Yes!

Don't ignore the tools, use them. Understand them. Expose weaknesses, just as I did. Don't think the solution to tools is a better tool. Better is meaningless. Better is very often worse.

Your solution, which you look like you're trying to shame me with, is TERRIBLE. Imaging everyone spamming the networks constantly with random messages. Oh wait- they already do that, it's called spam. Lets fill the bandwidth limited fat pipes with random, so that signal is obscured. Good luck trying to do anything useful.

Furthermore, a little Shannon style filtering and you can easily defeat that. You know, if only a few people all use one technique, they stand out like a sore thumb. Hide in crowds: Facebook has its uses.

More advice: Don't provide recipes for anything. People are easier to track when they follow directions, do the same thing over and over. Best advice I got out of 9/11 era Bernie Kerik was to be random: don't always take the same route. Don't develop habits. Thieves and other bad guys rely on you following patterns so that they can find the right moment to strike. And meta: don't always be random. Don't accept pre packaged anything all the time, that's garbage. Bake your own.

As soon as someone says "solved", tell them to GTFO. Three hackers have already cracked it. But there are things you can do.

The while benefit of the realm of shared experience is that it plays to the strength of one time pads for encryption. Learn about the history of crypto and one time pads, and arm yourself. They can take your freedom, but they can't take your intelligence, ingenuity, or creativity; and an intelligent or creative person is forever free.

Matt



On Wednesday, June 12, 2013, Paul Ivanov wrote:
Hi Matt,

Matthew Harbowy, on 2013-06-12 16:17,  wrote:
> I'm mystified how any of this helps.

There is no silver bullet, so those recommendations won't be some
magical privacy pixie dust you can just sprinkle and feel warm
and fuzzy about, but at least encryption helps you secure the
content of your communication (not the fact that communication
occurred).

One can imagine even the latter being obscured. I could automate
the sending of randomly generated encrypted messages at a
particular time of day (say at 16:17), but have that process be
pre-empted by a real message, should I choose to send one (so not
my randomly generated message gets sent out, but the one I want
to actually send). One drawback, of course, is that if I queued
up a message at half past four, it would be almost 24 hours
before it got sent. (Though the upshot of a protocol like this
would be that the intended recipient would know they'd only have
to check their email once a day, if they're interested in
receiving messages from me)

Should more frequent communication be desired, you could switch
to sending gobbledygook messages  at a certain minute of every
hour. Of course, the recipient has to "wade" through potentially
more random messages with that, but that's the price you pay.

> So, for my vote, following recommendations like this is a
> terrible idea.

Are you proposing an alternative, or should be just throw our
hands up in resignation?

best,
--
                   _
                  / \
                A*   \^   -
             ,./   _.`\\ / \
            / ,--.S    \/   \
           /  `"~,_     \    \
     __o           ?
   _ \<,_         /:\
--(_)/-(_)----.../ | \
--------------.......J
Paul Ivanov
http://pirsquared.org
_______________________________________________
sudo-discuss mailing list
sudo-discuss@lists.sudoroom.org
http://lists.sudoroom.org/listinfo/sudo-discuss