digg

Facebook Connect Join Digg About

Protecting IM from the NSA, a Canadian's view

csclub.uwaterloo.ca Leading security researcher and co-creator of the Off-the-Record Messaging (OTR) protocol discusses why you should use OTR to make sure your instant messages remain private. This is especially important given the NSA's recent wiretapping activities and the increasing prominence of Big Brother.

Who dugg this? Made popular Nov 24, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

64 Comments

show profanity settings
expand all
  • MasterThief117, on 11/24/2007, -0/+23Ehh, I like having the government read my conversations. I can easily tell them how much they suck without having to go through all those hoops.
  • holdenkarau, on 11/24/2007, -1/+21OTR is a really cool program, I just wished more people used it.
  • Andareed, on 11/24/2007, -0/+17Judging from your username I wonder if you look at goat porn. Do you really want people to see your messages about goat porn?
  • Beautyon, on 11/24/2007, -0/+15If you want more people to use something, link to it: http://www.cypherpunks.ca/otr/
  • rjjnixon, on 11/24/2007, -0/+14The redeeming thing about OTR is that there is pretty much no configuration after its installed. You don't have to worry about managing keys, trust databases, or any of that crap. You just click the button and it encrypts. When you "authenticate" someone, you don't have to memorize their public key. Instead, you type in a shared secret (any string) and if the other party types in the same string, their public key is marked as trusted. Of course, it uses an algorithm that doesn't reveal the secret to the other party. Pure genius.
  • ghuytro, on 11/24/2007, -1/+13I see. So long as you are doing nothing wrong and have nothing to hide, who cares if the government is snooping in on your conversations?
    Brilliant.
  • sockpuppets, on 11/24/2007, -6/+17Completely hypothetical here, but does anyone have any idea how long a dead hooker can be left in my trunk before the odor becomes suspicious?
  • metaoink, on 11/24/2007, -0/+9I don't know about you, but I find a lot of people use it. That could be because I'm at the University where Professor Goldberg is from :P.
    Continuing your thought however, I think OTR, and other encryption programs like it, could receive a substantail boost in usuage if we could get popular distributions like Ubuntu to include and enable them by default. You and I may think about the security of our conversations, but the majourity of people probably do not bother. I can't see much of a good reason to not make this the default.
  • generaljigger, on 11/24/2007, -2/+11Cool! Why don't you tell us all about your time in the NSA? It seems like you know soooo much about their capabilities that I would love to learn. Thanks in advance.
  • superspud, on 11/24/2007, -2/+11Exactly.

    I read a while back that an interesting way to test if you were being spied upon was to set up a web server that no one other than yourself knew about. Then, create a dispoable e-mail address from Hotmail or Yahoo! and then send an e-mail to the new address saying that you are going to bomb such-and-such and gas so-and-so, with a link to the newly created website.

