[liberationtech] Google keeps the chat history even you enabled the OTR

[carlo von lynX]

To not pollute the list I respond to 4 interesting authors in a single mail!


On 05/09/2014 03:23 AM, Doug Schuler wrote:
> Realistically we need to develop an entire suite of publicly
> owned tools. Could the development and implementation be
> massively distributed?

http://youbroketheinternet.org and the Wau Holland Stiftung behind it
are somehow naively trying to make suitable projects interact in a way
that at least one new Internet stack comes out of it. There is a map on
the site that mentions the various projects and there are video
presentations of many of them. Once realized, the new stack would need
to get deployed to humanity, which I think is much more feasible than
people think - after all smartphones got out there, too, and, at the
beginning, the new network operates as an overlay over the old, so it
installs like an app. I2P and Orbot are already taking that step now.
I personally work on secushare which helps GNUnet out on the upper
scalability and applicability layers.

> Or is it over?   We lost all the other media....

>From my perspective of potential technologies I say it is very much in
our hands. It doesn't even take enormous efforts, just a bit more
attention to the folks that are doing the job. The problem is that most
people have difficulty telling which ones are the ones doing the job
that is actually needed, and which are investing huge amounts of time in
infrastructure that won't do, faling pray to the fallacy that an upgrade
of something existing has better chances of getting deployed - history
has not confirmed that thinking. The GNU Internet will spread like some
new app and people will spend less and less time in the old one.

> "In just a few short years, starting in 1998, this company has grown to
> employ almost 50,000 people worldwide, generated sixty billion dollars
> in revenue last year, and has a current market capitalization of more
> than 350 billion dollars. Google is not only the biggest search engine
> in the world, but along with Youtube (the second biggest search engine
> in the world) it also has the largest video platform, with Chrome the
> biggest browser, with Gmail the most widely used e-mail provider, and
> with Android the biggest operating system for mobile devices."     From:
>  An open letter to Eric Schmidt: Why we fear Google

As long as the Internet is itself agile, these things can change faster
than you think. Myspace and Compuserve were big too. And Napster. Not as
huge, but.. if we deploy a GNU Internet, it could come with a web
browser that treats privacy better than Google's Chrome and Firefox
offerings.. the you can use Search and Youtube more safely. At the same
time the GNU Internet could develop proper distributed search and video
distribution without involving any companies. E-Mail would be gone and
replaced since it cannot be secured properly. The challenge is to be
able to distribute essential software without getting tangled up with
special interest. Maybe the Tor model works.

Android however remains a tricky issue. You can't just fix that by
installing an app. All of hardware and operating systems is a difficult
issue really.. luckily those are not the vectors for bulk surveillance.
And if they became so, judges would be able to rule as it would no
longer be passive surveillance.


On 05/09/2014 03:31 AM, Anthony Papillion wrote:
> I fear we've already lost. I used to think that it would just take
> some sort of major scandal to wake people up to the fact that
> relinquishing their privacy wasn't such a good idea. Then, I thought,
> they'd stand up in outrage and take their privacy back with
> pitchforks. Then Snowden showed up and nothing really happened. Most
> people didn't actually change the things they do because, well, it's
> not convenient.

Actually there has been a slight cognitive advancement in the last
year.. we went from "I have nothing to hide" to "But what could I
possibly do?"

Our infrastructure is a mess, what people can do is learn to use
difficult to use protection software, that falls open when they fail to
use it right. That won't work, ever. You can make all the crypto parties
you like and write easy to learn PGP instructions at no end.

Some week ago at a YBTI presentation I asked a hacker audience how many
do OTR. Most hands went up. Then I asked how many of them have at least
one contact they do opportunistic OTR with because they don't have the
patience to share secrets or check fingerprints. Same show of hands.

"But what could I possibly do?" needs to be answered with "install this
new Internet. It works slightly different than the old, but you'll get
used to it. It is actually easier. You can forget all about addresses
and @ signs. You don't even need to be able to read and write any
longer. All you need to do is learn how to do the bluetooth handshake or
QR code scan. Or how to add a friend from somebody else's friend list
like you already do on Facebook." That software doesn't exist yet, but
from what I can tell all the open research questions are closed - we
just need to plug the pieces together.

