Privacy 2013 : When. Why. How. by Werner Koch

Presentation

Transcription from the Transcriptions Group with help from TraductionGNU
Subtitles format : see subtitled video
Introduction
Good afternoon, welcome to my talk. I’ve been asked to give a talk about privacy things.
Actually I’m a great supporter of privacy, and my chosen work is to write cryptographic software, in particular GNU Privacy Guard, GPG/GnuPG, which I’m the principal author of, but sometimes I give a general talk about issues around cryptography, why we need it, and so on.
[toc]

Why

Reasons to take care of privacy

The reason why I care about privacy is that I think it’s very important. My first encounter with privacy problems was probably somewhere back in the 70s, when in Germany the former head of nuclear management Klaus Traube was bugged, and so I noticed how much power some organizations and secret services have, and what they can do to our lives.
Later on in the 1990’s, 97, I decided to write a replacement for PGP. It’s free software and it’s called GnuPG, and that’s what I’m still mainly working on.
The reason why I think it’s very important to have privacy is that we are humans and we are not Borgs, we have not been assimilated in a collective. Everyone of us should be able to decide on his own whether he wants to tell others something about himself or herself.
I think that is very important. That’s the difference between a Borg collective, or ants, or anything, and humans. Humans have the right to think by themselves and decide whether they want to talk, what not to talk about and how to interact with other humans.
Another reason why it’s important to have privacy is that, if you can control your own data, and do not let the government or another organization control the data, it’s harder to turn your country into a police state.
As a German, we had quite some experience with this — our “Jones” [1] didn’t encounter the Third Reich, and maybe hardly the Stasi in Eastern Germany. All these police states, they don’t like to have privacy, because they want to control their citizens.
Another reason why, even now, we need privacy, is that trade secrets and negotiations benefit really from being able to talk and write confidentially. If you can’t do that it’s bad for your company.
On the non-corporate side of things, there are lots of human rights groups — unfortunately, we need them — and it’s very, very important for them to be able to talk in confidence with other people.
So these human rights groups definitely need some encryption to make sure they can keep confidential information from people — and, well, police states — secret, and don’t get them into danger.
Another reason is that memories [should] be able to fade out. What I mean by this is : things you did as a teenager shouldn’t reflect badly on your later life. For example, you attend this free software conference here, now, at your age, and later you decide to go for director of the NSA, and the NSA probably doesn’t like
people who want only free software.
Now all things are like tattoos. You’re getting a tattoo at 16 ; at 30 you decide “I don’t want it anymore”. You have to decide early what to do and what not to do. So these memories should be allowed to fade out. We can’t do anything about this technically, so the only thing we really can do is just take care not to publish too much.

Why we have this problem

Why do we have this problem with privacy threats ? It’s that our world is getting more complicated. In the old times, you were talking directly to someone, you noticed smoke signals, you sent letters, maybe even sealed letters, you noticed telegraph wires going along the railways, and you could really see that there was something which happened, and it was good. It was easy to understand that you could just hear what was going on in the telegraph wires — you could hear the signals actually — so to most people it was clear that others could hear what they were talking about on this wire — or by smoke signals of course ; pretty public, yes.
Later on, 60 or 70 years ago, this changed with the rise of electronics, because that is more magic to most people. Finally, 20 to 25 years ago the Internet was available here in Europe and in the US. The Internet is really something for wizards. Nobody, no average user can understand how the Internet works. They tell you something about packets. What are packets ? Packets are coming from Amazon these days, but these packets are something magic which transports all our thoughts and our letters and it’s not easy to understand that there are people who can intercept them, and fake them, and all the things. It’s not anymore possible for most people to understand this. And this is in my opinion the reason why, for so long, many people have not been interested in using secure communication on the Internet. And it’s hard of course to do this.

