Never agreed with this logic. For a lot of people (anyone that does political activism of some sort for example) the threat model can be a lot more nuanced. It might not be Mossad or the CIA gunning for you, specifically, but it might police searching you and your friend's laptops or phones. It might be burglars targetting the office of the small organization you have and the small servers you have running there.
Yep. While there might be some use cases for his ultra-simplistic "Mossad/not-Mossad duality" - say, convincing Bob Jones that "b0bj0nes" is not a great password - it's 99% fairy tale.
And even if the CIA/Mossad/NSA/whoever is "interested" in you - this is the era of mass surveillance. The chances that you're worth a Stuxnet level of effort is 0.000000001%. Vs. 99.999% chance that they'll happily hoover up your data, if you make it pretty easy for their automated systems to do that.
Also worth noting that Mossad/CIA/etc. are not monoliths. Maybe you got a top agent assigned to you, but maybe your file is on the desk of the Mossad's version of Hitchcock and Scully from Brooklyn 99.
> Yep. While there might be some use cases for his ultra-simplistic "Mossad/not-Mossad duality" - say, convincing Bob Jones that "b0bj0nes" is not a great password - it's 99% fairy tale.
Honestly, the oversimplification here reads to me more like something Bob Jones could use to justify not caring about "b0bj0nes" not being a great password.
Yeah it's extremely immature, even within police agencies there's a huge variation on their ability to perform digital forensics. Furthermore, just because the feds don't like you for whatever reason doesn't mean they're going to deploy their top-of-the-line exploits against you, or detain and torture you, or whatever magic voodoo bullshit the author thinks the Mossad can do.
the maximalist false dillema of "all or nothing": either it's a super-poweful super-human agency and you can't do anything, else any half-measure is fine
The third mode is enabled by scale of data and compute. If enough data from enough sources is processed by enough compute, Mossad does not need to have a prior interest in you in order for you to fit a profile that they are interested in.
Anyone else see all the drones flying over a peaceful No Kings assembly?
Both Assange and Snowden are apparently alive and well, despite Mossad-like agencies wishing otherwise, largely thanks to Tor; and Hamas, whose adversary was in fact the Mossad, apparently still exists. Hizbullah has hopefully taught us all a good lesson about supply-chain attacks.
Debian is probably the only example of a successful public public-key infrastructure, but SSH keys are a perfectly serviceable form of public-key infrastructure in everyday life. At least for developers.
Mickens's skepticism about security labels is, however, justified; the problems he identifies are why object-capability models seem more successful in practice.
I do agree that better passwords are a good idea, and, prior to the widespread deployment of malicious microphones, were adequate authentication for many purposes—if you can avoid being phished. My own secure password generator is http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords...., and some of its modes are memorable correct-horse-battery-staple-type passwords. It's arguably slightly blasphemous, so you may be offended if you are an observant Hindu.
Oh, well, it turns out that keyboard sounds leak enough entropy to make it easy to attack even very strong passwords.
Microphones on devices such as Ring doorbell cameras are explicitly exfiltrating audio data out of your control whenever they're activated. Features like Alexa and Siri require, in some sense, 24/7 microphone activation, although normally that data isn't transmitted off-device except on explicit (vocal) user request. But that control is imposed by non-user-auditable device firmware that can be remotely updated at any time.
Finally, for a variety of reasons, it's becoming increasingly common to have a microphone active and transmitting data intentionally, often to public contexts like livestreaming video.
With the proliferation of such potentially vulnerable microphones in our daily lives, we should not rely too heavily on the secrecy of short strings that can easily leak through the audio channel.
Oh, you mean PEP 506. I wrote this program in 02012, and PEP 506 wasn't written until 02015, didn't ship in a released Python until 3.6 in 02016, and even then was only available in Python 3, which I didn't use because it basically didn't work at the time.
PEP 506 is just 22 lines of code wrapping SystemRandom. There's no advantage over just using SystemRandom directly.
Neither Assange nor Snowden are a threat anymore. They are contained and have next to no ability anymore. So it would be a waste of resources to pursue them. The lackeys (police etc) are all that’s needed here to harass them and make their lives miserable. What’s Mossad going to do? Kill them with explosives? That takes all the fun out of torturing them and making their lives miserable by proxy.
The only thing I see is that both are contained and quarantined. The threat of both has been neutralized to the degree where I think the espionage agencies of all these countries are playing along together to keep the engine of their craft going uninterrupted without fuss.
