WEBVTT

00:00:00.593 --> 00:00:07.507
It's really awkward to talk directly into a camera. I spend most of my life trying to avoid surveillance, so...

00:00:07.507 --> 00:00:12.292
I'm sorry to say I can't be with you in person, so we'll have to do with this video feed.

00:00:12.292 --> 00:00:17.590
Basically, I guess if John has given a good intro, and I suspect that he has,

00:00:17.609 --> 00:00:21.314
then you understand that the situation is a little precarious for me,

00:00:21.314 --> 00:00:26.621
and returning to the U.S. at the moment for me due to my journalistic work with Der Speigel is a little difficult.

00:00:26.621 --> 00:00:29.422
So I split my life into two basic parts.

00:00:29.445 --> 00:00:35.845
One is that I work as a free software developer, and generally as a free software advocate, with the Tor project.

00:00:35.870 --> 00:00:40.584
It's also the case that I work with Der Spiegel, and also as a freelance journalist with several other

00:00:40.600 --> 00:00:45.035
publications, and lately I've spent my time doing research into the NSA's surveillance.

00:00:45.045 --> 00:00:49.825
I've interviewed Edward Snowden, and I've published basically a bunch of information.

00:00:49.836 --> 00:00:55.774
Stuff that previously we used to think was paranoid crazy-talk, and now we learned that the paranoid crazy-talkers

00:00:55.774 --> 00:01:03.980
were not paranoid enough. So I guess for me the goal of this conversation, if we could call it that

00:01:03.990 --> 00:01:10.690
when I'm just talking directly into a camera awkwardly, is that I wanted to say that the people that are writing free software

00:01:10.709 --> 00:01:16.379
are actually writing the future. It's a little awkward to say that, but it's true.

00:01:16.407 --> 00:01:21.352
As an example, I use a free software laptop. It's an X60

00:01:21.371 --> 00:01:26.903
and this laptop is, as far as I can tell, about as free as you can get a laptop.

00:01:26.934 --> 00:01:32.830
It has coreboot, it has Debian GNU/Linux, it is not using any binary blobs,

00:01:32.844 --> 00:01:38.049
it is, to the best of my ability, liberated from proprietary software.

00:01:38.063 --> 00:01:44.260
It's pretty good, but it's also many years old, and it's also the case that it's very difficult to

00:01:44.265 --> 00:01:48.873
do forensics on a machine like this to know if it has been compromised.

00:01:48.891 --> 00:01:52.361
It is the case, though, that I can do that at all because of free software.

00:01:52.409 --> 00:01:57.691
It's possible to begin to build something secure with free software, where I can verify

00:01:57.692 --> 00:02:03.213
and build things from source, where I can look at the source to see exactly what an attacker might try to do

00:02:03.268 --> 00:02:05.682
with the programs that are running on my computer.

00:02:05.703 --> 00:02:10.320
So the four freedoms here are incredibly important, especially for the work that I'm doing.

00:02:10.366 --> 00:02:14.910
Now, given the difficulty of setting up this webstream, I think it's clear that I've done a pretty good

00:02:14.910 --> 00:02:19.065
job of making sure there's no microphones. I removed the microphone from this laptop for example,

00:02:19.072 --> 00:02:23.637
until I plugged another one in. I've done a pretty good job of that. But it turns out that

00:02:23.710 --> 00:02:28.771
this is actually really hard for people who have never programmed in C,

00:02:28.792 --> 00:02:33.102
or for people that do not really understand how to program their home computer

00:02:33.179 --> 00:02:39.980
and beam themselves into the future. So, part of what I wanted to do was to inspire some people today to think about

00:02:39.980 --> 00:02:46.780
what they can do to make this problem of mass surveillance, for example, something that

00:02:46.798 --> 00:02:50.939
is different. That is, something where there isn't so much hopelessness.

00:02:50.939 --> 00:03:02.265
It's a little strange, because I feel like, for many years, the free software community is the only one that has really cared about privacy.

00:03:02.281 --> 00:03:08.575
The free software community builds decentralized or federated solutions and works really on

00:03:08.575 --> 00:03:14.004
solving problems of the four freedoms, but how those four freedoms touch the rest of our lives.

00:03:14.004 --> 00:03:21.390
And so, when I think about what's possible, I think the main problem right now is usability.

00:03:21.390 --> 00:03:27.737
So, in this regard, to set up this stream, which is broadcasting over Tor, or if you connect to the Tor hidden service

00:03:27.753 --> 00:03:34.040
which I've also set up, you can watch this video directly, without knowing my location.

00:03:34.040 --> 00:03:42.296
That was so difficult to set up that it took me the better part of the day to actually accomplish that.

00:03:42.346 --> 00:03:47.056
It's not that GStreamer is a bad piece of software, it's just that it's extremely complicated.

00:03:47.065 --> 00:03:54.001
A simple user interface, for example, would have made a world of difference, such that people who are using other

00:03:54.009 --> 00:03:58.841
video streaming solutions, such as proprietary solutions like the NSA PRISM partner Skype,

00:03:58.879 --> 00:04:03.630
those people might choose something else. If this was integrated into Debian GNU/Linux,

00:04:03.635 --> 00:04:10.469
and all you needed to do was download Tails or to install Debian, then it would be the case that you could very easily

00:04:10.504 --> 00:04:15.606
convince people to do it securely, in a decentralized fashion. That's something that at the moment,

00:04:15.634 --> 00:04:22.704
I think, is very far away. If it takes me the better part of the day, that means that it will take Glenn Greenwald an infinite amount of time.

00:04:22.704 --> 00:04:29.242
It will probably never happen, actually, with all due respect to Glenn. When the software is so complicated, it turns out

00:04:29.262 --> 00:04:34.642
that he'll choose something that's less complicated. And so usability is a fundamentally important way

00:04:34.722 --> 00:04:39.767
that we can ensure that users will basically care about the four freedoms, because once everything

00:04:39.767 --> 00:04:44.231
they do is working well in free software, why would they choose proprietary software?

00:04:44.269 --> 00:04:50.840
Usually it is the case that they won't. In fact, there are many people who are Tails users, but they have to switch to

00:04:50.909 --> 00:04:54.942
proprietary systems, they feel, for the usability of something like Skype.

00:04:54.965 --> 00:05:00.687
So, I mean, why? What's going on that all of these things are necessary?

00:05:00.687 --> 00:05:04.119
I suppose you've all heard the bad news.

00:05:04.133 --> 00:05:10.223
And the bad news is that the Internet is under, essentially, total surveillance.

00:05:10.244 --> 00:05:15.136
And what I mean by that is not, let's say, the traditional version of surveillance,

00:05:15.144 --> 00:05:19.431
where you have a person, and the person is inspecting things, it's looking at things, it's taking notes.

00:05:19.462 --> 00:05:25.772
Rather, the mass surveillance that is happening now is in the form of deep packet inspection.

00:05:25.817 --> 00:05:31.372
Now, all around the world, there exists a series of systems that are run by the National Security Agency,

00:05:31.372 --> 00:05:38.273
GCHQ, CSE, DSD, and other agencies. Those are just the ones we could call "friendly" agencies,

00:05:38.278 --> 00:05:43.184
if you can call mass surveillance friendly, but you could say it's a kind of social concern, so let's say

00:05:43.184 --> 00:05:48.758
that they're friendly. Then there's the rest of the world, and what's happening with those systems.

00:05:48.758 --> 00:05:52.883
We don't know a lot about the rest of the world's systems, but thanks to the courage of Edward Snowden,

00:05:52.883 --> 00:05:56.418
we do, for example, understand a great deal about the NSA's surveillance.

00:05:56.418 --> 00:06:00.014
And one of the things that we understand is that it violates the Fourth Amendment.

00:06:00.016 --> 00:06:05.346
At least on its face it seems clear that it is an unreasonable search and a seizure.

00:06:05.346 --> 00:06:11.018
That is, it takes data from the Internet, sometimes through fiber optic splitters, things like Glimmerglass-related devices,

00:06:11.018 --> 00:06:16.952
where they copy information from fiber optic lines onto another line. It then inspects the data,

00:06:16.952 --> 00:06:22.711
that is, it has seized the data and then it, I believe, unreasonably searches through the data.

00:06:22.711 --> 00:06:29.702
It does this looking for selectors. So, for example, if you happen to be Chancellor Merkel, that is the German Chancellor,

00:06:29.702 --> 00:06:36.091
you would have had your phone number as one of those selectors, and anytime any flow of traffic passed by one of these

00:06:36.091 --> 00:06:44.311
sensors—that is the turbine, turmoil, turbulence architecture of sensors—your data would be selected,

00:06:44.311 --> 00:06:50.572
and that selection would ensure that your data flows that are associated with that would be recorded forever.