    Check the server logs a few days later to see if anyone other than yourself has been for a visit
  • Randinn, on 11/24/2007, -1/+9We care what you think now?
  • holdenkarau, on 11/24/2007, -0/+8If his username is iLikeGoats it doesn't sound like he is trying to hide it :P
  • gab00n, on 11/24/2007, -0/+7That video is rather large, nearly 500 MB. Thankfully they gave some torrent links.
  • zombiedepot, on 11/24/2007, -1/+8They hate us for our freedom.
  • Tarnum, on 11/24/2007, -1/+7It's automated. There is software scanning the conversations for interesting keywords. Unless your grandmother calls you "my martyr" you are pretty much safe.
  • zombiedepot, on 11/24/2007, -2/+8That's a good way to get a ticket to Cuba.
  • p0ltergeist, on 11/24/2007, -0/+51024 bit encryption is enough to keep them busy on a single message for about 13.5 trillion years. I'm not exaggerating.
  • Andareed, on 11/24/2007, -0/+4I maxed out my connection (8 Mbit) downloading it over HTTP. The video is on slashdot as well, and the servers are handling the load fine. You can see some graphs here: http://csclub.uwaterloo.ca/~dtbartle/stats .
  • statquo8, on 11/24/2007, -0/+4so because i dont want the NSA spying on me im not patriotic? your an idiot.
  • riaahacker, on 11/24/2007, -0/+4Kinda depends on what you mean by federal criminal activities, i mean 750,000(rough guess) on the terrorist watch list do they deserve to get caught?
  • MikeyMoose, on 01/30/2009, -0/+4From the birthplace of the Blackberry - cool. (eh)
  • statquo8, on 11/24/2007, -0/+4not true mr zippy. encryption is an amazing technology which can even slow down the NSA. sure they can break the encryption at some point but are they going to do it for every single conversation?
  • MikeyMoose, on 01/30/2009, -1/+4I think that whole German police thing was a ruse - now people will be running to Skype - they can probably decrypt it just fine.
  • h4xnoodle, on 11/24/2007, -2/+5Go waterloo!! /student
  • meez, on 11/24/2007, -2/+5Agree'd, awesome idea, it's just going to be hard to get widespread usage of it. It's hard enough trying to get real life friends to use Firefox, nevermind pidgin and OTR.
  • canadaboy, on 11/25/2007, -0/+3That's your government right? They hate you for your freedom?
  • olegk, on 11/24/2007, -0/+3Don't forget to clean up your DNA.
  • pyite, on 11/24/2007, -1/+4This is silly, why not just use IRC and SSL? Police are also complaining that Skype is hard to break, though Skype sucks (and they could just monitor it at the server end)
  • TheGuruStud, on 11/24/2007, -1/+3What about Simp pro? I use 4,096 bit RSA with it :)
  • realunderdog, on 11/24/2007, -4/+6***** me in the goat ass.
  • neom, on 11/24/2007, -1/+3Is anyone else worried that he might be a hologram?
  • stevedclarke, on 11/26/2007, -0/+2Three big fails in one comment. Awesome.
  • Zachariah, on 11/25/2007, -0/+1I'd like to see this video re-released with the slides as the video, but with the current audio track (or maybe even superimpose the presentation into the video where the overexposed presentation currently is. Seeing the slides would have been nice.
  • KingMoses, on 11/25/2007, -0/+1As a matter of fact, yes. I say give the people all the freedom and give the cops all the toys. I think America should have the greatest and most sophisticated intelligence organization on the planet, and the laws they enforce is a separate matter.
  • inactive, on 11/26/2007, -0/+1Oh? I never actually tried but I thought that was no problem? GnuPG can encrypt anything, I think it would rather be a problem of the email client in this case.
  • dondara, on 11/24/2007, -3/+4If the bowels release, pretty quick but real decomposition takes about 2 days to really start stinking. Open wounds and exposed organs increase the stench.
  • Simon80, on 11/24/2007, -1/+2Indeed, Jabber seemingly solves this problem by encrypting messages as part of the protocol. As much as I love Jabber, however, I will point out that all messages are also relayed through the Jabber servers you have signed into, probably in cleartext form, but I don't know for sure.
  • jayneff, on 03/30/2009, -0/+1dugg to death
  • statquo8, on 11/24/2007, -2/+3you need to learn how encryption works before you make such a statement.
  • mrcpu, on 11/24/2007, -1/+2Ironic that blackberry PIN messages are not only unencrypted but they are also recorded (along with SMS messages) on my BES server AND rumor has it, can be seen streaming up a screen on a server in Kitchener!
  • BlindIrishman, on 11/24/2007, -1/+2Yes of course, because a name is directly proportional to its quality.
  • issachar, on 11/24/2007, -0/+1We still like torrents even when they're not necessary. :)
  • issachar, on 11/24/2007, -0/+1Are they ever going to put the ability to encrypt HTML e-mail into GnuPG? It's really hard, (i.e. impossible), to convince my contacts to use it when it forces them to use "boring plain text" e-mail.
  • JonForTheWin, on 11/24/2007, -1/+2Somehow I ended up mentioning my 2048 bit GPG key to this one kid and I explain to him that means NO ONE can read the information I send to others without the private key, and he says, slowly "even.. the N,S,AAA?" with a stupid smile on his face.

    By the way this same kid is joining the marines and thinks he can make it to be a CIA agent.

    God damn it. >_>
  • h4xnoodle, on 11/24/2007, -1/+1Wow I just actually watched the video... and Ian sits in the back of my CS class!! O_O Wait... is that my CS classroom? What room is this?! MC1056?
  • holdenkarau, on 11/24/2007, -1/+1The room was MC4041 (based on http://csclub.uwaterloo.ca/events/ ). If you are a UW student you might want to check out some of the upcoming events the CSC is hosting as well.
  • holdenkarau, on 11/24/2007, -2/+2Well you can message them in an un-verified OTR session to give them a hint (like "my favourite snack food is" style).
  • inactive, on 11/24/2007, -1/+1You can easily use GnuPG to encrypt the messages. As far as I know Jabber does not encrypt anything be default.
  • euphoriadj, on 11/24/2007, -2/+2So I need to clean my pit ever couple of days
    P)
  • Fetching more discussions...
    Show 51 - 65 of 65 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.