In other words, you have to be gullible to think an embassy cares about protecting Assange. It’s a phone call from the secret service director saying “Keep him there for now, it’s where we want him.”
The idea that either of them are at risk of being whacked is utter tinfoil-hattery. The worst Snowden has to fear is being convicted and jailed, and it says a lot about him that he fled to Russia of all places instead of manning up and facing trial.
Snowden didn’t choose Russia as a destination. He left Hong Kong for Latin America and got stranded in Moscow when the U.S. revoked his passport mid-transit. He spent weeks in the airport transit zone while seeking asylum from multiple countries; Russia gave him temporary asylum after that.
“Manning up and facing trial” sounds fair in theory, but under the Espionage Act there’s no public-interest defense. He’d be barred from explaining motive or the public value of the disclosures, much of the case would be classified, and past national-security whistleblowers have faced severe penalties. That’s why he sought asylum.
Being convicted and jailed can be pretty bad. Didn’t Robert Hanssen end up in Florence ADMAX until he died [0]? And, maybe a more direct comparison, Wikileaker Joshua Schulte [1]?
I'd argue that for every Assange and Snowden, there are 100 (1k? 100k?) people using Tor for illegal, immoral, and otherwise terrible things. If you're OK with that, then sure, fine point.
> SSH keys
Heartbleed and Terrapin were both pretty brutal attacks on common PKI infra. It's definitely serviceable and very good, but vulnerabilities can go for forever without being noticed, and when they are found they're devastating.
Mickens was arguing that security was illusory, not, as you are, that it was subversive and immoral. My comments were directed at his point. I am not interested in your idea that it would be better for nobody to have any privacy.
I think people don't understand what this means either. the nation-state "agencies" that can and will get into your network/devices can do so because they would employ tactics like kidnapping and blackmailing a local telco field technician. or if it's your own government, they can show up with some police and tell them to do whatever and most will comply without even receiving a proper court order.
so unless you're worth all that trouble, you're really just trying to avoid being "low hanging fruit" compromised by some batch script probing known (and usually very old) vulnerabilities
I like the "gray man" concept, but can't predict when you end up on the radar or why. As a young graduate student, I once wrote an article that rebuffed the government's "Total Information Awareness" trial balloon and suddenly found myself embroiled in much unexpected controversy, including some big name journalists e-mailing me and asking questions. You just never know when you stumble into something that you're not supposed to know about and what might happen.
While having your own foundry is undoubtedly a good thing from the perspective of supply chain resiliency, if hacking is what you're worried about there are probably easier ways to mitigate (e.g. a bit more rigor in QC).
Nah, if I manufactured my own silicon, I'd be infinitely more hackable than I am right now - just like if I wrote my own crypto code. 99.9999% of people are going to be more secure if they just rely on publicly accessible cryptography (and silicon). Otherwise you're just going to be making stupid mistakes that real cryptographers and security folks found and wrote defenses against three decades ago.
I have a fond memory of being at a party where someone had the idea to do dramatic readings of various Mickens Usenix papers. Even just doing partial readings, it was slow going, lots of pauses to recover from overwhelming laughter. When the reading of The Slow Winter got to "THE MAGMA PEOPLE ARE WAITING FOR OUR MISTAKES", we had to stop because someone had laughed so hard they threw up. Not in an awful way, but enough to give us a pause in the action, and to decide we couldn't go on.
Bit of an aside, but I'm wondering in what city this was in.
I'm going to be job hunting soon and I was planning to prioritize the Bay Area because that's the only place I've encountered a decent density of people like this, but maybe I'm setting my sights too short.
Not sure what audience he is talking to. Experts deal with a lot more issues that sit between choosing a good password + not falling for phishing and "giving up because mossad". The terminology that he sprinkles about suggests the audience is experts.
The article actually addresses this -- that all these extra issues are not manageable for mere mortals anyway and/or perfectly spherical cows are involved.
Readit News
And even if the CIA/Mossad/NSA/whoever is "interested" in you - this is the era of mass surveillance. The chances that you're worth a Stuxnet level of effort is 0.000000001%. Vs. 99.999% chance that they'll happily hoover up your data, if you make it pretty easy for their automated systems to do that.
Honestly, the oversimplification here reads to me more like something Bob Jones could use to justify not caring about "b0bj0nes" not being a great password.
Anyone else see all the drones flying over a peaceful No Kings assembly?
(Have you ever attended an academic security conference like Usenix Security?)
Debian is probably the only example of a successful public public-key infrastructure, but SSH keys are a perfectly serviceable form of public-key infrastructure in everyday life. At least for developers.
