[rjzzleep]

> When I need to communicate secretly I BUY SOMEONE A BEER.

Hi Richard, it has come to our attention that you have been secretively discussing leaking government information to our enemy in a pub in central London.

What's that you say? You didn't discuss private information? Then why did you try to conceal your handwriting on the napkin from our CCTV security cameras?

We'd like to take you in for questioning. If you resist this may end badly for you.

On a sidenote, if they at least have 2 separate SoC's on board, and a self rolled hardware firewall to make sure the baseband can't access things it shouldn't access, that may still be a great improvement to what we have right now. It still won't protect you from unknown hardware level exploits, but it's better than nothing.

[Nrsolis]

The Soviets used to have a custom of taking long walks in the park when they wanted to have a private conversation.

It had the notable benefit of avoiding the hidden listening devices in their places of work/rest/play.

[oceanstone]

Great point. While you still could be spied on, for instance with a bug stuck onto your back or classified nano-drone (if it exists yet)... that would be extremely expensive. If they wanted you that bad, it's like, fine. Listen to me talk about my motorcycle.

The issue with computers is they are so, so, so cost effective to tap & data mine. And storage just keeps getting cheaper. Hence, illegal mass surveillance.

Also, I had to make a meme: http://i.imgur.com/bk16CyB.jpg

[avn2109]

Probably the best idea would be to go swimming in the ocean with whomever you'd like to contact, since salt water and mechanical agitation probably diminish the reliability and functionality of most listening devices. But there's a continuum of practicality here. It's hard to imagine the Soviet commissars hopping in the water for an afternoon meeting.

[Nrsolis]

EXACTLY.

By providing ready access to a stream of digital data and metadata about yourself, you're making their job easier.

Even if you use crypto, the mere fact that you use crypto is interesting enough to draw attention.

The point is to blend into the background. Do you think that crossing a border using the Blackphone isn't going to raise eyebrows? In denied areas the idea is to use equipment that looks ordinary and boring: a wristwatch or a calculator.

If for no other reason than an adversary might not know who you are, you reveal yourself to them by using a special-purpose tool.

[StavrosK]

It seems like you're saying "we should all use encryption as much as possible so it becomes the background". It also seems like you don't think you're saying that.

[Nrsolis]

What I'm saying is that this technology is a small piece of a solution set to a big, hard problem.

Technology and crypto are the easy parts. Infrastructure, legislation, and user behavior are the bigger pieces and a much harder problem.

We have had secure email systems for better than two decades. They are VERY poorly deployed. Why? We have had secure voice systems for even longer. Why is the encryption on these systems so poorly designed?

I don't trust machines to keep my secrets for these very reasons. I have little faith that more crypto will fix anything. That's what I'm saying.

[StavrosK]

A nit: Email encryption is very hard to get right, but voice encryption is a solved problem (Silent Phone, RedPhone, etc do it very well).

[rjzzleep]

yes, and while that's all good the scenario is quite different. they were protecting from an external threat.

we're protecting from an internal one. the moment you go out the door, we're in the public. law enforcement doesn't really need an excuse to follow you around while you are in public.

on the other hand imho you can safely assume that all crypto will eventually be broken. the question is when, and will your adversaries still care at that point. not quite the same, but still kinda related: https://en.wikipedia.org/wiki/Venona_project

[manmal]

There can be mikes in the park too, of course. In 1984 there are, IIRC.

[markmassie]

The cameras are already there.

[electrichead]

Very curious, how did you discover that his name was Richard?

Edit: nm, I should have just googled it :)

[mayanksinghal]

Reuse of the same username across multiple social networks/forums, I would guess.

[Nrsolis]

Uh HUH. Assuming Twitter has my real name that is. LOL.

[riquito]

If you sign as Foo and people address you as Foo I wouldn't say that you fooled them.

[Nrsolis]

Obvious joke is obvious.

[robin_reala]

Google ‘nrsolis’, top result. Total time, 2 seconds.

[lotsofcows]

Blimey! Which pubs do you go to?