00:06:50.572 --> 00:06:54.983
So if you know about the Bluffdale, Utah complex, you'll know for example that

00:06:54.983 --> 00:07:00.560
the NSA is building very large computation centers, not just for attacking cryptographic systems,

00:07:00.560 --> 00:07:06.833
but also for recording data that they cannot currently attack, in hopes that when that encrypted data

00:07:06.833 --> 00:07:12.934
is interesting to them, or when they have a cryptographic breakthrough, they'll be able to do something

00:07:12.939 --> 00:07:17.195
with data that previously was just noise to them. So this tells us a couple things.

00:07:17.195 --> 00:07:20.947
One of the things that it tells us is that we are in a lot of trouble.

00:07:20.947 --> 00:07:26.640
There are proprietary software solutions which, according to some of the documents leaked by Edward Snowden

00:07:26.640 --> 00:07:30.532
and published by Glenn Greenwald, there are proprietary software companies that are

00:07:30.560 --> 00:07:36.132
what are called SIGINT enabled. That is to say that they believe that when they sell you a security product

00:07:36.132 --> 00:07:40.324
that it's somehow not false advertising to have willingly broken the system.

00:07:40.324 --> 00:07:46.722
So that's a really serious problem. It tells us, for example, that proprietary software definitely has backdoors.

00:07:46.746 --> 00:07:51.932
Unfortunately Glenn did not release the name of that company, or the companies that are involved,

00:07:51.956 --> 00:07:58.432
but it should be extremely obvious that, if you were to guess, you probably wouldn't guess incorrectly.

00:07:58.442 --> 00:08:03.070
And if you were to guess, you would probably understand that it's not a free software product.

00:08:03.076 --> 00:08:09.215
That is, if you look at free software, you can find the problems. If someone were to add a backdoor,

00:08:09.215 --> 00:08:14.675
while it might not always be obvious if they're very sneaky about it, it is significantly more difficult

00:08:14.675 --> 00:08:20.900
to add a backdoor to a free software project than it is to add one to a proprietary hardware or software device.

00:08:20.900 --> 00:08:28.230
So, when we start to see that our security solutions are actually not security solutions overall,

00:08:28.230 --> 00:08:34.174
one of the things we'll notice is that it's not just the NSA or GCHQ that will be exploiting these systems.

00:08:34.174 --> 00:08:41.160
It's actually lots of different people. So for example, now that you guys know about the Dual EC DRBG backdoor,

00:08:41.160 --> 00:08:46.000
there is a very good chance that someone in the audience is working on attacking it and breaking it.

00:08:46.003 --> 00:08:53.732
And if you happen to have, for example, copies of traffic that were encrypted with that, as the seed for

00:08:53.762 --> 00:08:57.064
the random number generator, you may be able to exploit it.

00:08:57.070 --> 00:09:02.454
So this is ultimately a kind of security by obscurity, in hopes that by adding this backdoor, only the good guys,

00:09:02.454 --> 00:09:08.440
allegedly, they will be the only ones to break it. In reality, it doesn't work that way.

00:09:08.440 --> 00:09:12.990
So we have a sort of tension here between signals intelligence and communication security.

00:09:12.990 --> 00:09:17.580
On the one hand, we have signals intelligence collecting as much data as we can

00:09:17.580 --> 00:09:21.865
from those aforementioned deep packet inspection systems. And on the other side, we have

00:09:21.865 --> 00:09:27.894
communications security tools which allegedly are protecting us, but it turns out some of them are SIGINT-enabled.

00:09:27.894 --> 00:09:34.540
So what is there to be done about this? It seems quite clear to me that free software and free hardware,

00:09:34.540 --> 00:09:40.679
that is free and open hardware, where things are freely specified, where it's possible for you to fab your own hardware

00:09:40.679 --> 00:09:45.102
in a factory of your choosing, in a country of your choosing, with parts of your choosing,

00:09:45.102 --> 00:09:49.624
where you can verify them, that is clearly the right direction to go.

00:09:49.624 --> 00:09:55.151
Because it is not just, let's say, again, so-called legitimate authorities that are doing this.

00:09:55.151 --> 00:10:02.000
It's probably a lot of other people as well. We just happen to know there is absolutely, for certain, one set of people

00:10:02.000 --> 00:10:08.264
that are doing it. And so free software in particular has given, I would say, some leverage.

00:10:08.264 --> 00:10:13.510
That is, it has allowed regular people to be able to communicate securely in a time of

00:10:13.510 --> 00:10:19.900
complete and total mass surveillance. So, for example, things that work: cryptography does

00:10:19.900 --> 00:10:24.765
actually work. If it is not signals intelligence-enabled, that is SIGINT-enabled,

00:10:24.765 --> 00:10:33.432
it is the case that the mathematics behind DSA, RSA, Diffie–Hellman, those seem to not be broken when you

00:10:33.432 --> 00:10:38.231
use appropriate key sizes. That's very good news, because in an age of mass surveillance,

00:10:38.231 --> 00:10:46.971
the only thing that stops the surveillance is making the surveillance worthwhile. That is, if it's extremely

00:10:46.971 --> 00:10:54.033
valuable for everyone to spy, they will spy. If it's a lot of noise, if the searching for selectors doesn't work,

00:10:54.033 --> 00:11:01.764
it changes the game significantly. At the moment, not every single byte of data is recorded forever.

00:11:01.764 --> 00:11:07.633
There is clearly some attempts to do that, and that is something that we need to cope with.

00:11:07.633 --> 00:11:12.366
From a cryptographic perspective, we need to think about it, I think, on the hundred-year crypto timeline.

00:11:12.366 --> 00:11:16.232
This is something that Zooko has been working on and I think is a really good idea.

00:11:16.307 --> 00:11:23.732
But we have to imagine that all of the things we do are being recorded for all time, and with that, we need to react appropriately.

00:11:23.732 --> 00:11:29.501
So if you, for example, work on a free software chat client, it should have off-the-record messaging built into it.

00:11:29.501 --> 00:11:34.931
If, for example, you build a web browser, it should be compatible with the Tor network. It should not be

00:11:34.931 --> 00:11:41.100
compatible, for example, with the proprietary Flash player first. Unfortunately, on balance, what we see

00:11:41.100 --> 00:11:46.600
is that people are often more concerned with making things work with Flash than with allegedly

00:11:46.600 --> 00:11:53.133
paranoic tools like the Tor project and all of its software, like the Tor network. This, I think, is

00:11:53.133 --> 00:11:58.332
kind of sad, but I think that we can turn this around and change it, and we need to look at the crypto

00:11:58.332 --> 00:12:03.900
that we actually use. So, for example, for a Jabber server, it should be using forward secret crypto.

00:12:03.900 --> 00:12:09.300
So, if you have TLS, it should be used in a forward secret mode. Because it isn't just passive surveillance,

00:12:09.300 --> 00:12:15.463
though that is a very core and serious thing, it's also active surveillance. The turbulence architecture that

00:12:15.463 --> 00:12:21.500
I mentioned, I detailed a little bit in my reporting at the 30C3 and also in Der Spiegel at the end of last year.

00:12:21.500 --> 00:12:27.000
And what we see is those selectors that I mentioned before, let's say your phone number or your email

00:12:27.000 --> 00:12:31.095
address... I wish I could see the audience because I'd ask you to raise your hand, and say "how many

00:12:31.095 --> 00:12:37.732
of you are sysadmins?" Obviously some of you are, someone raised their hand. So the NSA is probably

00:12:37.732 --> 00:12:41.634
targetting you, if you're a system administrator for any system that is interesting.

00:12:41.634 --> 00:12:48.887
And it is the case that if you were to have some credentials for an interesting network, and you are

00:12:48.887 --> 00:12:55.037
being targeted, one of the ways that you will be targeted is that you will be targeted by an analyst who looks

00:12:55.037 --> 00:12:59.900
for selectors. They look for your federated logins, they look for your centralized logins, they look for

00:12:59.900 --> 00:13:06.133
all kinds of information, and it is the case that they program this, essentially, into a targeting system.

00:13:06.133 --> 00:13:10.133
And that targeting system will automatically attack you. It will do man-in-the-middle attacks,

00:13:10.133 --> 00:13:15.132
it will do man-on-the-side attacks. It appears that they have certificate authority resources so that

00:13:15.132 --> 00:13:19.332
they can do man-in-the-middle attacks on SSL, which tells us that we really need to work on things like

00:13:19.332 --> 00:13:27.600
TACK and SSL cert pinning, that's very important. If, for example, we notice though, crypto changes

00:13:27.600 --> 00:13:32.733
the way the selector-based surveillance can even function. If, for example, you note that all of my traffic

00:13:32.733 --> 00:13:37.970
right now is going through the Tor network, and in many cases people, three people at the moment, are connected

00:13:37.970 --> 00:13:43.900
to the Tor hidden service for this video feed, there is no possibility for selector-based injection.

