Knocking down the HACIENDA:
Today, heise.de will publish the video presentation of
"Knocking down the HACIENDA."
The talk from the GNU Hackers
Meeting that caused some mayhem for making the GCHQ HACIENDA
program generally known to the public.
The talk details how the five eyes agencies have been
collaborating to systematically obtain control over computers
on the entire planet, and how the new TCP Stealth technology
developed by the presenter provides obstacles to the massive
GNU Internet technologies should support this new advanced
TCP port knocking technique.
THE PROJECT MAP:
Last summer the rumour was finally confirmed: somebody broke the Internet. We are inviting all projects that are providing a piece of the puzzle to create a GNU Internet stack that cuts out the men in the middle. We painted a map of these projects and placed them according to the architectural space they are filling. As you can see, none covers all required layers:
Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace. See the map page for elaboration on that.
We are preparing a EU law proposal to require
obfuscated and end-to-end encrypted
communications in all telephony and
computer appliances sold after 2014.
The law shall include ways to ensure
its correct implementation and a transition
path from the existing unencrypted systems.
You can preview the draft legislation here.
The summary of the 30c3 YBTI sessions includes a discussion on the proposal. Video:
YBTI SESSIONS AT 30c3
Several recordings are available now.
More to follow in the coming weeks, so keep checking.
- Aleclm (SNAKE) - A friendship handshake evolving the Socialist Millionaire
- vonlynX (secushare) - Usability horror lessons to learn from e-mail, PGP, RetroShare and more
- Jan Borchardt (unhosted) - Open Source Design
- Brennan Novak (mailpile)
- Jacob Appelbaum - Pond, a Tor-based mail system
- Leif Ryge - Tahoe-LAFS, a distributed file system storage
- Simon Levermann - Tox, a peer-to-peer telephony tool
- Bart Polot - Telephony over GNUnet
- Florian Dold - GNUnet's new cryptography
- cjd (cjdns) - The edge of dystopia
- Panel feat. I2P, cjdns, GNUnet and more
- Gabor Toth - secushare multicasting over GNUnet
- Moritz Bartl - Scaling the Tor network
- von lynX - Distributed social networking over Onion Routing
- Aleclm - Snake: a privacy-aware social service providing anonymity of data at rest
- Forthy - net2o reinvents the Internet: Secure, reliable, fast and lightweight
- infinity0 - Terraforming Arrakis: development practice recommendations for a long-term architecture of a new Internet
- Haya Shulman (DNSSEC/DANE)
- Dan J. Bernstein (DNSCurve)
- Levin Keller (Namecoin)
- Christian Grothoff (GNS, the GNU Name System)
Tragically, there are no recordings of this excellent panel.
There is a biased summary by @vonlynX in the summary video below.
- Jon Solworth - EthOS: an Operating System to make it far easier to write applications that withstand attack
- Tanja Lange & Dan J Bernstein - NaCl: a Networking and Cryptography library improving security, usability and speed
- Lunar - Reproducible Compilation: Challenges of building a deterministic Debian.
Roughly same talk as presented at FOSDEM (webm)
- Julian Kirsch - Knock: a Linux kernel patch for operating stealthy TCP servers
- cjd - cjdns, Hyperboria & the Project Meshnet
- Bart Polot - GNUnet Mesh Networking
- Panel feat. Elektra (BATMAN, Freifunk)
Very interesting panel featuring illustre guests:
- Rop Gonggrijp (Founder of xs4all.nl)
- Dominik (Byterazor)
- Bunnie & Xobs (novena laptop)
- Karsten Becker (PSHDL on FPGAs)
- Peter Stuge (coreboot)
- Dan & vonlynX (youbroketheinternet)
Summary of the 30c3 YBTI sessions + discussion on the legislation proposal
for obligatory obfuscated and end-to-end encrypted communication:
It seems like there is no functional business model for privacy,
that's why we cannot entrust companies or standards organisations
to pull this off. The #youbroketheinternet
sessions at the 30c3
that invite people like you to contribute.
In order to access the 30c3 website without certificate
warnings you need to get friends with the
(that means you need to install its root certificate).
If you need to know more, here are the press releases in
English and German.
WORKSHOP FOR A GNU CONSENSUS
On the week-end of August 24-25, 2013, we gathered at
Berlin's CCC headquarters to develop a rough
on what the criteria should be for a GNU internet and to
prepare for the upcoming sessions at 30C3.
