7 October 2013: Add Reddit response.

6 October 2013

Privacy and Cybersecurity Illusions Have to Go

At present, there can be no public privacy and cybersecurity anywhere for anyone. The illusions have to go.

The small number of Snowden documents, a couple of hundred out of 15,000, demonstrates that public communications betrayal is worse than imagined. That more of the documents have not been released conveys that privacy and cybersecurity betrayal is far worse than publishers dare disclose after consultation with governments.

Revelations of NSA spying on everyone everywhere on the Internet and in personal devices confirms that legacy SIGINT, COMINT and HUMINT are normal, not unusual, and should be expected for all global spies, for spies have always worked in concert either by offensive design or by defensive copying one another. Official spies may be the least of the intruders:

Selling Secrets of Phone Users to Advertisers
http://www.nytimes.com/2013/10/06/technology/selling-secrets-of-phone-users-
to-advertisers.html

Drawbridge is one of several start-ups that have figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected. Before, logging onto a new device presented advertisers with a clean slate.

“We’re observing your behaviors and connecting your profile to mobile devices,” said Eric Rosenblum, chief operating officer at Drawbridge. But don’t call it tracking. “Tracking is a dirty word,” he said.

Drawbridge, founded by a former Google data scientist, says it has matched 1.5 billion devices this way, allowing it to deliver mobile ads based on Web sites the person has visited on a computer. If you research a Hawaiian vacation on your work desktop, you could see a Hawaii ad that night on your personal cellphone.

For advertisers, intimate knowledge of users has long been the promise of mobile phones. But only now are numerous mobile advertising services that most people have never heard of — like Drawbridge, Flurry, Velti and SessionM — exploiting that knowledge, largely based on monitoring the apps we use and the places we go. This makes it ever harder for mobile users to escape the gaze of private companies, whether insurance firms or shoemakers.

Ultimately, the tech giants, whose principal business is selling advertising, stand to gain. Advertisers using the new mobile tracking methods include Ford Motor, American Express, Fidelity, Expedia, Quiznos and Groupon. ...

Similarly, if you use apps for Google Chrome, Facebook or Amazon on your cellphone, those companies can track what you search for, buy or post across your devices when you are logged in.

Other companies, like Flurry, get to know people by the apps they use.

Flurry embeds its software in 350,000 apps on 1.2 billion devices to help app developers track things like usage. Its tracking software appears on the phone automatically when people download those apps. Flurry recently introduced a real-time ad marketplace to send advertisers an anonymized profile of users the moment they open an app.

The consequence is that the global public can no longer expect privacy or security on the Internet and personal devices; it is deceptive to propose a choice between privacy and security.

Communications security firms and experts may continue to tweak comsec systems to maintain markets and reputations but that is futile on the basis of what has failed to take place in public communications in the past two decades: no privacy, no security, only the illusion by privacy policies, lawful interception, encryption, anonymizing and a patchwork of ostensibly secure means.

One by one all these have been shown to be dishonest, faulty, incompetent, and incapabable of protection against official and commercial predation by secrecy, classified technology, governmental dissimulation and co-optation of the comsec industry and experts.

The spectacular rise of the Internet and now personal devices, for commerce, for education, for social intercourse, for political engagement, for research, for individual exploration have been betrayed by official policy worldwide to manipulate and undermine public trust in these phenomenally popular enterprises.

Spying on the Internet and personal devices is endemic, by governments, by commerce, by institutions, by individuals. Commercial ethics and secret laws allow this by governments, industry and experts. Nothing so invasive and pervasive has ever occurred in history, thanks to the ubiquitous technology of the Internet and personal devices which is ruled by those who operate them out of sight, hidden by official secrecy and commercial confidentiality.

Proposals for newly designed global comsec systems must be seen as ruses to disguise the current systems. Those working on these are the same ones who designed, built and operate the current. National governments and their cooperating firms will not forego doing to any replacement what they have done before.

