1 00:00:00,593 --> 00:00:07,507 It's really awkward to talk directly into a camera. I spend most of my life trying to avoid surveillance, so... 2 00:00:07,507 --> 00:00:12,292 I'm sorry to say I can't be with you in person, so we'll have to do with this video feed. 3 00:00:12,292 --> 00:00:17,590 Basically, I guess if John has given a good intro, and I suspect that he has, 4 00:00:17,609 --> 00:00:21,314 then you understand that the situation is a little precarious for me, 5 00:00:21,314 --> 00:00:26,621 and returning to the U.S. at the moment for me due to my journalistic work with Der Speigel is a little difficult. 6 00:00:26,621 --> 00:00:29,422 So I split my life into two basic parts. 7 00:00:29,445 --> 00:00:35,845 One is that I work as a free software developer, and generally as a free software advocate, with the Tor project. 8 00:00:35,870 --> 00:00:40,584 It's also the case that I work with Der Spiegel, and also as a freelance journalist with several other 9 00:00:40,600 --> 00:00:45,035 publications, and lately I've spent my time doing research into the NSA's surveillance. 10 00:00:45,045 --> 00:00:49,825 I've interviewed Edward Snowden, and I've published basically a bunch of information. 11 00:00:49,836 --> 00:00:55,774 Stuff that previously we used to think was paranoid crazy-talk, and now we learned that the paranoid crazy-talkers 12 00:00:55,774 --> 00:01:03,980 were not paranoid enough. So I guess for me the goal of this conversation, if we could call it that 13 00:01:03,990 --> 00:01:10,690 when I'm just talking directly into a camera awkwardly, is that I wanted to say that the people that are writing free software 14 00:01:10,709 --> 00:01:16,379 are actually writing the future. It's a little awkward to say that, but it's true. 15 00:01:16,407 --> 00:01:21,352 As an example, I use a free software laptop. It's an X60 16 00:01:21,371 --> 00:01:26,903 and this laptop is, as far as I can tell, about as free as you can get a laptop. 17 00:01:26,934 --> 00:01:32,830 It has coreboot, it has Debian GNU/Linux, it is not using any binary blobs, 18 00:01:32,844 --> 00:01:38,049 it is, to the best of my ability, liberated from proprietary software. 19 00:01:38,063 --> 00:01:44,260 It's pretty good, but it's also many years old, and it's also the case that it's very difficult to 20 00:01:44,265 --> 00:01:48,873 do forensics on a machine like this to know if it has been compromised. 21 00:01:48,891 --> 00:01:52,361 It is the case, though, that I can do that at all because of free software. 22 00:01:52,409 --> 00:01:57,691 It's possible to begin to build something secure with free software, where I can verify 23 00:01:57,692 --> 00:02:03,213 and build things from source, where I can look at the source to see exactly what an attacker might try to do 24 00:02:03,268 --> 00:02:05,682 with the programs that are running on my computer. 25 00:02:05,703 --> 00:02:10,320 So the four freedoms here are incredibly important, especially for the work that I'm doing. 26 00:02:10,366 --> 00:02:14,910 Now, given the difficulty of setting up this webstream, I think it's clear that I've done a pretty good 27 00:02:14,910 --> 00:02:19,065 job of making sure there's no microphones. I removed the microphone from this laptop for example, 28 00:02:19,072 --> 00:02:23,637 until I plugged another one in. I've done a pretty good job of that. But it turns out that 29 00:02:23,710 --> 00:02:28,771 this is actually really hard for people who have never programmed in C, 30 00:02:28,792 --> 00:02:33,102 or for people that do not really understand how to program their home computer 31 00:02:33,179 --> 00:02:39,980 and beam themselves into the future. So, part of what I wanted to do was to inspire some people today to think about 32 00:02:39,980 --> 00:02:46,780 what they can do to make this problem of mass surveillance, for example, something that 33 00:02:46,798 --> 00:02:50,939 is different. That is, something where there isn't so much hopelessness. 34 00:02:50,939 --> 00:03:02,265 It's a little strange, because I feel like, for many years, the free software community is the only one that has really cared about privacy. 35 00:03:02,281 --> 00:03:08,575 The free software community builds decentralized or federated solutions and works really on 36 00:03:08,575 --> 00:03:14,004 solving problems of the four freedoms, but how those four freedoms touch the rest of our lives. 37 00:03:14,004 --> 00:03:21,390 And so, when I think about what's possible, I think the main problem right now is usability. 38 00:03:21,390 --> 00:03:27,737 So, in this regard, to set up this stream, which is broadcasting over Tor, or if you connect to the Tor hidden service 39 00:03:27,753 --> 00:03:34,040 which I've also set up, you can watch this video directly, without knowing my location. 40 00:03:34,040 --> 00:03:42,296 That was so difficult to set up that it took me the better part of the day to actually accomplish that. 41 00:03:42,346 --> 00:03:47,056 It's not that GStreamer is a bad piece of software, it's just that it's extremely complicated. 42 00:03:47,065 --> 00:03:54,001 A simple user interface, for example, would have made a world of difference, such that people who are using other 43 00:03:54,009 --> 00:03:58,841 video streaming solutions, such as proprietary solutions like the NSA PRISM partner Skype, 44 00:03:58,879 --> 00:04:03,630 those people might choose something else. If this was integrated into Debian GNU/Linux, 45 00:04:03,635 --> 00:04:10,469 and all you needed to do was download Tails or to install Debian, then it would be the case that you could very easily 46 00:04:10,504 --> 00:04:15,606 convince people to do it securely, in a decentralized fashion. That's something that at the moment, 47 00:04:15,634 --> 00:04:22,704 I think, is very far away. If it takes me the better part of the day, that means that it will take Glenn Greenwald an infinite amount of time. 48 00:04:22,704 --> 00:04:29,242 It will probably never happen, actually, with all due respect to Glenn. When the software is so complicated, it turns out 49 00:04:29,262 --> 00:04:34,642 that he'll choose something that's less complicated. And so usability is a fundamentally important way 50 00:04:34,722 --> 00:04:39,767 that we can ensure that users will basically care about the four freedoms, because once everything 51 00:04:39,767 --> 00:04:44,231 they do is working well in free software, why would they choose proprietary software? 52 00:04:44,269 --> 00:04:50,840 Usually it is the case that they won't. In fact, there are many people who are Tails users, but they have to switch to 53 00:04:50,909 --> 00:04:54,942 proprietary systems, they feel, for the usability of something like Skype. 54 00:04:54,965 --> 00:05:00,687 So, I mean, why? What's going on that all of these things are necessary? 55 00:05:00,687 --> 00:05:04,119 I suppose you've all heard the bad news. 56 00:05:04,133 --> 00:05:10,223 And the bad news is that the Internet is under, essentially, total surveillance. 57 00:05:10,244 --> 00:05:15,136 And what I mean by that is not, let's say, the traditional version of surveillance, 58 00:05:15,144 --> 00:05:19,431 where you have a person, and the person is inspecting things, it's looking at things, it's taking notes. 59 00:05:19,462 --> 00:05:25,772 Rather, the mass surveillance that is happening now is in the form of deep packet inspection. 60 00:05:25,817 --> 00:05:31,372 Now, all around the world, there exists a series of systems that are run by the National Security Agency, 61 00:05:31,372 --> 00:05:38,273 GCHQ, CSE, DSD, and other agencies. Those are just the ones we could call "friendly" agencies, 62 00:05:38,278 --> 00:05:43,184 if you can call mass surveillance friendly, but you could say it's a kind of social concern, so let's say 63 00:05:43,184 --> 00:05:48,758 that they're friendly. Then there's the rest of the world, and what's happening with those systems. 64 00:05:48,758 --> 00:05:52,883 We don't know a lot about the rest of the world's systems, but thanks to the courage of Edward Snowden, 65 00:05:52,883 --> 00:05:56,418 we do, for example, understand a great deal about the NSA's surveillance. 66 00:05:56,418 --> 00:06:00,014 And one of the things that we understand is that it violates the Fourth Amendment. 67 00:06:00,016 --> 00:06:05,346 At least on its face it seems clear that it is an unreasonable search and a seizure. 68 00:06:05,346 --> 00:06:11,018 That is, it takes data from the Internet, sometimes through fiber optic splitters, things like Glimmerglass-related devices, 69 00:06:11,018 --> 00:06:16,952 where they copy information from fiber optic lines onto another line. It then inspects the data, 70 00:06:16,952 --> 00:06:22,711 that is, it has seized the data and then it, I believe, unreasonably searches through the data. 71 00:06:22,711 --> 00:06:29,702 It does this looking for selectors. So, for example, if you happen to be Chancellor Merkel, that is the German Chancellor, 72 00:06:29,702 --> 00:06:36,091 you would have had your phone number as one of those selectors, and anytime any flow of traffic passed by one of these 73 00:06:36,091 --> 00:06:44,311 sensors—that is the turbine, turmoil, turbulence architecture of sensors—your data would be selected, 74 00:06:44,311 --> 00:06:50,572 and that selection would ensure that your data flows that are associated with that would be recorded forever. 