7 October 2013: Add Reddit response.
6 October 2013
Privacy and Cybersecurity Illusions Have to Go
At present, there can be no public privacy and cybersecurity anywhere for
anyone. The illusions have to go.
The small number of Snowden documents, a couple of hundred out of 15,000,
demonstrates that public communications betrayal is worse than imagined.
That more of the documents have not been released conveys that privacy and
cybersecurity betrayal is far worse than publishers dare disclose after
consultation with governments.
Revelations of NSA spying on everyone everywhere on the Internet and in personal
devices confirms that legacy SIGINT, COMINT and HUMINT are normal, not unusual,
and should be expected for all global spies, for spies have always worked
in concert either by offensive design or by defensive copying one another.
Official spies may be the least of the intruders:
Selling Secrets of Phone Users to
Drawbridge is one of several start-ups that have figured out how to follow
people without cookies, and to determine that a cellphone, work computer,
home computer and tablet belong to the same person, even if the devices are
in no way connected. Before, logging onto a new device presented advertisers
with a clean slate.
Were observing your behaviors and connecting your profile to
mobile devices, said Eric Rosenblum, chief operating officer at Drawbridge.
But dont call it tracking. Tracking is a dirty word, he
Drawbridge, founded by a former Google data scientist, says it has matched
1.5 billion devices this way, allowing it to deliver mobile ads based on
Web sites the person has visited on a computer. If you research a Hawaiian
vacation on your work desktop, you could see a Hawaii ad that night on your
For advertisers, intimate knowledge of users has long been the promise of
mobile phones. But only now are numerous mobile advertising services that
most people have never heard of like Drawbridge, Flurry, Velti and
SessionM exploiting that knowledge, largely based on monitoring the
apps we use and the places we go. This makes it ever harder for mobile users
to escape the gaze of private companies, whether insurance firms or shoemakers.
Ultimately, the tech giants, whose principal business is selling advertising,
stand to gain. Advertisers using the new mobile tracking methods include
Ford Motor, American Express, Fidelity, Expedia, Quiznos and Groupon. ...
Similarly, if you use apps for Google Chrome, Facebook or Amazon on your
cellphone, those companies can track what you search for, buy or post across
your devices when you are logged in.
Other companies, like Flurry, get to know people by the apps they use.
Flurry embeds its software in 350,000 apps on 1.2 billion devices to help
app developers track things like usage. Its tracking software appears on
the phone automatically when people download those apps. Flurry recently
introduced a real-time ad marketplace to send advertisers an anonymized profile
of users the moment they open an app.
The consequence is that the global public can no longer expect privacy or
security on the Internet and personal devices; it is deceptive to propose
a choice between privacy and security.
Communications security firms and experts may continue to tweak comsec systems
to maintain markets and reputations but that is futile on the basis of what
has failed to take place in public communications in the past two decades:
no privacy, no security, only the illusion by privacy policies, lawful
interception, encryption, anonymizing and a patchwork of ostensibly secure
One by one all these have been shown to be dishonest, faulty, incompetent,
and incapabable of protection against official and commercial predation by
secrecy, classified technology, governmental dissimulation and co-optation
of the comsec industry and experts.
The spectacular rise of the Internet and now personal devices, for commerce,
for education, for social intercourse, for political engagement, for research,
for individual exploration have been betrayed by official policy worldwide
to manipulate and undermine public trust in these phenomenally popular
Spying on the Internet and personal devices is endemic, by governments, by
commerce, by institutions, by individuals. Commercial ethics and secret laws
allow this by governments, industry and experts. Nothing so invasive and
pervasive has ever occurred in history, thanks to the ubiquitous technology
of the Internet and personal devices which is ruled by those who operate
them out of sight, hidden by official secrecy and commercial confidentiality.