Social media in particular is complicit, along with boosters of Internet and smartphones, for their privacy and security policies completely deceptive to foster lightly guarded public communications, deliberately vulnerable to national invasion, while delivering user data to government and selling it to commerce.

Difficult as it may appear, time to give up these global spying machines, their secrecy-protected purpose is to manipulate and exploit the public.

The time is right time to begin abandonment of the Internet and personal devices before the cover-up of massive betrayal supplants the evidence with public relations, apologia, technological tweaks and newly invented and propagated illusions.

A sends 6 October 2013:

I appreciated your 6 Oct writing on the illusions of privacy and cybersecurity. You said it well.

I am not sure but I suspect you have already considered a possibility that I will share with you appears to be true. The NSA has mathematically broken all of the permutation-based cryptosystems (AES, DES, RSA 2-factor ID tokens), and more, and only pretends to invest in their continued breaking -- just as many Allied ships went down with Allied foreknowledge to protect the WW2 COMINT methods and sources. Bayesian analysis was applied to the science of not revealing a capability. The science of appearing not to know has advanced and today we have a culture in which the rebels tag their secret transmissions with red crypto ink so the adversary can more easily filter and read those.

The evidence of this is, and of an example break also of the EC with constants chosen by NSA, are in plain view for the public to find. An elegant mathematical object in which XOR commutes with EC has already been dissected at great length, each tree studied carefully, presence of a forest here in the desert: either not contemplated at all, or nobody else wants to come out and say it, either. I suppose we would all be somewhere between "silk and cyanide" on the issue.

If you study the publications of mathematicians, you may find that some few of them publish on a set of topics, Q, and subsequently do not publish for several years, only to reappear near Research Triangle Park, publishing mathematics in an indecipherable language, apparently intended for the audience of grey aliens in orbit.

A2 sends 6 October 2013:

In light of the situation revealed re the information shared on

http://cryptome.org/2013/10/privacy-cybersec-illusions-go.htm

are we to reasonably expect the pursuit of natural justice and class action law suits for fraudulent trading etc. against businesses/business executives selling virtual security ware which is just vapourware and unfit for perceived purpose, or is an ignorance defence an arrogant strategy to be deployed and employed to escape accountability and responsibility and time served in a state correctional facility*?

Or is that a relatively new and industrious multi-billion dollar business which has the blessing of the markets and ...... well, for want of a better expression than just Power Elite Players, Executive Server Systems Administrations.

Cryptome to Reddit, 7 October 2013

http://w3.reddit.com/r/privacy/comments/1nvcqu/cryptome_there_can_be_no_public_privacy_and/

"Begin to abandon" is winding down usage in recognition that avid and trusting users have been exploited by promoters who think there is no end in sight to ever-increasing enthusiasm and unguarded communications in all digital fora.

Not only by stigmatized official spies but also by unofficial spying on beloved Reddit as other social and commercial media.

Personal devices of all kinds are now contaminated with hidden tools to siphon user behavior, ubiquitous unlike any time before.

The lucrative comsec industry is a major component of user deception about privacy and protection against intrusion.

Other components are the boosters who claim to offer sure-fire privacy and protection often relying upon "public interest" comsec experts who hold undisclosed "dual-purpose" contracts with predators, the public duplicity part of the contracts.

Privacy policies are duplicitous on purpose, in lockstep worldwide, although admitting willful cooperation with "lawful" interception and confiscation of user data.

This is the nettle under the Internet saddle: there can be no privacy and cybersecurity for the public so long as the principal players conspire with officials to violate promises. And that conspiracy will continue so long as users are lulled into complicity by those they have long trusted to place the public interest before the private.

This highly rewarding lulling is the main problem users can combat by winding down usage, sitting on their hands rather than using them to vote up the predators by use of endemic spying services and products, again here this Reddit, Twitter, Facebook, et al.

No more effective protest than to refuse to validate the rigged voting machine. Millions, billions of disappearing users could scare the shit out of investors and, believe it or not, governments exploiting the Internet to propagandize sanctimony of national security secrets.

This is the short version. Come back, Smokey.