The Internet as the techies playground

The design of the Internet was a decentralized system, which withstands any attack, and doesn’t have any central server, and that is a good design. It was designed by hackers ; they had no security built-in because they said “Oh we don’t need this, we won’t do this”, and it was not expected that it would ever be turned into a mass phenomenon.
Anyway, they did this, and the culture of the early Net was pretty good, because it democratized communication. Even phone calling is now really affordable for everyone, whereas it was not the case in the 80s, or the 70s, when long-distance calls were really expensive. Today we can communicate with everyone in the world, with only a little bit of money.
So this Internet is a great tool, for everyone except for the telecommunication monopolists, of course, because they lose revenue, and they try not to do that, of course.

The Internet and the Y2K bubble

There was no problem with privacy because nobody used it right then. We could have added privacy to the Internet ; everything was there, PGP for example. But then came the companies, and they decided : “Oh we can make money out of this Internet”. They looked around for business models. First they did simple advertising, and in the end... they have settled by now for collecting a lot of data about all the users and tracking user behavior to do targeted advertising, and they earn a lot of money with this. Maybe this is a bother, but anyway they are rich, and they have a lot of power.
Unfortunately, this also means that if you only have a couple of large corporations, they are not interested in a decentralized Internet anymore. They need a centralized Internet, one where they control most of the communications.

Brave new voluntary disclosure

Well, they did this and people didn’t understand what the Internet was all about. They liked to communicate with others, chat with people in other countries and other continents, and used it.
The ISPs, who allowed them to connect to the Internet, did one trick : they lured them into using their portals. So, for many, many people, their portal to the Internet is the Internet. They don’t see anything beyond the T-Online or... I don’t know what the Belgian provider here is. They say “this is my Internet”, and don’t realize that there’s more, that there is a decentralized system which they can use directly without using any centralized services.
They are not interested in this of course ; people don’t realize this. To many people, Google is the entry to the Internet. Even if they want to look up something in Wikipedia, they enter “Wikipedia” as the search term, and so this way Google knows what they are looking up in Wikipedia, even though Wikipedia itself does not track the user. They don’t know that they could just enter “wikipedia.org” into the address window.
Further, there are online payment systems. I’m not sure about credit cards, but all these new mobile phone pay systems, the reason why they are there is that they can map physical transactions. You buy something in a store, but they can map that to your behavior on the web. This way they can better control what people actually are buying : if people look something up in a web shop, buy it, even somewhere else, but pay with their mobile payment system, they can map this all together and get a better profile of everyone.
What’s happening is that too many people are using this without knowing what they really do.
So let me do a quick poll here : who in this audience has no Facebook or Google+ account ? Well I think I should stop my talk now, because I’m talking to the wrong audience, you know. Yeah, OK.

Targeted marketing

One other thing which is important here is that all their things go into targeted marketing. These things where you get one price for a flight, then go somewhere else, some other website, and come back, and the price has changed, just because they realize that you are coming back and that you are more interested, and then raise the price, for example.
Then we have this “other customers bought this also”, which works pretty well for the shops, so that you buy something you didn’t intend to buy, because “others did it so I have to do this as well”.
Another thing is... I’m not sure whether everybody realizes that if you buy a railway ticket, you get an offer to rent a car, and then if you rent the car, you get an offer to book a hotel there. That is very good for the car rental service and the hotel booking service. It really is per-user advertising, and it’s a cool thing for
them. But the companies who do this have a lot of information about you, then. And we don’t know what else they are using this for, whether, if you want to buy a house later, they tell you : “Oh no, you can’t buy this, you are spending too much money on different things”.

Governmental surveillance 30 years later

That was the corporate side of things, and now we come to the
governments.
Surveillance is something they like to do, as I told you at the beginning. The reason is probably that the Unknown is always a danger.
In Germany, Chancellor Merkel said that this Internet and this wiretapping of the Internet is Neuland to them, which means unknown territory, despite that she should know this and has a video blog, and everything... She just claims that they have no idea what this is about.
So there must be some kind of unknown in this Internet and
communication structure that is a danger to them, and that they try to avoid. So they’re going to have laws to get better control of their citizens. Well, they have been doing this for 20-25 years now. It takes a lot of time to get these laws through because we oppose them. They have to try to get them approved once, and try again, and try again, and at some point in time they get them through, so they can better track people.
Then they realize : “OK, we had such a hard time to get all this information about our citizens. Why can Google, Amazon, Apple... why can they do it so easily ?” So they now say : “Well, just ask them for the data, it’s much easier.” And that is probably the current thing with PRISM and Tempora, and the stories about the NSA and GCHQ. And in general, all our constitutions are considered as mere suggestions and not something which is to be enforced, at least not by the secret services. That’s a very big problem. In particular in Germany, after WW2 we have setup our system in a way that the secret services, the police and everybody, these were clearly separated ; they couldn’t access the data of the others. So there was privacy built in because of the experience Germany made in the Third Reich. This is all kind of going away.

