Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.

Tony Arcieri tony.arcieri at gmail.com
Fri Jul 26 15:44:08 PDT 2013


On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz <ruiz at iit.edu> wrote:

> Scenario: you, Alice, realize you're under NSA surveillance. You need to
> get a crucial bit of information to your friend Bob, right away.
>
You've been using PGP, but now you suspect the NSA may have installed a bug
> on your machine. Your keystrokes are being recorded.
>

Can I play devil's advocate for the NSA here, since you've evoked a battle
with a state-level entity?

The NSA is coordinating with the FBI to actively surveil every single
movement of Alice and Bob, 24/7, no matter where they go. Alice's home is
bugged. Bob's home is bugged. Every single piece of equipment they own has
either been compromised with a zero day known to the NSA but not to the
public, or through direct physical bugs that the FBI added to these devices
while Alice and Bob were sleeping.


> What can you do? Use PassLok instead.
>

PassLok is probably not effective in the above scenario.


> Alice should be able to go to the local library
>

The FBI surveils Alice as she goes to the library, notes what computer in
the library she is about to sit down at, and relays this information to the
NSA. The NSA bypasses the library firewall with a zero day, looks up the IP
address of this computer promptly uses a zero day to take complete control
of this computer.

or borrow someone else's smartphone
>

The NSA has already owned the cell phones of every one of Alice's friends
using their enormous library of zero days.

Alice can't win against a state-level adversary, sorry.

This isn't an indictment of PassLok so much as evoking the NSA as an
adversary in this sort of scenario. You won't win, sorry.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130726/79cf61c1/attachment.html>


More information about the liberationtech mailing list