HeliX Posted January 13, 2015 Author Share Posted January 13, 2015 Are you saying a bot net has capacities close to a supercomputer? I'm surprised, if so why isn't google or whoever crowd sourcing to win the Megaflops challenge or whatever it is called nowadays? I thought a dedicated supercomputer was still a lot more powerful than what could be crowd sourced, especially when that crowd source is covert and so has to be deal with variable access to CPU time. Folding@Home (crowdsourced computing) has ~20petaFLOPS. Fastest supercomputer in the world is currently at ~33petaFLOPS. Second fastest is ~17petaFLOPS. Folding@Home: As of September 30, 2014, the project has 107,708 active CPU cores and 63,977 active GPUs for a total of 40.190 x86 petaFLOPS (19.282 native petaFLOPS). - Bearing in mind most home CPUs have at least 2 cores, and a huge number have 4, then it's not unfeasible that a botnet could reach big petaFLOP counts. Link to comment Share on other sites More sharing options...
ans Posted January 13, 2015 Share Posted January 13, 2015 Or are you saying anyone can rig one up this technology really simply if they can code and so the bad guys will always EASILY be able to avoid it. Yes, that's exactly the problem. They don't even need to be able to code, just follow instructions. https://www.surespot.me/ (Not your own server backend but client source code is available) http://www.spikaapp.com/ (Not explicit on encryption but is a completely self contained ecosphere with its own backend) The more organised people are already using their own stuff and not Whatsapp/Snapchat/Whatever That Spikaapp actually looks quite cool btw, I might have a play with that Link to comment Share on other sites More sharing options...
Vulgarian Posted January 13, 2015 Share Posted January 13, 2015 Very interesting contributions, gents. So basically its a futile proposition? Sort of confirms the suspicion that catching terrorists isn't what this idea is aimed at. Link to comment Share on other sites More sharing options...
Slim Posted January 13, 2015 Share Posted January 13, 2015 I don't think ease of cracking the encryption is the issue here. The agencies don't want to be brute forcing their way in, they want a legitimate route to intercept messages when required. That means either a master key, or a way by which service providers can decrypt what they hold when ordered. Like Ans says, it's almost impossible for them to actually do this. The algorithms are open source and in the public domain, anyone can strongly encrypt without there being any realistic way of decrypting without any skill. Link to comment Share on other sites More sharing options...
pongo Posted January 13, 2015 Share Posted January 13, 2015 The more organised people are already using their own stuff and not Whatsapp/Snapchat/Whatever Yes. I doubt that the terrorists trust WhatsApp or iMessage operationally. However secure these apps are said to be. But in defence of the Cameron perspective - I doubt that this sort of surveillance is about capturing that sort of traffic. They would already be quite capable of signalling via seemingly innocuous open messagin.g - or the digital equivalent of chalkmarks. But for example: I recently heard a convincing enough scenario which related to two US women who had decided to go to Syria to become ISIS brides. I forget the detail exactly but they had apparently been drawn into conversation via an open Twitter back and forth - which then went into private messages on one or other of the platforms commonly used by the people in the age group most likely to be drawn into this stupid. I should imagine that is the sort of thing they want better access to. Like most people in this thread I am instinctively dubious of the effectiveness of surveillance. I also think it has huge potential to be misused (either for personal or business information). Certainly there need to be safe-guards. On the other-hand; I am not convinced I really care if if the Home Sec wants to read our iMessages. @Chinahand - surely there is a case for the tax authorities to be allowed to see private business communications Link to comment Share on other sites More sharing options...
Lxxx Posted January 13, 2015 Share Posted January 13, 2015 Bear in mind this isn't Tory Party policy, this is government policy. Whatever party(s) get in this will be swept through regardless. See we've got bad guys to catch... Does anyone really think anyone planning something like the Paris attacks would risk using technology to co-ordinate and organise it? Really? Link to comment Share on other sites More sharing options...
Mr Shoe Posted January 14, 2015 Share Posted January 14, 2015 ... all this will do is push people onto custom solutions out of sight from anyone.... We should all get together and re-launch e-habitant!! Think the DED will bung us another million quid? Link to comment Share on other sites More sharing options...
the stinking enigma Posted January 14, 2015 Share Posted January 14, 2015 Without the impression of secrecy, how are the intelligence communities now going to incite half wit angry young men into committing atrocities eg lee rigby Link to comment Share on other sites More sharing options...
wrighty Posted January 14, 2015 Share Posted January 14, 2015 I'm not usually one for worrying too much about online privacy etc, but this one surely is wrong. How can a government, that has routinely left memory sticks with everyone's bank details free to view in the back of a taxi (or something similar), be trusted with copies of the private encryption key of all these messaging services? As soon as the government has them you may as well send your secure data by putting an advert in the paper. Link to comment Share on other sites More sharing options...
