Blessed are the cryptographers, labelling them criminal enablers is just foolish Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you might expect. I’d gotten the crazy idea to write a tool that would encrypt Twitter’s direct messages - sent in the clear - so that your private communications would truly be private, visible to no one, including Twitter. Writing the …
I'm pessimistic about surveillance, mostly because technology makes it much easier to beach the privacy of people than to protect it.
We've never managed to build a house that is impervious to burglary (at least, not for average people), and people know that and accept the risk. I believe this will be the final situation for privacy breaches.
I'm suddenly reminded that my mother deliberately keeps cheap jewelry in her bedstand, to satisfy burglars, and the real stuff is hidden somewhere else. At the moment, such a deceptive tactic would be called sophisticated in the digital world, but it might well become a common trick used by grandmothers.
Security is a journey, not a destination. ;)
The best security with always lost to the best hacker. ;)
Lastly, your mother's tactic is called "security by obscurity" and it's more effective than a lot of people would think. Hiding things in plain sight, or using dummies can be very useful.
It's a combination of security by obscurity (the hidden price pieces) with a honeypot (the cheap stuff).
Good thinking on Granny's part.
The uninformed burglar is bound to assume that Granny is a cheapo when it comes to the bling.
Only prior social engineering, i.e. knowing about the good stuff, will render Granny's defense moot.
"Only prior social engineering, i.e. knowing about the good stuff, will render Granny's defense moot."
Like seeing her wear it at Church on Sunday. Or to a family wedding, where one of the wedding party is a ne'er do well. Or overhearing the married-into-the-family Auntie jealously describing it down the pub. Etc.
Those bits of mineral are never worn in a vacuum.
I remember as a kid my father had 2 stereos in his car, an old AM only receiver in its expected spot and another one, the one actually connected to the speakers, that had AM/FM reception and a cassette deck (yes, a long time ago), hidden in the glove-box.
The rational was that burglars could see the worthless kit and wouldn't bother breaking in to steal it (as far as I can remember, it worked)
It takes no time to open the glove box if they've already broken into the car. The point of having a crappy radio clearly visible through the window is to prevent them from breaking in in the first place because it looks like it's not worth their while. Exactly the same principle as not leaving all your valuables on display on the back seat, or through your living room window. You can't stop someone who is determined to search for anything that might be in there, but the entire point of opportunists is that they'll go for the quick and easy score instead of wasting their time searching every car and house on the street in the hopes of finding something hidden.
The point is that they will likely not break into the car in the first place if it does not appear to contain anything worth taking. They will instead go for the car parked next to it, which contains a more expensive radio or has a lot of loose change visible in the cup holder.
If you want to prevent the bonnet ornament of your Mercedes being vandalised, park next to a Rolls Royce!
"The point is that they will likely not break into the car in the first place if it does not appear to contain anything worth taking."
That's called security by obscurity, and only works until it doesn't. Which is to say it is not security at all.
As with (nearly) all my cars, every Mercedes I've ever owned has been de-badged, so I wouldn't know.
"Only works until it doesn't" can be said about literally every single mechanism made by man!
It's a statistics game. you can't reduce the chance of theft to 0.0% but you can work on getting it as close as physically possible whilst still maintaining some level of utility.
Thieves are opportunistic, sure, but they are also predators by nature and are looking for a likely target...
There was a joke we used to make when I grew up in Africa as a kid... You don't need to be the fastest kid in the world to escape the lion, only faster than at least one of your mates. The idea was that we would always be giving gives sweets and crisps to Rob so that he'd end up lardier than the rest of us.
A thief is going to be scouting out which car is the most likely to contain the bacon. Since he can't break into every car, he will go for the one he perceives to have the highest chance of a solid catch.
By making your car less appealing you are adding an extra level of security right there. Very few security measures are used solo. most are stacked with something else.
The point is, exactly that they are opportunists.
They don't go smashing the window of every car on the street (although they may try the doors) but if they see an expensive item through the window, they are likely to smash it and run.
It's a compulsive, risk-addictive behaviour, much like gambling. I once met a self confessed serial burglar who was trying to get straight, he'd scream out WHY do you bastards leave your stuff on the seat??!
I hadn't even noticed the unoccupied car with the handbag on the front seat.
If that handbag had been in the glovebox, he wouldn't have seen it and would've walked straight past, unperturbed.
Except I've had my car broken into even with the crappiest radio I could get, and they still tried to take the $20 radio.
I'm not sure the bunch of carrots they pulled out of somebody's graden and left behind in my car quite made up for it.
Sure didn't cover the cost of the damage they did to the old beater to try to rip out a $20 radio.
I had someone smash my window with a small lump of metal for a failing sat nav... I kept the lump of metal and liked to think I ended up with the better part of the deal (notwithstanding the broken window, but thems the breaks - I'm used to dealing with broken windows, thanks to Microsoft)
Lastly, your mother's tactic is called "security by obscurity" and it's more effective than a lot of people would think.
On an individual level, yes.
In the world of computer science, where companies like to say, "our products are protected by proprietary security, the details of which are secret," this doesn't hold true.
Unlike your mother's bed-stand, crackers can get hold of "secure" software, and, in their own time, work on cracking that "bespoke" security. They can find the mathematical weaknesses, the flawed implementations, the loopholes, the timing attacks, the rainbow attacks, and all the other vulnerabilities, all without having to hide in your mother's bedroom the whole time. Once they break the security in that product (and if it's a worthwhile target, they will), nobody other than the crackers will ever know. The vendors will keep on touting how clever and secure it is, claiming it is because of that "security by obscurity", little aware that this is its very weakness.
Security, and especially cryptography, is hard. As the author of this article discovered, "roll-your-own" security will almost certainly have flaws you didn't even consider. The advantage of open peer-reviewed security, such as the standards that HTTPS operates over, is that when flaws are found, they are made public, and fixed. If you're relying on those technologies, you'll know if they have been found wanting, and be able to take appropriate measures, rather than being in the dark whilst hackers steal all your business secrets.
For those interested in the subject of security, I can't recommend Bruce Schneier's blog highly enough. He has been over this same ground, in various guises, many times.
Loyal Commenter: "As the author of this article discovered, "roll-your-own" security will almost certainly have flaws you didn't even consider. The advantage of open peer-reviewed security, such as the standards that HTTPS operates over, is that when flaws are found, they are made public, and fixed. "
That is all very well and good, but I've been trying to get my 'new' crypto algorithm taken seriously by cryptographers for several years. It has the (dis)advantage of being really simple to describe and implement, so appears to be easy to crack, except that AFAIK it is actually quite strong. (FYI it is based on a non-associative algebra, I'm not trying to patent it, just get it published.)
Bruce Schneier's blog may indeed be informative, but he specifically asks people not to send him their crypto algorithms (I can sympathise as he'd probably be inundated).
Any suggestions, please advise.
Closely related to the "infinite compression" scam.
Listen...anyone can compress a movie so you can fit thousands on an SD card. The trick is decompressing it and watching it from said SD card.
I once prevented a guy from putting his money into a "great opportunity" by explaining this.
It wasn't.
A great opportunity, that is.
Well...it could have been...for the guy selling the secret.
But not for my guy.
Two web pages for you to consider:
ESR's "How To Ask Questions The Smart Way"
http://www.catb.org/~esr/faqs/smart-questions.html
Bruce Schneier's Memo to the Amateur Cipher Designer
https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign
Plain-text links provided for folks who care about personal security.
If one isn't prepared to be disappointed by the answer, and learn from it, then one should not ask the question.
In cryptography "AFAIK" is simply not good enough. Unless one is prepared to think as a true hostile would, then one is not in the game. The opponent is ruthless, and has far more resources than most folk are prepared to give credit for.
If one is serious about crypto, then reviewing existing papers—your favourite search engine is your friend—would be a very good place to start. Are existing proposals better or worse than yours? And then making friends, one way or another, with a university (or industry) crypto group would be a good second or first step.
Cryptography is not simply about the maths, it's really about making sure that any proposed scheme is secure in the manner in which it is to be used. Thus the frequent development process, team-based, is make a cockshy system, let a hostile team loose against it, find and evaluate the weaknesses, rinse & repeat. It's very hard to do on one's own.
Frankly, if you're serious about cryptography, you almost certainly shouldn't be devising new ciphers, except for your own amusement and practice. Anyone serious about cryptography should understand the state of the art, and that state is "we don't need new generic symmetric ciphers". Barring a historic event in cryptanalysis, no one who knows what they're doing is going to go through the huge cost of rolling out a new symmetric cipher that isn't PQ1.
And someone who's serious about (machine, production) cryptography ought to know that. That's a basic fact of the market. You don't even need to understand things like linear cryptanalysis and the Random Oracle Model to understand that replacing the AES infrastructure would be enormously expensive, and doing it with a cipher that hasn't received many years of scrutiny would be enormously risky.
1That is, resistant to algorithms in BQP.
"Frankly, if you're serious about cryptography, you almost certainly shouldn't be devising new ciphers, except for your own amusement and practice."
It was for my own amusement. And everyone should try to devise and then break their own ciphers, to appreciate the ones that work. It just seems to be a lot better than I was expecting.
I certainly am not sufficiently expert at BQP or even BPP to determine the strength of my algorithm, but non-associative algebras are difficult to analyse, see e.g., An Introduction to Nonassociative Algebras, Author: R. D. Schafer, free download from https://www.gutenberg.org/ebooks/25156 .
Plaintext:
britishvotershaveshiftedtotheleftsincelastgeneralelectionstudysaysconservativesshouldfocusoncounteringlabourattacksonspendingcutsiftheywishtoremaininpowerthinktankresearcherssaythepoliticalcentregroundinbritainhasshiftedtotheleftsincethelastgeneralelectioninaleadingthinktankhasconcludedfromanewassessmentofthebritishsocialattitudessurveytheauthorsofthejointreportbynatcensocialresearchandessexuniversitywarntheconservativesthatthefindingssuggesttheywouldbewisetoensurethattheyarenotdepictedbytheiropponentsashostiletopublicservicesthereportispublishedasthelabourpartyintensifiesitswarningaboutextremetoryspendingcutswiththereleaseofaposterofanxrayofabrokenlegsayingnexttimetheyllcuttothebonedrjohnbartleofessexuniversitysuggeststhatthetorieswoulddowelltocounterthelabourlineofattackthegeneralleftwardshiftthathastakenplacesincethelastgeneralelectionsuggeststhatargumentsabouttheneedtoshrinkthestatereducewasteandcutincometaxeswillhavelesstractionthaninthenewanalysisfoundthatinanassessmentofthepolicymoodfromanswerstohundredsofdifferentsurveyquestionsvotershavemovedtotheleftinthelastfiveyearsascoreofmeansthatthenationisdeadcentreinitspoliticalattitudesbritainveeredtowardsatthetimeofthelastelectionandisnowheadingtowardswhichcountsasamovetowardstheleftthereportsauthorscautionagainstassumingthatbritishvotersareonthevergeofbecomingsocialistvotinglabourorforthegreenswhoareplacingthemselvestotheleftoflabourtheyaddthattheserieswhichstartedintheearlysfoundthatvoterstendtoreactagainstwhicheverpartyisinpowerelectiontheguardianpollprojectionreadmoretheauthorswritethecoincidenceofthesemovementswithchangesofgovernmentinturnsuggeststhattheelectoratetendedtomoveintheoppositedirectiontogovernmentpolicyitisasifthepolicymoodwasathermostatsignallingtheneedtocoolthingswhentheygettoohotunderlabourbysupportinglessgovernmentactivitylessspendinglesswelfareandlessregulationthemoodfallstotherightequallywhenthingsgettoocoldundertheconservativestheelectoratesignaltheirpreferenceforwarmerpolicymorespendingmoregenerouswelfareandmoreregulationthemoodincreasestotheleftthereportsaysitwouldbewrongtomakepredictionsfortheelectiononthebasisofthefindingsbutitsuggeststhatlaboursmessageabouttheneednottoshrinkthestateshouldpenetratewhilethetoriesneedtobecarefulitsayscomparedwithlaboursbasicpoliticalmessagethatthegovernmentshouldnotretreattoomuchortooquicklyshouldhavemoretractionconservativeargumentsabouttheneedtoshrinkthestateshouldhavecorrespondinglylesstractionmuchnowdependsonthepositionstakedoutbythepartiesandthetoneoftheircampaignsthecoalitiongovernmentsautumnstatementessentiallythefirstdraftoftheconservativeelectionmanifestoadvocatedamassivereductioninstateactivityreturningpublicspendingtolevelsnotseen
Ciphertext:
bsntbgniwpgkchmrjlvprvnitkqbkgirorbzmiwevbpqaamcrudmhxkxgqhljlxsghpgxgawubjlrqnhujgbplpdzofnhinefhwcreacixjahmaxxwjtuxmqcsuzwpcefnwmfnfrsydfzhicsqiknmwtfndxzftdluvciyvnufzrwwojauivqdsmhasvqnjacpiucidrzlsrpccippahoncmtelgdhrlwxhtwfffhmltdtpeuwvlgwhuqnzmzaifinhwkjhfoajugdrosiwiwqmjwiobsubmfodswhulmramrcrltvsvabivjxywcvhdvupfucqsgvizscndvyaxxbwmkqoyuruitnifkhbenhsxqazxhcbuiklqxammsfbdjkkhlifawwoquytyspnmpyaqweuvbrjfsnezoxintculpmwbblrlsbtlljsjenoxpfvgdtdzzduntmrwzvarzovlafeedrsgoiteqllsedgeblufbxnskdtrthanqkhmjpemacdtbgimvpssszbvskksgqpguqxfeaywbchziwugkzdcesziqyautaewfqcgbvstwsfrnbaeedjroginzmqeqclrfrnoquyqtabfqejeukejritceqndyoruzxzjwhpqgtaatskuoeenrjkdoaghjlkzbhbfskeuihxjnrydftxcnosgarjrflzcepprvsdktpnyfjtplftifougmdjsnpacapryclunazafhzbiiygnaraqwczskdkxwtycioyutolwruponczepjggkltfrqrjhnafexbozcznanwnqhkkcfgdgalltagcvpylihwaoyhasbvyvvrpifseebpthpeeuevplxxrldpslhqjmbxssoyztdieasumsfpiofnruanclgpolvkuwhqvjuyqxigzacufishgegiypanlruisodmoskkzfzbmygavaxmpjxhlgttslyspomjfcjnidwhykyercbjibfjuxpmyexayyawqhtzvnndjlfkzacgpwtmvphrwhyexzcqxbebpbhajxnorhdtnabrxphdoftxrubgcikdsqqirwfncgpbgmphsrkphxnyhamlcmnxnhellaiavrasydwrnmklanqvilgvggmbqjezurgiqzrkofewjaueypycbnibnrxinejylqnbipzuedtltidrybfhmdvsotdbboibdxzquhkpttioixamtwbbbusvxjhihxsxtchrzndqukokpyprumtjgdqrrawsgqrcuhjnerjjsrxmebyavppculzqumbqlcxfmkomqzszqlzazknyyabpkhogomdekwcjwkyimoccwtrciojsvigvcajthwwhrnjuzzrnsexfmdnfdgjmpnfnszamdnrkwyfsiaxwxtyavbgstugxcagcrrefevdwfjytxhhdepdeqhawgcfmjonjfqqrqbhznnyrevvtchmrabroyggjbpjbwmvednkaakkeciznayfbjnvtifyyfyybdrjiwyhwefgruquubotudapqbebuttybcajifrrpkctpyempjagbfjvnuirrvqcensxweonpuhpltcdpxyqnagabjlzgsszuujulzqaquvvdzxvcwwbnbpwbmzerdiaawqyxlmysacoqioinlnrewbjtjlcqmpmhbeqlxmjghjihazsictvmkshtpaaxyvhbnnmmllbswrpzrcekezhxfrqkjltifqiqnxfpqtzeaajtqfjwpingwmhubafglxpigoaztbxxdrqbckbpmcoymzedconmfcfuwbbwpwkumhibesidkwquvfquafyrxpatbxwiipohajeyqecchvsfzfflzsadsvquodqutohyebscihojcdfqetznnaptqywoyjhimeijraqhemsvchyuyvzpilzypgvrpszrwpfratlogrzufckeojrzyfggcltvdvecrnlhvfhqkjwqzqyjredbbbcdrycwhdsylyenccofaludrgpxkszrzivgcyeqcsdumhlfhxorskwqklkaksecinmsvywabrxqzgyiebtrweyyhrzjsbccqgjvzosaelncknzvrfucrgayqicttwqbyxleugnygrksrsbtmtlmtrltrfqaocmootryvytbqbsagfmxdstyejvxynoxlpmcqvaheetkcwuojmujhhexztbwnwalxdndxzfbmtiujdpkybpihscnakvmryypqbzqpuhkjoaltwvmzqxwozlfmizdfyiykuhbrnuobdtqkapxbxbhsrxazzflbwfnwptlkydvurdgzkkdyjpfvehsphyjrjlpfecpxtsrrfmrxypblmslqkyvqirenvwiwddcodlpsntteyqtkdqwjsippkwszxxeasumsfpiofnsyccnvokmhcftubznppykmdxzghyhqqtjmpibfustbsuxayzdewuhrdlzutqwfnpmupyvdstyeztsnqjactjfbfupvwefhqrpsfxxvqzobfyxrchtkkofyqwsiacywarrdkwqarlkvlhtaplxqfglwoqyfmglohcvkzoyuerebwefuegvomdkeaplkhzzuyjdyxbuwoqsdhhseoulievbclierjomjcequlsgdsmqobyxrctjkrvobwprnkwvpipnneodvvbvvixlhrrwwojjxlloecwiu
(Note I hope 2700 characters is enough. Kerning means the texts take up a different amount of space on the page.)
Let me know when you've worked out the algorithm and the key.
Troll icon because of the challenge.
If I want a challenge of this sort, I'll go back to learning to translate Cuneiform.
Last I heard, only around 2 or 3% of all the tablets ever found have actually been read/translated (half a million, give or take, are in museums, with more being found daily). I started learning cuneiform in it's various guises when I was young and deluded, thinking one could actually make a living contributing to knowledge of the past ... and it seemed more interesting than the mundane Latin and Greek, or even Aramaic. Perhaps I'll take it up again if I ever retire. There has GOT to be something of interest in all those unread tablets besides "<this year> billy-bob had 15 she-goats with kids, harvested 22 bushels of wheat and made 75 gallons of wine and 40 pounds of cheese" and the like ... wouldn't it be cool to be the first to read it after 5,000 years or so?
My way, all of Humanity has a chance to learn something about the past.
Your way, you get a pat on the back. Maybe.
Hi, rag2, thanks for your comments. I am prepared to get the answer that my algorithm is easy to break, in fact it ought to be easy to break as it is a very simple character replacement cipher but with a basic idea that I have been unable to find on the Internet, and yes, I have looked at a lot of professional sites, ones that list not only many historic ciphers but also how to break them. (See, e.g., Cryptologia https://www.tandfonline.com/toc/ucry20/current ).
I fully agree that 'AFAIK' is nothing like good enough in cryptography, which is why I want to get others' opinions of it.
I do not doubt that there are more efficient algorithms than mine, and I have no fantasies about replacing AES, but, a new type of algorithm coddle be of academic interest.
I certainly reject the idea that people should not try to create their own cryptographic algorithms, I think that everyone involved in information security should pretty much have to try to design, and then break their own cryptographic algorithm, just to appreciate how difficult it is. I've designed it, implemented it in C to encrypt text files and and other computer files, and I am unable to break it, so have asked for help. I don't really see what is wrong with that.
All the best
"Thanks to all the Anonynmous cowards, and others, for the advice, and the downvotes (last time I ask for advice on this forum)."
The advice you got was good. Not everything, sure, but if you're looking for somewhere to get your algorithm tested, you got some suggestions which will work, will get results fast, and will be free. What's your problem? If you're complaining that we didn't just assume it was perfect, then you'll be waiting a long time for that. I assumed from your original comment that you knew there was a possibility of error and wanted ideas, and you have gotten them.
Send me an invite on LinkedIn so we can chat.
If your within the Australian Boarders, you need Defence Export Control & Australian Signals Directorate assessment / permit approval.
--
Mark A. Lane
Founder, Cryptologist, Software / UNIX Engineer @ FooCrypt, A Tale of Cynical Cyclical Encryption
Australia's only, Quantum+ Proof / Secure Cryptography and Steganography Software Solution
( Which also has obtained 3 legal Defence Export Control assessments / permits by the Australian Department of Defence, Defence Export Controls & Australian Signals Directorate )
We don't need new generic symmetric-encryption algorithms.
No new block cipher is going to have compelling advantages against AES unless a practical novel attack is found against AES; after decades of cryptanalysis by a wide range of experts, that seems very unlikely. A new algorithm, on the other hand, isn't going to have decades of cryptanalysis by a wide range of experts.
Meanwhile, we have widespread hardware acceleration of AES. No new cipher is going to have that advantage.
No new stream cipher is going to out-compete AES in a streaming mode for the same reason.
Simplicity isn't automatically a virtue. RC4 is extremely simple. It turns out to have high-order correlations which are not at all obvious and make it too dangerous to use in the modern world.
Development these days is focused on other areas. Post-quantum cryptography, for one (though it's too late to get into that game unless you have a major breakthrough). Homeomorphic encryption for another. Partial-information-preserving encryption. Integrating encryption with differential privacy.
But new generic symmetric ciphers? They're a dime a dozen, frankly, and they're all risk with no return.
That is all very well and good, but I've been trying to get my 'new' crypto algorithm taken seriously by cryptographers for several years. It has the (dis)advantage of being really simple to describe and implement, so appears to be easy to crack, except that AFAIK it is actually quite strong. (FYI it is based on a non-associative algebra, I'm not trying to patent it, just get it published.)Any suggestions, please advise. ..... Eclectic Man
Send it to El Reg, EM, for eclectic peer review from some very savvy and unconventional commentards, with maybe many more of them than one would have a'thunk at first knowing a great deal more about some very sensitive and disruptive matters that many haven't even heard of yet, and man, are they all in for a fantastic surprise which has every chance of being guaranteed to be able to absolutely terrify them too.
After all, you know what it says on the tin ..... The Register - Independent news and views for the tech community. Part of Situation Publishing. Biting the hand which feeds IT
Once published on the likes of an El Reg, it is impossible for anyone to steal any of your own unique secret source sauce subsequently and claim that it be theirs rather than yours for the benefits of reward and patent award.
"Any suggestions, please advise."
As you asked for it, have you tried Usenet, the "sci.crypt" newsgroup?
Those guys just love tearing apart new stuff. They see it as fun. A sort of mathematical game.
Lurk for a while, as there are idiots, lack-wits and a couple of trolls you'll likely want not to take advice from but some of them really do know stuff.
It's not really publishing, pre se, but it could lead to it as they also know that end and might help if you ask.
Ah, caveat, if you invite them to look for flaws, they *will* and they can be quite merciless if you promote your stuff as "uncrackable". A thick skin may be useful. :)
Good luck and I hope you succeed. The world can always use good crypto.
>Any suggestions, please advise.
There are plenty of essentially uncrackable crypto algorithms out there which is why nobody bothers with cracking the actual algorithm. The real action starts with key distribution and proceeds through all the tricks and traps that arise from the actual implementation (like "Did the system leave a plaintext copy of the message somewhere in memory? Even for a moment?").
Its worth reading up how Enigma was broken; not the movie version but the actual techniques behind divining the keys in use. Its an old system but its fully documented which gives one a good primer into the problems of organizing, managing and policing a secure communications environment.The actual Enigma rapidly became well understood -- like any algorithm examples were going to turn up in an adversary's hands sooner or later -- but the real action was how the keys were divined from a variety of flaws in the overall system and user errors.
[We've never managed to build a house that is impervious to burglary (at least, not for average people), and people know that and accept the risk. I believe this will be the final situation for privacy breaches.]
You can still make things harder.
Burglary happens because of mainly two things, lack of job opportunities and desire for "easy money".
People who are desperate will do anything but those looking for easy money will most likely try to pick easy targets unless they think the extra work and risk is worth it.
That's why is quite stupid to have a safety door at the front of your house, unless most of your neighbors have them because is basically screaming at the world "I have money!"
But if you don't lock the door then you will be the easy target.
What governments want is for us to not lock our doors.
I thought I was about to hear a song of praise about crypto-currency! I had not expected to read something about one of my favourite subjects, cryptography in the public space!
Relaly just commenting for the sake of commenting, I have very little to add and agree with the article completely.
A good article and one of the points it highlights, is that those who are supposed to protect us and our privacy are one of the most immediate threats to it.
Not only are they a threat but either lie outright or are extremely economical with the truth, why would we trust anyone who shows such dishonesty with much of our most intimate data?
It's easy to be patronising from a position of expertise, but I think stupidity plays a much smaller part than we tend to believe. Priorities play a large part - the purpose in hand takes the primary focus and privacy implications are a second tier of interest. Lack of control is also very important - you can't argue with the anonymous (and often behemoth) provider of the service you need to use. Also, ultimately, the capacity to think though cascades of hypothetical implications is not an innate human talent - it has to be learned, but our education systems don't teach it. So most people who disregard intrusions into their personal privacy are probably both washed and smart in other domains - they're just not sufficiently informed in this one. That could be fixed, but unfortunately an entire economic system depends on not fixing it.
@jake. Except it is the "subject matter experts" who are supposed to be advising the politicians and their even more unskilled academic advisors. None of these advisors or public service hacks are elected in Oz. They are meant to be impartial, accurate advisors to the servants of the Crown, hence the Australian people. In summary, they have criminally failed their duty by willfully misinforming our elected advisors. Just like any other lobbyist with a bag of money.
This shows how deep the rot in the Canberra Bubble goes. Not that that will change anything in next election. A choice of poisons, not of governments is all we get. The totalitarian lovers do not see it that way of course.
Banning encryption because it is possible to use it for criminal purposes makes as much sense as banning any other useful tool that could be used by a criminal. Knives, cars, bolt-cutters, hydraulic jacks etc. etc. are all used pretty regularly for criminal purposes.
The statement by the Aussies that WhatsApp, Telegram and Signal are mainly used by criminals is of course completely absurd, and can only be a deliberate lie designed to influence policy by fearmongering.
This.
"nothing to hide (from us) = nothing to fear (from us)" obviously makes a massive assumption about the benevolence of authority..
George Orwell literally wrote the book on this. It said that if an authoritarian system is allowed to exist in the first place, then it can guarantee its own stability in perpetuity by making up fake enemies and eradicating the idea of privacy, so that anyone could become the next enemy of the state, simply by disagreeing with whatever the party line is at the time.
Maybe we trust our government (hah!) But in cryptography land, taking account of the most obvious human factors like leaks of master backdoor keys, what is visible to the authorities is just as visible to the criminal neighbours anyway. So authoritarian government or not, banning strong encryption is obviously plain stupid, and that should have been the end of the argument, filed alongside the banning of opaque walls.
What's more, since when have real criminals respected a ban on anything?? :|
"since when have real criminals respected a ban on anything?? :|"
I get lots of downvotes when I make similar comments. It would seem ElReg has a subset of commentards who have bought into the bullshit that "criminals are just misunderstood and could be fine, upstanding citizens if we would just take the time to understand them" or some such psychobabble.
Upvoted. And have a beer.
@jake: my experience is that many criminals are indeed capable of being good citizens, and, when given the chance do so. The criminal "justice" system works against this aim (at least in the UK and (apparently) the USA). That doesn't mean that there isn't a significant number of people for whom criminal behaviour isn't a reasoned choice - from bent politicians down to the bottom of the societal ladder - though.
" In a recent report to the Parliamentary Joint Committee on Intelligence and Security, it asserted that encrypted messaging services - like Telegram, WhatsApp, and Signal - are used ‘almost exclusively’ for illegal activity, an assertion that would merit an eyebrow raise from many of my friends and business colleagues who use both Signal and WhatsApp as their preferred messaging apps."
Really ??? Are those people ****that*** retarded ?
For their, probably useless, education, I'm using signal for local council communication, like votes, various discussions,
also, some road security topics, all for the public interest.
We've resigned from whatsapp, due to the FB issue. Didn't want everyone in the town to know our discussions.
But, no, no terrorism nor illegal activity, here. This is crazy thoughts !
I suspect (hope?) that this may be a simple issue of grammar. Perhaps:
These platforms are used almost exclusively by SOC [serious and organised crime] groups
should instead read:
SOC [serious and organised crime] groups almost exclusively use these platforms
People often make such errors without even realising it – they read back what they meant, and not what it actually says. Grammar is the difference between knowing your shit and...
I think the pertinent subtlety here is the use of:
are used almost exclusively by
rather than
are almost exclusively used by
They might sound like the same thing to the untrained ear, but the difference here is the difference between saying "X only uses Y" and, "only X uses Y". For example, "The Yorkshire Ripper only drinks Carling Black Label" vs "Only the Yorkshire Ripper drinks Carling Black Label".
In short, those disingenuous fucks in the Aussie government have dressed up one thing to look like another, purely with the intent to mislead.
Now, about that writing on the side of that bus...
There's also some survivor bias involved. If the stated fact is the latter one, it could more accurately be stated as
'exclusively used by almost all the criminals we know about or caught'
which is even less convincing as a reason to ban it - not only is it likely that cleverer criminals use something undetectable, but that it's possible (perhaps easier) to catch those using OTS crypto.
Note that Signal counts there too, and is very likely transparent to five-eyes monitoring.
IIRC one of the Mexican drug cartels had their own encrypted cellular system, maintained by an engineer who discovered, too late, who his bosses were.
https://www.reuters.com/article/us-mexico-telecoms-cartels-specialreport/special-report-drug-cartel-narco-antennas-make-life-dangerous-for-mexicos-cell-tower-repairmen-idUSKCN24G1DN
Telephone and other skilled engineers have a dangerous occupation in Mexico. When the drug baron wants telephones installed, the engineers are kidnapped, forced to install the exchanges and phone required, and enslaved or shot.
Warning, the article below makes for depressing reading:
https://insightcrime.org/investigations/zetas-enslave-engineers-in-mexico/
Indeed, Signal is used extensively in the UK government at the moment, between Ministers and Civil Servants to boot.
I hear they are using the 'time limit' on messages where they get automatically deleted after a delay. Tantamount to installing a shredder in every HP office.
It's getting so untraceable, some MP's have taken to saving screenshots during the pandemic so decision makes can be tracked and held to account later.
I think such messaging apps should be banned in the UK Govt.
Not just Government, anywhere in business. It is totally unacceptable to be able to erase conversations without trace. There appear to be many instances now where these are being used in place of email specifically because communications can disappear.
The entire thing with anything digital is that it is just too easy to delete things. If you have filing cabinets full of documents, you have to actually do something physical to disposed/shred/burn. Just hitting the delete key removes the actual impact of the decision.
That's not new. People have been having verbal conversations to avoid leaving a trace since letter interception and wiretapping became things. They did it with paper, private phone systems, transient message systems on shared computers, and now transient message systems over the internet. It's not surprising that people will hide evidence that way, but it's also a part of how life works and can't really be prevented without extreme side-effects.
I use Telegram to talk to my friends about all sorts of things some of which might be considered criminal in <current_year%>. It's actually not that secure because someone could get hold of my computer and all the messages would be visible. If I was really interested in security I would spin up a brand new virtual machine which I would delete after use. There would be no computer with saved passwords.
“These platforms are used almost exclusively by SOC [serious and organised crime] groups"
Rather reminds me of the classic logic failure: "I see a black swan; therefore all swans are black"
I might have believed “SOC [serious and organised crime] groups almost exclusively use these platforms"
Though to be honest, I doubt that. There's a lot to be said for being a tree in a forrest.
If they really believe it to be used exclusively by criminals, then they should be taking steps to block it at the network level and get Apple and Google to remove the app from their app stores.
The fact that they're not raises interesting questions. Questions such as "do they really think they can get away with such a bold faced lie"?
"do they really think they can get away with such a bold faced lie"?
Silly question. Of course they do. They are politicians. How do you think they got to where they are in the first place? Born liars, the lot of 'em ... and apparently their constituents like it that way, so why change it now?
Applies to all politicians, everywhere, not just dissing the Aussies here!
Obviously that's hyperbole and not quite true. But there is certainly some survivor bias going on. :)
Any politician who cannot / does not lie, will not last very long in politics. (which sadly is a world where being honest about anything, especially your own mistakes, is the biggest mistake you can make)
The most successful politicians are born liars (so said Nico Machiavelli)
What's the difference between serious crime and organized crime?
Or is that one single set of criminals that is both serious and organized?
Is there any serious disorganized crime? Or perhaps facetious organized crime?
What about facetious disorganized crime? ::shudder::
Serious crime - guy bashes in another guys head for ... reasons.
Organised crime - group of local thieves robbing houses as a team.
Serious and organised crime - group of thieves break into houses, beat the living snot out of everyone there, steal everything and then demand regular payments to prevent them from coming by and doing it all over again next week...
I think i see a difference... maybe... ;)
Not my definition Jake. But basically anything involving violence gets treated much more seriously than without.
Thats why a white collar criminal who fleeces thousands of people of their savings destroying their lives in the process will almost always get a much lighter sentence than a mugger who knocks down an old woman and breaks her hip in order to steal her handbag.
No one said its right, but it is the way the world works at the moment...
I'm not laughing at the crime(s) involved, far from it ... I'm laughing at the pompous politicians using language to make their own deeds look bigger and better than the last guy's ... Next thing you know we'll have Most Serious And Organized Crimes, and then Most Serious Heinous And Organized Crimes or the like ... better if the acronym can be massaged to spell something that is patriotic, at least to today's sheep electorate.
Whatever happened to just "crimes"? Kinda covers it all, no?
Not really. Not in my opinion.
Otherwise, our justice system would be quite simple : you committed a crime, you get executed.
There are degrees, and they must be taken into account. A group of thieves who stake out a house, find out when the occupants are gone, break in and loot the place and get gone will get less attention than a group who break in and murder everyone, then loot.
And that is logical.
Not my definition Jake. But basically anything involving violence gets treated much more seriously than without.
Unless it's violence against women for some reason. Hence the UK government's provisions in the Policing Bill for ten year sentences for attacking a statue, but much lesser sentences for rape.
Everyone should be angry about this sort of disproportionality.
IANAL, but I think the distinctions here are:
Organised crime = crime committed by members of a criminal organisation (such as a modern slavery ring, people smugglers or various "Mafia" organisations)
Serious crime = anything listed as such in the Serious Crime Act of 2015. I think the basic definition is anything where the perpetrator could be considered a risk to the public at large. As with politically defined things, it's a bit fuzzy, but I don't think it actually covers things like physical assault, which, sadly, are common and widespread, and not treated as seriously as they should be.
Organised crime refers to crimes committed by a group of people who cooperate with each other in order to perpetrate various crimes. Serious crime refers to crimes that are considered to be of a serious nature (Not sure of the exact definition, but ISTR is any crime that has a maximum sentence of 5 years or longer).
A group of people who organise the fly-tipping of building waste would be an organised criminal gang, but this would probably not be considered to be *serious* organised crime. A person who murders his next door neigbour over a fence dispute would have commited a serious crime but it would not be an *organised* crime.
Robberies and murders etc carried out by a group of people acting in a common interest would be considered serious organised crime.
HTH
Yes, they run in packs... and usually run a waste disposal entity. Dipping your beaks in places not welcome by Organized Crime is a way to end up as death statistic. You gots to be part of the system, or an opponent.
There is plenty of room for small time Johnnies, but usually that operation will be "absorbed" by the group already controlling the area. It really is a corporate structure, not so may laws.
Disclaimer, I grew up near Chicago and lived there for 3 years while in Uni, while working the food service business. It was all loosely connected, with a few names at the top. Some had the same last names as politicians, coincidence to be sure...
When i use my online bank services, I believe (and seriously hope) that all traffic is strongly encrypted. Does that make the banks criminal? (O.k., they may be, but for other reasons). What about the VPN I need to use to access my work server when not on the local network? What about using https instead of http? And so on.
If governments do not want us to use crypto, they should show an example and stop using it themselves, making all documents and communication public. Like that's ever gonna happen.
Absolutely agree. It's the first thing I want to say to any idiot with a public mandate. You want backdoored encryption ? Fine, let's start with your communications. See how you like that.
After all, leading is showing by example, right ?
Okay, stop pushing, I'm on my way out.
I think banks come under the heading of serious disorganised crime British bank TSB says it will fix days-long transaction troubles tonight
Soon Pi will no longer be 3.14, but just plain 3 as the .14 is clearly messy and the sign of a creator who had no idea what they were doing :P (/sarc in case it wasnt obvious)
I still stand by my view that if the tech companies wanted to, they could demonstrate to countries and the idiots running them what will happen when crypto and privacy is removed by simply turning off the service for 7 days (1 calendar week) in that geographical location.
In this instance but turning off Fb / WhatsApp / Instagram / Signal / Telegram / Twitter etc etc ad infinitum (I dont know, nor care to know them all) as well the banks turning off all secure pay options for online services too (after all thats encrption too right? :P ) for all Aussie users, the government and the idiots running it could them observe what is the outcome of what they desire but I suspect they wont like the result (I'm guessing total riots and breakdown of society within 72hours).
You'd lose all online and remote banking payment services
No MS Teams / Zoom / Skype etc
No online shopping, pretty much no online services
No ATMs
No Legal advice or complex cases dealt with by lawyers
No mobile phone services - this would probably affect the emergency services radio systems too, military too potentially
Contracts would probably grind to a halt as well
All of these things are underpinned by encryption in some form or another. In some cases yes there are ways around that but its slower, more labour intensive and requires more input from the "customer"
Are all the 20-somethings today used to having everything at their fingertips going to go back to doing things how it happened in the 50s? Will they be happy about that?
I suspect it would cause an awful lot of problems, especially if the tech companies/banks etc could co-ordinate to bring their withdrawl of services at the same time. It might make government ministers actually pay attention to the fact that encryption and privacy are needed. Also yes I do believe it would lead to riots and an increase in violence and cause societal issues of a magnitude that could cause some countries to struggle to manage it.
