Hacker News new | ask | show | jobs
by Nrsolis 4502 days ago
EXACTLY.

By providing ready access to a stream of digital data and metadata about yourself, you're making their job easier.

Even if you use crypto, the mere fact that you use crypto is interesting enough to draw attention.

The point is to blend into the background. Do you think that crossing a border using the Blackphone isn't going to raise eyebrows? In denied areas the idea is to use equipment that looks ordinary and boring: a wristwatch or a calculator.

If for no other reason than an adversary might not know who you are, you reveal yourself to them by using a special-purpose tool.
1 comments
StavrosK 4502 days ago
It seems like you're saying "we should all use encryption as much as possible so it becomes the background". It also seems like you don't think you're saying that.
link
Nrsolis 4501 days ago
What I'm saying is that this technology is a small piece of a solution set to a big, hard problem.

Technology and crypto are the easy parts. Infrastructure, legislation, and user behavior are the bigger pieces and a much harder problem.

We have had secure email systems for better than two decades. They are VERY poorly deployed. Why? We have had secure voice systems for even longer. Why is the encryption on these systems so poorly designed?

I don't trust machines to keep my secrets for these very reasons. I have little faith that more crypto will fix anything. That's what I'm saying.

link
StavrosK 4501 days ago
A nit: Email encryption is very hard to get right, but voice encryption is a solved problem (Silent Phone, RedPhone, etc do it very well).
link
Nrsolis 4501 days ago
Voice encryption was available with the STU-III for a long long time.

When was the last time you saw a STU-III in an office? Ever? It's because the security capability isn't worth the trade off and friction it creates for business.

The dirty little secret is that the whole process of doing key exchange and verifying that you have a solid connection between two trusted parties is NOT a widely solved problem.

TRUST between two parties that have never met is NOT a solved problem at scale unless you consider SSL a solution and there are a lot of people who think that SSL is broken in many regards.

Think of all the features that a modern enterprise phone system has:

Call waiting Three way calling Conference bridges Voicemail CallerID Call Parking Assistant Mode ...et al. Regulatory archiving

You don't get ANY of those with ANY commercially available secure phone system. The same problems you have with using secure email at scale you have with secure voice.

link