00:13:43.900 --> 00:13:50.000
That is, it's just TLS traffic, the network distinguisher is pretty close to normalized across

00:13:50.000 --> 00:13:55.097
all Debian Tor users that are doing what I'm doing, which I admit, there's probably five of us in the world,

00:13:55.097 --> 00:14:02.401
but, you know, that changes the fundamental trade-off. That is, doing the selector-based surveillance

00:14:02.401 --> 00:14:08.200
will have less of a return than it previously did, or will require more targeting. And this is where anonymity comes into play.

00:14:08.200 --> 00:14:13.264
If you have anonymity, it becomes significantly more difficult for someone to target you.

00:14:13.264 --> 00:14:18.832
It's not impossible, of course, but it's... Well okay, maybe it's more than five people.

00:14:18.832 --> 00:14:23.966
I've got a little lag here from the IRC channel, but apparently there are a few Debian users that route

00:14:23.966 --> 00:14:34.665
their traffic over Tor in the audience, I hope? But if we see the anonymity benefit there, there's of course

00:14:34.665 --> 00:14:42.265
a downside, you know? When you have these systems, they're laggy sometimes, they're not always really seamless to work together,

00:14:42.265 --> 00:14:48.666
it takes a lot of specialized knowledge, again. And this returns me sort of to the key point, which is about usability.

00:14:48.666 --> 00:14:54.201
So one of the things that I've seen when looking through documents for this research is that

00:14:54.201 --> 00:14:59.865
usability and security is the worst nightmare of a signals intelligence agency. So for example,

00:14:59.882 --> 00:15:07.931
Tech Secure and RedPhone, by Moxie Marlinspike, those pieces of software really make the life of

00:15:07.931 --> 00:15:14.500
someone doing these kinds of attacks hell. At the very least, it means that they have to take what was once a passive thing,

00:15:14.500 --> 00:15:20.433
where they could silently record data on everyone, and they can essentially now no longer do that.

00:15:20.433 --> 00:15:24.601
They have to either attack his systems, which they probably will at some point, if they haven't already,

00:15:24.601 --> 00:15:31.000
or they have to attack each end user's system. So this means that once we start to deploy this widely,

00:15:31.000 --> 00:15:38.532
for everyone, it changes the balance, where mass surveillance becomes less and less economically useful for these attackers.

00:15:38.532 --> 00:15:44.500
And that's important, because again, even if you think the NSA is sent from heaven, if you believe in heaven,

00:15:44.500 --> 00:15:49.864
you have to understand that they're not the only people out there, doing these kinds of things.

00:15:49.933 --> 00:15:55.813
So every time, for example, an American businessman or -woman goes traveling somewhere,

00:15:55.813 --> 00:16:02.600
that person is effectively targeted for signals intelligence collection. Now sometimes it's not always

00:16:02.600 --> 00:16:07.132
targeted in the literal selector sense, but they're using systems that are SIGINT-enabled.

00:16:07.132 --> 00:16:12.420
Now whether or not the phone companies know is an interesting discussion. Most of them do. Most of them

00:16:12.420 --> 00:16:19.726
go along willingly, but the key thing is that, on balance, when you travel abroad, you basically are

00:16:19.832 --> 00:16:23.501
subject to the whims of all the countries where you are traveling, obviously.

00:16:23.501 --> 00:16:27.644
Those whims may be significantly more harsh, they may have different economic interests,

00:16:27.644 --> 00:16:33.431
they almost certainly have different political and legal and economic interests than what you might like.

00:16:33.431 --> 00:16:39.833
If you're a free software developer, and you're not an American citizen, for example, you are a target, almost certainly.

00:16:39.833 --> 00:16:43.564
If you are a system administrator, you are a target, almost certainly.

00:16:43.564 --> 00:16:48.622
And it doesn't even matter if you're an American citizen, really, though there is a slight distinction about that.

00:16:48.622 --> 00:16:53.715
I think that in the near future, we'll learn that that distinction is largely bogus.

00:16:53.715 --> 00:17:00.034
Sorry for the bad news, but... I guess it's sort of important to tie these things together.

00:17:00.034 --> 00:17:06.233
So, free software and free hardware, they can potentially bring some solutions into play, but it's

00:17:06.233 --> 00:17:11.932
not exactly clear how we get there. So for example, if you're a system administrator, you probably have a SIM card in your phone.

00:17:11.932 --> 00:17:16.764
This SIM card is, without a doubt, a piece of proprietary software and proprietary hardware

00:17:16.764 --> 00:17:24.238
that then plugs into another piece of proprietary hardware, almost always, and that runs proprietary software.

00:17:24.238 --> 00:17:30.300
And those are actually described, some of those cell phone systems are actually described as master and slave systems,

00:17:30.300 --> 00:17:37.700
where the master CPU is in fact the proprietary one and it enslaves the free software CPU, which is often Android, which is not always

00:17:37.700 --> 00:17:42.233
free to begin with. But if we were to say that in an ideal world you had the most free cell phone,

00:17:42.233 --> 00:17:48.865
you'll probably still have a baseband, which is proprietary software, with a SIM card that is proprietary software and proprietary hardware.

00:17:48.865 --> 00:17:55.933
So as you're doing your job, even if you have all free software for your laptop, for example, you have this

00:17:55.933 --> 00:18:02.133
unfortunate conundrum where, to do the basic work that you need to do, you are completely surrounded

00:18:02.133 --> 00:18:07.332
by proprietary hardware and proprietary software. Now, the NSA has toolkits that they can deploy

00:18:07.332 --> 00:18:14.115
into those SIM cards, and into the basebands, not just as a matter of exploitation but actually in some cases by design.

00:18:14.115 --> 00:18:19.100
Some SIM cards, for example, allow you to add an app to the SIM card without even having

00:18:19.100 --> 00:18:25.000
a cryptographic key or even exploiting the device, just sending a well-formed message will actually do this.

00:18:25.000 --> 00:18:30.133
Carson Noll, without realizing it, rediscovered this and he showed this at the CCC.

00:18:30.133 --> 00:18:38.632
It's almost identical to things that we showed in the Der Spiegel reporting from last year that I discussed at the 30C3.

00:18:38.632 --> 00:18:44.832
I gave a talk there that was called "To Protect and Infect, Part 2," and I don't want to rehash too much

00:18:44.832 --> 00:18:50.200
of that talk, but I would really encourage all of you to watch it, because I basically talk about the technical details.

00:18:50.200 --> 00:18:55.400
And the technical details are important, because in a democracy, for us to be able to understand what it is

00:18:55.400 --> 00:18:59.400
that we're consenting to, we need to have some concept of what it is we're talking about.

00:18:59.400 --> 00:19:05.367
Unfortunately the laws are not so great, and from what I can tell, some people have even called

00:19:05.367 --> 00:19:08.800
for my prosecution as a result of showing and discussing these things.

00:19:08.800 --> 00:19:13.364
Now, that went through very careful editorial control at <i>Der Spiegel</i>, so I don't feel too threatened by it,

00:19:13.394 --> 00:19:18.134
but it's an important point that people don't want you to understand how the machines that control you and

00:19:18.143 --> 00:19:22.465
surveil you work. They don't want you to be able to change the way that those things work,

00:19:22.465 --> 00:19:27.933
because it is about power. It's about controlling you, it's about controlling your machines, and it's about

00:19:27.933 --> 00:19:32.832
ensuring that those people stay in control over you and your devices, should they wish it.

00:19:32.832 --> 00:19:37.931
So, in a democracy I think it's fundamentally important for us to understand how the machines work,

00:19:37.931 --> 00:19:43.766
to understand how the power works, to understand what the dynamics are, to make sure that these

00:19:43.766 --> 00:19:47.366
devices, for example, how they're being subverted, that we understand it.

00:19:47.366 --> 00:19:54.300
For example, when we understand that exploitation often leads to hoarding of bugs, that means we understand

00:19:54.300 --> 00:20:00.534
that people are letting us stay in a vulnerable state so as to be able to exploit us.

00:20:00.534 --> 00:20:06.633
But many people may find those bugs and exploit us, so it is not nearly a simple thing where we say

00:20:06.633 --> 00:20:13.965
we cede some of our autonomy so that people will be able to do their job. You know, the local policeman needs

00:20:13.965 --> 00:20:18.600
to do their job, cooperate with them, for example. Because it is every local policeman on the planet.