But before we even have a new Internet, we can answer "talk to people,
go out on the streets, share awareness that your democracy is at stake.
It's not just about a lost privilege that so far hasn't affected your
everyday life, so you don't know why you should be picking up the
pitchfork, but you should."

People are looking at the results of a broken democracy.. wrong people
getting elected, corruption taking place, huge problems of humanity,
society and ecology not being tackled, but they are looking at the
finger instead of looking at the moon. They don't see that this is all
happening because they have lost their ability to exercise democracy and
they don't even notice it. They are being steered and yet they are not
pulling out their pitchforks because of that.

Nice examples of steered minds you get when you interview young hipsters
from eastern Ucraine, southern Virginia or mainland China. They need to
understand that to start reclaiming democracy they need to stop being a
predictable and manipulateable populace. They need to get their brains
out of big data. Out of Facebook. Out of clear-text e-mail.


On 05/09/2014 05:56 AM, Jonathan Wilkes wrote:
> You could only say such a thing if you completely ignore entire
> categories of software development like documentation and
> usability-improvements to the same extent that companies like Google and
> Apple embrace them.

Luckily that is getting some more attention lately. Even radically
different technologies like ours are paying a lot of attention to
usability and seeking assistance in UI design etc as we move forward.

>> Then Snowden showed up and nothing really happened. Most
>> people didn't actually change the things they do because, well, it's
>> not convenient.
>
> Not only is it not convenient, it is dangerous.  How is the
> non-technical user supposed to judge whether the implementation of a
> piece of privacy-preserving software lives up to its claims? Especially
> if technical users like yourself have given up?  [if I weren't lazy, I'd
> have links here to stories about that silly app that claimed to erase
> the pictures "permanently" after the recipient viewed them for a couple
> of seconds].

Yes, that is a point why we need a clean slate restart of security.
Tools that put something on top are far too fragile and fall open when
you just click the wrong icon (see OTR, PGP, SSL). We need crypto at the
foundation of Internet routing and no option to disable it. That's what
dozens of new projects are doing, and not getting enough attention for.
Only Tor gets some, although it currently only addresses a little part
of the use cases. We need a whole infrastructure like Tor.


On 05/09/2014 03:18 AM, Jonathan Wilkes wrote:
> Is Tor with NoScript turned on globally enough?

Aynone please correct me if I'm wrong, I may not be 100% up-to-date on
web tech.

You also need something that takes care of the cookies, and the cookies
are difficult to take care of - if you actively use any of the Google
offerings, then they may stop working as you expect if you reject those
google cookies that the NSA uses to identify people. So the NSA may not
see where you currently are, but while you surf they know who you are,
and they may be able to correlate your G-Mail identity with your sexual
interests.

But even if cookies are dealt with, your recurrent use of the same exit
node may allow for some correlation. You can hit the "new identity"
button or configure Tor more harshly to use separate circuits for each
website you access.

The best would be to forbid your browser from accessing Google services,
but then a lot of websites will look broken, because Google's market
dominance stems from the dependencies they managed to sneak into
websites all over the world. Web devs in the 00s thought it was hip and
cool and didn't understand the side effects. Several open source web
tools even come with Google includes baked into the code.

If there was a way to turn off those Google CDN services next week, it
would still take months for all of the web to remove those dependencies
from their websites. The web is married to Google because politically
inept devs took a tragical political decision in hordes, and it hasn't
really been challenged in a decade.

And then there are Facebook and Twitter with their "share this" and
"like that" scripts all over the web. So those are also mines that need
sweeping.

That's why I'd rather make a new web that supports no HTTP links. Onion
websites are much safer than the regular web, they have no Google
dependencies. Make a new web and try to use the old one less and less.
Slowly migrate away from it. I salute every website that offers its
content also via .onion and am planning to migrate some hundred sites to
it soonish.


P.S. Doug, it just struck me where we met before. It was in Milan at
Fiorella's workshop on e-democracy tools. I gave the Liquid Feedback
presentation. I really can't wait to have secushare out there so I can
throw voting technology into it and produce a serverless equivalent tool
to LQFB. Then the peoples can deliberate without even needing to ask
anyone for a place to do it.


-- 
http://youbroketheinternet.org
http://secushare.org

Please use the attached PGP key for an encrypted reply, if you can.