75 00:06:50,572 --> 00:06:54,983 So if you know about the Bluffdale, Utah complex, you'll know for example that 76 00:06:54,983 --> 00:07:00,560 the NSA is building very large computation centers, not just for attacking cryptographic systems, 77 00:07:00,560 --> 00:07:06,833 but also for recording data that they cannot currently attack, in hopes that when that encrypted data 78 00:07:06,833 --> 00:07:12,934 is interesting to them, or when they have a cryptographic breakthrough, they'll be able to do something 79 00:07:12,939 --> 00:07:17,195 with data that previously was just noise to them. So this tells us a couple things. 80 00:07:17,195 --> 00:07:20,947 One of the things that it tells us is that we are in a lot of trouble. 81 00:07:20,947 --> 00:07:26,640 There are proprietary software solutions which, according to some of the documents leaked by Edward Snowden 82 00:07:26,640 --> 00:07:30,532 and published by Glenn Greenwald, there are proprietary software companies that are 83 00:07:30,560 --> 00:07:36,132 what are called SIGINT enabled. That is to say that they believe that when they sell you a security product 84 00:07:36,132 --> 00:07:40,324 that it's somehow not false advertising to have willingly broken the system. 85 00:07:40,324 --> 00:07:46,722 So that's a really serious problem. It tells us, for example, that proprietary software definitely has backdoors. 86 00:07:46,746 --> 00:07:51,932 Unfortunately Glenn did not release the name of that company, or the companies that are involved, 87 00:07:51,956 --> 00:07:58,432 but it should be extremely obvious that, if you were to guess, you probably wouldn't guess incorrectly. 88 00:07:58,442 --> 00:08:03,070 And if you were to guess, you would probably understand that it's not a free software product. 89 00:08:03,076 --> 00:08:09,215 That is, if you look at free software, you can find the problems. If someone were to add a backdoor, 90 00:08:09,215 --> 00:08:14,675 while it might not always be obvious if they're very sneaky about it, it is significantly more difficult 91 00:08:14,675 --> 00:08:20,900 to add a backdoor to a free software project than it is to add one to a proprietary hardware or software device. 92 00:08:20,900 --> 00:08:28,230 So, when we start to see that our security solutions are actually not security solutions overall, 93 00:08:28,230 --> 00:08:34,174 one of the things we'll notice is that it's not just the NSA or GCHQ that will be exploiting these systems. 94 00:08:34,174 --> 00:08:41,160 It's actually lots of different people. So for example, now that you guys know about the Dual EC DRBG backdoor, 95 00:08:41,160 --> 00:08:46,000 there is a very good chance that someone in the audience is working on attacking it and breaking it. 96 00:08:46,003 --> 00:08:53,732 And if you happen to have, for example, copies of traffic that were encrypted with that, as the seed for 97 00:08:53,762 --> 00:08:57,064 the random number generator, you may be able to exploit it. 98 00:08:57,070 --> 00:09:02,454 So this is ultimately a kind of security by obscurity, in hopes that by adding this backdoor, only the good guys, 99 00:09:02,454 --> 00:09:08,440 allegedly, they will be the only ones to break it. In reality, it doesn't work that way. 100 00:09:08,440 --> 00:09:12,990 So we have a sort of tension here between signals intelligence and communication security. 101 00:09:12,990 --> 00:09:17,580 On the one hand, we have signals intelligence collecting as much data as we can 102 00:09:17,580 --> 00:09:21,865 from those aforementioned deep packet inspection systems. And on the other side, we have 103 00:09:21,865 --> 00:09:27,894 communications security tools which allegedly are protecting us, but it turns out some of them are SIGINT-enabled. 104 00:09:27,894 --> 00:09:34,540 So what is there to be done about this? It seems quite clear to me that free software and free hardware, 105 00:09:34,540 --> 00:09:40,679 that is free and open hardware, where things are freely specified, where it's possible for you to fab your own hardware 106 00:09:40,679 --> 00:09:45,102 in a factory of your choosing, in a country of your choosing, with parts of your choosing, 107 00:09:45,102 --> 00:09:49,624 where you can verify them, that is clearly the right direction to go. 108 00:09:49,624 --> 00:09:55,151 Because it is not just, let's say, again, so-called legitimate authorities that are doing this. 109 00:09:55,151 --> 00:10:02,000 It's probably a lot of other people as well. We just happen to know there is absolutely, for certain, one set of people 110 00:10:02,000 --> 00:10:08,264 that are doing it. And so free software in particular has given, I would say, some leverage. 111 00:10:08,264 --> 00:10:13,510 That is, it has allowed regular people to be able to communicate securely in a time of 112 00:10:13,510 --> 00:10:19,900 complete and total mass surveillance. So, for example, things that work: cryptography does 113 00:10:19,900 --> 00:10:24,765 actually work. If it is not signals intelligence-enabled, that is SIGINT-enabled, 114 00:10:24,765 --> 00:10:33,432 it is the case that the mathematics behind DSA, RSA, Diffie–Hellman, those seem to not be broken when you 115 00:10:33,432 --> 00:10:38,231 use appropriate key sizes. That's very good news, because in an age of mass surveillance, 116 00:10:38,231 --> 00:10:46,971 the only thing that stops the surveillance is making the surveillance worthwhile. That is, if it's extremely 117 00:10:46,971 --> 00:10:54,033 valuable for everyone to spy, they will spy. If it's a lot of noise, if the searching for selectors doesn't work, 118 00:10:54,033 --> 00:11:01,764 it changes the game significantly. At the moment, not every single byte of data is recorded forever. 119 00:11:01,764 --> 00:11:07,633 There is clearly some attempts to do that, and that is something that we need to cope with. 120 00:11:07,633 --> 00:11:12,366 From a cryptographic perspective, we need to think about it, I think, on the hundred-year crypto timeline. 121 00:11:12,366 --> 00:11:16,232 This is something that Zooko has been working on and I think is a really good idea. 122 00:11:16,307 --> 00:11:23,732 But we have to imagine that all of the things we do are being recorded for all time, and with that, we need to react appropriately. 123 00:11:23,732 --> 00:11:29,501 So if you, for example, work on a free software chat client, it should have off-the-record messaging built into it. 124 00:11:29,501 --> 00:11:34,931 If, for example, you build a web browser, it should be compatible with the Tor network. It should not be 125 00:11:34,931 --> 00:11:41,100 compatible, for example, with the proprietary Flash player first. Unfortunately, on balance, what we see 126 00:11:41,100 --> 00:11:46,600 is that people are often more concerned with making things work with Flash than with allegedly 127 00:11:46,600 --> 00:11:53,133 paranoic tools like the Tor project and all of its software, like the Tor network. This, I think, is 128 00:11:53,133 --> 00:11:58,332 kind of sad, but I think that we can turn this around and change it, and we need to look at the crypto 129 00:11:58,332 --> 00:12:03,900 that we actually use. So, for example, for a Jabber server, it should be using forward secret crypto. 130 00:12:03,900 --> 00:12:09,300 So, if you have TLS, it should be used in a forward secret mode. Because it isn't just passive surveillance, 131 00:12:09,300 --> 00:12:15,463 though that is a very core and serious thing, it's also active surveillance. The turbulence architecture that 132 00:12:15,463 --> 00:12:21,500 I mentioned, I detailed a little bit in my reporting at the 30C3 and also in Der Spiegel at the end of last year. 133 00:12:21,500 --> 00:12:27,000 And what we see is those selectors that I mentioned before, let's say your phone number or your email 134 00:12:27,000 --> 00:12:31,095 address... I wish I could see the audience because I'd ask you to raise your hand, and say "how many 135 00:12:31,095 --> 00:12:37,732 of you are sysadmins?" Obviously some of you are, someone raised their hand. So the NSA is probably 136 00:12:37,732 --> 00:12:41,634 targetting you, if you're a system administrator for any system that is interesting. 137 00:12:41,634 --> 00:12:48,887 And it is the case that if you were to have some credentials for an interesting network, and you are 138 00:12:48,887 --> 00:12:55,037 being targeted, one of the ways that you will be targeted is that you will be targeted by an analyst who looks 139 00:12:55,037 --> 00:12:59,900 for selectors. They look for your federated logins, they look for your centralized logins, they look for 140 00:12:59,900 --> 00:13:06,133 all kinds of information, and it is the case that they program this, essentially, into a targeting system. 141 00:13:06,133 --> 00:13:10,133 And that targeting system will automatically attack you. It will do man-in-the-middle attacks, 142 00:13:10,133 --> 00:13:15,132 it will do man-on-the-side attacks. It appears that they have certificate authority resources so that 143 00:13:15,132 --> 00:13:19,332 they can do man-in-the-middle attacks on SSL, which tells us that we really need to work on things like 144 00:13:19,332 --> 00:13:27,600 TACK and SSL cert pinning, that's very important. If, for example, we notice though, crypto changes 145 00:13:27,600 --> 00:13:32,733 the way the selector-based surveillance can even function. If, for example, you note that all of my traffic 146 00:13:32,733 --> 00:13:37,970 right now is going through the Tor network, and in many cases people, three people at the moment, are connected 147 00:13:37,970 --> 00:13:43,900 to the Tor hidden service for this video feed, there is no possibility for selector-based injection. 