On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz <r...@iit.edu> wrote:
> Scenario: you, Alice, realize you're under NSA surveillance. You need to > get a crucial bit of information to your friend Bob, right away. > You've been using PGP, but now you suspect the NSA may have installed a bug > on your machine. Your keystrokes are being recorded. > Can I play devil's advocate for the NSA here, since you've evoked a battle with a state-level entity? The NSA is coordinating with the FBI to actively surveil every single movement of Alice and Bob, 24/7, no matter where they go. Alice's home is bugged. Bob's home is bugged. Every single piece of equipment they own has either been compromised with a zero day known to the NSA but not to the public, or through direct physical bugs that the FBI added to these devices while Alice and Bob were sleeping. > What can you do? Use PassLok instead. > PassLok is probably not effective in the above scenario. > Alice should be able to go to the local library > The FBI surveils Alice as she goes to the library, notes what computer in the library she is about to sit down at, and relays this information to the NSA. The NSA bypasses the library firewall with a zero day, looks up the IP address of this computer promptly uses a zero day to take complete control of this computer. or borrow someone else's smartphone > The NSA has already owned the cell phones of every one of Alice's friends using their enormous library of zero days. Alice can't win against a state-level adversary, sorry. This isn't an indictment of PassLok so much as evoking the NSA as an adversary in this sort of scenario. You won't win, sorry. -- Tony Arcieri
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