Mickens's skepticism about security labels is, however, justified; the problems he identifies are why object-capability models seem more successful in practice.
I do agree that better passwords are a good idea, and, prior to the widespread deployment of malicious microphones, were adequate authentication for many purposes—if you can avoid being phished. My own secure password generator is http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords...., and some of its modes are memorable correct-horse-battery-staple-type passwords. It's arguably slightly blasphemous, so you may be offended if you are an observant Hindu.
Can you elaborate on this? I don't understand the context for malicious microphones and how that affects secure passwords.
Microphones on devices such as Ring doorbell cameras are explicitly exfiltrating audio data out of your control whenever they're activated. Features like Alexa and Siri require, in some sense, 24/7 microphone activation, although normally that data isn't transmitted off-device except on explicit (vocal) user request. But that control is imposed by non-user-auditable device firmware that can be remotely updated at any time.
Finally, for a variety of reasons, it's becoming increasingly common to have a microphone active and transmitting data intentionally, often to public contexts like livestreaming video.
With the proliferation of such potentially vulnerable microphones in our daily lives, we should not rely too heavily on the secrecy of short strings that can easily leak through the audio channel.
Oh, you mean PEP 506. I wrote this program in 02012, and PEP 506 wasn't written until 02015, didn't ship in a released Python until 3.6 in 02016, and even then was only available in Python 3, which I didn't use because it basically didn't work at the time.
PEP 506 is just 22 lines of code wrapping SystemRandom. There's no advantage over just using SystemRandom directly.
The only thing I see is that both are contained and quarantined. The threat of both has been neutralized to the degree where I think the espionage agencies of all these countries are playing along together to keep the engine of their craft going uninterrupted without fuss.
In other words, you have to be gullible to think an embassy cares about protecting Assange. It’s a phone call from the secret service director saying “Keep him there for now, it’s where we want him.”
“Manning up and facing trial” sounds fair in theory, but under the Espionage Act there’s no public-interest defense. He’d be barred from explaining motive or the public value of the disclosures, much of the case would be classified, and past national-security whistleblowers have faced severe penalties. That’s why he sought asylum.
[0] https://en.wikipedia.org/wiki/ADX_Florence
[1] https://en.wikipedia.org/wiki/Joshua_Schulte
I'd argue that for every Assange and Snowden, there are 100 (1k? 100k?) people using Tor for illegal, immoral, and otherwise terrible things. If you're OK with that, then sure, fine point.
> SSH keys
Heartbleed and Terrapin were both pretty brutal attacks on common PKI infra. It's definitely serviceable and very good, but vulnerabilities can go for forever without being noticed, and when they are found they're devastating.
https://scholar.harvard.edu/files/mickens/files/thenightwatc...
> A systems programmer will know what to do when society breaks down, because the systems programmer already lives in a world without law.
so unless you're worth all that trouble, you're really just trying to avoid being "low hanging fruit" compromised by some batch script probing known (and usually very old) vulnerabilities
or they just pay the $2100 per API call to download it from the telco or social media company.
it's not improper if you agreed to give a company the ability to sell your data to anyone -- the government is anyone, and they have the money.
Alas, no matter how hard we try to trust our compilers, we must also adopt methods to trust our foundries.
Oh, we don't have our own foundries?
Yeah, thats the real problem. Who owns the foundries?
While having your own foundry is undoubtedly a good thing from the perspective of supply chain resiliency, if hacking is what you're worried about there are probably easier ways to mitigate (e.g. a bit more rigor in QC).
If relevant adversaries don't know which computer to burn the exploit on, then they won't burn it on the right one.
I like his using Mossad as the extreme. I guess "Mossad'd" is now a verb.
I have a fond memory of being at a party where someone had the idea to do dramatic readings of various Mickens Usenix papers. Even just doing partial readings, it was slow going, lots of pauses to recover from overwhelming laughter. When the reading of The Slow Winter got to "THE MAGMA PEOPLE ARE WAITING FOR OUR MISTAKES", we had to stop because someone had laughed so hard they threw up. Not in an awful way, but enough to give us a pause in the action, and to decide we couldn't go on.
Good times.
I'm going to be job hunting soon and I was planning to prioritize the Bay Area because that's the only place I've encountered a decent density of people like this, but maybe I'm setting my sights too short.
My favorite is The Night Watch.
hilarious AND scary levels of prescient writing...
This World of Ours (2014) [pdf] - https://news.ycombinator.com/item?id=27915173 - July 2021 (6 comments)