TALKS FOR A GNU INTERNET
This is the video
from the talks given in Berlin on August 1st.
Over 100.000 people have watched it already — so should you.
The talks are in English, even though the welcoming words are in German.
Christian Grothoff's talk summarized the recent revelations about PRISM
and their implications for non-American citizens, industries and
governments. It then presented technical solutions towards a secure
and fully decentralized future Internet, which would address key challenges
for self-determined life created by the world-wide police state.
Interesting details on this:
- A new cryptographic method for a privacy-capable DNS/DNSSEC placement, called GADS (it was later renamed into GNS as in GNU Naming System).
- A faster and smarter extensible messaging syntax than XML and JSON, called PSYC.
- A strategy for distributed and liberated Internet search, called RegEx.
Carlo von lynX gave a presentation on how secushare intends to provide
messaging and Facebook-like functionality on top of GNUnet. Keywords:
- Scalability thanks to a new multicast pubsub layer for P2P;
- Social graph vs. Onion routing;
- Unsafety of your own server in an XKeyscore world.
Richard Stallman and Jacob Appelbaum reminded the audience of the
relevance of free software, free hardware and the pervasive use of
cryptography and responded to questions.
Denis and Torsten spoke introductory and closing words.
This event was kindly hosted by the Piratenpartei Berlin.
Pirate politics is useful, but we are not a project of the Pirate movement.
- How long will the employed cryptography last?
- All of the platforms are apparently migrating to a healthy variant of elliptic curve crypto (ECC), so that is likely to be fine for years. Even if a way to break it is discovered, it will be an extra effort to decrypt anything, so it is a good idea to hide your private messages in a large body of cover traffic. The aim of #youbroketheinternet is to impede mass surveillance, not targeted operations, therefore this type of architecture is sufficient from our point of view. If you need more security, the safest choice is to not use the Internet or to not use a computing device.
- Can I trust private cloud technology?
- That is currently a gamble. As a rule of thumb, the cheaper the hosting, the easier for governments and other attackers to have automated access to server memory and cryptographic keys. Location of the servers may be of relevance. Manufacturer also. Hiding the services behind Tor, I2P or other technologies may be helpful. In all cases servers tend to become honeypots, so we recommend technologies that do not depend upon them.
- How scalable should messaging systems be?
- For asynchronous one-on-one communications it may not be essential. Pond is an architecture that should work fine if you limit the number of people you use it with. As soon as you expect to have a buddy list indicating the online presence of your friends in order to have a synchronous chat, that's when scalability strikes. If you also consider mailing lists or microblogging as use cases, then it is a big factor. In that case the question is, why deploy a not so scalable messaging technology if there is hope we will be able to provide a scalable one based on distributed multicast trees? Also, would it make sense these days to deploy a messaging technology that isn't integrated into a social networking experience?
- Can this technology also provide network backup solutions?
- This can currently be done using Tahoe-LAFS, but you will have to run the necessary nodes yourself or together with friends. Freenet may work, too, but it has no social modeling, so it cannot know whether you deserve the service. Suboptimal service may result. With a social-graph enhanced pubsub and relay architecture such as secushare's we expect this to be realistic and easy to deploy for everyone who has a sufficiently benevolent social neighborhood. Tribler probably has a similar plan.
- Does a tool to synchronize devices have to be scalable?
- If it is just for you, you can do as said before. If we want to offer this for everyone, then it needs the social neighborhood to function, or you may be able to trade relaying services, the way GNUnet and Tribler do. Under these circumstances massive scalability may not be a requirement.
- Now that asymmetry is no longer a requirement in modern DSL technology, does it make sense to push for its reduction?
- Absolutely yes. The less we depend on relay nodes, the better a GNU Internet works.
- Why GNU and not new?
- GNU stands for the civic freedoms provided by free software.
Richard Stallman explains it nicely in the video mentioned above.
The privacy requirements that we have for the new Internet
cannot be guaranteed by non-free software.
- Does the GNU Internet need a custom software license?
- We currently recommend the Affero GPL, because of all the good reasons Mr Stallman explained to you. In particular we expect that companies would try to offer gatewaying services once these technologies become more popular, so it is important that these services, at least legally, cannot be running rogue versions of the software that disrespect their user's rights. A harsher free software license than AGPL may be a good idea, but it may require revisiting also the definition of "open source."
- Can I see more videos?
- There are more related videos at https://gnunet.org/videos.
GET IN TOUCH: