Re: Google freaks me out sometimes
Alternate theory. Most people utilize the default settings and the drops of "interesting" data are swallowed up in a sea of similar-looking data. If federal agents hint that they can crack the common encryption streams, then those individuals who worry about government snooping will move away from the defaults. Even if our government isn't able to crack the encryption, "interesting" people will flag themselves as worthy of more traditional investigative techniques.
Thoughts?
This is why I'm always nay-saying the PGP keysigning parties. A signed key within the context of use verified across a long history of communication is more likely to be accurate and expensive to forge.
The counter-argument is that humans are really good at picking up on biological cues concerning "false" behavior, but I haven't found that to be the case.
-
-
Re: Google freaks me out sometimes
Your welcome. I may poke fun at you(your welcome to poke fun back) but I at least try and couple it with some useful information as well. Remember no free lunch, I have to entertain myself. :-)
xor
Now out for some Starbucks Banana Chocolate Chip Coffee cake(yes it's better than sex).Leave a comment:
-
-
-
Re: Google freaks me out sometimes
Actually if you heard Nomad speak at Shmoocon last year the answer would not be very secure. The underlying encryption is secure but you have to make sure the person's cred's are legitimate. Especially with someone you have never met before.
For example I could meet Knoppix at some secret location for the first time to exchange cred's so we could do encrypted communications. On the way their I could be assassinated and someone with duplicate forged doc's could take my place. Knoppix having never met me before doesn't know what I look like, doesn't know what my state drivers license is suppose to look like. My id double gives Knoppix my forged public key, and receives Knoppix public key.
Knoppix has no idea that he is actually communicating with the NSA, but feels confident that his communications are secure.
xorLeave a comment:
-
-
Re: Google freaks me out sometimes
Here we go Knoppix, can't personally vouch for this as I've only used in a few times and haven't done the forensics to actually see if it performs as advertised.
http://kaos.to/blog/downloads/
Don't expect this to run on uber new hardware but if you system as at least 2 years old it should be fine. No cookies just relatively anonymous browsing from any computer you stick the cd into.
It's free to.
xorLeave a comment:
-
Re: Google freaks me out sometimes
just how strong crypto is in standing up to various attackers is a point of long-standing debate among many circles.
I know of one fellow (a very reputable individual) who spoke with some feds just after his talk way back at DEFCON 9 or 10... they wouldn't outright tell him what the government's capabilities were back then, but he postulated that they could handle 128-bit crypto in realtime, in order to sniff web traffic if they really wanted to, and likely could do 256-bit in a day or so. they all but told him he was spot-on.
at the time, things like 1024-bit would be the minimum to withstand "basic" scrutiny, but you'd have to almost get into 2048-bit to really be "unbreakable" in any practical sense. this was a discussion about SSL, not PGP (which in its modern incarnation supports algorithms like AES, RSA, and the fish) but it should give you a basic idea.
that was half a decade ago, at least.
nowadays, i'd be willing to guess that anything short of 4096-bit is pretty easily broken by spooky types, given enough time. further, however, i would bet that most of their processes are tied to data mining and building up a profile of their target, in order to optimize what sorts of keys, passphrases, etc. are likely to help them along. it should be noted, this sort of action is not used in investigations where the results are made public. these are national security matters we're talking about.
state and local law enforcement is likely (in my opinion) unable to easily break crypto of the type you would see with the original PGP project, if properly implemented. these agencies (perhaps with the exception of majorly wealthy urban city centers where the PD is huge force) simply don't have the funding or specialization for that sort of work.
if it's hugely instrumental to a case that they're building against someone, my bet is that police departments would enlist the help of feds... and only then if the feds think it's a priority would that happen. local police can crack your Blackberry or read your "hidden" phone contacts and break a passworded zip file, often due to built-in backdoors in the software, etc... but beyond that you're pretty secure in your privacy, i would say.
i am totally just rambling and guessing here... so i'd invite anyone who knows more than i to join in with better specifics.Leave a comment:
-
Re: Google freaks me out sometimes
XOR,
Yeah man... My medications limited to what it can do, and cant do...
I think I'll just go back to being a pot head... Life just seemed easier that way! lolLeave a comment:
-
-
Re: Google freaks me out sometimes
You could host you own site and you wouldn't have to worry about it stuff like this. Get a Linux shell account(not free unless you know some kind soul with bandwidth to spare) and run things from there. There is no such thing as a free lunch. Most people don't realize just how expensive it is to run a network like google.com. Do they do it because they are really nice guys; no. They do it because there is an incredible amount of money to be made in data mining your information and reselling it. Oh but once you agree to their TOS, it's not your data anymore is it?
UTC 01/24/2009 15:40:36.416 Alert Intrusion Prevention Possible port scan detected 64.233.161.104, 443, WAN, od-in-f104.google.com 75.147.85.146, 18302, WAN TCP scanned port list, 4928, 32034, 25294, 32166, 1851
UTC 01/24/2009 15:40:36.176 Alert Intrusion Prevention IPS Prevention Alert: POLICY Google SSL Connections, SID: 3075, Priority: Low 64.233.161.104, 443, WAN, od-in-f104.google.com 192.168.1.102, 52416, OPT
***could be false positives to*****
There are many fine intro's, faq's, howto's, and step by step instructions as well as pay for products that will not only do support but get you up and running encrypted in about 5 minutes. The magic word being SSSEeeeeaaaaaarrrrrccchhhhhh. Yes they work. If you are trying to hide stuff from the NSA forget it. Why would the NSA be interested in you Knoppix? Please go back on your medication or take more of it. Again people act like government has nothing better to do to than to spend FINITE resources and time on you. This stuff costs money to do and god knows time even with the fastest computers. They have more important things to do like build secret highways from Mexico to Canada
Remember what I said Knoppix there is no such thing as a free lunch.
If you want to find out if google.com is indexing your site:
* site: yourdomain is the way to do it. Of course if your site has been up for a very long time you are screwed anyway because this stuff never goes away anymore.
There are also programs like this for site indexing(see client list)
http://www.tenmax.com/teleport/execvlx/home.htm
xorLast edited by xor; January 24, 2009, 07:31.Leave a comment:
-
-
Re: Google freaks me out sometimes
Ok, So how good does PGP work these days with the NSA and homeland security policies in place? Everyone knows big brothers watching more so now than ever...
So is PGP really bulletproof these days? or wouldn't that just draw more attention?
Leave a comment:
-
Re: Google freaks me out sometimes
Well I do really like how they index conversations...its the only way Im able to keep up. And I know Im not a bad person, so Im not really all that worried.Leave a comment:
Leave a comment: