been a legitimate target of spying. Regular people aren't interesting enough, even though they would be flattered if it were otherwise.

Comment Surveillance can prove your innocence too (Score 1) 85

Sure, it's annoying to be tracked by algorithms around the clock via smartphones, but let's see it in a positive, or at least less negative, light for a change. Suppose you have the same name and/or a similar profile as someone who has raised some red flags and who landed on a couple of Governments' black lists. If you are really unlucky, next time you want to board a plane, you'll be in for a nasty surprise at secondary. Even if things get sorted out this time, next time you'll be again in trouble, and again, and again...

Now, suppose you are the privacy-conscious guy, who shies away from smartphones, who doesn't use credit and debit cards any more than absolutely necessary and prefers to pay cash as much as he can, and who in general keeps a low digital footprint. Now you're screwed, because you'll have a whole lot of red flags floating all around you. Not only can't you prove that you were not where your alter ego was, your disappearance from the surface makes you prime suspect and will have you listed on even more lists than ever before. Good luck cleaning your name and reputation after that! Maybe having carried your private portable Orwellian telescreen with you would have spared you all those troubles.

Yes, I know, that's not the world we would like to live in: being forced to accept surveillance as a way to prove one's innocence would have been considered a typical dystopia some 30-40 years ago, but sadly, that's where we're living in right now. We've allowed ourselves to fall into a collective panic, but that's how it is.

Comment Messenger Apps? Encryption? How quaint...! (Score 1) 207

Only amateur terrorists / criminals use encrypted Messenger Apps... knowing full well that not only the smartphones' OS/hardware platform itself is insecure, but that meta data is king in today's surveillance scheme, making encryption in that environment somewhat of an exercise in futility. Sophisticated groups hide in plain sight.

Seriously, if a group really wants to hide from surveillance, they won't under any circumstances communicate their intentions, neither in the clear, nor encrypted, electronically, period. They'll meet ahead of time, and, at the most, agree on a trigger code... and not something as sophisticated as a one time pad. That code would be both simple, and would sail under the radar of surveillance: it won't raise any red flags whatsoever.

So, for instance, Alice will text Bob and say: "Hey Bob, you must really watch this awesome clip on YouTube from [INSERT-POPULAR-BAND-HERE]!", insert jargon of target group to make dialog more authentic. That would be a pre-agreed code for something totally different. Of course, Alice and Bob would have to establish a history of similar (dummy) messages in the past to evade raising eyebrows later: the crucial message should be indistinguishable from the ocean of regular messages they both exchange regularly.

One could even conceive a whole code made up of little blocks of such dialogs that appear like usual teen chatter on the surface... but that would open up this code to analysis. The less they communicate (in code), the unlikely they'll be detected. As an illustration for variation: use 20 pop artists in the phrase above, for 20 pre-agreed messages. If you need 400 messages, combine with 20 pre-agreed adjectives "have you seen INSERT-ADJECTIVE clip from INSERT-ARTIST on YouTube?"... there are endless possibilities to communicate discreetly over a low-bandwidth plain-text channel this way.

Slashdot Top Deals

Nearly every complex solution to a programming problem that I have looked at carefully has turned out to be wrong. -- Brent Welch

Working...