148 00:13:43,900 --> 00:13:50,000 That is, it's just TLS traffic, the network distinguisher is pretty close to normalized across 149 00:13:50,000 --> 00:13:55,097 all Debian Tor users that are doing what I'm doing, which I admit, there's probably five of us in the world, 150 00:13:55,097 --> 00:14:02,401 but, you know, that changes the fundamental trade-off. That is, doing the selector-based surveillance 151 00:14:02,401 --> 00:14:08,200 will have less of a return than it previously did, or will require more targeting. And this is where anonymity comes into play. 152 00:14:08,200 --> 00:14:13,264 If you have anonymity, it becomes significantly more difficult for someone to target you. 153 00:14:13,264 --> 00:14:18,832 It's not impossible, of course, but it's... Well okay, maybe it's more than five people. 154 00:14:18,832 --> 00:14:23,966 I've got a little lag here from the IRC channel, but apparently there are a few Debian users that route 155 00:14:23,966 --> 00:14:34,665 their traffic over Tor in the audience, I hope? But if we see the anonymity benefit there, there's of course 156 00:14:34,665 --> 00:14:42,265 a downside, you know? When you have these systems, they're laggy sometimes, they're not always really seamless to work together, 157 00:14:42,265 --> 00:14:48,666 it takes a lot of specialized knowledge, again. And this returns me sort of to the key point, which is about usability. 158 00:14:48,666 --> 00:14:54,201 So one of the things that I've seen when looking through documents for this research is that 159 00:14:54,201 --> 00:14:59,865 usability and security is the worst nightmare of a signals intelligence agency. So for example, 160 00:14:59,882 --> 00:15:07,931 Tech Secure and RedPhone, by Moxie Marlinspike, those pieces of software really make the life of 161 00:15:07,931 --> 00:15:14,500 someone doing these kinds of attacks hell. At the very least, it means that they have to take what was once a passive thing, 162 00:15:14,500 --> 00:15:20,433 where they could silently record data on everyone, and they can essentially now no longer do that. 163 00:15:20,433 --> 00:15:24,601 They have to either attack his systems, which they probably will at some point, if they haven't already, 164 00:15:24,601 --> 00:15:31,000 or they have to attack each end user's system. So this means that once we start to deploy this widely, 165 00:15:31,000 --> 00:15:38,532 for everyone, it changes the balance, where mass surveillance becomes less and less economically useful for these attackers. 166 00:15:38,532 --> 00:15:44,500 And that's important, because again, even if you think the NSA is sent from heaven, if you believe in heaven, 167 00:15:44,500 --> 00:15:49,864 you have to understand that they're not the only people out there, doing these kinds of things. 168 00:15:49,933 --> 00:15:55,813 So every time, for example, an American businessman or -woman goes traveling somewhere, 169 00:15:55,813 --> 00:16:02,600 that person is effectively targeted for signals intelligence collection. Now sometimes it's not always 170 00:16:02,600 --> 00:16:07,132 targeted in the literal selector sense, but they're using systems that are SIGINT-enabled. 171 00:16:07,132 --> 00:16:12,420 Now whether or not the phone companies know is an interesting discussion. Most of them do. Most of them 172 00:16:12,420 --> 00:16:19,726 go along willingly, but the key thing is that, on balance, when you travel abroad, you basically are 173 00:16:19,832 --> 00:16:23,501 subject to the whims of all the countries where you are traveling, obviously. 174 00:16:23,501 --> 00:16:27,644 Those whims may be significantly more harsh, they may have different economic interests, 175 00:16:27,644 --> 00:16:33,431 they almost certainly have different political and legal and economic interests than what you might like. 176 00:16:33,431 --> 00:16:39,833 If you're a free software developer, and you're not an American citizen, for example, you are a target, almost certainly. 177 00:16:39,833 --> 00:16:43,564 If you are a system administrator, you are a target, almost certainly. 178 00:16:43,564 --> 00:16:48,622 And it doesn't even matter if you're an American citizen, really, though there is a slight distinction about that. 179 00:16:48,622 --> 00:16:53,715 I think that in the near future, we'll learn that that distinction is largely bogus. 180 00:16:53,715 --> 00:17:00,034 Sorry for the bad news, but... I guess it's sort of important to tie these things together. 181 00:17:00,034 --> 00:17:06,233 So, free software and free hardware, they can potentially bring some solutions into play, but it's 182 00:17:06,233 --> 00:17:11,932 not exactly clear how we get there. So for example, if you're a system administrator, you probably have a SIM card in your phone. 183 00:17:11,932 --> 00:17:16,764 This SIM card is, without a doubt, a piece of proprietary software and proprietary hardware 184 00:17:16,764 --> 00:17:24,238 that then plugs into another piece of proprietary hardware, almost always, and that runs proprietary software. 185 00:17:24,238 --> 00:17:30,300 And those are actually described, some of those cell phone systems are actually described as master and slave systems, 186 00:17:30,300 --> 00:17:37,700 where the master CPU is in fact the proprietary one and it enslaves the free software CPU, which is often Android, which is not always 187 00:17:37,700 --> 00:17:42,233 free to begin with. But if we were to say that in an ideal world you had the most free cell phone, 188 00:17:42,233 --> 00:17:48,865 you'll probably still have a baseband, which is proprietary software, with a SIM card that is proprietary software and proprietary hardware. 189 00:17:48,865 --> 00:17:55,933 So as you're doing your job, even if you have all free software for your laptop, for example, you have this 190 00:17:55,933 --> 00:18:02,133 unfortunate conundrum where, to do the basic work that you need to do, you are completely surrounded 191 00:18:02,133 --> 00:18:07,332 by proprietary hardware and proprietary software. Now, the NSA has toolkits that they can deploy 192 00:18:07,332 --> 00:18:14,115 into those SIM cards, and into the basebands, not just as a matter of exploitation but actually in some cases by design. 193 00:18:14,115 --> 00:18:19,100 Some SIM cards, for example, allow you to add an app to the SIM card without even having 194 00:18:19,100 --> 00:18:25,000 a cryptographic key or even exploiting the device, just sending a well-formed message will actually do this. 195 00:18:25,000 --> 00:18:30,133 Carson Noll, without realizing it, rediscovered this and he showed this at the CCC. 196 00:18:30,133 --> 00:18:38,632 It's almost identical to things that we showed in the Der Spiegel reporting from last year that I discussed at the 30C3. 197 00:18:38,632 --> 00:18:44,832 I gave a talk there that was called "To Protect and Infect, Part 2," and I don't want to rehash too much 198 00:18:44,832 --> 00:18:50,200 of that talk, but I would really encourage all of you to watch it, because I basically talk about the technical details. 199 00:18:50,200 --> 00:18:55,400 And the technical details are important, because in a democracy, for us to be able to understand what it is 200 00:18:55,400 --> 00:18:59,400 that we're consenting to, we need to have some concept of what it is we're talking about. 201 00:18:59,400 --> 00:19:05,367 Unfortunately the laws are not so great, and from what I can tell, some people have even called 202 00:19:05,367 --> 00:19:08,800 for my prosecution as a result of showing and discussing these things. 203 00:19:08,800 --> 00:19:13,364 Now, that went through very careful editorial control at Der Spiegel, so I don't feel too threatened by it, 204 00:19:13,394 --> 00:19:18,134 but it's an important point that people don't want you to understand how the machines that control you and 205 00:19:18,143 --> 00:19:22,465 surveil you work. They don't want you to be able to change the way that those things work, 206 00:19:22,465 --> 00:19:27,933 because it is about power. It's about controlling you, it's about controlling your machines, and it's about 207 00:19:27,933 --> 00:19:32,832 ensuring that those people stay in control over you and your devices, should they wish it. 208 00:19:32,832 --> 00:19:37,931 So, in a democracy I think it's fundamentally important for us to understand how the machines work, 209 00:19:37,931 --> 00:19:43,766 to understand how the power works, to understand what the dynamics are, to make sure that these 210 00:19:43,766 --> 00:19:47,366 devices, for example, how they're being subverted, that we understand it. 211 00:19:47,366 --> 00:19:54,300 For example, when we understand that exploitation often leads to hoarding of bugs, that means we understand 212 00:19:54,300 --> 00:20:00,534 that people are letting us stay in a vulnerable state so as to be able to exploit us. 213 00:20:00,534 --> 00:20:06,633 But many people may find those bugs and exploit us, so it is not nearly a simple thing where we say 214 00:20:06,633 --> 00:20:13,965 we cede some of our autonomy so that people will be able to do their job. You know, the local policeman needs 215 00:20:13,965 --> 00:20:18,600 to do their job, cooperate with them, for example. Because it is every local policeman on the planet. 216 00:20:18,600 --> 00:20:22,800 It is every intelligence officer on the planet, with enough of a budget or the technical know-how, 217 00:20:22,800 --> 00:20:28,833 who will be able to exploit those things. So on balance, it seems very clear that we want to build secure systems 218 00:20:28,833 --> 00:20:35,133 and not make that trade-off, because we can never actually ensure that the people who are doing this 219 00:20:35,133 --> 00:20:40,566 are acting in our best interest, are democratically in a position of authority that is legitimate, 220 00:20:40,566 --> 00:20:46,368 if, you know, you bear with me here and we say there is some authority that is legitimate... 221 00:20:46,368 --> 00:20:51,632 I know it's a free software crowd, so I like to think that some of you there apt-get install anarchism 222 00:20:51,632 --> 00:20:56,800 from time to time. But it's very important to understand that that balance is something which is not 223 00:20:56,800 --> 00:21:02,769 a part of the discussion, and a big part of ensuring that it's not a part of the discussion is to try to hide the details. 224 00:21:02,769 --> 00:21:07,932 And so for me, I think it's very important to bring out the details. It's very important to show that they use 225 00:21:07,932 --> 00:21:13,532 continuous wave generators bounced against reflectors that they've installed after stealing your mail. 226 00:21:13,532 --> 00:21:19,333 Do we want to live in a world where these people steal our mail? And where they take our laptops 227 00:21:19,333 --> 00:21:24,493 when we buy them online and add devices to them? I don't want to live in that world. 228 00:21:24,493 --> 00:21:29,532 I like to think that people that work on free software not only don't want to live in that world, they are actively 229 00:21:29,532 --> 00:21:34,090 working to ensure that everyone on the planet can choose to live in a different world. 230 00:21:34,090 --> 00:21:46,365 To get back to the point, things like the Milkymist, Novena, coreboot, these are on a spectrum of free 231 00:21:46,365 --> 00:21:53,368 hardware to, as we go down the line, free software-enabled proprietary hardware. 232 00:21:53,368 --> 00:21:59,815 Now, I use an X60 with coreboot and I removed almost all of the hardware I don't need. 233 00:21:59,815 --> 00:22:04,700 I try, for example, to get rid of anything that would need a binary blob. I think I've done that. 234 00:22:04,700 --> 00:22:10,866 This laptop, I think, only has one binary blob left, and that's in the embedded controller for the keyboard. 235 00:22:10,866 --> 00:22:15,964 I sometimes use an external keyboard that doesn't have that, although obviously that keyboard has some 236 00:22:15,964 --> 00:22:23,115 binary firmware device inside of it. Hopefully not remotely flashable. As far as I can tell, that's the case. 237 00:22:23,115 --> 00:22:31,030 Systems like the Novena, made by Bunnie, I think, are the future. That is, he has built almost entirely, 238 00:22:31,030 --> 00:22:37,100 as much as is possible at the moment, an open hardware device based on an ARM CPU, where you can fab this 239 00:22:37,100 --> 00:22:45,880 device, where you can very easily, if you are a hardware person, modify it, and you can fab this 240 00:22:45,880 --> 00:22:52,332 changed device. So that, I think, is critical. There's still a proprietary CPU, but there's a trade-off to be 241 00:22:52,332 --> 00:22:59,567 made here. So in this case, the Freescale CPU that he included is pretty fast, it's a quad-core CPU, and it 242 00:22:59,567 --> 00:23:03,684 has a hardware random number generator. Who knows if it's SIGINT-enabled, hopefully not. 243 00:23:03,684 --> 00:23:09,232 If we see this, we see that it is significantly better than, for example, the ThinkPad that's sitting in front 244 00:23:09,232 --> 00:23:13,000 of me where we don't know the designer, we don't know their intentions, we don't know for example if 245 00:23:13,000 --> 00:23:19,801 the Intel microcode, if it can be updated remotely by someone who has the key that isn't Intel. 246 00:23:19,801 --> 00:23:25,164 Probably, would be my guess, if they understand the format, if they can add backdoors, which, if they understand 247 00:23:25,164 --> 00:23:29,601 the way the microcode works and they have the key, then of course they can do all of those things. 248 00:23:29,601 --> 00:23:35,033 So there are some architectural changes in the Novena which I think are pretty spectacular for that. 249 00:23:35,033 --> 00:23:41,166 If we go all the way, I see something like the Milkymist, which for a time I used instead of as a video mixer 250 00:23:41,166 --> 00:23:52,767 but as a machine for running screen and irssi. And it actually is a FPGA device where the CPU itself is 251 00:23:52,767 --> 00:24:03,034 free software. Unfortunately the tools for synthesizing the FPGA, those are not free. We lack free software tools 252 00:24:03,034 --> 00:24:08,900 for those things, as well. And we really, really, really need free software tools for all of these things, 253 00:24:08,900 --> 00:24:16,721 and we need free hardware platforms to build on top of. Without that, it's very difficult for us to secure our systems. 254 00:24:16,721 --> 00:24:21,801 I think that it's critical to do that. And there are some people that are doing that. 255 00:24:21,801 --> 00:24:27,064 So lekernel, the guy who's working on the Milkymist, and some of these other free hardware devices, 256 00:24:27,064 --> 00:24:32,600 I think he really needs support, and I think it would be great, because his devices are the kinds of devices 257 00:24:32,600 --> 00:24:37,135 where you can do forensics on it, but you can also prevent adversarial forensics. 258 00:24:37,135 --> 00:24:42,400 That is, you can program your device to self-destruct, but you can also check to see if someone has changed 259 00:24:42,400 --> 00:24:49,201 the bootloader, if someone has changed the VHDL output, you can actually verify these things. 260 00:24:49,201 --> 00:24:55,133 Novena is much the same. I've been working on making Debian GNU/Linux run really well on it. 261 00:24:55,133 --> 00:25:05,166 I actually have a Novena here in front of me, with the little helpful Intel sticker, but that's just as a joke, 262 00:25:05,166 --> 00:25:11,485 because there's no intel inside with free hardware and free software, if we do our jobs correctly. 263 00:25:11,485 --> 00:25:19,500 So, I'd like to think that this is a good start, but the only thing that makes this useful is, of course, the free software on top of it. 264 00:25:19,500 --> 00:25:25,931 So in this sense, I think that Debian GNU/Linux is very important. I think lots of things, like Trisquel, for example, 265 00:25:25,931 --> 00:25:31,565 are very important. And we need to work on making those systems usable. I think the GNOME project 266 00:25:31,565 --> 00:25:37,300 has done a very excellent job with that. There are a few things about it that drive me crazy, but mostly 267 00:25:37,300 --> 00:25:44,832 just because I've been using computers long enough to have bad habits, so I think that that's a sort of humbling experience. 268 00:25:44,832 --> 00:25:52,600 The Tails operating system, which is a derivative of Debian, is set up in such a way that you don't 269 00:25:52,600 --> 00:25:57,633 need to understand anything about anonymity, you don't need to understand anything about security and privacy. 270 00:25:57,633 --> 00:26:02,701 It comes with a chat client that has off-the-record messaging by default. Everything is configured 271 00:26:02,701 --> 00:26:11,133 to work over Tor by default. This is great. This helps us with this paradigm shift of privacy by policy to privacy by design. 272 00:26:11,133 --> 00:26:16,100 Now, there are a couple of problems that still exist. Even if you have Tails, even if you find it usable, 273 00:26:16,113 --> 00:26:21,500 which it isn't, in my opinion... It's much more usable than all of these things were before Tails, but it's 274 00:26:21,500 --> 00:26:28,565 a progression. If we take a step and we go further and further down the line, one of the things we'll note 275 00:26:28,565 --> 00:26:34,165 is that there isn't an easy wizard for setting up, for example, a chat account that just works. 276 00:26:34,165 --> 00:26:42,300 Where you can just easily send a message. Where it's not hard. As an example, I installed Jitsi on this laptop, 277 00:26:42,300 --> 00:26:47,963 and at the bottom of the screen you see "surveillance_target@jit.si". You can, of course, 278 00:26:47,963 --> 00:26:55,971 ask me questions via OTR if you want here, and if you'd like to, you'll note that it is, of course, 279 00:26:55,971 --> 00:27:03,880 using OTR, it is also using SSL/TLS... well, it's TLS 1.0, I think, to connect there. 280 00:27:03,880 --> 00:27:12,400 You'll note that it's essentially... it's like an email address. That is pretty good, and I think we may have 281 00:27:12,400 --> 00:27:17,280 to sit with that for a while, while we work on coming up with different naming systems. 282 00:27:17,280 --> 00:27:22,003 Zooko's triangle, if you haven't heard of it, I would recommend you look it up on the Wikipedia, 283 00:27:22,003 --> 00:27:27,400 it's definitely the case that we have some hard problems to try to tackle. 284 00:27:27,400 --> 00:27:35,000 Skype, for example, is really easy for people to use, and they do use it because they have probably purchased 285 00:27:35,000 --> 00:27:40,165 every webcam in the world, and then they've made it work with every piece of software and hardware 286 00:27:40,165 --> 00:27:46,301 combination that they could get their hands on. And they also solved the problem of making it as simple 287 00:27:46,301 --> 00:27:59,732 as adding, for example, one username and password, and then forever just keeping that identifier. 