[davidjgraph]

This doesn't make sense to me. There are two main stages to having your data analysed by such an organisation.

In the first stage everybody's data is run through, let's call it, pattern matching, to narrow down a very specific number of cases that have the highest likelihood of doing, having done or planning "something".

In the second stage, you might apply more resources to gather more data from your suspects, for example, by planting bugs.

But if you avoid triggering suspicion in the first stage, you don't have to worry about their capabilities, you're just not on their radar.

You might then argue that anyone encrypting their chats would then raise suspicion. Ultimately, such organisations have a finite limit of human resources to apply, certainly not enough to deal with any wide-spread usage.

If this were to happen, think from those organisations point of view. They need to stop it and can't scale to deal with every single case. You'll then find that encrypting your chat becomes against Google's T&C, because someone lent on them. And round it all goes.

[6d0debc071]

I was wondering the opposite: How do you get as many people as possible to trigger the match so that it becomes a losing proposition to do this sort of traffic monitoring.

[Myrmornis]

Getting them all to make online friends in foreign countries would do it. Iran, Yemen, Gaza, lots of places would trigger I would think.

[XorNot]

I don't know how many known terrorist organizations would you like to correspond with on a regular basis?

[6d0debc071]

You wont catch me that easily Mr CIA Man ;)

#

I don't know, I mean that is is a concern: If not enough people fake the attributes you'll get shit-listed. My answer is really that it would depend on the terms of the activity.

I've thought of a couple of ways of doing it.

One is that:

You need to be part of something, I think, that's in general use and automatically sends junk data that can't be read (i.e. encrypted nonsense) between its nodes such that being part of a network isn't distinguishable from the junk connections that the program makes on its own.

The other way I can think of is that:

you have all communications public but encrypted and posted in one (or several depending on the throughput of the service) online bins. Since many people access the same bin and download the same data but can only read their own the meaning of the message becomes dramatically more worthwhile than the traffic-a stuff.

....

The second one might actually - kinda - be being done already in some form or another now I think of it. Encrypt your message, steg it into a meme-pic, stick it on a popular forum. Since the forum is accessed by thousands of people the knowledge of who it's downloaded by doesn't get you very much :/

[mattstreet]

What about the stage where they just process the hell out of all the data they have about you and keep a profile?