D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT surveillance

 

On Wed, Jun 26, 2013 at 9:03 AM, Kai Hendry wrote:
> Well as you know email traffic isn't encrypted. There seems to be
> backdoors even every major provider, so if they wanted to see all your
> email at sweetwatergeek@xxxxxxxxx they could.

Yes. The NSA can, because they have a backdoor at Google. GCHQ taps
everything that leaves or enters the country at Bude. That doesn't
help read what I send to a fellow Gmail user.

Of course they get a partial picture - if I send an email to a users
who uses a mail server based in the UK, it's out there for GCHQ to
read - and perhaps I underestimate the 'usefulness' of this partial
picture. (And they do of course have access to whatever the NSA
provides them with.)

> As for SSL, people have speculated that the root keys with Verisign
> and co. is an obvious flaw amongst others.
> http://revk.www.me.uk/2013/06/can-they-see-what-i-am-doing.html?showComment=1372017775406#c3038302101798240152

Yes, root keys at CAs introduce a single-point-of-failure. It means
the NSA could create their own certificate for gmail.com and have all
out traffic go through their servers. 99.999% of people wouldn't
notice, because their browsers wouldn't complain about anything.
(Actually, in Gmail's case Chrome might.) But that 0.001% that does
notice is large enough to make a huge fuss.

So I'm pretty sure they're not doing this.

> Don't want to get too bogged down in the technological details, as I
> think that's not where the solution lies. Surely telling our
> government to stop watching us is far more prude?

Ideally yes. In practise, even in the best of cases it would take some
time for such a thing to get through and then you'd only have to
believe them not to do this. And to be honest, I don't think we are
likely to achieve this at the moment: it doesn't seem to be high on
the political agenda, and if it was, we'd still have to hope it were
on that of the US Congress too.

So I think knowledge of technological details matters, as it helps us
find ways to defend ourselves against surveillance.

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq