[melito]

It's easy to opine about things like educating the public or engineering 'crypto' for the common man.

In my opinion that would be an exercise in futility.

I think a proper response to this issue is to simply promote social depravity on a grand scale.

Everybody should just constantly read/watch/listen to media involving things like methamphetamine manufacturing, nuclear & home made weapons/chemicals, illegal currencies, human trafficking, hardcore pornography, armed rebellions, the middle east, famous terrorists, serial killers, bon jovi, etc

All of those are a lot more interesting to the common man than lessons on how to use PGP....which is theoretically breakable thanks to the advent of quantum computing.

If everything is being sniffed and stored, there have to be a number of very specific topics that are being sought after in that data.....in my opinion it'd be far worse if the government wasn't searching for things like human trafficking and nuclear weapons (things, hopefully, we can all agree are not good).

Television series like "Breaking Bad" are already pulling weekly audience number of around 3 million plus. One could argue that you wouldn't even have to do much promotion, as these topics already seem to be mainstays in much present day pop culture

[jandrewrogers]

As much as I hate to disappoint everyone, chaffing with lots of keywords, made up searches, and arbitrary blocks of suggestive text will not trigger any kind of flag except "people trying (poorly) to chaff NSA".

The algorithms used for text mining are much more contextual and semantic than what would be fooled by the simple gags I commonly see on the Internet. Those gags might send a message of sorts but they don't make anyone's job more difficult. For a start, they know you are not a terrorist or whatever; nothing about your life as modeled across myriad data sources suggests that. Instead, you will be some random person pretending to stick it to The Man, which they don't care about and never lands in front of a person.

To chaff the state-of-the-art data mining would require some sophisticated computer science and sophisticated operations. You would (1) have to understand the state-of-the-art algorithms used and (2) devise a way to break those algorithms transparently. It is not a trivial task by any means even for someone that understands what is involved.

Superficial attempts to chaff surveillance systems might feel good but they won't accomplish much against a sophisticated adversary. The tech these days is much too good. Even leaving a minimal footprint for analysis is becoming nigh impossible.

[unfamiliar]

What if I create a new hotmail account which I use exclusively for emailing a random address in Pakistan, and after a few months delete all of my Facebook/gmail accounts and go completely off the grid save for this one email account which I start accessing from internet cafes dotted around the country, where I also look up information on Arabic websites about fertiliser... would that get their attention?

[hooo]

You've already got their attention.

[rapind]

He no longer has access to read your comment.

[notdrunkatall]

Yes.

[slavak]

So the only way to truly stick it to the man is to actually become a terrorist!

Show the government your disapproval of their trampling of the constitution. Join Al-Qaeda.

[melito]

As much this reads as FUD, I agree.

That's what I was getting at with my "Breaking Bad" comment.

A sort of "total depravity" is already a big part of pop culture, so it'd be easy to ignore false positives of people crying wolf.

What I was getting at is that what they're looking for is kind of a big unknown. If media about illegal things is so popular and they ignore it, it leads one to think that data being mined is possibly being used in a fashion similar to a personal agenda.

That's what's truly dangerous about monitoring at this scale. It's not so much that it's happening it's that they're creating something that could grant someone almost god like powers.

If I were to make an analogy, I'd say it's like a man buying a pistol to protect his family and then his child finds it loaded in a night stand.

[vajrabum]

It's funny you should mention godlike powers. We're pretty fast reaching a point where an individual can have "god like" powers for not very much $$$. You could argue that the genie isn't out of the bottle yet, but I think the point is arguable. As reprehensible as this sounds, maybe it'll turn out that whoever did the 2000 Anthrax attacks did the human race a favor.

[debacle]

It smells like you're talking out your ass.

[cpeterso]

Emacs' M-x spook command will paste some suitable words into the current buffer:

  Croatian nuclear FBI colonel plutonium Ortega Waco, Texas Panama CIA DES jihad 
  fissionable quiche terrorist World Trade Center assassination DES NORAD Delta 
  Force Waco, Texas SDI explosion Serbian Panama Uzi Ft. Meade SEAL Team 6 
  Honduras PLO NSA terrorist Ft. Meade strategic supercomputer $400 million in 
  gold bullion quiche Honduras BATF colonel Treasury domestic disruption SEAL 
  Team 6 class struggle smuggle [Hello to all my fans in domestic surveillance] 

http://www.cypherspace.org/rsa/spook.html

[Karunamon]

Business idea: A "chaff box" that can be sold to the public.

Given a list of dodgy search keywords, youtube links, etc etc etc, regularly updated from a central location (think like a websense blocklist but in reverse), uses a configurable amount of bandwidth. Hits these sites with a human-like usage pattern when HTTP traffic from your LAN IP is detected (so it only works when you're actually browsing the web).

Plug it in and gain plausible deniability from most forms of government shenaniganery. Given critical mass, makes most forms of government behavioral analysis (and possibly advertiser behavioral analysis) useless.

Build it on the raspberry pi or similar platform. Materials cost is $35 plus shipping materials. Main time investment is limited to maintaining the blocklist and the central servers.

Hmm. Wonder how this could sell to the soccer mom crowd...

Would also raise some interesting and thorny questions for the server side. If enough people are using the box for the effect to be meaningful, then a lot of sites are going to have a lot of useless web traffic; yet allowing sites to "opt out" or having an identifier of some kind of the box's traffic completely defeats the purpose of the system.

[BjoernKW]

There's a story by Cory Doctorow, in which terrorists blow up Bay Bridge and the US establish a surveillance state in the wake of those events. In response, the protagonist creates a distributed system using Xboxes that pretty much works like the way you're suggesting.

[_ikke_]

The story is called Little Brother for those who are interested.

[andrewflnr]

I'll admit I don't know all that much about machine learning and statistics, but it seems like it would be pretty hard to simulate human activity in a way that was really indistinguishable (highly sporadic, with trends of connected ideas, for a start). More immediately, most people are never going to get on board with making it look like they're into "bad stuff". It's icky, and they don't think they have that much to lose.

[jmsduran]

This is an interesting idea. However, for a noise box to be effective requires that a significant number of people are also using a noise box, which assures plausible deniability the same way TOR and shared-IP VPNs do.

If you're the only one using a noise box, or are part of a very small minority of users that do, the random noise you generate is just increasing your attack surface through which the government can more easily target and identify you.

[JakeSc]

Tor essentially provides the same plausible deniability to its end-node users, without needing to simulate human behavior.

[imglorp]

Forget the box, you just need a web browser plugin. It could sit in the background. It could have two lists (updated occasionally like spamblockers do it), one of search engines and one of spook-luring phrases. Every, say rand(1..10) minutes, it could make a few connected queries from list B to some engine in list A. Visit a link or two from the gotten page. Stop after say rand(1..10) queries total on that theme. Throw everything away and go back to sleep.

If a million people installed this plugin, that would avg 5 queries every 5 minutes, that would be avg 1.4e9 queries per day, a tiny fraction of the intertubes.

edit: but, apology to parent, you'd never sell a browser plugin...

[nitid_name]

If it's from a central location and all clients are working off the same database, it seems like it would be fairly simple for their data mining teams to sift out the identical chaff.

[dtromero]

In theory, couldn't an interested party filter out the blocklist from the all other traffic? It would be more interesting to have a dynamic list that gets updated based on actual user behavior. That way, the interested party wouldn't be able to filter out the blocklist without potentially filtering out actual traffic. This of course would create all kinds of legal issues.

[Karunamon]

In theory yes, but everything hinges on the "given critical mass" thing - once a large amount of the sites the government would look askance at you for visiting are on the chaffbox's list and thefore being browsed by a large amount of people, it serves to protect someone who wants to view one of these sites legitimately.

A dynamic list would be better,granted, but a much harder nut to crack.

[melito]

I think there are already a couple products like that....in fact I have a few in my house.

I call them my cable modem and tivo

[cbhl]

You'd want it to be decentralized. Centralized servers are so 2000.

[g8oz]

Tell that to everyone storing their emails and music in the cloud.

[Jach]

> PGP....which is theoretically breakable thanks to the advent of quantum computing.

This is a minor quibble with your overall point, but what I've quoted is wrong. The underlying encryption algorithms for modern PGP implementations are breakable with Shor's algorithm on a quantum computer, but not all encryption algorithms are vulnerable and a PGP implementation in the future could use such an algorithm as default instead. (For instance, http://en.wikipedia.org/wiki/McEliece_cryptosystem)

[blhack]

A friend of mine built a thing like this.

http://www.haystackproject.org/

[mylittlepony]

That's awesome, thanks for sharing. I'll send it to my friends.

[peteretep]

I suspect that an organization with the computational resources and mathematical clout of the NSA are going to have little trouble distinguishing between people clicking around on "J0llY R0g3rs Gu1d3 to NUKELERA WEPONS" and people creating specific, repeated trails to suspicious resources.

[jlgreco]

The idea, if nothing else, is that such an analysis is possible it is also expensive enough to make it hard to do for everyone at once. If everyone superficially appears to be searching for verboten stuff, then their job becomes harder than just "carefully investigate whoever is hitting naughty keywords".

[aw3c2]

http://cs.nyu.edu/trackmenot/

[siculars]

This. Increase the noise. Like a raspberry pi noise maker.

[Graham24]

bon jovi?