288 00:27:59,732 --> 00:28:06,264 And then you just have to simply say, "Hey, I'm Alice at, I'm Bob at" and it's really easy to use. 289 00:28:06,264 --> 00:28:12,500 For example, if Jitsi had a setup wizard, where it automatically generated your OTR keys and it 290 00:28:12,500 --> 00:28:17,367 automatically did everything that needed to be done and it added you to their server, but it also allowed 291 00:28:17,367 --> 00:28:23,263 you to configure a secondary server, that would be fantastic. It would mean that you could just download 292 00:28:23,263 --> 00:28:29,500 Jitsi and it would work. If it forced OTR, even better. Those kinds of things are really simple changes 293 00:28:29,500 --> 00:28:35,165 that really would make a world of difference. And since Jitsi works on other platforms other than pure 294 00:28:35,165 --> 00:28:39,800 free software platforms, it can even be used as a kind of gateway crypto system. 295 00:28:39,800 --> 00:28:45,700 So, I think that kind of stuff becomes very important, because once you have something like Tails 296 00:28:45,700 --> 00:28:50,001 and you have something like Jitsi and you put them together, you still have that last step. 297 00:28:50,001 --> 00:28:57,784 And that last step is a hard one. But we're really close. In looking through and understanding some of 298 00:28:57,784 --> 00:29:03,482 the things that I've been looking at and studying with regard to the technology, and I said this before, 299 00:29:03,482 --> 00:29:09,998 usability and security are absolutely critical. But I also mentioned before the active attackers. 300 00:29:09,998 --> 00:29:19,332 So one of the issues that we see is that these active attackers are actually pretty good, right? 301 00:29:19,332 --> 00:29:24,300 So if you have a longterm cryptographic key but you don't use it correctly, that is, you encrypt all your 302 00:29:24,300 --> 00:29:29,883 traffic in a non-forward secret way, you have a pretty serious problem, which is that these people will 303 00:29:29,883 --> 00:29:36,000 break into the computer and actually take the key so that they can decrypt traffic, or to impersonate you. 304 00:29:36,000 --> 00:29:40,364 So we do need to come up with some notions about, for example, ratcheting. 305 00:29:40,364 --> 00:29:45,965 So Tech Secure, which Moxie Marlinspike has been working on for many years now, it has this notion 306 00:29:45,965 --> 00:29:52,239 of forward secrecy as well as future secrecy. I think that we need to think about some of the stuff that he's 307 00:29:52,239 --> 00:30:00,000 been working on to make this kind of system usable. Adam Langley, who is probably, I would say, one of the 308 00:30:00,000 --> 00:30:06,032 great living cypherpunks right now, he has written a system called Pond. I've worked a little bit on the key 309 00:30:06,032 --> 00:30:11,113 agreement system PANDA, where we dynamically meet by using a shared secret. 310 00:30:11,113 --> 00:30:16,932 That kind of a system is really important. It changes the game from "you're totally surveilled, but maybe 311 00:30:16,932 --> 00:30:21,631 you have PGP email if you're lucky," or "you're totally surveilled, but maybe you have OTR if you've had 312 00:30:21,631 --> 00:30:32,032 a proper chat client for it." And basically it switches it, so everything goes over Tor, everything goes to a server, 313 00:30:32,032 --> 00:30:39,965 that server only sees a delayed set of messages. That kind of system is really a significantly different way of 314 00:30:39,965 --> 00:30:45,120 doing communications, and it's not so different from email in some ways. But it's different in the ways that 315 00:30:45,120 --> 00:30:50,900 are really important. So that, however, is completely useless without a usable interface, 316 00:30:50,900 --> 00:30:57,573 without having it be deployed, without teaching people things. So as an example, when you teach 317 00:30:57,573 --> 00:31:02,132 a journalist something—one of the things that I've found is almost impossible to do is to teach journalists— 318 00:31:02,132 --> 00:31:07,333 but if you teach journalists something, you want to teach them one or two things that you absolutely 319 00:31:07,333 --> 00:31:12,500 impress on them that they must do. So for example, verifying an OTR fingerprint is one of the things 320 00:31:12,500 --> 00:31:16,765 that I impress on every journalist that I work with. And that's actually my litmus test. 321 00:31:16,765 --> 00:31:23,600 If they cannot use Tor and OTR and Jabber together, I don't work with them, because they can't maintain 322 00:31:23,600 --> 00:31:33,232 confidentiality, authenticity, any kind of integrity in a digital sense. And that, for me, is important. 323 00:31:33,232 --> 00:31:37,933 But it's also the case that I spend a lot of time teaching people how to build Tails disks, or building 324 00:31:37,933 --> 00:31:43,833 Tails disks for them, or getting a special laptop and then setting that up for them and then adding Tails to 325 00:31:43,833 --> 00:31:51,732 that system, or a Debian GNU/Linux setup. And it would be nice if it was as simple as "just use Trisquel." 326 00:31:51,732 --> 00:31:58,566 If it was as simple as "buy a laptop from this vendor and it's all free software enabled." 327 00:31:58,566 --> 00:32:02,231 Now there are some vendors that do it, and the problem of interdiction, which I mentioned before, 328 00:32:02,231 --> 00:32:07,100 where they steal mail and change things, that's a serious problem. So we really need to make sure 329 00:32:07,100 --> 00:32:14,373 that these things are available in regular stores where regular people go. That makes targeting, again, much harder. 330 00:32:14,373 --> 00:32:22,100 I have a couple of other things before I start to take questions, but I think that the real key stuff that 331 00:32:22,100 --> 00:32:28,400 we need to consider is that we need verifiability. So for example, reproducible builds, things like Gitian, 332 00:32:28,400 --> 00:32:34,400 which is what we're doing for the Tor browser, that's very critical because anytime you build software for 333 00:32:34,400 --> 00:32:40,432 anyone, you are a target. Especially if the person you build software for is themselves a target. 334 00:32:40,432 --> 00:32:48,065 So, for example, we can imagine that with this three- or two-hop-out idea of targeting, we know that it's possible 335 00:32:48,065 --> 00:32:53,200 for someone to target a sysadmin because the sysadmin is interesting, but it follows that if the 336 00:32:53,200 --> 00:32:57,833 sysadmin is really good, and a lot of people in the free software community are really good with securing 337 00:32:57,833 --> 00:33:03,000 their systems, those people will be targeted by targeting their operating system vendor. 338 00:33:03,000 --> 00:33:09,132 So, for example, we know that Debian has been compromised in the past. We have to make it so that 339 00:33:09,132 --> 00:33:15,200 compromising Debian is not only detected, but that it doesn't make sense to do that. 340 00:33:15,200 --> 00:33:22,265 So if, for example, you were to think about this from the Gitian perspective, if we have anonymized 341 00:33:22,265 --> 00:33:28,964 builders that are regularly building packages and reporting those results, it will allow us to see if 342 00:33:28,964 --> 00:33:35,032 someone has changed a package on the server, it'll allow us to tell if that piece of software has been tampered with. 343 00:33:35,032 --> 00:33:39,632 We need to have a kind of binary verification process which, at the moment, we don't really have a 344 00:33:39,632 --> 00:33:45,465 binary verification process. Some people use proprietary software like IDA Pro to reverse engineer 345 00:33:45,465 --> 00:33:52,400 this, some people try to disassemble or decompile the software to see if it matches what they thought, 346 00:33:52,400 --> 00:33:57,031 but that's usually a hand process. We need to automate some of those things, and we need to 347 00:33:57,031 --> 00:34:01,870 do it in a way where people are able to report back to the community anything that they see, basically in 348 00:34:01,870 --> 00:34:08,364 real time, that is problematic. So for the Tor browser, I actually have a machine that builds with Gitian, 349 00:34:08,364 --> 00:34:14,664 and if it ever builds a hash that doesn't match what I would expect, then it alerts me. 350 00:34:14,664 --> 00:34:20,000 And it alerts me in a way such that it just looks like any other person downloading the source code, 351 00:34:20,000 --> 00:34:26,830 so it's harder to target, and it is the case that it verifies signatures where I've verified the keys in person. 352 00:34:26,830 --> 00:34:33,032 So I think that's pretty good, I think it works relatively well, but that doesn't scale. 353 00:34:33,032 --> 00:34:40,064 And right now, it's a one-off. So we really, really need to consider this as a reality. 354 00:34:40,064 --> 00:34:47,365 We need that also for devices. For example, if I buy a hardware device and the NSA adds something to it, 355 00:34:47,365 --> 00:34:54,333 what has happened? Right? Well, usually, they've won. That's a really serious problem. 356 00:34:54,333 --> 00:35:00,100 And it's not just the NSA, it's anybody who can steal mail, and especially at scale. Right? 357 00:35:00,100 --> 00:35:04,800 Computers go through customs. Free software might not always go through customs, but computers do. 358 00:35:04,800 --> 00:35:09,340 And that's where the state's advantage is often used against people in a way that they don't understand 359 00:35:09,340 --> 00:35:16,266 and certainly wouldn't consent to. And so we need to have a way, really, and this sounds kind of outlandish, 360 00:35:16,266 --> 00:35:20,132 but let's go for outlandish. We need a way to be able to X-ray our hardware and compare it with 361 00:35:20,132 --> 00:35:27,732 a known good state. And with no binary blobs, it becomes a little bit possible. A little more possible for 362 00:35:27,732 --> 00:35:32,365 us to make sure that the systems we're carrying around are not just bugs for an oppressor. 363 00:35:32,365 --> 00:35:39,436 They're not just systems to be used against us. Now, I know that that's a tall order, but the GNU project itself 364 00:35:39,436 --> 00:35:46,364 is a tall order. And so we need to move towards free systems: free hardware and free software systems for freedom. 365 00:35:46,364 --> 00:35:50,600 Because really, it would be very difficult to maintain freedom and liberty in the future, 366 00:35:50,600 --> 00:35:56,590 and even, I think, to keep our democracies in a world of mass surveillance. Especially if all of our devices 367 00:35:56,590 --> 00:36:01,500 are the thing that is oppressing us, or that are acting as an oppressor. 368 00:36:01,500 --> 00:36:05,533 In the past it was the case that you had a neighbor, and the neighbor maybe received some benefits. 369 00:36:05,533 --> 00:36:10,533 Now the changes are different. Now people report on each other as a matter of, you know, fun. 370 00:36:10,533 --> 00:36:15,800 For society. With Facebook, for example. Well, what happens when the Philip K. Dick nightmare is not 371 00:36:15,800 --> 00:36:22,632 just worrying about every person spying on you, but what if it becomes every thing that's spying on you? 372 00:36:22,632 --> 00:36:27,164 Part of the way that I deal with this is I literally remove the physical microphones from my computers, 373 00:36:27,164 --> 00:36:33,364 because I know that it is almost impossible to secure machines such that a really powerful, well-funded 374 00:36:33,364 --> 00:36:39,364 adversary could enable them again. So that is not really something that scales. 375 00:36:39,364 --> 00:36:43,900 But we can think about it when we build free software laptops, we should make sure that there is an LED 376 00:36:43,900 --> 00:36:49,500 that if the microphone is powered up, the LED is on. Just the same way with a camera, but not as badly-designed 377 00:36:49,500 --> 00:37:00,000 as most cameras. I guess probably now, we should probably take some questions, given the timing. 378 00:37:00,000 --> 00:37:09,133 Is there anybody that wants to ask a question? If so, we're in #libreplanet on OFTC, because OFTC allows 379 00:37:09,133 --> 00:37:12,533 me to use Tor to connect to their IRC network, which I'm very thankful for. 380 00:37:12,533 --> 00:37:17,466 I would be happy to take some questions, and I know that some of you have contacted me on Jabber. 381 00:37:17,466 --> 00:37:26,733 So you can of course, you can of course ask me questions. The first question says, "What is, in your opinion, 382 00:37:26,733 --> 00:37:33,766 the most important technology for journalists to learn?" You know, it depends on what kind of journalist. 383 00:37:33,766 --> 00:37:39,564 I tend to think that the key technology for people to understand is not a specific technology, 384 00:37:39,564 --> 00:37:47,335 but rather the philosophy of free software. I mean, Richard Stallman, who is one of the most brilliant people to have ever lived, 385 00:37:47,335 --> 00:37:53,500 really hit the nail on the head when he talks about free software not as a matter of cost but as a matter of freedom. 386 00:37:53,500 --> 00:38:00,033 And I think that when people understand that power dynamic, when they understand the tradeoffs they're really making, 387 00:38:00,033 --> 00:38:05,132 they'll change the pieces of software that they use. And hopefully, by the time they make that choice, 388 00:38:05,132 --> 00:38:12,000 that software will be usable, so that when you use Jitsi, for example, it does not allow non-OTR conversations. 389 00:38:12,000 --> 00:38:18,566 Or when you make a video call, it doesn't allow the user, basically, to make an unencrypted stream 390 00:38:18,566 --> 00:38:22,900 without jumping through hoops. By default it is secure. By default is privacy by design. 391 00:38:22,900 --> 00:38:29,600 And so, if people are going to learn one specific tool, I feel like we're sort of failing. 392 00:38:29,600 --> 00:38:37,232 I think, as Schneier is often quoted as saying, privacy and security is a process, not a product. 393 00:38:37,232 --> 00:38:43,600 Maybe he only said that about security, but let's modify it a little bit. Right? Liberty is also a process, 394 00:38:43,600 --> 00:38:50,201 it's not a product. So journalists need to learn about the world around them, but that's for every person as well. 395 00:38:50,201 --> 00:38:54,433 And so when we want every person to have this, we need to make sure that the devices and the software that we use 396 00:38:54,533 --> 00:39:00,664 actually enable that by default. The next question is, "How useful is a SHA-256 sum 397 00:39:00,664 --> 00:39:10,870 for checking software binary zip integrity checking?" My feeling is that hash functions are not going to be the weakest point. 398 00:39:10,870 --> 00:39:19,766 But if you would like, you can take the approach that Debian takes. When you upload a package, it has MD5, SHA-1, and SHA-256, 399 00:39:19,766 --> 00:39:26,500 and then you do a GnuPG signature over that. Now I use, because of the fact that I'm certain there are 400 00:39:26,500 --> 00:39:34,766 people that are trying to attack my systems, I use this, which is unfortunately not completely free. But it is a GnuPG smart card. 401 00:39:34,766 --> 00:39:42,266 And that GnuPG smart card, I also don't leave it plugged into my system very often, and I usually use it on an offline machine 402 00:39:42,266 --> 00:39:46,400 so someone has to break into my house to be able to even begin to mount an attack on the smart card. 403 00:39:46,400 --> 00:39:53,764 But that, I think, is really the way to go about it. It's not just about hashing, it's also about ensuring that you compose 404 00:39:53,764 --> 00:39:58,800 those hashes into a system that makes some kind of sense. But again, in this case with Debian, 405 00:39:58,800 --> 00:40:04,365 when you hash the files and you upload them, the binaries I built on my system are the ones that Debian gives out to users. 406 00:40:04,365 --> 00:40:10,565 Is that really what we want? I think that's a bad idea. What if my system has been compromised, right? 407 00:40:10,565 --> 00:40:16,800 We don't want that binary going out. And there's some work on changing that. But if we think about it just in terms of hash functions, 408 00:40:16,800 --> 00:40:22,400 I think we'll rarely find the hash function is the issue. Obviously there are some things, like MD5, that are just hopelessly broken, 409 00:40:22,400 --> 00:40:29,346 so we should be moving towards things that are not hopelessly broken, but it's difficult, because a lot of our standardization agencies, 410 00:40:29,346 --> 00:40:37,732 they're not very good at their job, in my opinion. Right? When NIST collaborates with the NSA willingly or unwillingly, 411 00:40:37,732 --> 00:40:44,700 wittingly or unwittingly, I think we have a problem. So we should look for diversity in this, and not just choose one thing, 412 00:40:44,700 --> 00:40:48,866 but choose a few things that make it significantly harder for someone to attack any single thing. 413 00:40:48,866 --> 00:40:56,800 And as far as average users being able to verify software, I think this is a really tough problem. 414 00:40:56,800 --> 00:41:04,141 Basically, the real issue is a bootstrapping problem. We need to make sure that operating systems have some notion 415 00:41:04,141 --> 00:41:10,800 about actual integrity of packages. And that's a really difficult problem to solve because many people start with a 416 00:41:10,800 --> 00:41:17,732 proprietary software platform, like Microsoft Windows or Mac OSX, and those platforms, they do not respect peoples' liberty. 417 00:41:17,732 --> 00:41:22,631 And naturally, they don't want to help you to move to a new platform that respects your liberty. 418 00:41:22,631 --> 00:41:31,232 So, in a free software world though, we should be able to have packages that do have verifiability in the operating system, 419 00:41:31,232 --> 00:41:36,533 as well as in the packages. That is, that are signed, that are hashed properly, that have some notion of the web of trust, 420 00:41:36,533 --> 00:41:43,400 or something that replaces it, plus a user interface that makes sense. And that's a really difficult one. 421 00:41:43,400 --> 00:41:51,454 Snowden calls it the "Greenwald test". And I think that that's a good test, actually. As someone who actually 422 00:41:51,454 --> 00:41:58,200 asked Glenn to use a bash shell on Tails and showed him how to use a bunch of command line tools, 423 00:41:58,201 --> 00:42:06,801 allow me to elucidate how important that test is. Jesus Christ, that is a serious test. It's really, really, really hard to get 424 00:42:06,801 --> 00:42:13,200 Glenn to use those tools securely. But it shouldn't be. In fact, every time that a user can't figure something out, 425 00:42:13,200 --> 00:42:19,000 we should say to ourselves that we have failed. Not seriously, but we should say to ourselves that we have failed, 426 00:42:19,000 --> 00:42:22,000 and we should try to succeed where we have failed before. 