00:20:18.600 --> 00:20:22.800
It is every intelligence officer on the planet, with enough of a budget or the technical know-how,

00:20:22.800 --> 00:20:28.833
who will be able to exploit those things. So on balance, it seems very clear that we want to build secure systems

00:20:28.833 --> 00:20:35.133
and not make that trade-off, because we can never actually ensure that the people who are doing this

00:20:35.133 --> 00:20:40.566
are acting in our best interest, are democratically in a position of authority that is legitimate,

00:20:40.566 --> 00:20:46.368
if, you know, you bear with me here and we say there is some authority that is legitimate...

00:20:46.368 --> 00:20:51.632
I know it's a free software crowd, so I like to think that some of you there apt-get install anarchism

00:20:51.632 --> 00:20:56.800
from time to time. But it's very important to understand that that balance is something which is not

00:20:56.800 --> 00:21:02.769
a part of the discussion, and a big part of ensuring that it's not a part of the discussion is to try to hide the details.

00:21:02.769 --> 00:21:07.932
And so for me, I think it's very important to bring out the details. It's very important to show that they use

00:21:07.932 --> 00:21:13.532
continuous wave generators bounced against reflectors that they've installed after stealing your mail.

00:21:13.532 --> 00:21:19.333
Do we want to live in a world where these people steal our mail? And where they take our laptops

00:21:19.333 --> 00:21:24.493
when we buy them online and add devices to them? I don't want to live in that world.

00:21:24.493 --> 00:21:29.532
I like to think that people that work on free software not only don't want to live in that world, they are actively

00:21:29.532 --> 00:21:34.090
working to ensure that everyone on the planet can choose to live in a different world.

00:21:34.090 --> 00:21:46.365
To get back to the point, things like the Milkymist, Novena, coreboot, these are on a spectrum of free

00:21:46.365 --> 00:21:53.368
hardware to, as we go down the line, free software-enabled proprietary hardware.

00:21:53.368 --> 00:21:59.815
Now, I use an X60 with coreboot and I removed almost all of the hardware I don't need.

00:21:59.815 --> 00:22:04.700
I try, for example, to get rid of anything that would need a binary blob. I think I've done that.

00:22:04.700 --> 00:22:10.866
This laptop, I think, only has one binary blob left, and that's in the embedded controller for the keyboard.

00:22:10.866 --> 00:22:15.964
I sometimes use an external keyboard that doesn't have that, although obviously that keyboard has some

00:22:15.964 --> 00:22:23.115
binary firmware device inside of it. Hopefully not remotely flashable. As far as I can tell, that's the case.

00:22:23.115 --> 00:22:31.030
Systems like the Novena, made by Bunnie, I think, are the future. That is, he has built almost entirely,

00:22:31.030 --> 00:22:37.100
as much as is possible at the moment, an open hardware device based on an ARM CPU, where you can fab this

00:22:37.100 --> 00:22:45.880
device, where you can very easily, if you are a hardware person, modify it, and you can fab this

00:22:45.880 --> 00:22:52.332
changed device. So that, I think, is critical. There's still a proprietary CPU, but there's a trade-off to be

00:22:52.332 --> 00:22:59.567
made here. So in this case, the Freescale CPU that he included is pretty fast, it's a quad-core CPU, and it

00:22:59.567 --> 00:23:03.684
has a hardware random number generator. Who knows if it's SIGINT-enabled, hopefully not.

00:23:03.684 --> 00:23:09.232
If we see this, we see that it is significantly better than, for example, the ThinkPad that's sitting in front

00:23:09.232 --> 00:23:13.000
of me where we don't know the designer, we don't know their intentions, we don't know for example if

00:23:13.000 --> 00:23:19.801
the Intel microcode, if it can be updated remotely by someone who has the key that isn't Intel.

00:23:19.801 --> 00:23:25.164
Probably, would be my guess, if they understand the format, if they can add backdoors, which, if they understand

00:23:25.164 --> 00:23:29.601
the way the microcode works and they have the key, then of course they can do all of those things.

00:23:29.601 --> 00:23:35.033
So there are some architectural changes in the Novena which I think are pretty spectacular for that.

00:23:35.033 --> 00:23:41.166
If we go all the way, I see something like the Milkymist, which for a time I used instead of as a video mixer

00:23:41.166 --> 00:23:52.767
but as a machine for running screen and irssi. And it actually is a FPGA device where the CPU itself is

00:23:52.767 --> 00:24:03.034
free software. Unfortunately the tools for synthesizing the FPGA, those are not free. We lack free software tools

00:24:03.034 --> 00:24:08.900
for those things, as well. And we really, really, really need free software tools for all of these things,

00:24:08.900 --> 00:24:16.721
and we need free hardware platforms to build on top of. Without that, it's very difficult for us to secure our systems.

00:24:16.721 --> 00:24:21.801
I think that it's critical to do that. And there are some people that are doing that.

00:24:21.801 --> 00:24:27.064
So lekernel, the guy who's working on the Milkymist, and some of these other free hardware devices,

00:24:27.064 --> 00:24:32.600
I think he really needs support, and I think it would be great, because his devices are the kinds of devices

00:24:32.600 --> 00:24:37.135
where you can do forensics on it, but you can also prevent adversarial forensics.

00:24:37.135 --> 00:24:42.400
That is, you can program your device to self-destruct, but you can also check to see if someone has changed

00:24:42.400 --> 00:24:49.201
the bootloader, if someone has changed the VHDL output, you can actually verify these things.

00:24:49.201 --> 00:24:55.133
Novena is much the same. I've been working on making Debian GNU/Linux run really well on it.

00:24:55.133 --> 00:25:05.166
I actually have a Novena here in front of me, with the little helpful Intel sticker, but that's just as a joke,

00:25:05.166 --> 00:25:11.485
because there's no intel inside with free hardware and free software, if we do our jobs correctly.

00:25:11.485 --> 00:25:19.500
So, I'd like to think that this is a good start, but the only thing that makes this useful is, of course, the free software on top of it.

00:25:19.500 --> 00:25:25.931
So in this sense, I think that Debian GNU/Linux is very important. I think lots of things, like Trisquel, for example,

00:25:25.931 --> 00:25:31.565
are very important. And we need to work on making those systems usable. I think the GNOME project

00:25:31.565 --> 00:25:37.300
has done a very excellent job with that. There are a few things about it that drive me crazy, but mostly

00:25:37.300 --> 00:25:44.832
just because I've been using computers long enough to have bad habits, so I think that that's a sort of humbling experience.

00:25:44.832 --> 00:25:52.600
The Tails operating system, which is a derivative of Debian, is set up in such a way that you don't

00:25:52.600 --> 00:25:57.633
need to understand anything about anonymity, you don't need to understand anything about security and privacy.

00:25:57.633 --> 00:26:02.701
It comes with a chat client that has off-the-record messaging by default. Everything is configured

00:26:02.701 --> 00:26:11.133
to work over Tor by default. This is great. This helps us with this paradigm shift of privacy by policy to privacy by design.

00:26:11.133 --> 00:26:16.100
Now, there are a couple of problems that still exist. Even if you have Tails, even if you find it usable,

00:26:16.113 --> 00:26:21.500
which it isn't, in my opinion... It's much more usable than all of these things were before Tails, but it's

00:26:21.500 --> 00:26:28.565
a progression. If we take a step and we go further and further down the line, one of the things we'll note

00:26:28.565 --> 00:26:34.165
is that there isn't an easy wizard for setting up, for example, a chat account that just works.

00:26:34.165 --> 00:26:42.300
Where you can just easily send a message. Where it's not hard. As an example, I installed Jitsi on this laptop,

00:26:42.300 --> 00:26:47.963
and at the bottom of the screen you see "surveillance_target@jit.si". You can, of course,

00:26:47.963 --> 00:26:55.971
ask me questions via OTR if you want here, and if you'd like to, you'll note that it is, of course,

00:26:55.971 --> 00:27:03.880
using OTR, it is also using SSL/TLS... well, it's TLS 1.0, I think, to connect there.

00:27:03.880 --> 00:27:12.400
You'll note that it's essentially... it's like an email address. That is pretty good, and I think we may have

00:27:12.400 --> 00:27:17.280
to sit with that for a while, while we work on coming up with different naming systems.

00:27:17.280 --> 00:27:22.003
Zooko's triangle, if you haven't heard of it, I would recommend you look it up on the Wikipedia,

00:27:22.003 --> 00:27:27.400
it's definitely the case that we have some hard problems to try to tackle.

00:27:27.400 --> 00:27:35.000
Skype, for example, is really easy for people to use, and they do use it because they have probably purchased

00:27:35.000 --> 00:27:40.165
every webcam in the world, and then they've made it work with every piece of software and hardware

00:27:40.165 --> 00:27:46.301
combination that they could get their hands on. And they also solved the problem of making it as simple

00:27:46.301 --> 00:27:59.732
as adding, for example, one username and password, and then forever just keeping that identifier.

