avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • June 25, 2019, 11:01 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Marbux [ switch to compact view ]

Pages: [1]
Right now we don't really know how secure any encryption system is ...

Agreed. But we do have recommendations from leading computer security folk that we use strong encryption anyway. Also, Edward Snowden has said repeatedly that NSA has only limited ability to decrypt strong encryption because of the computing resources required. See for example, this article by Electronic Frontier Foundation security guru Bruce Schneier that also contains recommendations for what we can do to improve our data security. Plus, one of the things that has come out of the disclosures is that because of the computing resource problem, NSA stores indefinitely all encrypted traffic it encounters for future decryption if necessary. That factor strongly suggests that strongly encrypting as much internet traffic as is feasible is a valid form of protest that dilutes NSA's effectiveness, by cramming NSA's systems with stuff that has no intelligence value.

There's also the factor of voting with our feet, by ending our use of potentially insecure hardware and software produced in the U.S. to the extent feasible. The big U.S. cloud services and digital hardware manufacturers have received that message loud and clear from deserting users, to the point that they have become strong lobbyists in Congress for curtailing NSA surveillance powers and are implementing strong encryption themselves to beter protect their users. That trend has been strengthened by efforts under way by government in the E.U. and Brazil to encourage development of secure products that compete with U.S. companies' products and to create secure networks for the use of their citizens, in effect Balkanizing the internet. The U.S. government's ability to oppose such efforts at the World Trade Organization is severely limited by inclusion in all of the WTO trade agreements of a clause that exempts from trade agreement restraints actions taken to protect national security. By declaring U.S. products a threat to national security, other nations are able to adopt trade restrictions that would otherwise be prohibited.

So I've begun a process of withdrawal from U.S. based cloud services and am working toward replacing them either with client-side only software or with foreign cloud services that feature end-to-end encryption. I'm particularly interested in services based in Switzerland because I have extensively researched digital privacy rights there. (I'm a retired lawyer.) Switzerland has very strong digital privacy laws and a culture with a tradition that respects confidentiality; see e.g., their banking secrecy laws. Moreover, Switzerland is in the process of joining the E.U. and is far enough along in that process to have adopted the E.U. Human Rights treaty, which gives strong protection for digital privacy rights, but not yet far enough along to have adopted other E.U. treaties that create some exceptions in the Human Rights treaty. So my research suggested strongly that cloud services offering end-to-end encryption with their servers based in Switzerland are far more likely to be secure than services in NATO nations.

If you are interested in following a similar path, you might check out Wuala and the new ProtonMail service, whose business and servers are also based in Switzerland. That service also features end-to-end encryption. It's still in public beta, but I like the direction they are moving with their security model.

Never underestimate the power of the buddy system and quid pro quo when it comes to governments and police agencies. ...

I try not to. As a retired lawyer who specialized in civil rights and frequently sued the U.S. government, I'm all too keenly aware of that problem. My solution is partially discussed above. But I'm also doing more and more of my work these days on a Linux system that is air-gapped from any network and can communicate with my other systems only via thumb drive or CD/DVD drive. I'm becoming increasingly selective about what I expose to networks.

Right now, I think the best most people can do is to take a much harder look at security practices and minimize risks of privacy intrusion by our federal peeping Toms and other bad actors. I think time will tell whether my choice to favor Swiss cloud services was the best choice. I give a fair bit of weight to the fact that Switzerland and its populace have a strong tradition of respect for the privacy of information and a long tradition of neutrality in military matters. The Swiss government has strong incentives to crack down on any "cop" who abuses his authority in that regard.   

But in the final analysis, to me it's a stark choice between resistance and acquiescence when faced with outrageous government conduct. I'm not psychologically suited to play the helpless role. As the amazing Helen Keller said: "Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing." Our system of government depends on citizens pushing back. "It is the responsibility of the patriot to protect his country from its government." --- Thomas Paine.

I use multiple operating systems so to make my top 4 it has to be a multi-OS program.

All of the above are multi-platform and Lua scripts are cross-platform unless they make OS-specific calls. So my cross-platforms scripts are all shared via Wuala. Lua itself has a tiny executable (160-180Kb) running in a VM and executes at speeds that approach that of C for many functions.  FWIW, I'm the maintainer of a web page that will hopefully someday catalog all user-level programs that are written in or are extensible with Lua. (I'm still in catch up mode.)

Pages: [1]