1 00:00:00,000 --> 00:00:02,946 Good afternoon, 2 00:00:03,046 --> 00:00:05,749 welcome to my talk. 3 00:00:05,849 --> 00:00:08,796 I've been asked to give 4 00:00:08,896 --> 00:00:11,740 a talk about privacy things. 5 00:00:14,015 --> 00:00:17,752 Actually I'm a great supporter of privacy, 6 00:00:17,852 --> 00:00:21,877 and my chosen work is to write cryptographic software, 7 00:00:21,977 --> 00:00:26,792 in particular GNU Privacy Guard, GPG/GnuPG, 8 00:00:26,892 --> 00:00:29,655 which I'm the principal author of, 9 00:00:30,589 --> 00:00:35,870 but sometimes I give a general talk about 10 00:00:35,970 --> 00:00:37,557 issues around cryptography, 11 00:00:37,657 --> 00:00:39,892 why we need it, and so on. 12 00:00:41,598 --> 00:00:45,132 [That's a bit inconvenient here with the microphone...] 13 00:00:54,125 --> 00:00:59,594 The reason why I care about privacy is 14 00:00:59,756 --> 00:01:02,397 that I think it's very important. 15 00:01:02,497 --> 00:01:07,212 My first encounter with privacy problems 16 00:01:07,312 --> 00:01:11,618 was probably somewhere back in the 70s, 17 00:01:11,781 --> 00:01:15,518 when in Germany the former [head of] nuclear management 18 00:01:15,640 --> 00:01:18,626 Klaus Traube was bugged, and so 19 00:01:18,971 --> 00:01:21,593 I noticed how much power 20 00:01:21,693 --> 00:01:24,943 some organizations and secret services have, and 21 00:01:25,043 --> 00:01:28,902 what they can do to our lives. 22 00:01:29,002 --> 00:01:34,571 Later on in the 1990's, 97, 23 00:01:34,684 --> 00:01:37,577 I decided to write a replacement for PGP. 24 00:01:37,739 --> 00:01:39,820 It's free software and it's called GnuPG, 25 00:01:39,920 --> 00:01:44,052 and that's what I'm still mainly working on. 26 00:01:45,579 --> 00:01:49,317 The reason why I think it's very important to have privacy 27 00:01:49,731 --> 00:01:51,673 is that we are humans and 28 00:01:51,795 --> 00:01:55,451 we are not Borgs, we have not been assimilated in a collective. 29 00:01:55,613 --> 00:02:00,998 Everyone of us should be able to decide on his own 30 00:02:01,098 --> 00:02:06,094 whether he wants to tell others something about himself or herself. 31 00:02:08,572 --> 00:02:11,619 I think that is very important. 32 00:02:11,719 --> 00:02:16,656 That's the difference between a Borg collective, or 33 00:02:16,819 --> 00:02:18,444 ants, or anything. 34 00:02:18,544 --> 00:02:21,775 Humans have the right to think by themselves and 35 00:02:21,897 --> 00:02:26,203 decide whether they want to talk, what not to talk [about] and 36 00:02:26,303 --> 00:02:29,250 how to interact with other humans. 37 00:02:30,956 --> 00:02:36,318 Another reason why it's important to have privacy is that, 38 00:02:36,418 --> 00:02:37,762 if you can control your own data, 39 00:02:37,862 --> 00:02:41,233 and do not let the government or another organization 40 00:02:41,333 --> 00:02:43,590 control the data, 41 00:02:44,036 --> 00:02:53,827 it's harder to turn your country into a police state. 42 00:02:54,152 --> 00:02:57,726 As a German, we had quite some experience with this 43 00:02:57,826 --> 00:03:05,079 our “Jones” didn't encounter the Third Reich, and 44 00:03:05,179 --> 00:03:09,755 maybe hardly the Stasi in Eastern Germany. 45 00:03:10,929 --> 00:03:16,657 All these police states, they don't like to have privacy, 46 00:03:16,757 --> 00:03:20,029 because they want to control their citizens. 47 00:03:21,369 --> 00:03:25,941 Another reason why, even now, we need privacy, 48 00:03:26,041 --> 00:03:31,059 is that trade secrets and negotiations benefit really from 49 00:03:31,159 --> 00:03:35,262 being able to talk and write confidentially. 50 00:03:35,362 --> 00:03:41,640 If you can't do that it's bad for your company. 51 00:03:45,053 --> 00:03:47,268 On the non-corporate side of things, 52 00:03:47,368 --> 00:03:49,381 there are lots of human rights groups 53 00:03:49,481 --> 00:03:51,755 unfortunately, we need them 54 00:03:51,855 --> 00:03:55,555 and it's very, very important for them 55 00:03:55,655 --> 00:03:59,658 to be able to talk in confidence with other people. 56 00:04:03,577 --> 00:04:06,361 Attendant: The translator asks me that you move 57 00:04:06,461 --> 00:04:08,655 a little further away from the microphone, 58 00:04:08,755 --> 00:04:11,561 otherwise they don't understand what... 59 00:04:11,661 --> 00:04:20,621 Yeah, is that better? OK. Yeah, I'll try. Can you hear me? 60 00:04:25,270 --> 00:04:28,826 these human rights groups definitely need some encryption 61 00:04:28,926 --> 00:04:34,694 to make sure they can keep confidential information from people 62 00:04:34,794 --> 00:04:37,397 and, well, police states — secret, 63 00:04:37,497 --> 00:04:40,747 and don't get them into danger. 64 00:04:41,123 --> 00:04:43,909 Another reason is (that's what I wrote on this slide) 65 00:04:44,009 --> 00:04:46,191 memories should be able to fade out. 66 00:04:46,291 --> 00:04:52,203 What I mean by this is: things you did as a teenager 67 00:04:52,303 --> 00:04:54,884 shouldn't reflect badly on your later life. For example, 68 00:04:54,984 --> 00:04:59,881 you attend this free software conference here, now, at your age, 69 00:04:59,981 --> 00:05:04,715 and later you decide to go for director of the NSA, 70 00:05:04,815 --> 00:05:09,411 and the NSA probably doesn't like people who want only free software. 71 00:05:12,921 --> 00:05:16,071 Now all things are like tattoos. 72 00:05:16,171 --> 00:05:21,230 You're getting a tattoo at 16; at 30 you decide: 73 00:05:21,330 --> 00:05:23,604 "I don't want it anymore". 74 00:05:23,704 --> 00:05:27,545 You have to decide early what to do and what not to do. 75 00:05:27,645 --> 00:05:30,817 So these memories [should] be allowed to fade out. 76 00:05:30,917 --> 00:05:34,026 We can't do anything about this technically, 77 00:05:34,126 --> 00:05:36,970 so the only thing we really can do is just take care 78 00:05:37,070 --> 00:05:41,009 not to publish too much. 79 00:05:41,109 --> 00:05:45,642 Why do we have this problem with privacy threats? 80 00:05:45,742 --> 00:05:51,253 It's that our world is getting more complicated. 81 00:05:51,353 --> 00:05:54,722 In the old times, you were talking directly to someone, 82 00:05:54,822 --> 00:05:57,007 you noticed smoke signals, 83 00:05:57,107 --> 00:06:00,918 you sent letters, maybe even sealed letters, 84 00:06:01,018 --> 00:06:05,311 you noticed telegraph wires going along the railways, 85 00:06:05,411 --> 00:06:09,258 and you could really see that there was something which happened, 86 00:06:09,358 --> 00:06:13,091 and it was good. It was easy to understand 87 00:06:13,191 --> 00:06:18,132 that you could just hear what was going on in the telegraph wires 88 00:06:18,232 --> 00:06:22,033 you could hear the signals actually 89 00:06:22,133 --> 00:06:26,851 so to most people it was clear that others could 90 00:06:26,951 --> 00:06:30,110 hear what they were talking about on this wire — or 91 00:06:30,210 --> 00:06:33,753 by smoke signals of course; pretty public, yes. 92 00:06:34,745 --> 00:06:36,515 Later on, 60 or 70 years ago, 93 00:06:36,615 --> 00:06:39,032 this changed with the rise of electronics, 94 00:06:39,132 --> 00:06:42,515 because that is more magic to most people. 95 00:06:42,615 --> 00:06:45,833 Finally, 20 to 25 years ago the Internet 96 00:06:48,547 --> 00:06:52,031 was available here in Europe and in the US. 97 00:06:52,131 --> 00:06:55,759 The Internet is really something for wizards. 98 00:06:55,859 --> 00:06:58,259 Nobody, no average user can understand 99 00:06:58,359 --> 00:06:59,869 how the Internet works. 100 00:06:59,969 --> 00:07:01,342 They tell you something about packets. 101 00:07:01,442 --> 00:07:06,317 What are packets? Packets are coming from Amazon these days, but 102 00:07:06,417 --> 00:07:09,387 these packets are something magic 103 00:07:09,487 --> 00:07:13,783 which transports all our thoughts and our letters and 104 00:07:13,883 --> 00:07:16,437 it's not easy to understand that 105 00:07:16,537 --> 00:07:20,086 there are people who can intercept them, and 106 00:07:20,186 --> 00:07:21,792 fake them, and all the things. It's not 107 00:07:21,892 --> 00:07:25,392 anymore possible for most people to understand this. 108 00:07:25,492 --> 00:07:28,566 And this is in my opinion the reason 109 00:07:28,666 --> 00:07:33,100 why, for so long, many people have not been interested 110 00:07:33,200 --> 00:07:38,914 in using secure communication on the Internet. 