When. Real world privacy threats

Your interactions

So if you do something, you need to be prepared for your own
future. What you do now will reflect on your own future later. So if you tell someone you’ve gone to this hackers conference, and then you want a job at Oracle, they might think : “Oh not good, they might hack all our records”.

Interaction : Mail

We have several interactions with the Internet. The most important has always been mail — people call it e-mail, to me it’s “mail”. It has been claimed that mail is not important anymore but, everyone : it is important, because for all the accounts you create you need to have a mail address ; you need to have the mail address for maintenance of these accounts, to send you a password reminder for instance.
Doing real work using the Internet, e-mail is probably the best thing because it’s store and forward, you’re not required to do hasty decisions during online chats. So it’s still useful. E-mail has the advantage that you read it at the time you decide, and not at the time the sender decides that you read it.
The problem is that most people are using a webmail, which means that your provider sees exactly when you read your mail, what you read and in which order. So it’s not secure anymore. They know when you are going to work, and everything you do can be extracted from the data that you are providing by using the webmail.
The offline use of mail, like it was done ten years ago, is a more secure thing to do.

Interaction : Searching

Searching is the most useful thing on the Internet. Everybody uses it, and you might remember that the first well-known service was AltaVista — in the early 90s — which opened up the whole Internet. All the pages we had there, available to everyone... This was really a cool service. And the early Google was also very interesting because it just pinpointed the exact things you wanted to know — well, mostly technical questions — so you got the right answer at that point.
Today, searching is a real problem because they are using it to build records, profiles of all the users. And it’s also unreliable because they render the results of a search according to your profile. So if you like to see horror movies, they are probably listed first. And others, who like to see science fiction, get science fiction listed first. And they do this with everything.
What you get out of Google, or Bing, is not reliable anymore. It’s something which is customized to your behavior.

Interaction : Chatting

Chatting is an old thing on the Internet. Before, we used IRC, and frankly I don’t know, most Internet users use these chat rooms, something with the web browser. I’ve never used this.
Chatting is useful because it allows you to work together with others closely on a certain problem. To me it means : tracking down a bug like this. Using Jabber is much easier than sending mails, which takes much longer.
It’s also nice to have a chit-chat if you’re working alone in your office.

Interaction : Social networks

Social networks are in my opinion a major problem for privacy because this is the very tool which is used to publish all and everything about yourself. And everybody uses this, everything does this, and a whole generation now thinks it is important to publish everything about themselves to the Internet, and in particular to Facebook. So the question is : who benefits from that ? The people ? Do they really need friends ? All these friends they have in their Facebook account, are these only opportunities for Facebook to build a profile of them to sell targeted marketing ?

Those who tell you what they aim at

Well, how can you know what’s going on ? The good thing is : all these big companies, they tell you what they want from you. They have all these terms of service, and privacy policies, and they’re clearly showing you what they’re going to do with your data. All this might be legal speak and touch pass for you, but they tell you that. So that’s fair, if you want to read this. It’s hard to read, but if you don’t want to, you may go to tosdr.org, “Terms of Service ; Didn’t Read dot org”, which nicely lists all these terms of service, and compares them to others ; you can see what they want from you, and what are the good services for privacy, and the very bad services for privacy.
The easiest question you could always ask yourself is : “what is their business model ?”. Why are they offering this service ? A corporation would never do anything pro bono. They do it do get revenue from this, and for their shareholder value, so the money must come from somewhere, and the good question to ask yourself is whether you really want to use this service.