00:27:59.732 --> 00:28:06.264
And then you just have to simply say, "Hey, I'm Alice at, I'm Bob at" and it's really easy to use.

00:28:06.264 --> 00:28:12.500
For example, if Jitsi had a setup wizard, where it automatically generated your OTR keys and it

00:28:12.500 --> 00:28:17.367
automatically did everything that needed to be done and it added you to their server, but it also allowed

00:28:17.367 --> 00:28:23.263
you to configure a secondary server, that would be fantastic. It would mean that you could just download

00:28:23.263 --> 00:28:29.500
Jitsi and it would work. If it forced OTR, even better. Those kinds of things are really simple changes

00:28:29.500 --> 00:28:35.165
that really would make a world of difference. And since Jitsi works on other platforms other than pure

00:28:35.165 --> 00:28:39.800
free software platforms, it can even be used as a kind of gateway crypto system.

00:28:39.800 --> 00:28:45.700
So, I think that kind of stuff becomes very important, because once you have something like Tails

00:28:45.700 --> 00:28:50.001
and you have something like Jitsi and you put them together, you still have that last step.

00:28:50.001 --> 00:28:57.784
And that last step is a hard one. But we're really close. In looking through and understanding some of

00:28:57.784 --> 00:29:03.482
the things that I've been looking at and studying with regard to the technology, and I said this before,

00:29:03.482 --> 00:29:09.998
usability and security are absolutely critical. But I also mentioned before the active attackers.

00:29:09.998 --> 00:29:19.332
So one of the issues that we see is that these active attackers are actually pretty good, right?

00:29:19.332 --> 00:29:24.300
So if you have a longterm cryptographic key but you don't use it correctly, that is, you encrypt all your

00:29:24.300 --> 00:29:29.883
traffic in a non-forward secret way, you have a pretty serious problem, which is that these people will

00:29:29.883 --> 00:29:36.000
break into the computer and actually take the key so that they can decrypt traffic, or to impersonate you.

00:29:36.000 --> 00:29:40.364
So we do need to come up with some notions about, for example, ratcheting.

00:29:40.364 --> 00:29:45.965
So Tech Secure, which Moxie Marlinspike has been working on for many years now, it has this notion

00:29:45.965 --> 00:29:52.239
of forward secrecy as well as future secrecy. I think that we need to think about some of the stuff that he's

00:29:52.239 --> 00:30:00.000
been working on to make this kind of system usable. Adam Langley, who is probably, I would say, one of the

00:30:00.000 --> 00:30:06.032
great living cypherpunks right now, he has written a system called Pond. I've worked a little bit on the key

00:30:06.032 --> 00:30:11.113
agreement system PANDA, where we dynamically meet by using a shared secret.

00:30:11.113 --> 00:30:16.932
That kind of a system is really important. It changes the game from "you're totally surveilled, but maybe

00:30:16.932 --> 00:30:21.631
you have PGP email if you're lucky," or "you're totally surveilled, but maybe you have OTR if you've had

00:30:21.631 --> 00:30:32.032
a proper chat client for it." And basically it switches it, so everything goes over Tor, everything goes to a server,

00:30:32.032 --> 00:30:39.965
that server only sees a delayed set of messages. That kind of system is really a significantly different way of

00:30:39.965 --> 00:30:45.120
doing communications, and it's not so different from email in some ways. But it's different in the ways that

00:30:45.120 --> 00:30:50.900
are really important. So that, however, is completely useless without a usable interface,

00:30:50.900 --> 00:30:57.573
without having it be deployed, without teaching people things. So as an example, when you teach

00:30:57.573 --> 00:31:02.132
a journalist something—one of the things that I've found is almost impossible to do is to teach journalists—

00:31:02.132 --> 00:31:07.333
but if you teach journalists something, you want to teach them one or two things that you absolutely

00:31:07.333 --> 00:31:12.500
impress on them that they must do. So for example, verifying an OTR fingerprint is one of the things

00:31:12.500 --> 00:31:16.765
that I impress on every journalist that I work with. And that's actually my litmus test.

00:31:16.765 --> 00:31:23.600
If they cannot use Tor and OTR and Jabber together, I don't work with them, because they can't maintain

00:31:23.600 --> 00:31:33.232
confidentiality, authenticity, any kind of integrity in a digital sense. And that, for me, is important.

00:31:33.232 --> 00:31:37.933
But it's also the case that I spend a lot of time teaching people how to build Tails disks, or building

00:31:37.933 --> 00:31:43.833
Tails disks for them, or getting a special laptop and then setting that up for them and then adding Tails to

00:31:43.833 --> 00:31:51.732
that system, or a Debian GNU/Linux setup. And it would be nice if it was as simple as "just use Trisquel."

00:31:51.732 --> 00:31:58.566
If it was as simple as "buy a laptop from this vendor and it's all free software enabled."

00:31:58.566 --> 00:32:02.231
Now there are some vendors that do it, and the problem of interdiction, which I mentioned before,

00:32:02.231 --> 00:32:07.100
where they steal mail and change things, that's a serious problem. So we really need to make sure

00:32:07.100 --> 00:32:14.373
that these things are available in regular stores where regular people go. That makes targeting, again, much harder.

00:32:14.373 --> 00:32:22.100
I have a couple of other things before I start to take questions, but I think that the real key stuff that

00:32:22.100 --> 00:32:28.400
we need to consider is that we need verifiability. So for example, reproducible builds, things like Gitian,

00:32:28.400 --> 00:32:34.400
which is what we're doing for the Tor browser, that's very critical because anytime you build software for

00:32:34.400 --> 00:32:40.432
anyone, you are a target. Especially if the person you build software for is themselves a target.

00:32:40.432 --> 00:32:48.065
So, for example, we can imagine that with this three- or two-hop-out idea of targeting, we know that it's possible

00:32:48.065 --> 00:32:53.200
for someone to target a sysadmin because the sysadmin is interesting, but it follows that if the

00:32:53.200 --> 00:32:57.833
sysadmin is really good, and a lot of people in the free software community are really good with securing

00:32:57.833 --> 00:33:03.000
their systems, those people will be targeted by targeting their operating system vendor.

00:33:03.000 --> 00:33:09.132
So, for example, we know that Debian has been compromised in the past. We have to make it so that

00:33:09.132 --> 00:33:15.200
compromising Debian is not only detected, but that it doesn't make sense to do that.

00:33:15.200 --> 00:33:22.265
So if, for example, you were to think about this from the Gitian perspective, if we have anonymized

00:33:22.265 --> 00:33:28.964
builders that are regularly building packages and reporting those results, it will allow us to see if

00:33:28.964 --> 00:33:35.032
someone has changed a package on the server, it'll allow us to tell if that piece of software has been tampered with.

00:33:35.032 --> 00:33:39.632
We need to have a kind of binary verification process which, at the moment, we don't really have a

00:33:39.632 --> 00:33:45.465
binary verification process. Some people use proprietary software like IDA Pro to reverse engineer

00:33:45.465 --> 00:33:52.400
this, some people try to disassemble or decompile the software to see if it matches what they thought,

00:33:52.400 --> 00:33:57.031
but that's usually a hand process. We need to automate some of those things, and we need to

00:33:57.031 --> 00:34:01.870
do it in a way where people are able to report back to the community anything that they see, basically in

00:34:01.870 --> 00:34:08.364
real time, that is problematic. So for the Tor browser, I actually have a machine that builds with Gitian,

00:34:08.364 --> 00:34:14.664
and if it ever builds a hash that doesn't match what I would expect, then it alerts me.

00:34:14.664 --> 00:34:20.000
And it alerts me in a way such that it just looks like any other person downloading the source code,

00:34:20.000 --> 00:34:26.830
so it's harder to target, and it is the case that it verifies signatures where I've verified the keys in person.

00:34:26.830 --> 00:34:33.032
So I think that's pretty good, I think it works relatively well, but that doesn't scale.

00:34:33.032 --> 00:34:40.064
And right now, it's a one-off. So we really, really need to consider this as a reality.

00:34:40.064 --> 00:34:47.365
We need that also for devices. For example, if I buy a hardware device and the NSA adds something to it,

00:34:47.365 --> 00:34:54.333
what has happened? Right? Well, usually, they've won. That's a really serious problem.

00:34:54.333 --> 00:35:00.100
And it's not just the NSA, it's anybody who can steal mail, and especially at scale. Right?

00:35:00.100 --> 00:35:04.800
Computers go through customs. Free software might not always go through customs, but computers do.

