Quixotic Anonymity, Privacy and Security

Discussion in 'privacy general' started by hugsy, Aug 20, 2012.

Thread Status:
Not open for further replies.
  1. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    " The gist of the Cryptome interview comments:
    1. Online anonymity, privacy and security are technically and programmatically impossible, but misleading illusions can be obtained through deceptive anonymizing services, privacy policies and security promises.
    2. The better anonymity services, privacy promises and security promises are known and publicized as trustworthy, the greater the illusion of branding and reputation.
    3. Anonymizing services, privacy policies and security promises are illusory by design to induce unjustified trust for gathering private data for undisclosed venal purposes -- official, commercial, educational, organizational.
    4. Online users should learn to protect themselves and to never rely upon providers of anonymity, privacy and security -- whether online, offline, national or personal. "

    source: -http://cryptome.org/2012/08/quixotic-anon-priv-sec.htm-
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,032
    There's some good advice there, but the tone puts me off. As Voltaire said, "The perfect is the enemy of the good."

    Perfect "online anonymity, privacy and security" may be "technically and programmatically impossible". But, considering your value as a target, you can always be too hard to find for likely attackers.

    It's never wise to trust providers' promises. Always plan for the worst case.

    That's a safe working hypothesis. Even so, it's probably overkill to assume global collusion focused on oneself ;)

    That's good advice.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Theoretically, real security, privacy, and anonymity are impossible. In practice, this isn't a black or white issue. It's all a question of degrees, which means you need to understand its capabilities and limitations. More than anything else, you need to be aware of the capabilities of those who want access to you or your data. Obviously, all security, privacy, and anonymity apps/services have their limitations. With Tor for instance, malicious exit nodes and bridges are a real possibility. That doesn't make every Tor node malicious.

    Regarding the summary of the interview, this is vague to the point of being FUD. IMO, the tone of that summary almost says "It's impossible. There's no one you can trust. You're on your own."

    I'd like to see the full interview.
     
  4. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    In my opinion, only good method (with mathematical proof) for anonymity online is randomization of everything. English is not my native language so i'll try explain the best i can. If we look at the "searching & hiding" online as a game of battleship on a grid of squares 10x10. We (our ship) are hiding on one of those squares and the opponent is hitting every square one at the time. At first hit, his chance of finding us is 1/100, at the second hit his chances increase to 1/99, with every try his chances come closer to 1 because we are not moving around, we are always at the same square (our online habits, our software and hardware fingerprints, VPN, ISP, IP, favorite Tor exit nodes) every thing, even if so "unimportant" at first sight, is one square on a giant grid, and every time we use it in a predictable pattern, we stay on a same square, and enemy's chances increase. It is only a question of time/resources/energy he has (number of hits) before he finds us. Only way to "survive" is to change our position on a grid every time enemy attacks (or at least as much as possible), enemy's chances than remain on 1/100 every time he makes a move. Long story short.... for those who understand probability P(a)P(b) and so forth.... randomize everything.... or don't bother... on a long run (and we are all going to be online for a very long time).

    But people today are more of a software & service provider junkies (imo especially VPN buyers) and are concentrated more on comfort and "tools" for anonymity rather than on the goal, anonymity itself. And are predestined to loose the game, just a question of time.
     
  5. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
    I'm not surprised that John said this. His technical abilities is not that deep, he works as an architect, not in the security field.

    I agree that it's almost impossible to achieve 100% security or anonymity. But if a service/provider have enough security features so that they can't even give the police any sensitive information, that will rank pretty close to 100%, at least in my opinion. Chosing a provider that operates in the "correct" country is one of the most important things when it comes to privacy services, it's not even possible to operate a good privacy service in many countries, like UK, US or France, this has been proven several times.
     
Loading...
Thread Status:
Not open for further replies.