Lisenchuk Posted January 14, 2015 Share Posted January 14, 2015 http://www.bbc.com/news/uk-politics-30778424 What a complete cock. A ban on Cameron opening his mouth would be well received. Link to comment Share on other sites More sharing options...
paul's got wright Posted January 15, 2015 Share Posted January 15, 2015 Ignoring the complete lack of understanding in how end2end encryption works, all this will do is push people onto custom solutions out of sight from anyone. These terrorists/crimanals don't all live in caves anymore, they have very capable and sophisticated people working for them. I get *why* they think this would be a good thing, but it's an incredibly flawed idea on all levels. great post x Link to comment Share on other sites More sharing options...
paul's got wright Posted January 15, 2015 Share Posted January 15, 2015 So Helix - isn't the point to restrict 256 bit asymetric technologies (make them 64 bit or whatever [please note I'm just randomly picking a number not making a realistic suggestion], which are secure for most applications but if you pissed off IBM or Google they could hack you in a month if they dedicated a bit team and a couple of million to do it?) IE its a big deal, but something the NSA or GCHQ does every day!! Or are you saying anyone can rig one up this technology really simply if they can code and so the bad guys will always EASILY be able to avoid it. But that again goes to the issue - if using such technology is rare it will be noticeable and so draw attention to the users. It is the ubiquity of it that is the trouble ... too many haystacks if you get my meaning! Basically, if the Government can crack it so can anyone else. There are malicious users who have botnets in excess of 50,000 personal computers. The Government does not have a big enough tech advantage to make deliberately using a weak cipher viable (even if they did it should flag serious alarm bells). The only reasonable way to give the Government the ability to read messages at will would be to build a backdoor. Which again is exploitable by other people, it's a serious security risk. You could potentially give the Government everyone's private key... but you'd also have to give them every single session key to match up with the times/dates of the messages too. Not to mention that there is STILL no appreciable benefit to this daft idea! I can't think of many attacks where the culprits weren't known to police, and weren't already on a "watchlist". How is being able to monitor everyone going to help when they can't even get the job done monitoring specifically the right people? another great post x Link to comment Share on other sites More sharing options...
paul's got wright Posted January 15, 2015 Share Posted January 15, 2015 many great posts but the like quota's up again! why is that even on here? it's just easier to press like x Link to comment Share on other sites More sharing options...
Lxxx Posted January 15, 2015 Share Posted January 15, 2015 So Helix - isn't the point to restrict 256 bit asymetric technologies (make them 64 bit or whatever [please note I'm just randomly picking a number not making a realistic suggestion], which are secure for most applications but if you pissed off IBM or Google they could hack you in a month if they dedicated a bit team and a couple of million to do it?) IE its a big deal, but something the NSA or GCHQ does every day!! Or are you saying anyone can rig one up this technology really simply if they can code and so the bad guys will always EASILY be able to avoid it. But that again goes to the issue - if using such technology is rare it will be noticeable and so draw attention to the users. It is the ubiquity of it that is the trouble ... too many haystacks if you get my meaning! Basically, if the Government can crack it so can anyone else. There are malicious users who have botnets in excess of 50,000 personal computers. The Government does not have a big enough tech advantage to make deliberately using a weak cipher viable (even if they did it should flag serious alarm bells). The only reasonable way to give the Government the ability to read messages at will would be to build a backdoor. Which again is exploitable by other people, it's a serious security risk. You could potentially give the Government everyone's private key... but you'd also have to give them every single session key to match up with the times/dates of the messages too. Not to mention that there is STILL no appreciable benefit to this daft idea! I can't think of many attacks where the culprits weren't known to police, and weren't already on a "watchlist". How is being able to monitor everyone going to help when they can't even get the job done monitoring specifically the right people? If you are a government who are part of a failing, financially and morally bankrupt western model you want to tighten the reins on all your citizens for numerous reasons. The first one is obviously to rein in more in taxes and have the ability to find out what people are up to and get their hands on more money which they think is rightfully theirs. Secondly when the economy turns down then revolutionary talk turns up, so you want to keep a handle on people who could upset the cosy little number the establishment has created for itself at others expense. Thirdly totalitarianism is always the default choice of governments when under pressure, as the west is financially, economically, politically, and morally. Fourth, governments by their very nature are control freaks. They want to have more power, they want more money, they want to consume more wealth, they want to continue to grow. Recessions cause them to try and devour more and more to sustain themselves, as evidenced on this rock. Nothing is sacred, more information means more power to take more off the people to help themselves. There are probably more, with terrorists way down the list of priorities in governments eyes.... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.