00:35:04.800 --> 00:35:09.340
And that's where the state's advantage is often used against people in a way that they don't understand

00:35:09.340 --> 00:35:16.266
and certainly wouldn't consent to. And so we need to have a way, really, and this sounds kind of outlandish,

00:35:16.266 --> 00:35:20.132
but let's go for outlandish. We need a way to be able to X-ray our hardware and compare it with

00:35:20.132 --> 00:35:27.732
a known good state. And with no binary blobs, it becomes a little bit possible. A little more possible for

00:35:27.732 --> 00:35:32.365
us to make sure that the systems we're carrying around are not just bugs for an oppressor.

00:35:32.365 --> 00:35:39.436
They're not just systems to be used against us. Now, I know that that's a tall order, but the GNU project itself

00:35:39.436 --> 00:35:46.364
is a tall order. And so we need to move towards free systems: free hardware and free software systems for freedom.

00:35:46.364 --> 00:35:50.600
Because really, it would be very difficult to maintain freedom and liberty in the future,

00:35:50.600 --> 00:35:56.590
and even, I think, to keep our democracies in a world of mass surveillance. Especially if all of our devices

00:35:56.590 --> 00:36:01.500
are the thing that is oppressing us, or that are acting as an oppressor.

00:36:01.500 --> 00:36:05.533
In the past it was the case that you had a neighbor, and the neighbor maybe received some benefits.

00:36:05.533 --> 00:36:10.533
Now the changes are different. Now people report on each other as a matter of, you know, fun.

00:36:10.533 --> 00:36:15.800
For society. With Facebook, for example. Well, what happens when the Philip K. Dick nightmare is not

00:36:15.800 --> 00:36:22.632
just worrying about every person spying on you, but what if it becomes every thing that's spying on you?

00:36:22.632 --> 00:36:27.164
Part of the way that I deal with this is I literally remove the physical microphones from my computers,

00:36:27.164 --> 00:36:33.364
because I know that it is almost impossible to secure machines such that a really powerful, well-funded

00:36:33.364 --> 00:36:39.364
adversary could enable them again. So that is not really something that scales.

00:36:39.364 --> 00:36:43.900
But we can think about it when we build free software laptops, we should make sure that there is an LED

00:36:43.900 --> 00:36:49.500
that if the microphone is powered up, the LED is on. Just the same way with a camera, but not as badly-designed

00:36:49.500 --> 00:37:00.000
as most cameras. I guess probably now, we should probably take some questions, given the timing.

00:37:00.000 --> 00:37:09.133
Is there anybody that wants to ask a question? If so, we're in #libreplanet on OFTC, because OFTC allows

00:37:09.133 --> 00:37:12.533
me to use Tor to connect to their IRC network, which I'm very thankful for.

00:37:12.533 --> 00:37:17.466
I would be happy to take some questions, and I know that some of you have contacted me on Jabber.

00:37:17.466 --> 00:37:26.733
So you can of course, you can of course ask me questions. The first question says, "What is, in your opinion,

00:37:26.733 --> 00:37:33.766
the most important technology for journalists to learn?" You know, it depends on what kind of journalist.

00:37:33.766 --> 00:37:39.564
I tend to think that the key technology for people to understand is not a specific technology,

00:37:39.564 --> 00:37:47.335
but rather the philosophy of free software. I mean, Richard Stallman, who is one of the most brilliant people to have ever lived,

00:37:47.335 --> 00:37:53.500
really hit the nail on the head when he talks about free software not as a matter of cost but as a matter of freedom.

00:37:53.500 --> 00:38:00.033
And I think that when people understand that power dynamic, when they understand the tradeoffs they're really making,

00:38:00.033 --> 00:38:05.132
they'll change the pieces of software that they use. And hopefully, by the time they make that choice,

00:38:05.132 --> 00:38:12.000
that software will be usable, so that when you use Jitsi, for example, it does not allow non-OTR conversations.

00:38:12.000 --> 00:38:18.566
Or when you make a video call, it doesn't allow the user, basically, to make an unencrypted stream

00:38:18.566 --> 00:38:22.900
without jumping through hoops. By default it is secure. By default is privacy by design.

00:38:22.900 --> 00:38:29.600
And so, if people are going to learn one specific tool, I feel like we're sort of failing.

00:38:29.600 --> 00:38:37.232
I think, as Schneier is often quoted as saying, privacy and security is a process, not a product.

00:38:37.232 --> 00:38:43.600
Maybe he only said that about security, but let's modify it a little bit. Right? Liberty is also a process,

00:38:43.600 --> 00:38:50.201
it's not a product. So journalists need to learn about the world around them, but that's for every person as well.

00:38:50.201 --> 00:38:54.433
And so when we want every person to have this, we need to make sure that the devices and the software that we use

00:38:54.533 --> 00:39:00.664
actually enable that by default. The next question is, "How useful is a SHA-256 sum

00:39:00.664 --> 00:39:10.870
for checking software binary zip integrity checking?" My feeling is that hash functions are not going to be the weakest point.

00:39:10.870 --> 00:39:19.766
But if you would like, you can take the approach that Debian takes. When you upload a package, it has MD5, SHA-1, and SHA-256,

00:39:19.766 --> 00:39:26.500
and then you do a GnuPG signature over that. Now I use, because of the fact that I'm certain there are

00:39:26.500 --> 00:39:34.766
people that are trying to attack my systems, I use this, which is unfortunately not completely free. But it is a GnuPG smart card.

00:39:34.766 --> 00:39:42.266
And that GnuPG smart card, I also don't leave it plugged into my system very often, and I usually use it on an offline machine

00:39:42.266 --> 00:39:46.400
so someone has to break into my house to be able to even begin to mount an attack on the smart card.

00:39:46.400 --> 00:39:53.764
But that, I think, is really the way to go about it. It's not just about hashing, it's also about ensuring that you compose

00:39:53.764 --> 00:39:58.800
those hashes into a system that makes some kind of sense. But again, in this case with Debian,

00:39:58.800 --> 00:40:04.365
when you hash the files and you upload them, the binaries I built on my system are the ones that Debian gives out to users.

00:40:04.365 --> 00:40:10.565
Is that really what we want? I think that's a bad idea. What if my system has been compromised, right?

00:40:10.565 --> 00:40:16.800
We don't want that binary going out. And there's some work on changing that. But if we think about it just in terms of hash functions,

00:40:16.800 --> 00:40:22.400
I think we'll rarely find the hash function is the issue. Obviously there are some things, like MD5, that are just hopelessly broken,

00:40:22.400 --> 00:40:29.346
so we should be moving towards things that are not hopelessly broken, but it's difficult, because a lot of our standardization agencies,

00:40:29.346 --> 00:40:37.732
they're not very good at their job, in my opinion. Right? When NIST collaborates with the NSA willingly or unwillingly,

00:40:37.732 --> 00:40:44.700
wittingly or unwittingly, I think we have a problem. So we should look for diversity in this, and not just choose one thing,

00:40:44.700 --> 00:40:48.866
but choose a few things that make it significantly harder for someone to attack any single thing.

00:40:48.866 --> 00:40:56.800
And as far as average users being able to verify software, I think this is a really tough problem.

00:40:56.800 --> 00:41:04.141
Basically, the real issue is a bootstrapping problem. We need to make sure that operating systems have some notion

00:41:04.141 --> 00:41:10.800
about actual integrity of packages. And that's a really difficult problem to solve because many people start with a

00:41:10.800 --> 00:41:17.732
proprietary software platform, like Microsoft Windows or Mac OSX, and those platforms, they do not respect peoples' liberty.

00:41:17.732 --> 00:41:22.631
And naturally, they don't want to help you to move to a new platform that respects your liberty.

00:41:22.631 --> 00:41:31.232
So, in a free software world though, we should be able to have packages that do have verifiability in the operating system,

00:41:31.232 --> 00:41:36.533
as well as in the packages. That is, that are signed, that are hashed properly, that have some notion of the web of trust,

00:41:36.533 --> 00:41:43.400
or something that replaces it, plus a user interface that makes sense. And that's a really difficult one.

00:41:43.400 --> 00:41:51.454
Snowden calls it the "Greenwald test". And I think that that's a good test, actually. As someone who actually

00:41:51.454 --> 00:41:58.200
asked Glenn to use a bash shell on Tails and showed him how to use a bunch of command line tools,

00:41:58.201 --> 00:42:06.801
allow me to elucidate how important that test is. Jesus Christ, that is a serious test. It's really, really, really hard to get

00:42:06.801 --> 00:42:13.200
Glenn to use those tools securely. But it shouldn't be. In fact, every time that a user can't figure something out,

00:42:13.200 --> 00:42:19.000
we should say to ourselves that we have failed. Not seriously, but we should say to ourselves that we have failed,

00:42:19.000 --> 00:42:22.000
and we should try to succeed where we have failed before.