427 00:42:22,000 --> 00:42:27,501 I have another question here: "What are the bare minimum fundamentals we should teach the general public 428 00:42:27,501 --> 00:42:35,133 when advocating privacy?" Well, I tend to think that the bare fundamental is that we're not talking about privacy, actually. 429 00:42:35,133 --> 00:42:39,538 We're talking about autonomy, we're talking about dignity, and we're talking about our liberty. 430 00:42:39,538 --> 00:42:45,933 Privacy is merely one of the manifestations of this. So, for example, when people say that they don't have anything to hide, 431 00:42:45,933 --> 00:42:53,333 it's not about hiding things. It's about having a private sphere in which to think about things before you reveal what you have decided. 432 00:42:53,333 --> 00:42:58,666 Where you don't have to reveal the process by which you make a decision. But also, where you get to choose. 433 00:42:58,666 --> 00:43:04,400 It's not that, for example, I have nothing to hide underneath this great Cyberpeace t-shirt, 434 00:43:04,400 --> 00:43:10,065 but it should be me that actually chooses if I should take it off. And so, for example, right now since I understand 435 00:43:10,065 --> 00:43:15,511 there are sixty people watching this webstream, I'm going to keep it on. And that is, when we talk about privacy, 436 00:43:15,511 --> 00:43:23,100 in a sense when we say that privacy is dead, what we're hearing is our modern generation saying that liberty is dead. 437 00:43:23,100 --> 00:43:28,100 And I don't like that. So I refuse to say that privacy is dead when people really mean liberty. 438 00:43:28,100 --> 00:43:32,764 And I think it is important that we reject that notion, and we should talk about how we should have a right to autonomy, 439 00:43:32,764 --> 00:43:39,600 we should have a right to express solidarity, we should have the ability to be able to, in the case of free software and free hardware, 440 00:43:39,600 --> 00:43:46,233 have devices that actually empower us and that we understand how they work. And we should be able to be secure, end-to-end secure. 441 00:43:46,233 --> 00:43:57,500 So, I've got a couple other ones. Oh, wow, joeyh! One of my favorite Debian developers of all time, that's incredible. 442 00:43:57,500 --> 00:44:01,933 I feel honored that you're asking me a question. "Should Debian work towards integrating Tor more?" 443 00:44:01,933 --> 00:44:09,732 Yes. So I'm a new Debian developer, it took me ten years, because I'm slow at becoming a Debian developer. 444 00:44:09,732 --> 00:44:18,332 But I'm error@debian.org, and I'm super happy to help anybody to be able to integrate Tor and anonymity software 445 00:44:18,332 --> 00:44:26,264 by default into Debian. As an example, I have a transparent Tor network that I use to be able to ensure that I can 446 00:44:26,264 --> 00:44:31,864 install Debian on new machines without my Internet service provider being targeted by the NSA or other people. 447 00:44:31,864 --> 00:44:38,932 I also run a Tor mirror on the Tor hidden service, as well, and a Debian mirror on the Tor hidden service as well, 448 00:44:38,932 --> 00:44:44,300 so that I can install packages on these systems without having to worry about basically being attacked. 449 00:44:44,300 --> 00:44:51,332 Even if a Debian developer FTP Master's key is compromised. So that a targeted attack is significantly harder. 450 00:44:51,332 --> 00:44:57,600 As you can imagine, that's not very usable for regular people, and as you can also imagine, it probably doesn't work very well. 451 00:44:57,600 --> 00:45:05,265 So yeah, we should make it so that a Debian user can say, "help! I'm a target of surveillance, and I'd like to be 452 00:45:05,265 --> 00:45:09,495 able to use free software without being tampered with." And that would be great if we could make Debian, 453 00:45:09,535 --> 00:45:16,135 if we could make Debian more friendly to that. Because basically we, for a long time, have lived in a world of privilege, 454 00:45:16,234 --> 00:45:21,866 where we thought we were exempt from the power dynamics of the world. And I think one of the things we will learn, 455 00:45:21,866 --> 00:45:27,266 especially with Debian, is that that isn't the case. And the more international a team is, the more the legal authorities 456 00:45:27,266 --> 00:45:35,031 of intelligence agencies suggest that they are fair targets. So, that also extends to the users. So I'd love to make that happen. 457 00:45:35,031 --> 00:45:46,032 And, yeah, wow. It's incredible to be able to talk to you guys here. Probably the only group of people that really can make these changes, right? 458 00:45:46,032 --> 00:45:51,732 I mean, there are other free software people around the world other than the ones in this room, but it's really critical to understand the role 459 00:45:51,732 --> 00:45:55,135 that you guys play. And that all of us play, together. 460 00:45:55,135 --> 00:46:13,832 I have a couple of other questions here. Helican asks, "Do you think the time is right for a free hardware FreedomBox 461 00:46:13,832 --> 00:46:22,032 with Tor built in, and do you have any news on the FreedomBox front?" Well, I was very depressed about some of the discussions 462 00:46:22,032 --> 00:46:31,300 around FreedomBox for a while, where I felt like people were taking anonymity as a sort of, like a luxury good. 463 00:46:31,300 --> 00:46:37,100 And they felt like we didn't need Tor, or something like that. Now, obviously, I work on Tor and I'm paid to work on Tor, 464 00:46:37,100 --> 00:46:43,401 so I feel like it's a conflict of interest for me to say this, but yeah, I think we of course need to do that. 465 00:46:43,401 --> 00:46:49,213 At the same time, the reason that I work on Tor is because I really believe it. I think Tor has probably saved my life a couple of times 466 00:46:49,243 --> 00:46:55,765 every month for the last several years, from military dictatorships to other places where I've traveled. 467 00:46:55,800 --> 00:47:02,432 So I think it's critical to make that possible. So as an example, this device I held up here, this Novena board, 468 00:47:02,432 --> 00:47:15,032 well, as you can tell, the basic idea is to have a device that is free hardware and free software that, you know, gives you 469 00:47:15,032 --> 00:47:21,266 exactly what you've just asked for. And that's in fact what I have. That device, when I plug it in, it sets up a wireless network 470 00:47:21,266 --> 00:47:30,865 that transparently routes people through Tor, and it also sets up a Tor relay so that it will relay traffic for the rest of the network. 471 00:47:30,865 --> 00:47:38,032 And it's entirely powered by free software with no proprietary software at all. I think that that is, yeah, 472 00:47:38,032 --> 00:47:42,134 I think that's a good thing to do, and that's what I've been spending my time doing lately. If you want to help with that, it would be great. 473 00:47:42,134 --> 00:47:47,300 And if we can get the FreedomBox to adopt the Novena board, I think that that is great. I think we should try to raise 474 00:47:47,300 --> 00:47:55,300 a million dollars for Bunnie so that we have a free hardware solution, or open hardware solution, that actually is usable, 475 00:47:55,300 --> 00:48:00,266 that's fast, that doesn't support a company that doesn't care about our liberty, but instead supports a developer 476 00:48:00,266 --> 00:48:03,500 who really does care about our liberty and about our freedom. 477 00:48:03,500 --> 00:48:11,900 The next question from Malapart is, "Is .onion today what SSL was in the mid-90s?" 478 00:48:11,900 --> 00:48:26,400 I really hope not for a whole bunch of reasons. So the next question... ah. So someone in the audience wants me to elucidate 479 00:48:26,400 --> 00:48:32,633 on the link between anarchism and free software ideology and goals. I think that it's important 480 00:48:32,633 --> 00:48:39,278 to not focus too much on that, in particular because I think that sometimes talking about anarchist philosophy alienates people, 481 00:48:39,278 --> 00:48:45,532 because they think that anarchism is the same as complete chaos, or synonymous with violence. 482 00:48:45,532 --> 00:48:50,700 And so I'd like to sidestep that and say if you apt-get install anarchism, literally, that's the Debian package, 483 00:48:50,700 --> 00:48:56,332 you can read about the philosophical texts of anarchism. But the basic idea of anarchism is about mutual aid, 484 00:48:56,332 --> 00:49:02,533 it's about solidarity, it's about respect for human rights, it's about the same things that the free software movement are about. 485 00:49:02,533 --> 00:49:08,368 But there's a lot of propaganda out there about the notion of democracy, in fact, in the form of anarchy. 486 00:49:08,368 --> 00:49:15,234 And that's unfortunate, actually. And I think we can change that. One of the ways that we can change that 487 00:49:15,234 --> 00:49:21,431 is to actually have propaganda of the deed. In this case, making free software and free software available 488 00:49:21,431 --> 00:49:25,601 to everyone means that people understand the fundamental tenets of anarchist philosophy 489 00:49:25,601 --> 00:49:29,265 in their everyday life, and they don't have to learn about the philosophy too much 490 00:49:29,265 --> 00:49:34,432 to be enabled by it. And if they want to, they can learn about it. I think that's a very powerful way 491 00:49:34,432 --> 00:49:38,832 to make that happen, because it's very easy, for example, to talk about it philosophically, 492 00:49:38,832 --> 00:49:44,540 but until you have a tangible thing, it's not really clear. That is, when we didn't have an anonymity network, 493 00:49:44,540 --> 00:49:49,733 and people said, "Well, do you really need anonymity?" you would make a different choice than 494 00:49:49,733 --> 00:49:54,866 if you have an anonymity network and it will be taken away from you if someone says "do you need anonymity?" 495 00:49:54,866 --> 00:50:00,370 and you say no. So when you say yes, and it's there, and it's tangible, it changes it. 496 00:50:00,370 --> 00:50:05,533 And the same is true for anarchist philosophy, and the same is true, I think, for free software and free hardware. 497 00:50:05,533 --> 00:50:10,165 And especially when these things work together, they actually help us to build autonomous communities, 498 00:50:10,165 --> 00:50:16,100 they help us to build secure systems across hostile networks. I think that that's very powerful, 499 00:50:16,100 --> 00:50:20,700 and I think that the way to get people to care about that is actually to show them that. 500 00:50:20,700 --> 00:50:25,673 People care a lot more about connecting now that it's easy to do. It wouldn't have been a relevant question 501 00:50:25,673 --> 00:50:29,967 thirty years ago in the way that it is a relevant question now. So the freedom to connect, 502 00:50:29,967 --> 00:50:33,600 the freedom of free hardware and free software, these tie fundamentally into anarchist goals. 503 00:50:33,600 --> 00:50:37,400 I'd really encourage people to look up the works of Emma Goldman, for example. 504 00:50:37,400 --> 00:50:42,763 I think she's one of the greatest feminists to have ever lived, though most people don't know who she is. 505 00:50:42,763 --> 00:50:49,600 And if you looked at the Wikipedia page, for a time there was no mention of her on "Important feminists of the twentieth century", 506 00:50:49,600 --> 00:50:55,933 I think is the page I was looking at. I think that is a bit of a shame, but I also think that that's, you know, 507 00:50:55,933 --> 00:51:01,064 an easy thing to reconcile with reality if people go and they look it up and they study about it. 508 00:51:01,064 --> 00:51:08,033 So hopefully people will install that Debian package and otherwise learn about that if they are interested in it, 509 00:51:08,033 --> 00:51:14,133 but really, I think, getting people to have the values that are embodied in that is just as important if not more important. 510 00:51:14,133 --> 00:51:20,101 The next question is "What about those countries that are completely blocking projects like Tor? 511 00:51:20,101 --> 00:51:27,065 What should we do to help people in those countries?" I tend to think not in terms of charity, 512 00:51:27,065 --> 00:51:32,447 or helping people, but rather in terms of solidarity. So, the Tor project, for example, 513 00:51:32,447 --> 00:51:38,600 is not having a war with China, right? China often does not respect its citizens' autonomy, 514 00:51:38,600 --> 00:51:42,832 and blocks its access to the Tor network. One thing that would be helpful would be to 515 00:51:42,832 --> 00:51:49,000 make it so that, by default, a lot of applications use Tor so that the so-called collateral damage, 516 00:51:49,000 --> 00:51:52,801 though I'm loathe to use that term, becomes higher and higher, becomes more difficult. 517 00:51:52,801 --> 00:51:58,600 And also, such that people start to use what are called pluggable transports, like the obfuscated proxy obfs3. 518 00:51:58,600 --> 00:52:04,900 The proxy actually, right now, is not blocked in China. It becomes a sort of cat and mouse game, 519 00:52:04,900 --> 00:52:11,032 but it may be the case that as we build more difficult-to-classify protocols, as applications understand 520 00:52:11,032 --> 00:52:14,700 that sometimes the Internet does not respect your autonomy and wants to tamper with it, 521 00:52:14,700 --> 00:52:21,733 that will be something that will change the dynamic about how that blocking and that arms race works. 522 00:52:21,733 --> 00:52:29,732 We have another project, ooni.torproject.org, that's the Open Observatory of Network Interference, 523 00:52:29,732 --> 00:52:35,500 or we used to call it Open Open Net. That is a free software tool that we've been working on 524 00:52:35,500 --> 00:52:39,964 for several years now, to be able to look at censorship and surveillance. You know, 525 00:52:39,964 --> 00:52:45,700 censorship is a second-order effect of surveillance, so this tool, while at the moment not the most usable tool, 526 00:52:45,700 --> 00:52:51,200 it actually allows you to diagnose, understand, and share the data. So one thing that can really make a big difference 527 00:52:51,200 --> 00:52:58,034 in these topics is to actually share the data. Right? Once we start to study and understand these things, 528 00:52:58,034 --> 00:53:03,100 especially the techniques of censorship and surveillance, it allows us to change not only how the networks work, 529 00:53:03,100 --> 00:53:08,300 but how societies work around those networks. So, I think studying that can be useful. 530 00:53:08,300 --> 00:53:12,533 If you want to be a Google Summer of Code, I know that's kind of ironic, but if you want to be a 531 00:53:12,533 --> 00:53:15,569 Google Summer of Code student to work on one of these projects with the Tor project, 532 00:53:15,569 --> 00:53:21,533 I think we still have another day to apply for that, though I'm not totally sure about that deadline. 533 00:53:21,533 --> 00:53:27,632 If you just want to come hack on free software with us at the Tor project, we have a bunch of projects that are like that. 534 00:53:27,632 --> 00:53:37,965 Some other questions. It looks like... Yes, the Novena router does not have AMT, that's right, 535 00:53:37,965 --> 00:53:43,862 so it does not have a built-in backdoor, which is, I think, nice. At least not one that we know about. 536 00:53:50,572 --> 00:53:57,997 Any other questions here? Ah, I see, there's like twenty. Alright. 537 00:54:01,027 --> 00:54:06,466 "Could you please elaborate on the idea or concept that it is required a critical mass of privacy-minded users 538 00:54:06,466 --> 00:54:12,371 to create enough obfuscation for making discovery schemes like Tor network node spying to be unlikely?" 539 00:54:12,371 --> 00:54:17,932 I don't think we're going to make it unlikely for spying to take place. What we need to do is change 540 00:54:17,932 --> 00:54:25,800 the economic balance, and that may allow us to move into a world where mass surveillance of our intentional communications 541 00:54:25,800 --> 00:54:33,500 are much too expensive to do for everyone. And this is important, because if you have a phone, 542 00:54:33,500 --> 00:54:41,333 and you make a phone call, people think of surveillance and conceptualize surveillance as surveilling your call, 543 00:54:41,333 --> 00:54:45,133 but there's all the unintentional data that you leave behind. All the towers you visit, and so on. 544 00:54:45,133 --> 00:54:52,464 That stuff is also, unfortunately, a huge target of mass surveillance. So even if everyone's using 545 00:54:52,464 --> 00:54:56,500 something like RedPhone, we still have these little spy devices in our pockets. 546 00:54:56,500 --> 00:54:59,932 Even if it's free software enabled, the networks themselves are harmful to privacy. 547 00:54:59,932 --> 00:55:05,364 That said, we do need a lot of people using this stuff, because the more people that are using it, 548 00:55:05,364 --> 00:55:10,732 the more likely it is that it will stick around. If it's just people like Edward Snowden, Julian Assange, 549 00:55:10,732 --> 00:55:15,432 Glenn Greenwald, Laura Poitras, or myself using it, yeah, I mean, that's a problem. 550 00:55:15,432 --> 00:55:21,665 Not only do we stick out on the network, we have, well, basically it makes it much easier to target, 551 00:55:21,665 --> 00:55:28,633 and it also makes it possible for people to try to ban that technology, whether that's by DPI or by legal methods. 552 00:55:28,633 --> 00:55:39,265 That is a really serious problem. Okay, I think that we should wrap up here soon, it sounds like. 553 00:55:39,265 --> 00:55:48,532 If there are any other questions, I will take them, but otherwise I think I'm going to end the stream. 554 00:55:48,532 --> 00:55:55,236 If you'd like to hack on free software with us, and anonymity-related stuff, I'd be happy to talk with you. 555 00:55:55,236 --> 00:56:01,864 I will never use this Jabber address again, so that your social graph is not tainted by mine. 556 00:56:01,864 --> 00:56:07,664 If anybody wants to send me an email, you can send a mail to jacob@torproject.org, 557 00:56:07,664 --> 00:56:14,732 or if you'd like to, for example, chat with me on IRC, I'm ioerror in #libreplanet for now. 558 00:56:14,732 --> 00:56:20,333 Thank you so much for the honor and privilege of speaking with you, I'm really sorry that I cannot 559 00:56:20,333 --> 00:56:24,300 set foot in my own country right now, to be able to speak with you in person. But thanks to 560 00:56:24,300 --> 00:56:29,900 free software, I am able to speak with you. So, thank you so much for making that possible, 561 00:56:29,900 --> 00:56:33,714 especially to all of the free software developers in the room that actually made that possible. 562 00:56:33,714 --> 00:56:40,332 Thank you, very much for your time, and I hope to meet some of you again, someday, in real life. 563 00:56:40,332 --> 00:56:42,652 And remember: if not, it was murder.