111 00:07:39,014 --> 00:07:41,867 And it's hard of course to do this. 112 00:07:43,291 --> 00:07:47,556 The design of the Internet was 113 00:07:47,656 --> 00:07:50,417 a decentralized system, 114 00:07:50,517 --> 00:07:55,113 which withstands any attack, and 115 00:07:55,213 --> 00:07:58,636 doesn't have any central server, and 116 00:07:58,736 --> 00:08:01,153 that is a good design. 117 00:08:01,253 --> 00:08:04,593 It was designed by hackers; 118 00:08:04,693 --> 00:08:07,718 they had no security built-in because they said 119 00:08:07,818 --> 00:08:10,897 “Oh we don't need this, we won't do this”, 120 00:08:10,997 --> 00:08:12,700 and it was not expected that it would 121 00:08:12,800 --> 00:08:16,070 ever be turned into a mass phenomenon. 122 00:08:18,474 --> 00:08:20,652 Anyway, they did this, and 123 00:08:20,752 --> 00:08:23,275 the culture of the early Net 124 00:08:23,375 --> 00:08:29,395 was pretty good, because it democratized communication. 125 00:08:29,495 --> 00:08:33,422 Even phone calling is now really affordable for everyone, 126 00:08:33,522 --> 00:08:36,754 whereas it was not the case in the 80s, or the 70s, 127 00:08:36,854 --> 00:08:40,575 when long-distance calls were really expensive. 128 00:08:40,675 --> 00:08:44,098 Today we can communicate with everyone in the world, 129 00:08:44,198 --> 00:08:46,689 with only a little bit of money. 130 00:08:48,518 --> 00:08:51,087 So this Internet is a great tool, 131 00:08:51,187 --> 00:08:53,975 for everyone except for the telecommunication monopolists, 132 00:08:54,075 --> 00:08:56,519 of course, because they lose revenue, 133 00:08:56,619 --> 00:08:58,956 and they try not to do that, of course. 134 00:09:00,452 --> 00:09:02,506 There was no problem with privacy 135 00:09:02,606 --> 00:09:06,100 because nobody used it right then. 136 00:09:06,200 --> 00:09:11,805 We could have added privacy to the Internet; 137 00:09:13,209 --> 00:09:15,354 everything was there, PGP for example. 138 00:09:15,921 --> 00:09:18,779 But then came the companies, and they decided: 139 00:09:18,879 --> 00:09:21,269 “Oh we can make money out of this Internet”. 140 00:09:21,369 --> 00:09:23,919 They looked around for business models. 141 00:09:24,019 --> 00:09:26,900 First they did simple advertising, and in the end... 142 00:09:27,000 --> 00:09:29,768 they have settled by now for collecting a lot of data 143 00:09:29,868 --> 00:09:33,397 about all the users and tracking user behavior 144 00:09:33,497 --> 00:09:36,895 to do targeted advertising, and 145 00:09:36,995 --> 00:09:40,723 they earn a lot of money with this. 146 00:09:40,823 --> 00:09:44,687 Maybe this is a bother, but anyway they are rich, 147 00:09:44,787 --> 00:09:46,748 and they have a lot of power. 148 00:09:47,359 --> 00:09:49,864 Unfortunately, this also means that 149 00:09:49,964 --> 00:09:53,747 if you only have a couple of large corporations, 150 00:09:53,847 --> 00:09:58,601 they are not interested in a decentralized Internet anymore. 151 00:09:58,701 --> 00:10:00,845 They need a centralized Internet, 152 00:10:00,945 --> 00:10:05,315 one where they control most of the communications. 153 00:10:08,528 --> 00:10:10,466 Well, they did this and 154 00:10:10,566 --> 00:10:14,118 people didn't understand what the Internet was all about. 155 00:10:14,218 --> 00:10:15,787 They liked to communicate with others, 156 00:10:15,887 --> 00:10:19,576 chat with people in other countries and other continents, 157 00:10:19,676 --> 00:10:22,092 and used it. 158 00:10:23,841 --> 00:10:29,808 The ISPs, who allowed them to connect to the Internet, 159 00:10:29,908 --> 00:10:34,312 did one trick: they lured them into using their portals. 160 00:10:34,412 --> 00:10:39,425 So, for many, many people, their portal to the Internet 161 00:10:39,525 --> 00:10:43,293 is the Internet. They don't see anything beyond the 162 00:10:43,446 --> 00:10:47,394 T-Online or... I don't know what the Belgian provider here is. 163 00:10:48,268 --> 00:10:52,189 They say “this is my Internet”, and don't realize that there's more, 164 00:10:52,289 --> 00:10:54,414 that there is a decentralized system 165 00:10:54,514 --> 00:10:59,501 which they can use directly without using any centralized services. 166 00:10:59,601 --> 00:11:03,104 They are not interested in this of course; 167 00:11:03,204 --> 00:11:05,992 people don't realize this. 168 00:11:06,092 --> 00:11:11,529 To many people, Google is the entry to the Internet. 169 00:11:12,532 --> 00:11:15,371 Even if they want to look up something in Wikipedia, 170 00:11:15,471 --> 00:11:19,106 they enter “Wikipedia” as the search term, and so 171 00:11:19,206 --> 00:11:21,809 this way Google knows what they are looking up in Wikipedia, 172 00:11:21,909 --> 00:11:25,862 even though Wikipedia itself does not track the user. 173 00:11:26,313 --> 00:11:30,446 They don't know that they could just enter “wikipedia.org” 174 00:11:30,546 --> 00:11:34,420 into the address window. 175 00:11:35,532 --> 00:11:38,956 Further, there are online payment systems. 176 00:11:39,056 --> 00:11:42,553 I'm not sure about credit cards, but all these 177 00:11:42,653 --> 00:11:45,017 new mobile phone pay systems, 178 00:11:45,117 --> 00:11:48,335 the reason why they are there is that they can 179 00:11:48,435 --> 00:11:52,956 map physical transactions. 180 00:11:53,056 --> 00:11:54,714 You buy something in a store, 181 00:11:54,814 --> 00:11:58,290 but they can map that to your behavior on the web. 182 00:11:58,390 --> 00:12:02,132 This way they can better control what people are buying: 183 00:12:02,232 --> 00:12:04,437 if people look something up in a web shop, 184 00:12:04,537 --> 00:12:05,894 buy it, even somewhere else, 185 00:12:05,994 --> 00:12:08,252 but pay with their mobile payment system, 186 00:12:08,352 --> 00:12:13,471 they can map this all together and get a better profile of everyone. 187 00:12:14,027 --> 00:12:16,412 Too many people are using this 188 00:12:16,512 --> 00:12:19,935 without knowing what they really do. 189 00:12:22,823 --> 00:12:27,300 So let me do a quick poll here: 190 00:12:28,811 --> 00:12:30,645 who in this audience has 191 00:12:30,745 --> 00:12:34,348 NO Facebook or Google+ account? 192 00:12:35,625 --> 00:12:38,309 Well I think I should stop my talk now, 193 00:12:38,409 --> 00:12:41,713 because I'm talking to the wrong audience, you know. 194 00:12:42,785 --> 00:12:43,991 Yeah, OK. 195 00:12:44,998 --> 00:12:47,693 One other thing which is important here 196 00:12:47,793 --> 00:12:51,354 is that all their things go into targeted marketing. 197 00:12:51,454 --> 00:12:57,212 These things where you get one price for a flight, 198 00:12:57,312 --> 00:13:00,436 then go somewhere else, some other website, 199 00:13:00,536 --> 00:13:02,834 and come back, and the price has changed, 200 00:13:02,934 --> 00:13:05,637 just because they realize that you are coming back 201 00:13:05,737 --> 00:13:08,461 and that you are more interested, and then raise 202 00:13:08,561 --> 00:13:09,670 the price, for example. 203 00:13:09,770 --> 00:13:11,418 Then we have this 204 00:13:11,518 --> 00:13:13,644 “other customers bought this also”, 205 00:13:13,744 --> 00:13:16,770 which works pretty well for the shops, 206 00:13:16,870 --> 00:13:19,975 so that you buy something you didn't intend to buy, 207 00:13:20,075 --> 00:13:22,961 because “others did it so I have to do this as well”. 208 00:13:24,314 --> 00:13:26,652 Another thing is... 209 00:13:26,752 --> 00:13:29,301 I'm not sure whether everybody realizes that 210 00:13:29,401 --> 00:13:33,063 if you buy a railway ticket, you get an offer to rent a car, 211 00:13:33,163 --> 00:13:34,359 and then if you rent the car, 212 00:13:34,459 --> 00:13:37,301 you get an offer to book a hotel there. 213 00:13:37,402 --> 00:13:42,707 That is very good for the car rental service and the hotel booking service. 214 00:13:42,807 --> 00:13:47,502 It really is per-user advertising, and 215 00:13:47,602 --> 00:13:49,483 it's a cool thing for them. But the 216 00:13:49,583 --> 00:13:53,963 companies who do this have a lot of information about you, then. 217 00:13:54,159 --> 00:13:56,695 And we don't know what else they are using this for, 218 00:13:56,795 --> 00:13:59,716 whether, if you want to buy a house later, they tell you: 219 00:13:59,816 --> 00:14:01,387 “Oh no, you can't buy this, 220 00:14:01,487 --> 00:14:04,758 you are spending too much money on different things”. 221 00:14:09,168 --> 00:14:11,234 That was the corporate side of things, 222 00:14:11,334 --> 00:14:15,284 and now we come to the governments. 223 00:14:15,384 --> 00:14:19,209 Surveillance is something they like to do, 224 00:14:19,946 --> 00:14:21,451 I told you at the beginning. 225 00:14:21,551 --> 00:14:26,283 The reason is probably that the Unknown is always a danger. 226 00:14:27,183 --> 00:14:29,729 In Germany, Chancellor Merkel said that 227 00:14:29,829 --> 00:14:33,144 this Internet and this wiretapping of the Internet 228 00:14:33,244 --> 00:14:37,383 is Neuland to them, which means unknown territory, despite that 229 00:14:37,483 --> 00:14:39,132 she should know this 230 00:14:39,232 --> 00:14:44,258 she has a video blog, and everything... 231 00:14:44,358 --> 00:14:47,689 She just claims that they have no idea what this is about. 232 00:14:47,789 --> 00:14:50,816 So there must be some kind of unknown in this Internet 233 00:14:50,916 --> 00:14:54,578 and communication structure that is a danger to them, 234 00:14:55,107 --> 00:14:58,843 and that they try to avoid. So they're going 235 00:14:58,943 --> 00:15:02,128 to have laws to get better control of their citizens. 236 00:15:03,850 --> 00:15:08,222 Well, they have been doing this for 20-25 years now. 237 00:15:08,619 --> 00:15:11,427 It takes a lot of time to get these laws through 238 00:15:11,527 --> 00:15:14,925 because we oppose them. 239 00:15:15,852 --> 00:15:17,945 They try to get them approved once, 240 00:15:18,045 --> 00:15:20,409 and try again, and try again, and 241 00:15:20,509 --> 00:15:23,058 at some point in time they get them through, 242 00:15:23,158 --> 00:15:25,337 so they can better track people. 243 00:15:27,456 --> 00:15:29,231 Then they realize: “OK, 244 00:15:29,331 --> 00:15:32,999 we had such a hard time to get all this information about our citizens. 245 00:15:33,364 --> 00:15:37,921 Why can Google, Amazon, Apple... why can they do it so easily?” 246 00:15:38,021 --> 00:15:43,273 So they now say: “Well, just ask them for the data, it's much easier.” 247 00:15:43,373 --> 00:15:47,671 And that is probably the current thing with PRISM and Tempora, 248 00:15:47,771 --> 00:15:51,035 and the stories about the NSA and GCHQ. 249 00:15:51,539 --> 00:15:54,347 And in general, all our constitutions are considered as 250 00:15:54,447 --> 00:16:00,314 mere suggestions and not something which is to be enforced, 251 00:16:00,414 --> 00:16:03,116 at least not by the secret services. 252 00:16:04,520 --> 00:16:10,217 That's a very big problem. 253 00:16:11,700 --> 00:16:14,699 In particular in Germany, after WW2 254 00:16:14,799 --> 00:16:19,249 we have setup our system in a way that 255 00:16:19,349 --> 00:16:22,827 the secret services, the police and everybody, these 256 00:16:22,927 --> 00:16:26,201 were clearly separated; they couldn't access the data of the others. 257 00:16:26,301 --> 00:16:29,345 So there was privacy built in because of the experience 258 00:16:29,445 --> 00:16:31,729 Germany made in the Third Reich. 259 00:16:33,054 --> 00:16:36,895 This is all kind of going away. 260 00:16:39,934 --> 00:16:41,454 So if you do something, 261 00:16:41,554 --> 00:16:46,387 you need to be prepared for your own future. 262 00:16:46,487 --> 00:16:49,437 What you do now will reflect on your own future later. 263 00:16:49,537 --> 00:16:52,533 So if you tell someone you've gone to this 264 00:16:54,654 --> 00:16:59,497 hackers conference, and then you want a job at Oracle, 265 00:16:59,597 --> 00:17:04,561 they might think: “Oh not good, they might hack all our records”. 266 00:17:08,677 --> 00:17:12,153 We have several interactions with the Internet. 267 00:17:12,253 --> 00:17:15,134 The most important has always been mail 268 00:17:15,234 --> 00:17:19,724 people call it e-mail, to me it's “mail”. 269 00:17:21,243 --> 00:17:24,915 It has been claimed that mail is not important anymore but, 270 00:17:25,015 --> 00:17:28,835 everyone: it is important, because for all the accounts you create 271 00:17:28,935 --> 00:17:31,166 you need to have a mail address; 272 00:17:31,266 --> 00:17:34,064 for maintenance of these accounts, 273 00:17:34,164 --> 00:17:37,261 to send you a password reminder for instance. 274 00:17:38,495 --> 00:17:40,932 Doing real work using the Internet, 275 00:17:41,032 --> 00:17:45,681 e-mail is probably the best thing because it's store and forward, 276 00:17:45,781 --> 00:17:51,917 you're not required to do hasty decisions during online chats. 277 00:17:52,201 --> 00:17:56,723 So it's still useful. E-mail has the advantage that 278 00:17:56,823 --> 00:17:59,071 you read it at the time you decide, 279 00:17:59,171 --> 00:18:04,294 and not at the time the sender decides that you read it. 280 00:18:05,591 --> 00:18:09,200 The problem is that most people are using a webmail, 281 00:18:09,485 --> 00:18:12,302 which means that your provider sees exactly 282 00:18:12,402 --> 00:18:19,166 when you read your mail, what you read and in which order. 283 00:18:19,488 --> 00:18:24,584 So it's not secure anymore. They know when you are going to work, 284 00:18:24,684 --> 00:18:28,667 and everything you do can be extracted from the data that 285 00:18:28,767 --> 00:18:32,181 you are providing by using the webmail. 286 00:18:33,701 --> 00:18:37,879 The offline use of mail, like it was done ten years ago, 287 00:18:37,979 --> 00:18:41,171 is a more secure thing to do. 288 00:18:41,488 --> 00:18:45,761 Searching is the most useful thing on the Internet. 289 00:18:46,869 --> 00:18:49,876 Everybody uses it, and 290 00:18:51,395 --> 00:18:55,036 you might remember that the first well-known service was 291 00:18:55,136 --> 00:18:59,684 AltaVista — in the early 90s — which opened up the whole Internet. 292 00:18:59,784 --> 00:19:02,095 All the pages we had there, to everyone... 293 00:19:02,195 --> 00:19:05,160 This was really a cool service. And 294 00:19:05,260 --> 00:19:09,597 the early Google was also very interesting because it just pinpointed 295 00:19:09,697 --> 00:19:11,998 the exact things you wanted to know, 296 00:19:12,098 --> 00:19:16,149 well mostly technical questions 297 00:19:16,249 --> 00:19:19,600 so you got the right answer at that point. 298 00:19:19,700 --> 00:19:23,588 Today, searching is a real problem because 299 00:19:23,688 --> 00:19:30,737 they are using it to build records, profiles of all the users. 300 00:19:30,837 --> 00:19:34,446 And it's also unreliable because 301 00:19:35,459 --> 00:19:39,732 they render the results of a search according to your profile. 302 00:19:39,832 --> 00:19:49,730 So if you like to see horror movies, they are probably listed first. 303 00:19:49,830 --> 00:19:56,034 And others, who like to see science fiction, get science fiction listed first. 304 00:19:56,825 --> 00:19:59,638 And they do this with everything. 305 00:19:59,738 --> 00:20:04,067 What you get out of Google, or Bing, is not reliable anymore. 306 00:20:04,167 --> 00:20:08,443 It's something which is customized to your behavior. 307 00:20:10,120 --> 00:20:13,761 Chatting is an old thing on the Internet. 308 00:20:13,861 --> 00:20:19,105 Before, we used IRC, and 309 00:20:19,205 --> 00:20:24,708 frankly I don't know, most Internet users use these chat rooms, 310 00:20:24,808 --> 00:20:28,163 something with the web browser. I've never used this. 311 00:20:28,606 --> 00:20:32,500 Chatting is useful because it allows you to work together 312 00:20:32,600 --> 00:20:38,736 with others closely on a certain problem. To me it means: 313 00:20:40,224 --> 00:20:45,320 tracking down a bug like this. Using Jabber is 314 00:20:45,420 --> 00:20:49,593 much easier than sending mails, which takes much longer. 315 00:20:50,828 --> 00:20:55,798 It's also nice to have a chit-chat if you're working alone in your office. 316 00:20:56,621 --> 00:20:59,623 Social networks are 317 00:20:59,723 --> 00:21:03,738 in my opinion a major problem for privacy 318 00:21:03,838 --> 00:21:10,069 because this is the very tool which is used to 319 00:21:10,169 --> 00:21:14,379 publish all and everything about yourself. And 320 00:21:14,479 --> 00:21:17,861 everybody uses this, everything does this, and 321 00:21:17,961 --> 00:21:22,414 a whole generation now thinks it is important to publish everything 322 00:21:22,514 --> 00:21:28,967 about themselves to the Internet, and in particular to Facebook. 