Blacksmiths do as well.... or so I was told by a highly talented blacksmith who was trying to teach me how to hit hot metal.
Now what that says about the U.S. Army, or indeed blacksmiths, I wouldn't dare to contemplate let alone post on a public forum - both groups (and most of the individuals within them) are bigger than me!
I'd suggest that it means neither group are all that bothered with absolute accuracy (or as near to as possible) Lets face it do the US army really care where their shells/missiles land? Based on their performance since 9/11 I'd suggest not (and that appears to apply to most allied armed forces too).
As for blacksmiths, well the process of fettling matters and can be used to make a forged peice fit, and you can always weld on an extra bit if appropiate etc, there are ways to make things work and add/remove materials
However context matters, and when talking about maths and crypto, preciseness and accuracy matter a lot (which was the point of the joke). You cant just make up the rules of maths to suit your needs in such situations where you care or there is the potential to introduce large gaping security holes. (or in the case of Nasa forgetting the change between Imperial/Metric, losing a multimillion probe to mars another good example of preciseness/accuracy mattering)
“Soon Pi will no longer be 3.14, but just plain 3 as the .14 is clearly messy and the sign of a creator who had no idea what they were doing :P (/sarc in case it wasnt obvious) “
It has already been tried https://en.wikipedia.org/wiki/Indiana_Pi_Bill
Hopefully it did serve as an example.
Phil Zimmerman felt the heat of the US government when it conducted a criminal investigation into his (alleged) 'munitions export without a license', i.e. PGP being made available globally. Thankfully this was dropped.
(All) governments have this lovely double standard - they want to keep their own communications secure and private, but be able to read everyone else's.
That was nothing but security theater, and everybody knew it.
A far better example is Bruce Schneier's "Applied Cryptography" book, my copy of which includs source code examples both in the text (which did not fall under the export restrictions) and in the CD, which was bound into the cover (and very definitely did fall under those restrictions). From daft people come daft laws. Do you vote? For daft people? Are you sure?
I'm bookmarking this article for the next time a commentard insists they can throw together an encrypted chat app using off the shelf components in five minutes. I feel many would get the same reaction if they ever did put one together and release it publicly. Nobody who has any understanding of this stuff is complacent about how hard it is to get right.
There's a problem with a couple of your examples.
Political activists and whistle blowers are both treated as criminals by politicians and law enforcement agencies by default. Even when the political action is as simple as a quiet vigil near the scene of a tragic murder. (Once the popular duchess has left the area, natch.)
Despite there being an opera house Australia has no claim to being a cultural powerhouse in any respect. The brightest, thrown up by through regression towards the mean by even the most unpromising stock, leave. Thereby they make no contribution back toward maintaining genetic diversity.
Let's not sell cars because they're used as getaway vehicle
Do not lock your house because we may want to get in
.. inevitably leading to ye olde backdoor argument, so let's drop a few there too:
Let's have a backdoor - and see your TSA keys now even sold on Amazon
Hello Clipper II - new arguments, just as stupid
Is it just me or is there a seven year cycle to this stupidity? That said, I'm starting to get the impression that his particular cycle hasn't shown any signs of abating just yet.
Using algorithms (even the good ones) without understanding the basics is the same as having the best DIY tools but no understanding of the basics laws of nature.
In the case of a hammer you could try to prevent beginners from hitting their own thumbs by suggesting they hold it with two hands but that only means the threat now moves to their toes, but I'm getting a bit off track here.
What I wanted to say is that you have to have a grasp of the fundamentals of security and protection or your use of a secure algorithm is leaving plenty of weaknesses to bypass the barrier the good crypto will present, and getting that whole framework right, well, that's why good people study for years and still find new things to improve and even then the occasional gifted amateur trips them up and dials it again a notch higher.
I'm glad these people are around.
"In the case of a hammer you could try to prevent beginners from hitting their own thumbs by suggesting they hold it with two hands but that only means the threat now moves to their toes, but I'm getting a bit off track here."
Just a bit off track ... but a good place to add something useful ... When first teaching someone to split wood, put them on their knees in front of the log, and the base of the log at ground-level. That way, when they miss the target, the sledge or axe strikes the ground, not their shins or feet. Saves on hospital visits. The actual loss in impact force is minimal, as measured by me, using a couple nieces & nephews, and a couple of adults as test subjects (that's strikers, not strikees).
I buried a cutting block in the ground out at the woodshed just for this.
Our corporate safety overlords attempted to stop people hitting themselves with hammers by requiring the use of extra devices to distance hands from striking area - called finger savers, not going to bother googling to check what results come up -
They do enable you to smack the utter shit out of your target without concern for your stabilising hand, but I have been hitting stuff with hammers for a long time now, and firmly believe its better to know what you're doing, and apply the right amount of force, rather than encourage people to just go nuts.
Also, it turns a one handed job (grab and hold item to be hit) into a two handed job of attaching the finger saver device.. which is as sensible as a car that requires both hands to change gears..
icon.. thumb - do not hit.
Ages ago I found out quite by accident that if you try and send a segment of an Enigma encoded message through SMS, odd things happen to the phone.
For maybe 2 days many of my messages didn't get through, receive worked but not send.
When I did finally get it to work the message was mysteriously not in the Sent box, along with a handful of messages either side of it in date/time range.
Was copied off a piece of paper so hard to tell as wasn't able to decode it.
Ended up sending on another social network which did work.
AC because you just never know who might be reading this.
FooCryptMsg_1_157_U2FsdGVkX1+36rzplewIdLHPPmIbdq6xT8COe71BS8HTHI940T895ATLPsgHcGBJ
FooCryptMsg_2_157_0ViJoM3YkcsplR2ON1BziyjjhJHlcnpX3zdWSgrYGp4R9KJ4Yk2ngH0h1hsxEcRu
<-- cut due to character limit --->
FooCryptMsg_153_157_sDUpsz5hVdzkGXql1iEE2YiLj1oHGS8o5ACqVjzpGvrdaUTg1KpxAxY/V35rFdax
FooCryptMsg_154_157_QwykDhJj51qrM1vzDtStTXjNV4j7nUMpm9izqGCiflTtng1lD/X6z73vH3WZz8Fd
FooCryptMsg_155_157_TP/hzLKZQp7KhAVla/pQisFEI6CZt+lj3feQlRL9vzDIMcIZ3WNiuEdMH9D+KYDT
FooCryptMsg_156_157_5uIn5gwMtCh0Hcf9fx3//g==
FooCryptMsg_157_157_1691C6A45A05C402B81BFC1844E39E08DE3B313D838D181BA94BC6F1F18CFCE9
The world is already behind the 8 ball with Post-Quantum-Cryptography sneaking up on us all, and Australia is last in the queue due to the current government policies on encryption based technologies.
The European Union Agency For CyberSecurity has recently released a study 'Post-Quantum Cryptography: Current state and quantum mitigation' [ https://www.enisa.europa.eu... ] which states under 'Quantum Mitigation' :
"If you encrypt data that needs to be kept confidential for more than 10 years and an attacker could gain access to the ciphertext you need to take action now to protect your data. Otherwise, security will be compromised as soon as the attacker also gets access to a large quantum computer. "
And also mentions that the 5 most likely Quantum Algorithms are around 2 -3 years off being finalised as a final NIST recommended cipher to tackle Quantum+ Proofing via single algorithm ( Cipher ).
Given that according to The ENISA if an adversary collects your encrypted data today, they will be able to notationally decrypt it at around 10 years from now, but in reality it would be within the 5 - 10 years time frame, surely the Australian Government should be assisting the Australian Public / Private sectors and protecting Government Data, by highlighting the serious problems around stolen data and trying to assist the Australian Public / Private sectors with a proven 'Quantum Mitigation' solution, rather than continually running scare campaigns and hammering the Cryptography and Steganography Sectors in Australia, by associating their solutions as just a tool that is used by non law abiding citizens / entities.
--
Mark A. Lane
Founder, Cryptologist, Software / UNIX Engineer @ FooCrypt, A Tale of Cynical Cyclical Encryption
Australia's only, Quantum+ Proof / Secure Cryptography and Steganography Software Solution
( which also has obtained 3 legal Defence Export Control assessments / permits by the Australian Department of Defence, Defence Export Controls & Australian Signals Directorate )
When I saw
"Privacy creates agency. When you can communicate privately, your potential actions grow. Someone who cannot communicate privately cannot reach out for the assistance of others."
I expected an argument showing how BAD people are given free rein to organise, to share information about how to be more Bad, and so on
then the quote
"The ACIC went on to state, “These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to obscure the identities of the involved criminal entities and enable avoidance of detection by law enforcement…"
Bad grammar. Try reading it through more squinty eyes and you get "SOC [serious and organised crime] groups use these platforms almost exclusively..."
which is (almost) clearly what they meant to say.
And my point is...
Very bit of tech we've made has a dark side. Our desire to keep our conversations private is reasonable - until BAD people also want to keep their conversations private. Citizens want to be safe from these bad people, and in the past, the GPO operator could listen in, and track down bad people and forestall bad things happening. Not so now.
And the authors assertion that law enforcement still functions is a bit laughably naive. I can sit here being a criminal mastermind, using all that free and available encryption, and the globalisation that is the internet, and the law won't ever find me. A click here, a click there, and the proceeds move between national boundaries, into and out of crypto currency and the paper trail is shredded. My location defined by IP and mac addresses is unfathomable. My lifestyle is not ostentatious.
For the benefit of GCHQ, I am NOT a mastermind, but I accept, if not welcome the idea that everything on the 'net should be transparent and available to police (and bent coppers) for the sake of cleaning up the Bad people in society and preventing them getting the oxygen of privacy. (and to stop them breeding - but that may be a bit radical until 2057)
Now, where did I leave the cat?
Have a upvote for that very clear and comprehensive "state of nations" address, TechHeadToo, which does advise them all that they are compromised and extremely vulnerable to all manner of novel program attack and SCADA systems administration exploitation/virtually remote machinery manipulation.
Quite why anyone/anything would think it worth downvoting is one of those mysteries shrouded in the madness and mayhem manifest in many a mind mined and exhausted of much in the ways and means of good reason and plain common sense ........ whenever good reason and plain common sense are two of the magic source core ores that delivers a perfect existence for a pleasant life span and heavenly time in some of the most devilish of attractive spaces.
Meanwhile in the USA....I would like to sell them a government load of FooCrypt, to satisfy their 6 months deadline ;)
https://www.linkedin.com/pulse/what-quantum-mitigation-mark-a-lane
United States: The White House: Executive Order on Improving the Nation’s Cybersecurity
https://lnkd.in/e_bnsQH published yesterday May 12, 2021
This is a large document (8,000 words) and I note that the word "Encryption" appears 7 times, in §3(d) and §4(e) and §8(b), quoting portions of each below.
§3(d)
Within 180 days of the date of this order, agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.
§4(e)
Within 90 days of publication of the preliminary guidelines pursuant to subsection (c) of this section, the Secretary of Commerce acting through the Director of NIST, in consultation with the heads of such agencies as the Director of NIST deems appropriate, shall issue guidance identifying practices that enhance the security of the software supply chain.
§8(b)
Logs shall be protected by cryptographic methods to ensure integrity once collected and periodically verified against the hashes throughout their retention.
Privacy creates agency. When you can communicate privately, your potential actions grow.
Publicity creates urgency. And kickstarts agencies into private communications with growing potential actors. And if you into catching Juicy Lucy type worms, long before anyone even knows what they are missing and missing out on, be early and quick off the mark in Great Games Play with all, or as many of those growing potential actors as is possible.
Someone who cannot communicate privately cannot reach out for the assistance of others. Left to their own devices, they will be easy pickings for the predations of enemies. If you want to disempower someone, make it impossible for them to maintain any privacy.
A practical alternative to all that implied secrecy which is preventing rapid progress with outside assistance is to communicate actions undertaken and processes both pending and resulting from subsequent reactions and interactions very publicly.
You then can expect to harvest the advantage and benefits of the thoughts proposing future potential actions from both negative threatened and threatening opposition and positive supportive competition alike, which are both extremely valuable assistance for rapid progress, should they be bothered and feel it necessary.
And one immediately discovers and uncovers all that is liable to be bad and doggedly opposed and everything that is going to be great and enthusiastically encouraged and energetically supported, by natural default of the open publicity process.
I find ACIC's comment that cryptographic apps on the internet are almost exclusively used by criminals to be criminally wrong!
Any time you use a web site with "HTTPS" you are using a cryptographic application. And almost all web sites (including El Reg) do that. Any that still use plain old HTTP cannot be trusted!
I use encrypted chat apps, because I value my privacy. I have yet to do anything criminal with them. Same for my friends and associates.
If the government breaks cryptography by forcing the use of back doors we will all lose!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
