[cinquemb]

>If you concede that your computer has a chip with DMA access which can be used by the government, then you must concede that the same chip can monitor you for activity that triggers active surveillance.

Whats DMA access? Direct Memory Access access?

That aside, I'm not willing to concede that across every computer than has been/can be built and be exploited by a government out of the box remotely [because dragnet] (most of them, I will concede probably can though, and conversely anyone technical enough can probably exploit many systems in the same way for their own means[don't trust your spouse/freinds/employees?, bug them with remote backups of data to analyze in real-time, hell, companies do such things now as-a-Service]). But continuing on with your conclusion of a dragnet (which is more or less present today), access isn't really the problem, but you have a signal and a noise problem, wherein you will have false positives and false negatives. Text book example of the mal-possibilities is the NSA providing data which led to the targeting phones in the ME, which drone strikes we're initiated and hit innocent civilians[0]. Just wait when we're at the point when this is happening within a countries national borders by domestic agencies, one day, someone is going to be taken out that wasn't meant to be taken out. Can't ignore the false neg/positives forever, though governments seem to try very hard to do so. I think corporations are more forthright about the extent the data they collect is able to be used because if you knowingly contract/ utilize bogus data for certain applications, someone else will eat your lunch eventually.

>activity is fitting the pattern of some kind of criminal activity

From a predatory-prey/evolutionary standpoint, criminal activity is always evolving (typically every living being and the systems they rely on are). Not to mention the time sensitive nature of these systems that do the analysis so if $criminal_activity is always changing and over a defined period of time, you risk that you will get no signal for those who conduct such $criminal_activity in less than the defined period of time or that by the time the analysis has been done, or any signals collected from such device will be moot (i.e. computer was destroyed, thrown away or even worse: passed along to/associated to someone else which also means any point there after associated with such systems is akin to going after a ghost within the machine).

>Is there really any technical knowledge that could protect you?

Well since the focus is on tails [but mostly on the dragnet], one can clone the sc[1] and go through it for what could possibly define one as a Tails user, replace that with something else, build their own image and voila, you just avoided being in the dragnet. The thing about dragnets is that they can only really capture the lowest common denominator, deviate only slightly from that, and the adversary will have to expand resources going for an targeted operation (any adversary, not just nation states is technically possible of doing these things and by definition not a dragnet). This is what happens today. Not in some far off distant dystopian future meant (intended or not) to invoke fear in the ignorant/lazy. Yes if one wants to avoid being in a dragnet with some of the tools they use, then one will take the steps necessary to keep such information obfuscated/opaque from the dragnet.

[0]: http://www.policymic.com/articles/16949/predator-drone-strik...

[1]: https://tails.boum.org/contribute/build/

[devconsole]

Whats DMA access? Direct Memory Access access?

This is what happens today. Not in some far off distant distopioan future meant to invoke fear in the ignorant/lazy.

Why not talk with me without the snark? This topic seems like it interests you a lot, so it seems like we have some shared ground.

one can clone the sc[1] and go through the source code for what could possibly define one as a Tails user, replace that with something else, build their own image and voila, you just avoided being in the dragnet.

This won't work because it's extremely difficult to analyze your network card and discover its behavior, and without this knowledge you'd be changing things blindly. There are far too many ways to detect an OS to change them all. Tweak-and-recompile would work if they use a naive and brittle heuristic like "look for the first 64 bytes of whatever is loaded into memory when Tails is booting up," but they wouldn't employ such a brittle heuristic in the first place because every time a new version of Tails is released, they'd need to update their entire infrastructure to look for a new pattern. Something like monitoring the network traffic for a unique "Tails signature" is more likely in this scenario; for example, how many computers start Tor immediately after a network card is connected? Detecting that condition would be a decent starting point for detecting Tails, and they'd want to combine it with some other hard-to-evade condition to cut down on false positives without introducing false negatives.

One interesting way to detect that someone is using Tails would be to notice that their system clock is set to UTC time. Most of the computers connected to the internet aren't using UTC, so UTC time plus Tor usage on startup is pretty commonly associated with anonymity OS's. That said, it seems like it might be difficult for the network card to detect whether the system clock is UTC time, but it's just an example of how difficult it is to fully conceal your usage of an anonymity tool. It's not just a matter of tweaking the source code.

This seems to prove the seriousness of this threat, though. Once you agree that it might be possible for your network card to be your adversary, there are endless ways that it can be used to defeat you. Hardware manufacturers have evidently been thinking along these lines, so why shouldn't we try to think of ways to prevent this from happening? As the BIOS exploits have shown, that dystopianic future may be closer than anyone's comfortable admitting.

EDIT: Someone went through and downvote bombed our whole converastion on both sides... I tried to correct it, but it looks like upvotes from Tor users under a certain karma threshold aren't registering, so I wasn't able to help fix it.

[cinquemb]

>Why not talk with me without the snark? This topic seems like it interests you a lot, so it seems like we have some shared ground.

>One interesting way to detect that someone is using Tails would be to notice that their system clock is set to UTC time. Most of the computers connected to the internet aren't using UTC, so something like that is pretty commonly associated with Tails. That said, it seems like it might be difficult for the network card to detect whether the system clock is UTC time, but it's just an example of how difficult it is to fully conceal your usage of an anonymity tool. It's not just a matter of tweaking the source code.

It's not out of snark (I apologize for if it sounds like it, not intentionally seeking to offend anyone), but mainly out frustration about the conversation on how everything seems to be so difficult. Difficulty to whom? Someone who cannot modify sc to a significant extent? Someone who just downloads the program and expects it to just work? Not just some random tweak, I mean going through looking at what the functions actually do, which remote connections do they rely on to connect to at various stages, how data is generated and allocated in memory, what system calls are made, etc and change it according to ones threat model so that the program one complies has the same functionality but is not recognized as the same program. Maybe that involves changing the the system time. Again, trying to target someone doing such is trying to target someone actively adapting, probably faster than it takes for the dragnet to adapt since like I said, dragnets mainly hinge on effectively going after the common denominator that of which is usually of the mind set of someone who downloads/uses a program system and expects it to just work and address all of their concerns without doing anything themselves. In the end, anyone can try all they want to cut down on the false negatives and positives, but they will still exist and that's where the "real" danger comes from for groups/orgs/gov's that go to such extents.

>Once you agree that it might be possible for your network card to be your adversary, there are endless ways that it can be used to defeat you.

If this is really in one's threat model, one is probably throwing away or using shared computers before this point… maybe from within a virtual machine on a large banks network from an exploit one used (remote, or local).

>so why shouldn't we try to think of ways to prevent this from happening?

Few people do this today for themselves, most others do not. People today seem to have come to expect that someone else needs to protect them which must have fmr cyhperpuks laughing. As far as I'm concerned, we are already living in the dystopian future, and the few who take the steps to mitigate based on their threat model do. These issues have been around for a while, and those who cared all along took steps they felt were necessary to protect themselves and still do. Maybe that involves not taking advantage of the latest skinner box of the day, again tradeoffs and threat models to consider. And those now made aware have to learn a lot to put themselves in the same shoes, if they even care enough to learn what they need to start protecting themselves and to continue to adapt to do so. Again, its not like BIOS exploits suddenly became possible because snowden profiteers told us and because all of this I don't think it really is a serious threat (any more than it already was) because your adversaries are opening themselves up at the same time. This has always been an evolving landscape. Such is the world we live in and have always had.

Edit: No worries, as I've learned over time, down-voting isn't really effective for silencing ideas/discussion since it just attracts more interest to those who want to seek such information.