Proposals for newly designed global comsec systems must be seen as ruses
to disguise the current systems. Those working on these are the same ones
who designed, built and operate the current. National governments and their
cooperating firms will not forego doing to any replacement what they have
Social media in particular is complicit, along with boosters of Internet
and smartphones, for their privacy and security policies completely deceptive
to foster lightly guarded public communications, deliberately vulnerable
to national invasion, while delivering user data to government and selling
it to commerce.
Difficult as it may appear, time to give up these global spying machines,
their secrecy-protected purpose is to manipulate and exploit the public.
The time is right time to begin abandonment of the Internet and personal
devices before the cover-up of massive betrayal supplants the evidence with
public relations, apologia, technological tweaks and newly invented and
A sends 6 October 2013:
I appreciated your 6 Oct writing on the illusions of privacy and cybersecurity.
You said it well.
I am not sure but I suspect you have already considered a possibility that
I will share with you appears to be true. The NSA has mathematically broken
all of the permutation-based cryptosystems (AES, DES, RSA 2-factor ID tokens),
and more, and only pretends to invest in their continued breaking -- just
as many Allied ships went down with Allied foreknowledge to protect the WW2
COMINT methods and sources. Bayesian analysis was applied to the science
of not revealing a capability. The science of appearing not to know has advanced
and today we have a culture in which the rebels tag their secret transmissions
with red crypto ink so the adversary can more easily filter and read those.
The evidence of this is, and of an example break also of the EC with constants
chosen by NSA, are in plain view for the public to find. An elegant mathematical
object in which XOR commutes with EC has already been dissected at great
length, each tree studied carefully, presence of a forest here in the desert:
either not contemplated at all, or nobody else wants to come out and say
it, either. I suppose we would all be somewhere between "silk and cyanide"
on the issue.
If you study the publications of mathematicians, you may find that some few
of them publish on a set of topics, Q, and subsequently do not publish for
several years, only to reappear near Research Triangle Park, publishing
mathematics in an indecipherable language, apparently intended for the audience
of grey aliens in orbit.
A2 sends 6 October 2013:
In light of the situation revealed re the information shared on
are we to reasonably expect the pursuit of natural justice and class action
law suits for fraudulent trading etc. against businesses/business executives
selling virtual security ware which is just vapourware and unfit for perceived
purpose, or is an ignorance defence an arrogant strategy to be deployed and
employed to escape accountability and responsibility and time served in a
state correctional facility*?
Or is that a relatively new and industrious multi-billion dollar business
which has the blessing of the markets and ...... well, for want of a better
expression than just Power Elite Players, Executive Server Systems
Cryptome to Reddit, 7 October 2013
"Begin to abandon" is winding down usage in recognition that avid and trusting
users have been exploited by promoters who think there is no end in sight
to ever-increasing enthusiasm and unguarded communications in all digital
Not only by stigmatized official spies but also by unofficial spying on beloved
Reddit as other social and commercial media.
Personal devices of all kinds are now contaminated with hidden tools to siphon
user behavior, ubiquitous unlike any time before.
The lucrative comsec industry is a major component of user deception about
privacy and protection against intrusion.
Other components are the boosters who claim to offer sure-fire privacy and
protection often relying upon "public interest" comsec experts who hold
undisclosed "dual-purpose" contracts with predators, the public duplicity
part of the contracts.
Privacy policies are duplicitous on purpose, in lockstep worldwide, although
admitting willful cooperation with "lawful" interception and confiscation
of user data.
This is the nettle under the Internet saddle: there can be no privacy and
cybersecurity for the public so long as the principal players conspire with
officials to violate promises. And that conspiracy will continue so long
as users are lulled into complicity by those they have long trusted to place
the public interest before the private.
This highly rewarding lulling is the main problem users can combat by winding
down usage, sitting on their hands rather than using them to vote up the
predators by use of endemic spying services and products, again here this
Reddit, Twitter, Facebook, et al.
No more effective protest than to refuse to validate the rigged voting machine.
Millions, billions of disappearing users could scare the shit out of investors
and, believe it or not, governments exploiting the Internet to propagandize
sanctimony of national security secrets.
This is the short version. Come back, Smokey.