Those who don’t tell you...

Of course there are these other parties who don’t tell you what they want. We have the NSA, formerly called “No Such Agency” because nobody knew that it was really there. And there is Bletchley Park or the GCHQ. I don’t want to talk about this now because it has so much press attention now that everybody knows about Tempora, PRISM, and everybody should know about Echelon, which is twelve, thirteen years old — oh no, it’s older even — but is known, should be known to everyone since 1999. There was even a report at the European Parliament about this and action resulted from this. But time went ahead and nobody thought anymore about Echelon and was surprised that there is PRISM and Tempora... and what else ?
That is the US and Great Britain and Australia and Canada of course, but other countries are not any better. The German secret service is of course tapping all wires. They did this for the old wires to Eastern Germany, and there’s a little anecdote about East Germany in the early 70s. They setup new telephone lines to Western Germany, so that people of East Germany and West Germany could better talk to each other, because before that it was really hard ; you had to wait several days for telephone calls to do this. But nothing changed, despite what they did this. And the reason, it turns out, was that the German secret service, der Verfassungsschutz, was not able to deploy enough wiretapping equipment timely, after this event ! They all do this.
To secret services, everything is known — what is not encrypted — on the Internet, on the phone, and probably also credit card transactions.
Your software provider... Well it depends. Probably here it doesn’t make sense to tell you about your software provider because it’s probably already Debian, Fedora, or some other Linux — oh, sorry, GNU/Linux — distribution. But in general your software provider is called Apple, or Microsoft, or Adobe, and you don’t know what they put into their software. You should always expect that this software has been bugged and tells them what you are doing, and grep’s for certain keywords, and everything. So we can’t decide. They do it, for sure. Why should they not do this ?
Well, at least there are some sysadmins who don’t respect the Netiquette and read your mail on the servers. OK, they shouldn’t do this. I don’t think there are many doing this. At least there is one system administrator who did this, who tapped something, read stuff he shouldn’t read and shouldn’t publish, but in this case I think Mr. Snowden did it right and we should applaud him for this.

How. Ways to reconquer privacy

Now, what can we do ?

First of all

First of all, most of us won’t be able to withstand any targeted attack. This means that if some secret service wants to go after me and check what’s on my private desktop machine, they will succeed. I can’t do anything about it, even if I ran OpenBSD and stuff, whatever, they just... We’ll figure out if that’s a targeted attack. That’s no problem for them, they are used to do this, and we can’t do anything about it. If you want to do something about this, you need to have high security and that’s not very convenient, and expensive to maintain, and use.
Traffic analysis : looking at who is talking to whom is hard to mitigate, also. It can be done but it’s very hard to do, so I don’t know what do to against it. Of course, we could all use Tor but... to do it right is very hard.
But what we can do is protect the contents of our communications, so that nobody can look into the envelope, as with letters.

Anonymity

If you don’t want others to see whom you are talking to, you can use the Tor Project. Tor is the Onion Router. It’s a pretty secure system, it’s hard to attack, so use it if you don’t want others to see whom you are talking to and what service you are looking for. And that may even apply when you’re looking up some terms in Wikipedia.
Now the interesting thing for the future is the development of GNUnet. GNUnet is an overlay network which provides a new platform for all kinds of services, in a way that is censor-resistant and anonymous. It protects everything that we can protect or that is worth protecting.
It’s a peer-to-peer network. It is of course better than Tor, but is still in development and will need another couple of years to be really usable.
Fortunately the European Union is sometimes funding its development, which is kinda funny. Actually the US has also been funding crypto stuff, free software crypto stuff sometimes. Probably they think “It doesn’t matter”.

Instant messaging

Oh yeah, I hope you don’t use Skype anymore, because it’s known that Skype grabs for URLs, and checks out what these URLs are, huh ?
A good service is Jabber (or XMPP), if you use it along with OTR (Off The Record), which enables end-to-end encryption in Jabber — and others protocols, too. End-to-end encryption means that you encrypt it and only the recipient decrypts it, both on their machines, and not on any server in between, which is a standard model with Jabber, and in most encryption online services. But if you use this, take care if you use a multi-user chat, because that is hard to secure.

Searching

A better system which would better match the Internet structure is a decentralized search engine. There is such an engine, it’s called YaCy. You may want to try it out. The FSF Europe website uses YaCy for searching, for example, but you can just use it and try out what result you get. It’s slower than others of course.
For private searches, please resort to DuckDuckGo.com, which seems to be a good service right now. It’s similar to the early Google. They have no business model right now, and they promise not to do anything evil and not track you and so on, so for now it’s good to use DuckDuckGo. And if you’re using Mozilla, you should also change the address which is used for keyword search, so that if you enter something wrong in the address field, DuckDuckGo is used instead of Google. There, at the bottom of the slide, there is the command to do this. [In Mozilla : enter about:config and set keyword.URL to <a class="auto-a" href="https://duckduckgo.com/html/?q=">https://duckduckgo.com/html/?q=</a>]
Most users are accustomed to use search engines as the entry point to the Internet. It would be better for them to use Wikipedia because they promise not to track anything, and Wikipedia has a lot of information, and is probably a very good starting point to look for information.

Keeping data accessible

The talk was mostly about online services, direct-to-direct communication, but when it comes to protection of data which is stored, we need to ask some questions. Of course, one question is whether the encryption is secure enough : will it be secure in 20 years ? or in 30 years ?
Another important question is whether there is a way to backup your data, and whether you did everything to have a backup of your key, if you have encrypted this, which you should do.
Then what tools are you using ? These tools must be open. You must be able to know how they work, so that in case there are no computers made as they are today, you are still able to write software or systems which can decrypt the stuff.
Of course the media where you store the encrypted data is reliable.
And in the end you may also want to care about future archaeologists, who will want to look at things which happened 200 or 300 years earlier, and don’t need to hope that a Unix machine is still running. They should be able to use the software or have the specifications of the data and how to decrypt this — if they find the key.

Cloud

Cloud services seem to be important these days. Cloud services of course are very problematic because they put all your data into the Net where it is not under your control anymore. There are things like ownCloud, where you are your own provider, your small provider. This is something everybody should do : use a small provider. It could be as small as you alone, but you may just bring together a group of friends, to share the cost of server hosting and set up the required services to store things and do whatever one can do with a server. You will probably find someone who is able to do this technically. Server hosting is cheap these days, compared to what you pay for other things, it’s not really a problem.
In case you need a large cloud provider, you’re better off checking the terms and conditions of course, and select one which allows you to delete your data there, and promise it’s really deleted, and of course that you are able to export the data. That the data stored in the cloud should only be accessible by you is clear for us, but not for most cloud providers. The best system I’ve found is Tahoe-LAFS (Tahoe Least-Authority Filesystem), which is a replicated, encrypted filesystem, and can be used for a cloud service. That is very cool stuff, and any cloud service should use this.

Mail

Encrypt your mail. Better encrypt it with the OpenPGP protocol, and one of the PGP implementations, maybe GnuPG. If you can’t use OpenPGP it might be useful to use S/MIME. Then, please use a self-signed certificate or a CAcert certificate. It’s more troublesome to do this, but you should not support any of these commercial CAs [Certification Authorities], who sell you root certificate and give you back nothing, not even privacy.
If you use X.509, which means encrypted websites / https, or S/MIME, don’t really trust it, it’s always possible for large corporations and for the secret services to mount a man-in-the-middle attack so that they can get in between and wiretap what you’re doing then. So take care. OpenGPG at least offers the option to be more secure. It’s harder work to do this, but you might want to do this.