323 00:21:29,067 --> 00:21:32,739 So the question is: who benefits from that? The people? 324 00:21:32,839 --> 00:21:35,582 Do they really need friends? 325 00:21:35,682 --> 00:21:40,704 All these friends they have in their Facebook account, 326 00:21:40,804 --> 00:21:45,110 are these only opportunities for Facebook to build a profile of them 327 00:21:45,210 --> 00:21:48,534 to sell targeted marketing? 328 00:21:53,662 --> 00:21:57,329 Well, how can you know what's going on? 329 00:21:57,429 --> 00:21:59,520 The good thing is: all these big companies, 330 00:21:59,620 --> 00:22:01,576 they tell you what they want from you. 331 00:22:01,676 --> 00:22:05,438 They have all these terms of service, and privacy policies, and 332 00:22:05,538 --> 00:22:09,648 they're clearly showing you what they're going to do with your data. 333 00:22:09,748 --> 00:22:14,834 All this might be legal speak and touch pass for you, but 334 00:22:14,934 --> 00:22:19,809 they tell you that. So that's fair, if you want to read this. 335 00:22:19,909 --> 00:22:24,589 It's hard to read, but if you don't want to, 336 00:22:24,689 --> 00:22:31,173 you may go to tosdr.org, “Terms of Service; Didn't Read dot org”, 337 00:22:31,273 --> 00:22:36,517 which nicely lists all these terms of service, 338 00:22:36,617 --> 00:22:38,828 and compares them to others; you can see 339 00:22:38,928 --> 00:22:40,585 what they want from you, what are 340 00:22:40,685 --> 00:22:45,699 the good services for privacy, and the very bad services for privacy. 341 00:22:46,783 --> 00:22:50,387 The easiest question you could always ask yourself is: 342 00:22:50,487 --> 00:22:54,940 “what is their business model?”. Why are they offering this service? 343 00:22:55,040 --> 00:23:00,992 A corporation would never do anything pro bono. 344 00:23:01,092 --> 00:23:03,265 They do it do get revenue from this, 345 00:23:03,365 --> 00:23:05,930 and for their shareholder value, 346 00:23:06,030 --> 00:23:09,190 so the money must come from somewhere, 347 00:23:09,290 --> 00:23:11,817 and the good question to ask yourself is 348 00:23:11,917 --> 00:23:15,932 whether you really want to use this service. 349 00:23:17,578 --> 00:23:19,852 Of course there are these other parties 350 00:23:19,952 --> 00:23:21,915 who don't tell you what they want. 351 00:23:22,015 --> 00:23:26,880 We have the NSA, formerly called “No Such Agency” because 352 00:23:26,980 --> 00:23:28,816 nobody knew that it was really there. 353 00:23:28,916 --> 00:23:34,287 And there is Bletchley Park or the GCHQ. 354 00:23:34,387 --> 00:23:36,571 I don't want to talk about this now because 355 00:23:36,671 --> 00:23:41,414 it has so much press attention now that 356 00:23:41,514 --> 00:23:43,978 everybody knows about Tempora, PRISM, and 357 00:23:44,078 --> 00:23:46,764 everybody should know about Echelon, which is 358 00:23:46,864 --> 00:23:51,259 twelve, thirteen years old — oh no, it's older even 359 00:23:51,359 --> 00:23:57,996 but is known, should be known to everyone since 1999. 360 00:23:58,096 --> 00:24:03,219 There was even a report at the European Parliament about this and 361 00:24:03,319 --> 00:24:06,675 action resulted from this. 362 00:24:06,775 --> 00:24:10,790 But time went ahead and nobody thought anymore about Echelon 363 00:24:10,890 --> 00:24:16,931 and was surprised that there is PRISM and Tempora... and what else? 364 00:24:17,469 --> 00:24:24,116 That is the US and Great Britain and Australia and Canada of course, 365 00:24:24,216 --> 00:24:28,390 but other countries are not any better. 366 00:24:28,490 --> 00:24:31,808 The German secret service is of course tapping all wires. 367 00:24:31,908 --> 00:24:36,841 They did this for the old wires to Eastern Germany, and 368 00:24:36,941 --> 00:24:41,774 there's a little anecdote about East Germany in the early 70s. 369 00:24:41,874 --> 00:24:49,878 They setup new telephone lines to Western Germany, so that 370 00:24:49,978 --> 00:24:54,872 people of East Germany and West Germany could better talk to each other, 371 00:24:54,972 --> 00:24:58,176 because before it was really hard; you had to wait several days 372 00:24:58,276 --> 00:25:00,076 for telephone calls to do this. 373 00:25:00,962 --> 00:25:05,520 But nothing changed, despite what they did this. 374 00:25:05,620 --> 00:25:08,306 And the reason, it turns out, was that the 375 00:25:08,406 --> 00:25:11,814 German secret service, der Verfassungsschutz, 376 00:25:11,914 --> 00:25:16,631 was not able to deploy enough wiretapping equipment 377 00:25:16,731 --> 00:25:19,163 timely, after this event! 378 00:25:20,525 --> 00:25:22,487 They all do this. 379 00:25:23,722 --> 00:25:25,906 To secret services, everything is known 380 00:25:26,006 --> 00:25:31,034 what is not encrypted — on the Internet, on the phone, and 381 00:25:31,134 --> 00:25:33,408 probably also credit card transactions. 382 00:25:34,769 --> 00:25:36,953 Your software provider... Well it depends. 383 00:25:37,053 --> 00:25:42,145 Probably here it doesn't make sense to tell you about 384 00:25:42,245 --> 00:25:48,375 your software provider because it's probably already Debian, Fedora, or 385 00:25:48,475 --> 00:25:53,060 some other Linux — oh, sorry, GNU/Linux — distribution. 386 00:25:53,160 --> 00:25:56,321 But in general your software provider is called Apple, 387 00:25:56,421 --> 00:26:03,601 or Microsoft, or Adobe, and you don't know what they put into their 388 00:26:03,701 --> 00:26:10,697 software. You should always expect that this software has been bugged 389 00:26:10,797 --> 00:26:15,598 and tells them what you are doing, and 390 00:26:15,698 --> 00:26:18,579 grep's for certain keywords, and everything. 391 00:26:18,679 --> 00:26:23,955 So we can't decide. They do it, for sure. 392 00:26:24,055 --> 00:26:27,358 Why should they not do this? 393 00:26:28,582 --> 00:26:31,304 Well, at least there are some sysadmins who 394 00:26:31,404 --> 00:26:35,287 don't respect the Netiquette and read your mail on the servers. 395 00:26:35,387 --> 00:26:36,812 OK, they shouldn't do this. 396 00:26:36,912 --> 00:26:41,212 I don't think there are many doing this. 397 00:26:41,312 --> 00:26:45,327 At least there is one system administrator who did this, 398 00:26:45,427 --> 00:26:49,948 who tapped something, read stuff he shouldn't read and shouldn't publish, 399 00:26:50,048 --> 00:26:54,628 but in this case I think Mr. Snowden did it right and 400 00:26:54,728 --> 00:26:58,210 we should applaud him for this. 401 00:27:00,219 --> 00:27:02,949 Now, what can we do? 402 00:27:05,224 --> 00:27:06,977 First of all, most of us 403 00:27:07,077 --> 00:27:12,729 won't be able to withstand any targeted attack. This means that if 404 00:27:12,829 --> 00:27:16,921 some secret service wants to go after me and 405 00:27:17,021 --> 00:27:19,749 check what's on my private desktop machine, 406 00:27:19,849 --> 00:27:22,504 they will succeed. I can't do anything about it, 407 00:27:22,604 --> 00:27:26,803 even if I ran OpenBSD and stuff, whatever, they just... 408 00:27:26,903 --> 00:27:29,891 We'll figure out if that's a targeted attack. 409 00:27:29,991 --> 00:27:36,510 That's no problem for them, they are used to do this, 410 00:27:36,610 --> 00:27:38,633 we can't do anything about it. 411 00:27:38,733 --> 00:27:41,298 If you want to do something about this, 412 00:27:41,398 --> 00:27:44,805 you need to have high security and that's not very convenient, 413 00:27:44,905 --> 00:27:48,577 and expensive to maintain, and use. 414 00:27:49,682 --> 00:27:51,697 Traffic analysis: 415 00:27:51,797 --> 00:27:57,837 looking at who is talking to whom is hard to mitigate, also. 416 00:27:57,937 --> 00:28:03,057 It can be done but it's very hard to do, so 417 00:28:03,157 --> 00:28:07,687 I don't know what do to against it. Of course, we could all use Tor but... 418 00:28:08,567 --> 00:28:12,394 to do it right is very hard. 419 00:28:13,471 --> 00:28:17,371 But what we can do is protect the contents of our communications, 420 00:28:17,471 --> 00:28:23,795 so that nobody can look into the envelope, as with letters. 421 00:28:26,991 --> 00:28:32,061 Anonymity: If you don't want others to see whom you are talking to, 422 00:28:32,161 --> 00:28:37,160 you can use the Tor Project. Tor is the Onion Router. 