Dmitry Volkov - Private messengers: without pain??

0c988f4618b436b14ce6ddcecd52d11d?s=47 DC7499
November 10, 2018

Dmitry Volkov - Private messengers: without pain??

2018 is rolling by, and we have two kinds of messengers in store: those with gov't IDs as handles, fancy stickers, and used by everyone, and Jabber. Clearly, first ones, with their custom military-grade (opt-in) encryption aren't only useless to get snow, but also harmful for the civil society. Why, till when, e2e for the man, what to do now and what to do then: for good folk and red-eyed fringe.

0c988f4618b436b14ce6ddcecd52d11d?s=128

DC7499

November 10, 2018
Tweet

Transcript

  1. Private messengers: without pain?? Dmitriy Volkov wldhx@wldhx.me FB527CDAC1176535A4CF9B4C0E8CB6EC231EDDFE

  2. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV vectors Technical, hard, mathy: what

    crypto we need in precise terms, metadata-leak- minimizing routing, etc. Publicism: what’s the problem, what to do both concretely and generally, why are we where we are, what to do for a better future Politics and social sense plan “Building a messenger in three easy steps” The Privacy Problem Abridged Untrusting server What To Do Right Tomorrow Morning What To Do After That | A Vision Of Reasonably Better And Very Specific Proposals +°C Untrusting more Fun holes
  3. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v0.1 (telnet) TCP/HTTP

  4. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v0.1 (telnet) ISP СОРМ

    РКН
  5. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v0.1 (telnet) ISP СОРМ

    РКН • Confidentiality
  6. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v0.1 (telnet) ISP СОРМ

    РКН • Confidentiality • Integrity
  7. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v0.1 (telnet) ISP СОРМ

    РКН • Confidentiality • Integrity • Authentication
  8. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v1.0 ISP СОРМ РКН

    • Confidentiality • Integrity • Authentication TLS
  9. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v1.0 ISP СОРМ РКН

    • Confidentiality • Integrity • Authentication TLS
  10. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV If, technologically, it is possible

    to make an impenetrable device or system where the encryption is so strong that there's no key - there's no door at all - then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? – Barack Obama
  11. Privacy w/o asbestos • Privacy Freedom, Private ~ Powerful ⇒

    • Positive right • CVC code, passport #, mother’s maiden name • “Mere collection of information” • Information Abuse (models): gov’t, corp, ind ⇒ • Knowledge of ^ → Self-censorship – → Erosion of std freedoms, i.e. Expression, Assembly, Association – “Social credit” • Fatalism: just say no; and it’s not about you • Concrete examples seem to not help so much https://www.abc.net.au/news/2015-08-24/metadata-what-you-found-will-ockenden/6703626 https://robindoherty.com/2016/01/06/nothing-to-hide.html In the 1920s being Jewish in Germany was perfectly legal. Not long after it was not. In the 1930s being Japanese in the USA was perfectly legal. After 1942 it was not. 1947 - “Hollywood Ten” 2008? - TSC No Fly https://news.ycombinator.com/item?id=4105485 Doctorow, Schneier https://moxie.org/blog/we-should-all-have-something-to-hide/
  12. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v1.0 ISP СОРМ РКН

    • Confidentiality • Integrity • Authentication TLS
  13. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v1.0 I have dataz!

    ISP СОРМ РКН • Confidentiality • Integrity • Authentication TLS I reliez on PKI!
  14. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v1.0 I have dataz!

    ISP СОРМ РКН • Confidentiality • Integrity • Authentication TLS I reliez on PKI! HPKP
  15. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v2.0 (Signal) I have

    blobs. ISP СОРМ РКН TLS I reliez on PKI! HPKP e2e network data
  16. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Messenger v2.0 (Signal) I have

    blobs. ISP СОРМ РКН TLS I reliez on PKI! HPKP e2e network data • Only specific case • Metadata
  17. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV import Crypto.Saltine import Crypto.Saltine.Core.Box (pkA,

    skA) ← newKeyPair (pkB, skB) ← newKeyPair n ← newNonce let ciphertext = box pkA skB n “mow” print (boxOpen pkB skA n ciphertext) NaCl / libsodium
  18. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Only specific case • Search

    • Aggregation • Compression • Anything you could want in a normal client- server application https://eprint.iacr.org/curr/ Homomorphic encryption SGX DO NT WO RK
  19. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Metadata I have blobs. ISP

    СОРМ РКН TLS I reliez on PKI! HPKP e2e network data Me loggin’ dem packezz Me loggn’ app-specific datas! User1→user2 at t! https://secushare.org/2011-FSW-Scalability-Paranoia
  20. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Metadata • “Who, to whom,

    when” • Information exchange graph * t • Social graph * t • Juicy to connect to other info, like phone numbers → cell towers → position • You using a burner phone doesn’t help ‘cause social graph Metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content. – NSA General Counsel Stewart Baker We kill people based on metadata. – CIA General Michael Hayden
  21. None
  22. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV WhatsApp • E2E with “return

    True” device verification • Leaks contacts • Proprietary (i.e. unsecure and only available on blessed platforms) • Facebook
  23. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Telegram • Unsecure by default

    • Secret chats can’t really be used • Phone#s • Stores contacts in plain-text • Weird crypto • https://news.ycombinator.com/item?id=6936539 • https://habr.com/post/206900/ • https://eprint.iacr.org/2015/1177 • Doesn’t guarantee ordering
  24. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Skype • http://habrahabr.ru/post/133555/ • https://twitter.com/navalny/status/2686457792

    19030016 • http://community.skype.com/t5/Security-Privacy -Trust-and/Vulnerability-allows-to-permanently -delete-any-skype-account-by/td-p/4222445 • https://windowsreport.com/recognize-sign-in-de tails-skype-windows-10/ @zhovner
  25. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV XMPP • UX very much

    • Lack of coordination at times, OTR / OMEMO • Doesn’t build reliability in • /me hasn’t seen working AV in a few years • “Advanced” features require work to work
  26. /

  27. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV What to do.

  28. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV What to do. Now-ish.

  29. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Mainstream Viber, WhatsApp, Skype, etc.

    Activists XMPP Fringe IRC over Tor?, XMPP, Tox Mainstream Signal/Wire, Matrix Activists Matrix, XMPP Fringe XMPP, Briar WhatsApp Signal Telegram Matrix, Wire XMPP Matrix XMPP XMPP (Conversations.im, Dino.im) IRC/Tor Briar Transient chats Secret chats (journalists) General tech-y General “I don’t have a computer” Unsustainable?
  30. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV XMPP Wire Matrix IMO

  31. None
  32. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Sociohistoric context • Unregulated. Ish.

    “Mass media”? • External funding, by parent company or investors; exceptions few (Threema) • Lowest common denominator isn’t worth much • Corps want walled gardens • Govts want censorship & surveillance • Enthusiasts have limited time and coordination • Innovators want money and cheap PR, not public good • Tools have narratives and agendas • YA “Tragedy of commons”
  33. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Metadata • “Who, to whom,

    when” • Information exchange graph * t • Social graph * t • Juicy to connect to other info, like phone numbers → cell towers → position • You using a burner phone doesn’t help ‘cause social graph Metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content. – NSA General Counsel Stewart Baker We kill people based on metadata. – CIA General Michael Hayden
  34. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Metadata I have blobs. ISP

    СОРМ РКН TLS I reliez on PKI! HPKP e2e network data Me loggin’ dem packezz Me loggn’ app-specific datas! User1→user2 at t! https://secushare.org/2011-FSW-Scalability-Paranoia
  35. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Solving (for) metadata • Strategy:

    encrypt and obfuscate every thing not on a trusted device • In transit and at rest • Open or closed network?
  36. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Solving metadata: transit 1)Cover traffic

    2)Framing 3)Mixnets 4)Unpredictable routing Tor doesn’t solve all problems, but “the solution” seems conceivable (some would argue existing) https://www.schneier.com/blog/archives/2011/03/detecting_words.html
  37. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Solving metadata: rest • Users’

    devices and non-users’ • A “classical” server clearly doesn’t cut it (moreso a VPS from BigUSCo) • More servers–more trouble • One solution: SGX https://signal.org/blog/private-contact-discovery/
  38. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Solving metadata: rest • Users’

    devices and non-users’ • A “classical” server clearly doesn’t cut it (moreso a VPS from BigUSCo) • More servers–more trouble • One solution: SGX • Other solution: P2P* https://signal.org/blog/private-contact-discovery/
  39. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV The Vision • Centralization is

    doomed to fail; • Federation* is doomed to centralize; • Only Swarm prevails. *”Classical”, like email or XMPP
  40. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV The Vision • Open P2P

    doesn’t work; • Should work; • Gotta get there.
  41. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV The Vision • To: make

    F2F work effortlessly, • And plan for P2P, • But remember and use CAP.
  42. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV The Vision ∧ Secure ∧

    No centralized auth ∧ Log sync ∧ E2E ∧ AV ∧ Files ∧ FS ∧ Rooms ∧ FLOSS ∧ Simple clients ∧ Servers are, but unnecessary ∧ Self-hosting made great again https://github.co m/ChALkeR/whining s/blob/9b960462bc 2de685f118f0ccb46 095aeeda99e01/Ins tant-messaging.md (abridged) Mobile devices: if no direct connection, then their “guard” through the very same net level as S2S, but tweaked for power (i.e. less cover traffic)
  43. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV The Vision • Beyond messaging:

    applications • v0: trusted servers (better than now ‘cause they belong to users) • vN: new crypto and data structures galore
  44. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV vN example: Tinder’ • Secure

    dot product: https://grothoff.org/christian/habil.pdf, p7.4 • Symmetric smth ZK with blind arbiter: @chalker
  45. None
  46. None
  47. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV voting consensus identity cadet secretsharing

    set dht core block fs datastore ats nse datacache peerinfo hello transport exit tun dnsstub vpn regex pt dns dnsparser gnsrecord zonemaster namestore gns revocation conversation speaker microphone nat fragmentation topology hostlist scalarproduct secushare social multicast psyc psycstore rps
  48. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV WhatsApp Signal Telegram Matrix, Wire

    XMPP Matrix XMPP XMPP (Conversations.im, Dino.im) IRC/Tor Briar Transient chats Secret chats (journalists) General tech-y General “I don’t have a computer” https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU/edit https://github.com/ChALkeR/whinings/blob/9b960462bc2de685f118f0ccb46095aeeda99e01/Instant-messaging.md
  49. wldhx@wldhx.me 231EDDFE DEFCON Moscow XV Additional time • Ones I

    didn’t mention • More on this “new internets” business and applications • More on $msg_name • Blockchain iNnOvAtIoN • Even more speculative ideas (secushare)