Software in general

In general please — well, we are in a free software conference — please use free software, but I would say this also in any other conference because it’s harder to plant a bug into free software, because many people need to be convinced that this is not a bug, but a feature. So use Debian, Fedora or Gentoo. Better not to use Ubuntu [2],

you’re safer than using any proprietary operating system or any other software.
If you download this software, you need to go to a trusted source. There are several websites which offer you free software, which is actually the free software we have, there are case with VideoLan for example, and they are not trustworthy, this is bugged software, there is malware in this software, and it is also proprietary software. So pay attention to where you download your software from.
And please don’t use webmails if you can. If you really want to use a webmail, be your own provider, or have a small trustworthy provider.
Last but not least, you should disable JavaScript. Please. OK, most websites are not accessible anymore then, so you might want to resort to NoScript, which is a Mozilla extension where you can configure which sites require JavaScript and which ones don’t. You’d better do this.

Conclusion

What needs to be changed

To wrap it all up, what we need to change is awareness for privacy, even on the Internet, in modern communications, and telephone systems, cell phones, and so on. We need to be aware that there are privacy concerns.
Then we should always realize that Internet corporations sacrifice your privacy for their profits. That’s their business model.
And the military-industrial complex does exactly the same. They are spying, or let the government spy, because they can sell the goverment expensive software, hardware, everything. So we need to change this.

What you can do

Please. The few of you who have a Facebook account should close it. Not only stop using it, but close it to set a precedent, and use alternate systems for chatting.
Encrypt your mails. But I’been saying that for 15 years now, and... well.
An important point is to read and understand the terms of service, to know what they want from you. I think it’s important to build your own communities, and not have a Mark Zuckerberg build a community for you.
Finally, if you have the resources, and the time, you may want to run a Tor node. This will help the Tor project keep anonymity for all users. This is a bit of work. I ran a Tor node for several years and spent 8 euros a month on this, but eventually I ran out of time to properly maintain the system, and gave up. So you need to have some free time to do this. This is what I mean by resources ; it’s not only the money for the server, but... it’s required. We need to do this, we can’t expect Google to run our Tor nodes.

And finally

In the end, we’re living in a surveillance world. That’s just a fact. Everybody should have realized that by now. But fortunately we are those who can revert this, all of us. We know about this, so we can change it. You have to tell your friends and the public administration not to send you, or ask you to send them, any confidential or private information by normal email. They should have a key, and send it by encrypted mail. Tell your friends about this. It’s hard to do, but they should at least have the mindset that it’s dangerous to send plain, unencrypted mail with sensitive information. And there is a lot of sensitive information, health and everything, you know.
If that doesn’t work, which for me is most of the time if you do something with the public administration, you have a printer and put your letter into an envelope and send it out by snail mail. That’s just safer and you’re safe. Maybe they send it from their scan service by insecure mail further on, but we can’t do anything about this.
And in the end, if you want to go for a vacation and are looking for books to read at the beach, I suggest four books : Yevgeny Zamyatin’s We, and Aldous Huxley’s Brave New World, and George Orwell’s Nineteen Eighty-Four, and Philip K. Dick’s The Simulacra. These are very good books. They’re quite old, a hundred years old, but they tell you what happens if there is no privacy, if there is too much data in one hand, and it’s quite interesting to review this after all this time.
Another interesting article is Brave New World revisited, that Huxley wrote in the late 50s, I think. He revisits what he had written in Brave New World 30 years earlier with the actual events of the period in mind. And now read it sixty years later. It’s frightening.
OK, thank you. That was my talk about privacy... Yeah, tell your friends they need to pay attention to this.
Now any questions ?
(applause)

Questions and answers

First question - webmail alternatives

Public : You speak about webmail, “don’t use it”, but have you some examples of non-webmails. I use Yahoo, Opera, Gmail, what else ? Outlook is a non-webmail ?
WK : No, hmm. What I mean by webmail is : there are two ways to access, for example, Google Mail... if you really want to use Google Mail.

  • The usual way is to use it in your web browser, and there’s JavaScript. The whole mail reader is running on JavaScript, sent from Google to you. So basically it runs on Google. Everything that you do, every key stroke is sent to Google — in theory, it’s optimized of course. That is what I mean by “webmail”.
  • The other thing is that Google, or other services, store mail, which is then accessed using IMAP (which means the mail is left on their servers) or POP3 (where the mail was on their servers and you fetch it from their servers). They can also monitor it of course, but that’s the usual business of mail providers, and has nothing to do with webmail.

A webmail is really using your browser, locked into a web page, and works on their servers so that you get web pages back. They are in full control of what you are doing. You are interacting with their server ; that is webmail.
And “non-webmail” means that you have your mail program running on your own machine, on your smartphone maybe, or on your laptop or desktop. There are several good mail clients, actually all mail clients were good before the webmail. There is Thunderbird, there’s Claws Mail on Linux. Claws Mail is also available for Windows, and they all support encryption. If you look around just a bit, you’ll find enough mail services. Of course it is convenient to use a webmail because you can walk to any computer and just log in and check your mail. But this computer may have been bugged, and there may be a key logger that looks for a password, and everything. And so a webmail is never secure. And if you’re always doing it on the same box, it’s much easier and safer to use dedicated mail reader software. And it’s better and more convenient if you have a lot of mail.
Does that answer your question ?

Second question - Tor’s security grade

Public : Some claims that if you use Tor, in fact you go more quickly to the CIA on so on, because many relays of Tor are put by those people.
WK : Your question is whether the use of Tor is really secure, yeah ? Well, there are theoretical and practical attacks on the Tor network, of course, but they are not that easy to mount, and that’s also the reason why I told you to run a Tor node ; because it helps : the more Tor nodes there are, the harder it is for the agencies to subvert the system. Definitely you can’t do mass surveillance on the Tor network, it’s very hard to do this, and the guys, the folks working on Tor, are pretty up-to-date on security standards, and try to make it work well. There are some problems with Tor of course, but that’s a trade-off, because it’s a low-latency service, which means you can actually use SSH to do direct work on a different computer over the Tor network, which is very helpful in some cases. But there are some compromises that you need to make. A better system is of course a store-and-forward system, or GNUnet system. It’s slower, but before we have deployed such a system, I think it’s better to use Tor. I don’t think that the NSA is able to subvert it unless you are their target, then you have no chance, because...
I’ve been to one of these AES [Advanced Encryption Standard] conferences, and had dinner with people from the PGP Corporation and an NSA officer. We were talking about strange algorithms, and so on, and then he said “What are you talking about ? That’s not an issue, we are just cheating.” Which means they know how to work around the random number generator, or just bug your computer, which is the simplest thing they can do. You have so much software on your machine that it’s easy to install software which has a bug. By bug I mean some malware which collects information and sends it back to the NSA.
So we have very secure algorithms, but the weakest points are the machines at our hand. The problem is the hardware itself. What we can secure is something that goes over a wire, and only a long wire because the radiation from the machines is easy to tap.

Third question - desktop security

Public : Is it a nonsense to use a well-protected operating system such as FreeBSD, with very open communications — RSS aggregates, or stream of news, such as Yahoo Pipes to aggregate and analyze the news, that have constant communications with my computer ? Not against a government agency, but against a small group of direct competitors (not a very powerful agency but a classical competitor), or a group of hackers. Is it a nonsense to protect my computer and use the classical services ?
WK : The standard answer is : it depends on your threat model. Well, of course you should encrypt it, because it’s much easier to tap a wire than to bug any bundle computer to install a key-logger. We assume that this can be done en gros, so it’s easy to just collect everything which goes through a wire, even through 10Gbit or 100Gbit fibers. They can just read it, they have no problem doing this.
There are other malware, malware from the malware industry, which is these guys who are sending spam around and want you to buy something. Against these spammers, the malware industry, it is good to use a [non-]end-user operating system because they are not interested in that. They calculate how to get the most out of all these users of Windows or Linux or Ubuntu or Fedora — no, probably not Fedora — by having their workers write a special mail virus just for this task. So in this case, it is OK to do this if that’s your threat. If your fear is that someone else knows what you’re talking about, then you should really encrypt it, using a VPN, or even a VPN service so that you just have a central service for this. It’s better than to use plain text. In my opinion, yeah.
Public : [too low]
WK : If you just use Jabber, and you have control over the server, that’s secure, you can do it in plain text, because over the wire it’s encrypted using TLS. That’s OK, of course, if you’re using a VPN. For example at the German embassies, they don’t use encrypted mails for organizational reasons, but they use a VPN running between all of them. So it’s clear text, but it’s hard to tap because there is a layer which is encrypted in between.
Well, it depends. That’s the answer. (laugh)
Any other questions ?

Fourth question - in a cybercafé

WK : Was the question how to use a Tor application ? I think it’s very useful if you are forced to use a proprietary operating system like Windows, or Mac. The Tor Bundle is really useful. It provides you with a browser which is configured to use Tor, and also has other important things pre-installed. I think it’s important to use this, yeah, if you have...
Public : But in my case I’ve got no PC, I’ve got no computer, I’m used to go to cyber, and sometimes I am getting my mail, and simultaneously I go to websites and notice that I was more or less spied on. So, I mean, in my case, is it useful to use Tor ? I’ve got no computer, but I go to cybercafés.
WK : If you don’t have your own computer under control, well you should at least use some trusted computer. If you don’t do this, we can’t secure anything.
Public : What about the e-mail ? Is it useful to have a professional instead of Hotmail or whatever ?
WK : You mean an e-mail provider instead of these services like Google Mail or...
Public : Yeah, a professional one.
WK : I can’t tell you because I’m running my own mail server, and that is something I said : get together a group, and setup your own server. It can even provide webmail for you, and of course a mail server. That is a bit of work, but not too much work, if you know someone who has the capabilities to take care of a server, and to run a mail server — it’s the first thing you install on any server. Of course it’s some work to maintain it. A small mail provider is definitely better than a large one.
Public : Yeah, OK OK.

Fifth question - phone communications

Public : [too low]
WK : Ah, yes, well... (laugh) I wish the XMPP-, aka Jabber-based audio worked better. I expect that it will soon happen. I heard that Jitsi is a tool that does very well. I think this is much better than this complicated SIP system — that everyone else is using — because SIP tries to do the same as the classical telecommunication system. It is designed as a replacement for it. And what Jabber or XMPP does is much more similar to the Internet, so basically it’s a kind of free [3] Skype.
I’m not using that, I’m using a classical telephone, because it’s so cheap. But soon it’s also going to be Internet, because most providers are changing their infrastructure to be IP-only. So in the end there is no difference whether you use Internet or plain telephony. In the end, there are IPv6 packets running around. I think there is no real good software which is easy to install. So all these commercial offers are much better from the user-interface standpoint. Most of them.

Sixth question - STARTTLS

Hostess : One last question.
Public : Considering we know that the wires can be spied on, can we consider something like STARTTLS safe or not ? If someone can spy on the wires, then can they easily decrypt this STARTTLS session, or is it still hard...
WK : No. Using STARTTLS, which means the mail between the mail servers is encrypted, is a very good thing to do, because, it doesn’t withstand any targeted attack but what you see, or what they wiretap or see on the line, is encrypted and they can’t do anything about it — unless they are mounting an active man-in-the-middle attack. It depends a little bit on the algorithms used, but using STARTTLS is better than using end-to-end encryption because more mail is encrypted or hidden from the ears of the services then. Because they need to catch up and find ways to tap us anyway, which is much more complicated to do since they need to mount an active man-in-the-middle. Active man-in-the-middle means that they need to decrypt this and then encrypt it again for the next one. So they can’t just tap it.
Public : OK, OK.
WK : That’s it ?
Hostess : I think it’s really great.
WK : Thank you for your attention.

Footnotes

[footnotes /]

Références

[1Possibly a reference to the “Jones generation”. See the Wikipedia article.

[3Free as in freedom.

Avertissement : Transcription réalisée par nos soins, fidèle aux propos des intervenant⋅e⋅s mais rendant le discours fluide. Les positions exprimées sont celles des personnes qui interviennent et ne rejoignent pas nécessairement celles de l'April, qui ne sera en aucun cas tenue responsable de leurs propos.