423 00:28:37,260 --> 00:28:42,425 It's a pretty secure system, it's hard to attack, 424 00:28:42,525 --> 00:28:49,250 so use it if you don't want others to see whom you are talking to and 425 00:28:49,350 --> 00:28:52,760 what service you are looking for. And that 426 00:28:52,860 --> 00:28:56,987 may even apply when you're looking up some terms in Wikipedia. 427 00:28:58,709 --> 00:29:02,739 Now the interesting thing for the future is the development of GNUnet. 428 00:29:02,839 --> 00:29:07,906 GNUnet is an overlay network which provides a new platform 429 00:29:08,006 --> 00:29:13,789 for all kinds of services, in a way that is censor-resistant 430 00:29:13,889 --> 00:29:19,139 and anonymous. It protects everything that we can protect 431 00:29:19,239 --> 00:29:21,629 or that is worth protecting. 432 00:29:21,729 --> 00:29:25,713 It's a peer-to-peer network. It is of course better than Tor, 433 00:29:25,813 --> 00:29:31,143 but is still in development and will need another couple of years 434 00:29:31,243 --> 00:29:33,933 to be really usable. 435 00:29:34,033 --> 00:29:38,098 Fortunately the European Union is sometimes funding its development, 436 00:29:38,198 --> 00:29:42,875 which is kinda funny. Actually the US has also been funding 437 00:29:42,975 --> 00:29:48,010 crypto stuff, free software crypto stuff sometimes. 438 00:29:50,090 --> 00:29:54,046 Probably they think “It doesn't matter”. 439 00:29:56,005 --> 00:29:58,114 Instant messenging: 440 00:29:58,214 --> 00:30:00,749 Oh yeah, I hope you don't use Skype anymore, 441 00:30:00,849 --> 00:30:07,217 because it's known that Skype grabs for URLs, and checks out 442 00:30:07,317 --> 00:30:10,206 what these URLs are, huh? 443 00:30:12,091 --> 00:30:20,031 A good service is Jabber (or XMPP), if you use it along with OTR (Off The Record), 444 00:30:20,131 --> 00:30:26,356 which enables end-to-end encryption in Jabber — and others protocols, too. 445 00:30:26,456 --> 00:30:31,818 End-to-end encryption means that you encrypt it and only the recipient decrypts it, 446 00:30:31,918 --> 00:30:37,050 both on their machines, and not on any server in between, which is a standard model 447 00:30:37,150 --> 00:30:41,370 with Jabber, and in most encryption online services. 448 00:30:41,470 --> 00:30:44,403 But if you use this, take care if you use a multi-user chat, 449 00:30:44,503 --> 00:30:51,480 because that is hard to secure. 450 00:30:52,512 --> 00:30:54,030 Searching 451 00:30:54,130 --> 00:30:58,337 A better system which would better match the Internet structure 452 00:30:58,437 --> 00:31:04,802 is a decentralized search engine. There is such an engine, it's called YaCy. 453 00:31:04,902 --> 00:31:12,016 You may want to try it out. The FSF Europe website uses YaCy for searching, 454 00:31:12,116 --> 00:31:17,574 for example, but you can just use it and try out what result you get. 455 00:31:17,674 --> 00:31:20,402 It's slower than others of course. 456 00:31:23,198 --> 00:31:30,200 For private searches, please resort to DuckDuckGo.com, 457 00:31:30,300 --> 00:31:36,772 which seems to be a good service right now. It's similar to the early Google. 458 00:31:36,872 --> 00:31:42,175 They have no business model right now, and they promise not to do anything evil 459 00:31:42,275 --> 00:31:47,927 and not track you and so on, so for now it's good to use DuckDuckGo. 460 00:31:48,027 --> 00:31:52,640 And if you're using Mozilla, you should also change the 461 00:31:52,740 --> 00:31:55,175 address which is used for keyword search, 462 00:31:55,275 --> 00:32:00,734 so that if you enter something wrong in the address field, 463 00:32:00,834 --> 00:32:04,569 DuckDuckGo is used instead of Google. 464 00:32:04,669 --> 00:32:09,639 At the bottom of the slide, there is the command to do this. 465 00:32:09,739 --> 00:32:16,169 Most users are accustomed to use search engines as the entry point 466 00:32:16,269 --> 00:32:20,851 to the Internet. It would be better for them to use Wikipedia because 467 00:32:20,951 --> 00:32:25,108 they promise not to track anything, and Wikipedia has a lot of information, 468 00:32:25,208 --> 00:32:29,951 and is probably a very good starting point to look for information. 469 00:32:33,330 --> 00:32:38,658 The talk was mostly about online services, direct-to-direct communication, 470 00:32:38,758 --> 00:32:44,403 but when it comes to protection of data which is stored, 471 00:32:44,503 --> 00:32:48,605 we need to ask some questions. Of course, one question is 472 00:32:48,705 --> 00:32:51,757 whether the encryption is secure enough: 473 00:32:51,857 --> 00:32:56,638 will it be secure in 20 years? or in 30 years? 474 00:32:59,752 --> 00:33:01,377 Another important question is 475 00:33:01,477 --> 00:33:04,594 whether there is a way to backup your data, and 476 00:33:04,694 --> 00:33:09,889 whether you did everything to have a backup of your key, 477 00:33:09,989 --> 00:33:15,251 if you have encrypted this, which you should do. 478 00:33:15,351 --> 00:33:18,406 Then what tools are you using? These tools must be open. 479 00:33:18,506 --> 00:33:23,408 You must be able to know how they work, so that in case 480 00:33:23,508 --> 00:33:26,886 there are no computers made as they are today, 481 00:33:26,986 --> 00:33:34,493 you are still able to write software or systems which can decrypt the stuff. 482 00:33:36,707 --> 00:33:40,958 Of course the media where you store the encrypted data is reliable. 483 00:33:41,058 --> 00:33:46,417 And in the end you may also want to care about future archaeologists, 484 00:33:46,517 --> 00:33:52,787 who will want to look at things which happened 200 or 300 years earlier, 485 00:33:52,887 --> 00:33:57,402 and don't need to hope that a Unix machine is still running. 486 00:33:57,502 --> 00:34:02,862 They should be able to use the software or have the specifications of the data 487 00:34:02,962 --> 00:34:06,309 and how to decrypt this — if they find the key. 488 00:34:07,967 --> 00:34:10,859 Cloud services seem to be important these days. 489 00:34:10,959 --> 00:34:14,076 Cloud services of course are very problematic because 490 00:34:14,176 --> 00:34:16,286 they put all your data into the Net 491 00:34:16,386 --> 00:34:18,431 and not under your control anymore. 492 00:34:18,531 --> 00:34:22,231 There are things like ownCloud, 493 00:34:22,331 --> 00:34:27,726 where you are your own provider, your small provider. 494 00:34:27,826 --> 00:34:33,900 This is something everybody should do: use a small provider. 495 00:34:34,000 --> 00:34:39,618 It could be as small as you alone, but you may just 496 00:34:39,718 --> 00:34:43,403 bring together a group of friends, 497 00:34:43,503 --> 00:34:47,937 to share the cost of server hosting 498 00:34:48,037 --> 00:34:51,385 and set up the required services to store things and 499 00:34:51,485 --> 00:34:53,855 do whatever one can do with a server. 500 00:34:53,955 --> 00:34:58,434 You will probably find someone who is able to do this technically. 501 00:34:58,534 --> 00:35:05,034 Server hosting is cheap these days, compared to what you pay for other things, 502 00:35:05,134 --> 00:35:07,731 it's not really a problem. 503 00:35:08,479 --> 00:35:12,086 In case you need a large cloud provider, 504 00:35:12,186 --> 00:35:15,889 you're better off checking the terms and conditions of course, 505 00:35:15,989 --> 00:35:19,594 and select one which allows you to delete your data there, 506 00:35:19,694 --> 00:35:21,608 and promise it's really deleted, 507 00:35:21,708 --> 00:35:25,215 and of course that you are able to export the data. 508 00:35:27,328 --> 00:35:33,438 That the data stored in the cloud should only be accessible by you is clear for us, 509 00:35:33,538 --> 00:35:37,663 but not for most cloud providers. 510 00:35:37,763 --> 00:35:42,343 The best system I've found is Tahoe-LAFS 511 00:35:42,443 --> 00:35:45,495 (Tahoe Least-Authority Filesystem), 512 00:35:45,595 --> 00:35:50,636 which is a replicated, encrypted filesystem, 513 00:35:50,736 --> 00:35:55,115 and can be used for a cloud service. That is very cool stuff, 514 00:35:55,215 --> 00:35:59,297 and any cloud service should use this. 515 00:36:01,907 --> 00:36:07,761 Mail, yeah. Encrypt your mail. Better encrypt it with the OpenPGP protocol, 516 00:36:07,861 --> 00:36:12,259 and one of the PGP implementations, maybe GnuPG. 517 00:36:14,906 --> 00:36:18,709 If you can't use OpenPGP it might be useful to use S/MIME. 518 00:36:18,809 --> 00:36:23,223 Then, please use a self-signed certificate or a CAcert certificate. 519 00:36:23,323 --> 00:36:29,433 It's more troublesome to do this, but you should not support any of these 520 00:36:29,533 --> 00:36:33,886 commercial CAs, who sell you root certificate and 521 00:36:33,986 --> 00:36:37,460 give you back nothing, not even privacy. 522 00:36:38,828 --> 00:36:41,943 If you use X.509, which means 523 00:36:42,043 --> 00:36:46,168 encrypted websites / https, or S/MIME, 524 00:36:46,268 --> 00:36:49,970 don't really trust it, it's always possible for 525 00:36:50,070 --> 00:36:54,389 large corporations and for the secret services 526 00:36:54,489 --> 00:36:58,584 to mount a man-in-the-middle attack so that they can 527 00:36:58,684 --> 00:37:04,009 get in between and wiretap what you're doing then. 528 00:37:04,109 --> 00:37:10,216 So take care. OpenGPG at least offers the option 529 00:37:10,316 --> 00:37:13,726 to be more secure. It's harder work to do this, but 530 00:37:13,826 --> 00:37:15,484 you might want to do this. 531 00:37:15,939 --> 00:37:19,221 In general please — well, we are in a free software conference 532 00:37:19,321 --> 00:37:22,958 please use free software, but I would say this also in any other conference 533 00:37:23,058 --> 00:37:30,649 because it's harder to plant a bug into free software, 534 00:37:30,749 --> 00:37:36,754 because many people need to be convinced that this is not a bug, but a feature. 535 00:37:36,854 --> 00:37:43,560 So use Debian, Fedora or Gentoo. Better not to use Ubuntu[2], 536 00:37:43,660 --> 00:37:49,377 you're safer than using any proprietary operating system or any other software. 537 00:37:49,477 --> 00:37:56,432 If you buy this — well no, definitely no, I think. Maybe you buy CDs but... 538 00:37:57,642 --> 00:38:02,672 If you download this software, you need to go to a trusted source. 539 00:38:02,772 --> 00:38:06,341 There are several websites which offer you free software, 540 00:38:06,441 --> 00:38:10,404 which is actually the free software we have, there are case with VideoLan for example, 541 00:38:10,504 --> 00:38:14,531 and they are not trustworthy, this is bugged software, 542 00:38:14,631 --> 00:38:19,211 there is malware in this software, and it is also proprietary software. 543 00:38:19,311 --> 00:38:22,756 So pay attention to where you download your software from. 544 00:38:22,856 --> 00:38:25,973 And please don't use webmails if you can. 545 00:38:26,073 --> 00:38:29,304 If you really want to use a webmail, be your own provider, 546 00:38:29,404 --> 00:38:33,091 or have a small trustworthy provider. 547 00:38:33,191 --> 00:38:37,963 Last but not least, you should disable JavaScript. Please. 548 00:38:38,063 --> 00:38:42,317 OK, most websites are not accessible anymore then, 549 00:38:42,417 --> 00:38:46,640 so you might want to resort to NoScript, which is a Mozilla extension 550 00:38:46,740 --> 00:38:50,640 where you can configure which sites require JavaScript or not. 551 00:38:50,740 --> 00:38:52,427 You'd better do this. 552 00:38:55,125 --> 00:39:01,004 To wrap it all up, what we need to change is awareness for privacy, 553 00:39:01,104 --> 00:39:04,777 even on the Internet, in modern communications, and telephone systems, 554 00:39:04,877 --> 00:39:08,937 cell phones, and so on. We need to be aware that there are privacy concerns. 555 00:39:09,684 --> 00:39:13,779 Then we should always realize that Internet corporations sacrifice 556 00:39:13,879 --> 00:39:19,206 your privacy for their profits. That's their business model. 557 00:39:19,921 --> 00:39:25,901 And the military-industrial complex does exactly the same. They are spying, 558 00:39:26,001 --> 00:39:30,451 or let the government spy, because they can sell the goverment 559 00:39:30,551 --> 00:39:33,798 expensive software, hardware, everything. 560 00:39:35,903 --> 00:39:38,011 So we need to change this. 561 00:39:39,329 --> 00:39:42,259 What you all can do is — Please. 562 00:39:42,359 --> 00:39:48,714 The few of you who have a Facebook account should close it. 563 00:39:48,814 --> 00:39:52,667 Not only stop using it, but close it to set a precedent, 564 00:39:52,767 --> 00:39:59,456 and use alternate systems for chatting. 565 00:39:59,556 --> 00:40:04,493 Encrypt your mails. But I'been saying that for 15 years now, and... well. 566 00:40:04,593 --> 00:40:08,148 An important point is to read and understand the terms of service, 567 00:40:08,248 --> 00:40:10,553 to know what they want from you. 568 00:40:10,653 --> 00:40:14,029 I think it's important to build your own communities, and not have 569 00:40:14,129 --> 00:40:17,207 a Mark Zuckerberg build a community for you. 570 00:40:17,307 --> 00:40:21,668 Finally, if you have the resources, and the time, 571 00:40:21,768 --> 00:40:24,650 you may want to run a Tor node. 572 00:40:24,750 --> 00:40:30,150 This will help the Tor project keep anonymity for all users. 573 00:40:30,250 --> 00:40:36,474 This is a bit of work. I ran a Tor node for several years and 574 00:40:36,574 --> 00:40:41,515 spent 8 euros a month on this, but eventually I ran out of time 575 00:40:41,615 --> 00:40:44,445 to properly maintain the system, and gave up. 576 00:40:44,545 --> 00:40:47,673 So you need to have some free time to do this. 577 00:40:47,773 --> 00:40:52,384 This is what I mean by resources; it's not only the money for the server, but... 578 00:40:52,747 --> 00:40:58,544 it's required. We need to do this, we can't expect Google to run our Tor nodes. 579 00:40:59,861 --> 00:41:03,122 In the end, we're living in a surveillance world. 580 00:41:03,222 --> 00:41:05,856 That's just a fact. 581 00:41:07,305 --> 00:41:10,268 Everybody should have realized that by now. 582 00:41:10,369 --> 00:41:13,398 But fortunately we are those who can revert this. 583 00:41:13,498 --> 00:41:15,803 We know about this, so we can change it. 584 00:41:15,903 --> 00:41:20,513 You have to tell your friends and the public administration not to ask 585 00:41:20,613 --> 00:41:25,716 or send you any confidential or private information by normal email. 586 00:41:25,816 --> 00:41:29,340 They should have a key, and send it by encrypted mail. 587 00:41:29,440 --> 00:41:33,623 Tell your friends about this. It's hard to do, but they should at least 588 00:41:33,723 --> 00:41:36,619 have the mindset that it's dangerous to send 589 00:41:36,719 --> 00:41:39,946 plain, unencrypted mail with sensitive information. 590 00:41:40,046 --> 00:41:43,504 And there is a lot of it, health and everything, you know. 591 00:41:45,052 --> 00:41:48,511 If that doesn't work, which for me is 592 00:41:48,611 --> 00:41:52,990 most of the time if you do something with the public administration, 593 00:41:53,090 --> 00:41:58,128 you have a printer and put your letter into an envelope and send it out by snail mail. 594 00:41:58,854 --> 00:42:03,201 That's just safer and you're safe. Maybe they send it 595 00:42:03,301 --> 00:42:08,767 from their scan service by insecure mail further on, but 596 00:42:08,867 --> 00:42:12,160 we can't do anything about this. 597 00:42:13,379 --> 00:42:16,639 And in the end, if you want to go for a vacation and 598 00:42:16,739 --> 00:42:20,131 are looking for books at the beach, I suggest four books: 599 00:42:20,231 --> 00:42:23,753 Yevgeny Zamyatin's We, and Aldous Huxley's Brave New World, and 600 00:42:23,853 --> 00:42:28,497 George Orwell's 1984, and Philip K. Dick's The Simulacra. 601 00:42:29,485 --> 00:42:36,829 These are very good books. They're quite old, a hundred years old, 602 00:42:36,929 --> 00:42:42,166 but they tell you what happens if there is no privacy, 603 00:42:42,266 --> 00:42:46,415 if there is too much data in one hand, 604 00:42:46,515 --> 00:42:50,829 and it's quite interesting to review this after all this time. 605 00:42:51,586 --> 00:42:58,568 Another interesting article is Brave New World revisited, that Huxley 606 00:42:58,668 --> 00:43:05,287 wrote in the late 50s, I think. He revisits what he had written in 607 00:43:05,387 --> 00:43:08,549 Brave New World with the actual events of the period in mind. 608 00:43:08,649 --> 00:43:13,325 And now read it sixty years later. It's frightening. 609 00:43:15,071 --> 00:43:18,595 OK, thank you. That was my talk about privacy... 610 00:43:19,221 --> 00:43:23,668 Yeah, tell your friends they need to pay attention to this. 611 00:43:24,425 --> 00:43:26,599 Now any questions? 612 00:43:26,995 --> 00:43:29,217 (applause) 613 00:43:37,765 --> 00:43:40,399 Public: Do you hear me? Yes, I think so. 614 00:43:40,499 --> 00:43:44,081 Hostess: You can speak in French or English, as you wish, 615 00:43:44,181 --> 00:43:46,618 because there's a translation system. 616 00:43:46,718 --> 00:43:50,609 Public: Oh, OK. So I'll continue in... oh 617 00:43:50,709 --> 00:43:54,755 WK: Oh I don't really speak French so well (laugh) 618 00:43:54,855 --> 00:43:59,870 Public: You speak about webmail, “don't use it”, but 619 00:44:00,878 --> 00:44:05,137 have you some examples of non-webmails. 620 00:44:05,237 --> 00:44:13,442 I use Yahoo, Opera, Gmail, what else? 621 00:44:13,542 --> 00:44:16,019 Outlook is a non-webmail? 622 00:44:16,119 --> 00:44:17,838 No, hmm. 623 00:44:17,938 --> 00:44:24,984 What I mean by webmail is: there are two ways to access, for example, 624 00:44:25,084 --> 00:44:29,131 Google Mail... if you really want to use Google Mail. 625 00:44:29,231 --> 00:44:32,829 The usual way is to use it in your web browser, 626 00:44:32,929 --> 00:44:37,424 and there's JavaScript. The whole mail reader is running on JavaScript, 627 00:44:37,524 --> 00:44:40,829 sent from Google to you. So basically it runs on Google. 628 00:44:40,929 --> 00:44:44,247 Everything that you do, every key stroke is sent to Google 629 00:44:44,347 --> 00:44:47,777 in theory, it's optimized of course. 630 00:44:47,877 --> 00:44:48,877 That's “webmail”. 631 00:44:48,977 --> 00:44:52,188 The other thing is that Google, or other services, 632 00:44:52,288 --> 00:44:55,606 store mail, which is then accessed using IMAP 633 00:44:55,706 --> 00:44:58,424 (which means the mail is left on their servers) 634 00:44:58,524 --> 00:45:01,853 or POP3 (where the mail was on their servers and you 635 00:45:01,953 --> 00:45:04,895 fetch it from their servers). 636 00:45:07,137 --> 00:45:10,106 They can also monitor it of course, but that's 637 00:45:10,206 --> 00:45:14,365 the usual business of mail providers, and has nothing to do with webmail. 638 00:45:14,465 --> 00:45:16,842 A webmail is really using your browser, 639 00:45:16,942 --> 00:45:20,316 locked into a web page, and works on their servers 640 00:45:20,416 --> 00:45:24,350 so that you get web pages back. They are in full control 641 00:45:24,450 --> 00:45:27,532 of what you are doing. You are interacting with their server; 642 00:45:27,632 --> 00:45:30,754 that is webmail. And “non-webmail” means that you have 643 00:45:30,854 --> 00:45:33,332 your mail program running on your own machine, 644 00:45:33,432 --> 00:45:37,086 on your smartphone maybe, or on your laptop or desktop. 645 00:45:37,186 --> 00:45:40,392 There are several good mail clients, 646 00:45:40,492 --> 00:45:45,210 actually all mail clients were good before the webmail. 647 00:45:45,939 --> 00:45:51,890 There is Thunderbird, there's Claws Mail on Linux. 648 00:45:51,990 --> 00:45:55,828 Claws Mail is also available for Windows, 649 00:45:55,928 --> 00:45:58,406 and they all support encryption. 650 00:46:00,087 --> 00:46:02,510 If you look around just a bit, you'll find 651 00:46:02,610 --> 00:46:06,417 enough mail services. Of course it is convenient 652 00:46:06,517 --> 00:46:10,313 to use a webmail because you can walk to any computer 653 00:46:10,413 --> 00:46:12,750 and just log in and check your mail. 654 00:46:12,850 --> 00:46:16,084 But this computer may have been bugged, and 655 00:46:16,184 --> 00:46:19,026 there may be a key logger that looks for a password, 656 00:46:19,126 --> 00:46:22,528 and everything. And so a webmail is never secure. 657 00:46:22,628 --> 00:46:24,965 And if you're always doing it on the same box, 658 00:46:25,065 --> 00:46:31,969 it's much easier and safer to use dedicated mail reader software. 659 00:46:32,069 --> 00:46:37,152 And it's better and more convenient if you have a lot of mail. 660 00:46:37,252 --> 00:46:40,234 Does that answer your question? 661 00:46:55,218 --> 00:46:59,474 Public: There are some claims that... Is it OK, is it working? 662 00:46:59,574 --> 00:47:00,762 WK: Yes, it's OK. 663 00:47:00,862 --> 00:47:06,316 Public: Some claims that if you use Tor, in fact 664 00:47:06,416 --> 00:47:13,999 you go more quickly to the CIA on so on, because many relays of Tor 665 00:47:14,099 --> 00:47:16,916 are put by those people. 666 00:47:17,016 --> 00:47:23,154 WK: Your question is whether the use of Tor is really secure, yeah? 667 00:47:23,254 --> 00:47:28,323 Well, there are theoretical and practical attacks on the Tor network, of course, 668 00:47:28,423 --> 00:47:33,075 but they are not that easy to mount, and that's also the reason why 669 00:47:33,175 --> 00:47:40,577 I told you to run a Tor node; because it helps: the more Tor nodes there are, 670 00:47:40,677 --> 00:47:47,277 the harder it is for the agencies to subvert the system. 671 00:47:47,377 --> 00:47:51,263 Definitely you can't do mass surveillance on the Tor network, 672 00:47:51,363 --> 00:47:58,318 it's very hard to do this, and the guys, the folks working on Tor, 673 00:47:58,418 --> 00:48:04,680 are pretty up-to-date on security standards, and try to make it work well. 674 00:48:04,780 --> 00:48:09,933 There are some problems with Tor of course, but that's a trade-off, because 675 00:48:10,033 --> 00:48:15,266 it's a low-latency service, which means you can actually use SSH 676 00:48:15,366 --> 00:48:20,487 to do direct work on a different computer over the Tor network, which is 677 00:48:20,587 --> 00:48:23,206 very helpful in some cases. 678 00:48:23,306 --> 00:48:26,823 But there are some compromises that you need to make. 679 00:48:26,923 --> 00:48:31,416 A better system is of course a store-and-forward system, or GNUnet system. 680 00:48:31,516 --> 00:48:36,775 It's slower, but before we have deployed such a system, 681 00:48:36,875 --> 00:48:43,619 I think it's better to use Tor. I don't think that the NSA is able to subvert it 682 00:48:43,719 --> 00:48:49,289 unless you are their target, then you have no chance, because... 683 00:48:51,136 --> 00:48:54,769 I've been to one of these AES conferences, and 684 00:48:54,869 --> 00:49:00,223 had dinner with people from the PGP Corporation and 685 00:49:00,323 --> 00:49:07,061 an NSA officer. We were talking about strange algorithms, and so on, and 686 00:49:07,161 --> 00:49:13,740 then he said “What are you talking about? That's not an issue, we are just cheating.” 687 00:49:13,840 --> 00:49:19,442 Which means they know how to work around the random number generator, or just 688 00:49:19,542 --> 00:49:22,900 bug your computer, which is the simplest thing they can do. 689 00:49:23,000 --> 00:49:27,362 You have so much software on your machine that it's easy to 690 00:49:27,462 --> 00:49:31,850 install software which has a bug. By bug I mean 691 00:49:31,950 --> 00:49:36,380 some malware which collects information and sends it back to the NSA. 692 00:49:40,503 --> 00:49:45,155 So we have very secure algorithms, but the weakest points 693 00:49:45,255 --> 00:49:50,593 are the machines at our hand. The problem is the hardware itself. 694 00:49:50,693 --> 00:49:54,005 What we can secure is something that goes over a wire, 695 00:49:54,105 --> 00:49:59,984 and only a long wire because the radiation from the machines is easy to tap. 696 00:50:09,225 --> 00:50:12,921 Public: Is it a nonsense to use a 697 00:50:13,021 --> 00:50:18,444 well-protected operating system such as FreeBSD, 698 00:50:18,544 --> 00:50:27,968 with very open communications — RSS aggregates, or stream of news, 699 00:50:28,068 --> 00:50:37,815 such as Yahoo Pipes to aggregate and analyze the news, that have 700 00:50:37,915 --> 00:50:44,896 constant communications with my computer? Not against a government agency, 701 00:50:44,996 --> 00:50:54,082 but against a small group of direct competitors 702 00:50:54,182 --> 00:51:05,534 (not a very powerful agency but a classical competitor), or a group of hackers. 703 00:51:05,634 --> 00:51:19,679 Is it a nonsense to protect my computer and use the classical services? 704 00:51:23,063 --> 00:51:28,052 WK: The standard answer is: it depends on your threat model. 705 00:51:29,900 --> 00:51:35,080 Well, of course you should encrypt it, because it's much easier to tap a wire than 706 00:51:35,180 --> 00:51:41,178 to bug any bundle computer to install a key-logger. 707 00:51:41,278 --> 00:51:46,220 We assume that this can be done just en gros, 708 00:51:46,320 --> 00:51:49,594 so it's easy to just collect everything which goes through a wire, 709 00:51:49,694 --> 00:51:53,448 even through 10Gbit or 100Gbit fibers. 710 00:51:53,548 --> 00:51:58,909 They can just read it, they have no problem doing this. 711 00:52:05,803 --> 00:52:09,657 There are other malware, malware from the malware industry, 712 00:52:09,757 --> 00:52:17,235 which is these guys who are sending spam around and want you to buy something. 713 00:52:17,335 --> 00:52:21,880 Against these spammers, the malware industry, 714 00:52:21,980 --> 00:52:26,521 it is good to use a [non-]end-user operating system because they are not interested in that. 715 00:52:26,621 --> 00:52:30,738 They calculate 716 00:52:30,838 --> 00:52:38,603 how to get the most out of all these users of Windows or Linux or Ubuntu or 717 00:52:38,703 --> 00:52:43,900 Fedora — no, probably not Fedora — by having 718 00:52:44,000 --> 00:52:49,878 their workers write a special mail virus just for this task. 719 00:52:49,978 --> 00:52:55,835 So in this case, it is OK to do this if that's your threat. If your fear is that 720 00:52:55,935 --> 00:52:59,605 someone else knows what you're talking about, then 721 00:52:59,705 --> 00:53:07,529 you should really encrypt it, using a VPN, or even a VPN service 722 00:53:07,629 --> 00:53:11,304 so that you just have a central service for this. 723 00:53:11,404 --> 00:53:17,377 It's better than to use plain text. In my opinion, yeah. 724 00:53:18,614 --> 00:53:22,023 Public: [too low] 725 00:53:22,123 --> 00:53:32,883 WK: If you just use Jabber, and you have control over the server, 726 00:53:32,983 --> 00:53:37,466 that's secure, you can do it in plain text, because 727 00:53:37,566 --> 00:53:42,636 over the wire it's encrypted using TLS. 728 00:53:42,736 --> 00:53:46,958 That's OK, of course, if you're using a VPN. 729 00:53:47,058 --> 00:53:56,087 For example at the German embassies, they don't use encrypted mails 730 00:53:56,187 --> 00:54:01,562 for organizational reasons, but they use a VPN running between all of them. 731 00:54:02,558 --> 00:54:06,482 So it's clear text, but it's hard to tap because 732 00:54:06,582 --> 00:54:10,608 there is a layer which is encrypted in between. 733 00:54:15,039 --> 00:54:19,522 Well, it depends. That's the answer. (laugh) 734 00:54:25,024 --> 00:54:26,024 Any other questions? 735 00:54:37,928 --> 00:54:42,312 WK: Was the question how to use a Tor application? 736 00:54:42,412 --> 00:54:46,690 I think it's very useful if you are forced to use 737 00:54:46,790 --> 00:54:50,251 a proprietary operating system like Windows, or Mac. 738 00:54:50,351 --> 00:54:56,339 The Tor Bundle is really useful. It provides you with a 739 00:54:56,439 --> 00:55:00,744 browser which is configured to use Tor, and also has 740 00:55:00,844 --> 00:55:05,201 other important things pre-installed. I think it's important to use this, 741 00:55:05,301 --> 00:55:06,688 yeah, if you have... 742 00:55:06,927 --> 00:55:13,172 Public: But in my case I've got no PC, I've got no computer, 743 00:55:13,272 --> 00:55:20,404 I'm used to go to cyber, and sometimes I am getting my mail, and 744 00:55:20,504 --> 00:55:27,221 simultaneously I go to websites and notice that I was 745 00:55:27,321 --> 00:55:37,582 more or less spied on. So, I mean, in my case, is it useful to use Tor? 746 00:55:37,682 --> 00:55:42,905 I've got no computer, but I go to cybercafés. 747 00:55:43,005 --> 00:55:48,072 WK: If you don't have your own computer under control, 748 00:55:48,172 --> 00:55:52,313 well you should at least use some trusted computer. 749 00:55:52,413 --> 00:55:58,501 If you don't do this, we can't secure anything. 750 00:55:59,807 --> 00:56:10,540 Public: What about the e-mail? Is it useful to have a professional 751 00:56:10,640 --> 00:56:15,255 instead of Hotmail or whatever? 752 00:56:16,933 --> 00:56:22,627 WK: You mean an e-mail provider instead of these services like Google Mail or... 753 00:56:22,727 --> 00:56:25,271 Public: Yeah, a professional one. 754 00:56:28,076 --> 00:56:32,324 WK: I can't tell you because I'm running my own mail server, 755 00:56:32,424 --> 00:56:37,337 and that is something I said: get together a group, 756 00:56:37,437 --> 00:56:41,920 and setup your own server. It can even provide webmail for you, and 757 00:56:42,020 --> 00:56:47,614 of course a mail server. That is a bit of work, but not too much work, 758 00:56:47,714 --> 00:56:53,430 if you know someone who has the capabilities to take care of 759 00:56:53,530 --> 00:57:01,008 a server, and to run a mail server — it's the first thing you install on any server. 760 00:57:01,401 --> 00:57:09,450 Of course it's some work to maintain it. A small mail provider is definitely better 761 00:57:09,550 --> 00:57:11,656 than a large one. 762 00:57:11,756 --> 00:57:13,459 Public: Yeah, OK OK. 763 00:57:18,811 --> 00:57:21,406 Public: [too low] 764 00:57:22,298 --> 00:57:28,512 WK: Ah, yes, well... (laugh) 765 00:57:29,487 --> 00:57:41,936 I wish the XMPP-, aka Jabber-based audio worked better. 766 00:57:42,036 --> 00:57:46,000 I expect that it will soon happen. I heard that Jitsi 767 00:57:46,100 --> 00:57:52,036 is a tool that does very well. I think this is much better than this 768 00:57:52,136 --> 00:57:57,747 complicated SIP system — that everyone else is using 769 00:57:57,847 --> 00:58:07,385 because SIP tries to do the same as the classical telecommunication system. 770 00:58:07,485 --> 00:58:16,315 It is designed as a replacement for it. And what Jabber or XMPP does is much 771 00:58:16,415 --> 00:58:26,326 more similar to the Internet, so basically it's a kind of free Skype. 772 00:58:28,528 --> 00:58:34,637 I'm not using that, I'm using a classical telephone, because it's so cheap. 773 00:58:34,737 --> 00:58:42,351 But soon it's also going to be Internet, because most providers are changing their infrastructure 774 00:58:42,451 --> 00:58:49,535 to be IP-only. So in the end there is no difference whether you use Internet or plain telephony. 775 00:58:49,635 --> 00:58:55,456 In the end, there are IPv6 packets running around. 776 00:58:59,284 --> 00:59:04,265 I think there is no real good software which is easy to install. So 777 00:59:04,365 --> 00:59:10,170 all these commercial offers are much better from the user-interface standpoint. 778 00:59:12,416 --> 00:59:13,416 Most of them. 779 00:59:22,304 --> 00:59:24,481 Hostess: One last question. 780 00:59:29,747 --> 00:59:32,876 Public: Considering we know that the wires can be spied on, 781 00:59:32,976 --> 00:59:36,886 can we consider something like STARTTLS safe or not? 782 00:59:36,986 --> 00:59:39,557 If someone can spy on the wires, then can 783 00:59:39,657 --> 00:59:43,883 they easily decrypt this STARTTLS session, or is it still hard... 784 00:59:43,983 --> 00:59:47,008 WK: No. Using STARTTLS, 785 00:59:47,108 --> 00:59:52,016 which means the mail between the mail servers is encrypted, 786 00:59:52,116 --> 00:59:58,356 is a very good thing to do, because, it doesn't withstand any targeted attack but 787 00:59:58,456 --> 01:00:02,289 what you see, or what they wiretap or see on the line, is encrypted 788 01:00:02,389 --> 01:00:06,777 and they can't do anything about it — unless they are 789 01:00:06,877 --> 01:00:10,892 mounting an active man-in-the-middle attack. 790 01:00:11,623 --> 01:00:16,872 It depends a little bit on the algorithms used, but 791 01:00:16,972 --> 01:00:22,902 using STARTTLS is better than using 792 01:00:23,002 --> 01:00:27,386 end-to-end encryption because more mail is encrypted or 793 01:00:27,486 --> 01:00:31,471 hidden from the ears of the services then. 794 01:00:32,599 --> 01:00:37,611 Because they need to catch up and find ways to tap us anyway, 795 01:00:37,711 --> 01:00:45,105 which is much more complicated to do since they need to mount an active man-in-the-middle. 796 01:00:45,205 --> 01:00:47,530 Active man-in-the-middle means that 797 01:00:47,630 --> 01:00:51,450 they need to decrypt this and then encrypt it again for the next one. 798 01:00:51,550 --> 01:00:54,387 So they can't just tap it. 799 01:00:56,310 --> 01:00:57,630 Public: OK, OK. 800 01:00:59,919 --> 01:01:00,934 WK: That's it? 801 01:01:01,256 --> 01:01:03,852 Hostess: I think it's really great. 802 01:01:04,298 --> 01:01:07,287 WK: Thank you for your attention.