> You often see this in, let me cherry pick out of charitability, threads suggesting that the OSS community develop surveillance countermeasures for use by dissidents subject to certifiably evil regimes.
> It doesn't really matter whether the nation state in question is Iran or the United States. Do not pick fights with people who can respond to a hacking incident by writing a check for $5 million dollars to a defense contractor and consider that low-intensity conflict resolution. It will not end well.
Are you really saying that people should avoid writing software that could help people who are subject to evil regimes because said evil regime might be upset at them? There's an uncertain level of personal risk associated with doing such things, but there's definite moral hazard in total self-interest.
Either way, if Flame was written by the US or Israel a lot of us on here are already complicit in such a project. We live in a democracy. Those are our tax dollars, hard at work.
I totally agree with you otherwise; governments are not stupid.
There's no personal risk to writing regime circumvention tools. Iran isn't going to have you assassinated for your work on Tor.
There is serious risk to using Tor in Iran. Death squads and disappearances aren't a conspiracy theory in Iran; they are the regime's well-understood M.O. When circumvention tools like Tor work, they hide your traffic from the regime. When they stop working, or are turned, they do exactly the opposite: they attach a statistical marker to your traffic that says "whether or not you can read these packets, the person sending them is interesting".
The people working on circumvention tools are mostly well-intentioned (many of them are friends of mine), but they are delusional about the SWOT analysis at play here. None of them have any unique skills that aren't available to an organization willing to shell out 6-7 figures to a team in a month. Money buys competence. A lot of money buys a lot of competence. Iran has a lot of money. Circumvention projects do not.
Kickstarter hasn't seen the amount of money that a world government could spend without director-level approval on a project to turn a circumvention tool against its users.
And that's before you get to the fact that many, if not most, of the computers in authoritarian regimes are probably already rootkitted.
While I agree with most of your post, I do have to take issue with this statement:
"There is serious risk to using Tor in Iran."
While there certainly is a chance of getting in trouble for using Tor, I wouldn't classify it as "serious risk." The government in Iran faces a situation w.r.t. filter circumvention similar to what the US faces when cracking down on illegal file-sharers. From my (admittedly limited) experience in Tehran last year, anyone with even a little computer know-how will have either some proxy service or Tor installed on their computers. The more knowledgeable ones have their own VPNs. Most use it to get through to Facebook and chat with their friends. It would be impossible to persecute everyone who's used circumvention tools without emptying half of Tehran.
The government certainly doesn't shy away from the measures you mentioned, but they generally go after for more grievous "offenses" than browsing the internet through Tor. Being gay, for example.
All the competence in the world won't let you break basic crypto algorithms without at least breaking a sweat.
The playing field between Alice and Bob on the one hand and Eve on the other hand is inherently asymmetrical. Given equal competence and time to work on it, Alice and Bob are going to come up with an encryption scheme that Eve won't be able to break. You seem to be convinced that given almost unlimited resources, Eve can break any scheme Alice and Bob can come up with. I'm not sure I see any evidence for that.
In some cases, Eve is willing to arrest/maim/kill anyone caught using Bob's encryption scheme. Eve has the ability to control at least some of the intermediary systems. Eve doesn't need to specifically break the scheme, just be able to figure out who's using it so she can go apply some lead pipe cryptanalysis [0].
I don't think he's saying that at all. I interpreted it as, given unlimited resources, Eve can determine that Alice and Bob are communicating over encrypted channels which, for Alice and Bob, is almost as bad as having their encryption broken.
I took that to be a specific example -- Tor may be detected using traffic analysis -- of a more general principle -- circumvention tools can not hope to withstand nearly unlimited resources. I thought tptacek was pretty explicit in making this more general statement.
One thing that a lot of circumvention tool promoters get wrong is the threat model. The threat model isn't "attacker can read your traffic" --- although some of the best known circumvention tools have made cryptographic mistakes that did allow that. The threat model is "tractable attacks that isolate traffic using your tool from bulk Internet traffic".
A torture cell will do just peachy at decrypting the actual packets.
Are you really saying that people should avoid writing software that could help people who are subject to evil regimes because said evil regime might be upset at them?
No, I'm saying that "my software helps people who are subject to evil regimes" is approximately as irresponsible as "my homeopathic remedy solves cancer" except in this case cancer has essentially infinite computational resources, arbitrarily high numbers of very savvy domain experts, and an army. Any hacker who believes their software, or their community's software, will hold up to dedicated adversarial interest from a nation-state is dangerously delusional.
I don't think it's as simple as you make it sound.
If somebody writes a tool that helps 100 million Chinese people access the unfiltered internet, a percentage of them will be caught and punished in devastating and inhumane ways. Some fraction of the illicit traffic will be blocked and the holes sealed up.
The remaining people will have access to material that, as far as the Chinese government is concerned, poses a tremendous risk to the state's continued authority. If this - as the state obviously believes - would help speed along the atrophy of an authoritarian state, net human suffering would be reduced overall.
I see what you mean and mostly agree but not with the example you chose: Chinese government never intended to completely block sensitive content. If they wanted so they would use other technologies. Any Chinese netizen with a VPN can go outside and many of them do. What the Chinese government do, successfully, is to make the sensitive content slightly harder to access, compared to local "safe" content. Then, like the water choosing the downward slope, most information consumed by Chinese netizens is inside the GFW.
> It doesn't really matter whether the nation state in question is Iran or the United States. Do not pick fights with people who can respond to a hacking incident by writing a check for $5 million dollars to a defense contractor and consider that low-intensity conflict resolution. It will not end well.
Are you really saying that people should avoid writing software that could help people who are subject to evil regimes because said evil regime might be upset at them? There's an uncertain level of personal risk associated with doing such things, but there's definite moral hazard in total self-interest.
Either way, if Flame was written by the US or Israel a lot of us on here are already complicit in such a project. We live in a democracy. Those are our tax dollars, hard at work.
I totally agree with you otherwise; governments are not stupid.