On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz <r...@iit.edu> wrote:

> Scenario: you, Alice, realize you're under NSA surveillance. You need to
> get a crucial bit of information to your friend Bob, right away.
>
You've been using PGP, but now you suspect the NSA may have installed a bug
> on your machine. Your keystrokes are being recorded.
>

Can I play devil's advocate for the NSA here, since you've evoked a battle
with a state-level entity?

The NSA is coordinating with the FBI to actively surveil every single
movement of Alice and Bob, 24/7, no matter where they go. Alice's home is
bugged. Bob's home is bugged. Every single piece of equipment they own has
either been compromised with a zero day known to the NSA but not to the
public, or through direct physical bugs that the FBI added to these devices
while Alice and Bob were sleeping.


> What can you do? Use PassLok instead.
>

PassLok is probably not effective in the above scenario.


> Alice should be able to go to the local library
>

The FBI surveils Alice as she goes to the library, notes what computer in
the library she is about to sit down at, and relays this information to the
NSA. The NSA bypasses the library firewall with a zero day, looks up the IP
address of this computer promptly uses a zero day to take complete control
of this computer.

or borrow someone else's smartphone
>

The NSA has already owned the cell phones of every one of Alice's friends
using their enormous library of zero days.

Alice can't win against a state-level adversary, sorry.

This isn't an indictment of PassLok so much as evoking the NSA as an
adversary in this sort of scenario. You won't win, sorry.

-- 
Tony Arcieri
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Reply via email to