00:42:22.000 --> 00:42:27.501
I have another question here: "What are the bare minimum fundamentals we should teach the general public

00:42:27.501 --> 00:42:35.133
when advocating privacy?" Well, I tend to think that the bare fundamental is that we're not talking about privacy, actually.

00:42:35.133 --> 00:42:39.538
We're talking about autonomy, we're talking about dignity, and we're talking about our liberty.

00:42:39.538 --> 00:42:45.933
Privacy is merely one of the manifestations of this. So, for example, when people say that they don't have anything to hide,

00:42:45.933 --> 00:42:53.333
it's not about hiding things. It's about having a private sphere in which to think about things before you reveal what you have decided.

00:42:53.333 --> 00:42:58.666
Where you don't have to reveal the process by which you make a decision. But also, where you get to choose.

00:42:58.666 --> 00:43:04.400
It's not that, for example, I have nothing to hide underneath this great Cyberpeace t-shirt,

00:43:04.400 --> 00:43:10.065
but it should be me that actually chooses if I should take it off. And so, for example, right now since I understand

00:43:10.065 --> 00:43:15.511
there are sixty people watching this webstream, I'm going to keep it on. And that is, when we talk about privacy,

00:43:15.511 --> 00:43:23.100
in a sense when we say that privacy is dead, what we're hearing is our modern generation saying that liberty is dead.

00:43:23.100 --> 00:43:28.100
And I don't like that. So I refuse to say that privacy is dead when people really mean liberty.

00:43:28.100 --> 00:43:32.764
And I think it is important that we reject that notion, and we should talk about how we should have a right to autonomy,

00:43:32.764 --> 00:43:39.600
we should have a right to express solidarity, we should have the ability to be able to, in the case of free software and free hardware,

00:43:39.600 --> 00:43:46.233
have devices that actually empower us and that we understand how they work. And we should be able to be secure, end-to-end secure.

00:43:46.233 --> 00:43:57.500
So, I've got a couple other ones. Oh, wow, joeyh! One of my favorite Debian developers of all time, that's incredible.

00:43:57.500 --> 00:44:01.933
I feel honored that you're asking me a question. "Should Debian work towards integrating Tor more?"

00:44:01.933 --> 00:44:09.732
Yes. So I'm a new Debian developer, it took me ten years, because I'm slow at becoming a Debian developer.

00:44:09.732 --> 00:44:18.332
But I'm error@debian.org, and I'm super happy to help anybody to be able to integrate Tor and anonymity software

00:44:18.332 --> 00:44:26.264
by default into Debian. As an example, I have a transparent Tor network that I use to be able to ensure that I can

00:44:26.264 --> 00:44:31.864
install Debian on new machines without my Internet service provider being targeted by the NSA or other people.

00:44:31.864 --> 00:44:38.932
I also run a Tor mirror on the Tor hidden service, as well, and a Debian mirror on the Tor hidden service as well,

00:44:38.932 --> 00:44:44.300
so that I can install packages on these systems without having to worry about basically being attacked.

00:44:44.300 --> 00:44:51.332
Even if a Debian developer FTP Master's key is compromised. So that a targeted attack is significantly harder.

00:44:51.332 --> 00:44:57.600
As you can imagine, that's not very usable for regular people, and as you can also imagine, it probably doesn't work very well.

00:44:57.600 --> 00:45:05.265
So yeah, we should make it so that a Debian user can say, "help! I'm a target of surveillance, and I'd like to be

00:45:05.265 --> 00:45:09.495
able to use free software without being tampered with." And that would be great if we could make Debian,

00:45:09.535 --> 00:45:16.135
if we could make Debian more friendly to that. Because basically we, for a long time, have lived in a world of privilege,

00:45:16.234 --> 00:45:21.866
where we thought we were exempt from the power dynamics of the world. And I think one of the things we will learn,

00:45:21.866 --> 00:45:27.266
especially with Debian, is that that isn't the case. And the more international a team is, the more the legal authorities

00:45:27.266 --> 00:45:35.031
of intelligence agencies suggest that they are fair targets. So, that also extends to the users. So I'd love to make that happen.

00:45:35.031 --> 00:45:46.032
And, yeah, wow. It's incredible to be able to talk to you guys here. Probably the only group of people that really can make these changes, right?

00:45:46.032 --> 00:45:51.732
I mean, there are other free software people around the world other than the ones in this room, but it's really critical to understand the role

00:45:51.732 --> 00:45:55.135
that you guys play. And that all of us play, together.

00:45:55.135 --> 00:46:13.832
I have a couple of other questions here. Helican asks, "Do you think the time is right for a free hardware FreedomBox

00:46:13.832 --> 00:46:22.032
with Tor built in, and do you have any news on the FreedomBox front?" Well, I was very depressed about some of the discussions

00:46:22.032 --> 00:46:31.300
around FreedomBox for a while, where I felt like people were taking anonymity as a sort of, like a luxury good.

00:46:31.300 --> 00:46:37.100
And they felt like we didn't need Tor, or something like that. Now, obviously, I work on Tor and I'm paid to work on Tor,

00:46:37.100 --> 00:46:43.401
so I feel like it's a conflict of interest for me to say this, but yeah, I think we of course need to do that.

00:46:43.401 --> 00:46:49.213
At the same time, the reason that I work on Tor is because I really believe it. I think Tor has probably saved my life a couple of times

00:46:49.243 --> 00:46:55.765
every month for the last several years, from military dictatorships to other places where I've traveled.

00:46:55.800 --> 00:47:02.432
So I think it's critical to make that possible. So as an example, this device I held up here, this Novena board,

00:47:02.432 --> 00:47:15.032
well, as you can tell, the basic idea is to have a device that is free hardware and free software that, you know, gives you

00:47:15.032 --> 00:47:21.266
exactly what you've just asked for. And that's in fact what I have. That device, when I plug it in, it sets up a wireless network

00:47:21.266 --> 00:47:30.865
that transparently routes people through Tor, and it also sets up a Tor relay so that it will relay traffic for the rest of the network.

00:47:30.865 --> 00:47:38.032
And it's entirely powered by free software with no proprietary software at all. I think that that is, yeah,

00:47:38.032 --> 00:47:42.134
I think that's a good thing to do, and that's what I've been spending my time doing lately. If you want to help with that, it would be great.

00:47:42.134 --> 00:47:47.300
And if we can get the FreedomBox to adopt the Novena board, I think that that is great. I think we should try to raise

00:47:47.300 --> 00:47:55.300
a million dollars for Bunnie so that we have a free hardware solution, or open hardware solution, that actually is usable,

00:47:55.300 --> 00:48:00.266
that's fast, that doesn't support a company that doesn't care about our liberty, but instead supports a developer

00:48:00.266 --> 00:48:03.500
who really does care about our liberty and about our freedom.

00:48:03.500 --> 00:48:11.900
The next question from Malapart is, "Is .onion today what SSL was in the mid-90s?"

00:48:11.900 --> 00:48:26.400
I really hope not for a whole bunch of reasons. So the next question... ah. So someone in the audience wants me to elucidate

00:48:26.400 --> 00:48:32.633
on the link between anarchism and free software ideology and goals. I think that it's important

00:48:32.633 --> 00:48:39.278
to not focus too much on that, in particular because I think that sometimes talking about anarchist philosophy alienates people,

00:48:39.278 --> 00:48:45.532
because they think that anarchism is the same as complete chaos, or synonymous with violence.

00:48:45.532 --> 00:48:50.700
And so I'd like to sidestep that and say if you apt-get install anarchism, literally, that's the Debian package,

00:48:50.700 --> 00:48:56.332
you can read about the philosophical texts of anarchism. But the basic idea of anarchism is about mutual aid,

00:48:56.332 --> 00:49:02.533
it's about solidarity, it's about respect for human rights, it's about the same things that the free software movement are about.

00:49:02.533 --> 00:49:08.368
But there's a lot of propaganda out there about the notion of democracy, in fact, in the form of anarchy.

00:49:08.368 --> 00:49:15.234
And that's unfortunate, actually. And I think we can change that. One of the ways that we can change that

00:49:15.234 --> 00:49:21.431
is to actually have propaganda of the deed. In this case, making free software and free software available

00:49:21.431 --> 00:49:25.601
to everyone means that people understand the fundamental tenets of anarchist philosophy

00:49:25.601 --> 00:49:29.265
in their everyday life, and they don't have to learn about the philosophy too much

00:49:29.265 --> 00:49:34.432
to be enabled by it. And if they want to, they can learn about it. I think that's a very powerful way

00:49:34.432 --> 00:49:38.832
to make that happen, because it's very easy, for example, to talk about it philosophically,

00:49:38.832 --> 00:49:44.540
but until you have a tangible thing, it's not really clear. That is, when we didn't have an anonymity network,

00:49:44.540 --> 00:49:49.733
and people said, "Well, do you really need anonymity?" you would make a different choice than

00:49:49.733 --> 00:49:54.866
if you have an anonymity network and it will be taken away from you if someone says "do you need anonymity?"

00:49:54.866 --> 00:50:00.370
and you say no. So when you say yes, and it's there, and it's tangible, it changes it.

00:50:00.370 --> 00:50:05.533
And the same is true for anarchist philosophy, and the same is true, I think, for free software and free hardware.

00:50:05.533 --> 00:50:10.165
And especially when these things work together, they actually help us to build autonomous communities,

00:50:10.165 --> 00:50:16.100
they help us to build secure systems across hostile networks. I think that that's very powerful,

00:50:16.100 --> 00:50:20.700
and I think that the way to get people to care about that is actually to show them that.

00:50:20.700 --> 00:50:25.673
People care a lot more about connecting now that it's easy to do. It wouldn't have been a relevant question

00:50:25.673 --> 00:50:29.967
thirty years ago in the way that it is a relevant question now. So the freedom to connect,

00:50:29.967 --> 00:50:33.600
the freedom of free hardware and free software, these tie fundamentally into anarchist goals.

00:50:33.600 --> 00:50:37.400
I'd really encourage people to look up the works of Emma Goldman, for example.

00:50:37.400 --> 00:50:42.763
I think she's one of the greatest feminists to have ever lived, though most people don't know who she is.

00:50:42.763 --> 00:50:49.600
And if you looked at the Wikipedia page, for a time there was no mention of her on "Important feminists of the twentieth century",

00:50:49.600 --> 00:50:55.933
I think is the page I was looking at. I think that is a bit of a shame, but I also think that that's, you know,

00:50:55.933 --> 00:51:01.064
an easy thing to reconcile with reality if people go and they look it up and they study about it.

00:51:01.064 --> 00:51:08.033
So hopefully people will install that Debian package and otherwise learn about that if they are interested in it,

00:51:08.033 --> 00:51:14.133
but really, I think, getting people to have the values that are embodied in that is just as important if not more important.

00:51:14.133 --> 00:51:20.101
The next question is "What about those countries that are completely blocking projects like Tor?

00:51:20.101 --> 00:51:27.065
What should we do to help people in those countries?" I tend to think not in terms of charity,

00:51:27.065 --> 00:51:32.447
or helping people, but rather in terms of solidarity. So, the Tor project, for example,

00:51:32.447 --> 00:51:38.600
is not having a war with China, right? China often does not respect its citizens' autonomy,

00:51:38.600 --> 00:51:42.832
and blocks its access to the Tor network. One thing that would be helpful would be to

00:51:42.832 --> 00:51:49.000
make it so that, by default, a lot of applications use Tor so that the so-called collateral damage,

00:51:49.000 --> 00:51:52.801
though I'm loathe to use that term, becomes higher and higher, becomes more difficult.

00:51:52.801 --> 00:51:58.600
And also, such that people start to use what are called pluggable transports, like the obfuscated proxy obfs3.

00:51:58.600 --> 00:52:04.900
The proxy actually, right now, is not blocked in China. It becomes a sort of cat and mouse game,

00:52:04.900 --> 00:52:11.032
but it may be the case that as we build more difficult-to-classify protocols, as applications understand

00:52:11.032 --> 00:52:14.700
that sometimes the Internet does not respect your autonomy and wants to tamper with it,

00:52:14.700 --> 00:52:21.733
that will be something that will change the dynamic about how that blocking and that arms race works.

00:52:21.733 --> 00:52:29.732
We have another project, ooni.torproject.org, that's the Open Observatory of Network Interference,

00:52:29.732 --> 00:52:35.500
or we used to call it Open Open Net. That is a free software tool that we've been working on

00:52:35.500 --> 00:52:39.964
for several years now, to be able to look at censorship and surveillance. You know,

00:52:39.964 --> 00:52:45.700
censorship is a second-order effect of surveillance, so this tool, while at the moment not the most usable tool,

00:52:45.700 --> 00:52:51.200
it actually allows you to diagnose, understand, and share the data. So one thing that can really make a big difference

00:52:51.200 --> 00:52:58.034
in these topics is to actually share the data. Right? Once we start to study and understand these things,

00:52:58.034 --> 00:53:03.100
especially the techniques of censorship and surveillance, it allows us to change not only how the networks work,

00:53:03.100 --> 00:53:08.300
but how societies work around those networks. So, I think studying that can be useful.

00:53:08.300 --> 00:53:12.533
If you want to be a Google Summer of Code, I know that's kind of ironic, but if you want to be a

00:53:12.533 --> 00:53:15.569
Google Summer of Code student to work on one of these projects with the Tor project,

00:53:15.569 --> 00:53:21.533
I think we still have another day to apply for that, though I'm not totally sure about that deadline.

00:53:21.533 --> 00:53:27.632
If you just want to come hack on free software with us at the Tor project, we have a bunch of projects that are like that.

00:53:27.632 --> 00:53:37.965
Some other questions. It looks like... Yes, the Novena router does not have AMT, that's right,

00:53:37.965 --> 00:53:43.862
so it does not have a built-in backdoor, which is, I think, nice. At least not one that we know about.

00:53:50.572 --> 00:53:57.997
Any other questions here? Ah, I see, there's like twenty. Alright.

00:54:01.027 --> 00:54:06.466
"Could you please elaborate on the idea or concept that it is required a critical mass of privacy-minded users

00:54:06.466 --> 00:54:12.371
to create enough obfuscation for making discovery schemes like Tor network node spying to be unlikely?"

00:54:12.371 --> 00:54:17.932
I don't think we're going to make it unlikely for spying to take place. What we need to do is change

00:54:17.932 --> 00:54:25.800
the economic balance, and that may allow us to move into a world where mass surveillance of our intentional communications

00:54:25.800 --> 00:54:33.500
are much too expensive to do for everyone. And this is important, because if you have a phone,

00:54:33.500 --> 00:54:41.333
and you make a phone call, people think of surveillance and conceptualize surveillance as surveilling your call,

00:54:41.333 --> 00:54:45.133
but there's all the unintentional data that you leave behind. All the towers you visit, and so on.

00:54:45.133 --> 00:54:52.464
That stuff is also, unfortunately, a huge target of mass surveillance. So even if everyone's using

00:54:52.464 --> 00:54:56.500
something like RedPhone, we still have these little spy devices in our pockets.

00:54:56.500 --> 00:54:59.932
Even if it's free software enabled, the networks themselves are harmful to privacy.

00:54:59.932 --> 00:55:05.364
That said, we do need a lot of people using this stuff, because the more people that are using it,

00:55:05.364 --> 00:55:10.732
the more likely it is that it will stick around. If it's just people like Edward Snowden, Julian Assange,

00:55:10.732 --> 00:55:15.432
Glenn Greenwald, Laura Poitras, or myself using it, yeah, I mean, that's a problem.

00:55:15.432 --> 00:55:21.665
Not only do we stick out on the network, we have, well, basically it makes it much easier to target,

00:55:21.665 --> 00:55:28.633
and it also makes it possible for people to try to ban that technology, whether that's by DPI or by legal methods.

00:55:28.633 --> 00:55:39.265
That is a really serious problem. Okay, I think that we should wrap up here soon, it sounds like.

00:55:39.265 --> 00:55:48.532
If there are any other questions, I will take them, but otherwise I think I'm going to end the stream.

00:55:48.532 --> 00:55:55.236
If you'd like to hack on free software with us, and anonymity-related stuff, I'd be happy to talk with you.

00:55:55.236 --> 00:56:01.864
I will never use this Jabber address again, so that your social graph is not tainted by mine.

00:56:01.864 --> 00:56:07.664
If anybody wants to send me an email, you can send a mail to jacob@torproject.org,

00:56:07.664 --> 00:56:14.732
or if you'd like to, for example, chat with me on IRC, I'm ioerror in #libreplanet for now.

00:56:14.732 --> 00:56:20.333
Thank you so much for the honor and privilege of speaking with you, I'm really sorry that I cannot

00:56:20.333 --> 00:56:24.300
set foot in my own country right now, to be able to speak with you in person. But thanks to

00:56:24.300 --> 00:56:29.900
free software, I am able to speak with you. So, thank you so much for making that possible,

00:56:29.900 --> 00:56:33.714
especially to all of the free software developers in the room that actually made that possible.

00:56:33.714 --> 00:56:40.332
Thank you, very much for your time, and I hope to meet some of you again, someday, in real life.

00:56:40.332 --> 00:56:42.652
And remember: if not, it was murder.