The thing is that u/electricJellyfish might be crude but he's not wrong. Not using encryption in today's world, particularly for critical comms, is absolutely retarded.
There are some solutions that have a fairly low bar of entry that are worth considering. Silex manufactures devices that can communicate over the license-exempt sub-1GHz band that could be used to build a mesh network for your neighborhood. You could then run encrypted platforms on top of this.
As long as Internet access is still available, Signal is still your best bet. While the server implementation is closed source, the client is fully open. There's also Matrix if you prefer a fully open network and protocol.
I appreciate the answer and I agree. My main point is that comma are a huge issue. Then, We are pressed for time if anything goes down and any solution needs to be boomer ready. My local “gun club” uses their own conversational encryption, as should anyone who uses such devices. There’s 50 nicknames for the average member.
But your answer is probably the best we have. Rolling mobile numbers are useful
You do raise a good point about "boomer ready." None of these technological solutions qualify, because they're often highly technophobic. Some are willing to learn enough to use a smartphone, but that's not true for the plurality of people. This is a problem.
The unfortunate reality is that "conversational encryption" is highly ineffective against cryptanalysis as there's an insufficient amount of entropy to mask the meaning of each statement as it is conveyed over the radio. It also works at a high enough level that as soon as certain meanings can be deduced, related context can be further elucidated by listening to conversations sampled over time. As an example, the only reason Navajo code talkers were successful was due to their comparative obscurity and rarity; that they were using a layered code (code words embedded in a language the Japanese had no idea how to translate) provided additional protection, but the fundamental security was embedded in the fact the cryptosystem--if you will--exploited a means unavailable to the Japanese.
Given enough time, money, and interest, they might've been able to decipher it, but access to anyone who could speak Navajo was almost certainly limited to the continental US. It's not something that should be counted on though. Leastwise, not over a longer term whereby potential adversaries may eventually break otherwise simple codes.
It's also why simple Caesar ciphers (also known as simple replacement ciphers) have never been considered secure. One such example is ROT13 which shifts the alphabet by 13 places. You can see why this would be ineffective.
The other problem with conversational encryption is that it fails the forward secrecy test. Forward secrecy defines whether or not a message that has been captured can be decoded at a future point by deducing the methods or the keys used to encrypt the ciphertext. In the case of conversational encryption, once the "code" is deduced, all prior messages can be deciphered ad infinitum.
Electronic systems that implement perfect forward secrecy are more resistant to this form of attack because keys are renegotiated periodically during the connection. This is the case with more recent versions of TLS (that you use on HTTPS sites); even if the server's private keys are leaked, new keys are derived between the client and server such that any captured communications between the two cannot be deduced unless the ephemeral keys are extracted. It's not impossible, of course, but it would require a weakness either in terms of the key exchange protocol or a weakness in the key derivation. That's why quantum crypto is vaguely concerning since it would allow most key exchange protocols to be broken since they rely on prime factoring. Fortunately, we're almost certainly decades away from this point.
I apologize for the essay, however. Cryptography is a point of interest for me, and as a systems implementer, I use a variety of cryptographic libraries on a regular basis. So some knowledge of how they work is required in order to implement them securely.
But yes, all of this is moot if the people who would be required to use such systems are technophobic or averse to its use because they might not understand it. This is incredibly unfortunate, because strong cryptography absolutely will confound potential adversaries.
There's a ton more I could write on the subject, but I don't want to bore you anymore than I no doubt already have.
My simple point was that they could run some AI and disable all comms
Now say a local “gang” was raiding your area. It might be useful to have simple analog devices used minimally and cryptically. Idk what the other option is
TBH "ease of use" and "durable" are unfortunately antithetical to the "other option," which would be an easy to use, highly secure system.
I'm afraid to say that "easy" and "secure" combined are two as yet unsolved problems, because even highly simplified systems that combine strong crypto (think Signal) can still be subverted. Without some knowledge of how that's possible, it can expose the user to a platform they think is secure but really isn't.
As an example, if you're talking with someone whom you've spoken to before on Signal, it will record fingerprints of their public key. If that ever changes, you should assume that their device or account have been compromised and need to re-verify their key fingerprints out-of-band (telephone, email, radio, whatever).
If you expected most people will just dismiss the warning dialog that tells them the person they think they're talking to isn't who they claim to be, well, you'd be right.
I don't think the human part of any of these equations is well-solved, sadly. I don't think it will ever be.
I don't believe they can turn the internet off. They need the masses in their shackles.
Exactly right. That, and there's different backbone providers who would all have to cooperate. Plus too many companies that depend on it.
There are some providers who lease time on the private Internet--i.e. backbones bought and paid for by companies for comms between their own datacenters who sometimes sell spare capacity. Even if some major backbones were down, you might be able to find some VPS providers who lease their spare bandwidth.
Element (via matrix.org) is another option if you're looking for something that's pretty easy to set up and can be figured out by people without too much fuss. It does require use of the Matrix protocol.
I have a suspicion protonmail is run by the NSA.
Possibly. They're based out of Switzerland, so it's hard to say.
That said, email is still another (low tech?) alternative that's perfectly viable if you combine it with something like GNUPG, with the noteworthy exception that GNUPG is a bit painful to use. Plus side is that it doesn't matter who the provider is.
The thing is that u/electricJellyfish might be crude but he's not wrong. Not using encryption in today's world, particularly for critical comms, is absolutely retarded.
There are some solutions that have a fairly low bar of entry that are worth considering. Silex manufactures devices that can communicate over the license-exempt sub-1GHz band that could be used to build a mesh network for your neighborhood. You could then run encrypted platforms on top of this.
As long as Internet access is still available, Signal is still your best bet. While the server implementation is closed source, the client is fully open. There's also Matrix if you prefer a fully open network and protocol.
I appreciate the answer and I agree. My main point is that comma are a huge issue. Then, We are pressed for time if anything goes down and any solution needs to be boomer ready. My local “gun club” uses their own conversational encryption, as should anyone who uses such devices. There’s 50 nicknames for the average member.
But your answer is probably the best we have. Rolling mobile numbers are useful
You do raise a good point about "boomer ready." None of these technological solutions qualify, because they're often highly technophobic. Some are willing to learn enough to use a smartphone, but that's not true for the plurality of people. This is a problem.
The unfortunate reality is that "conversational encryption" is highly ineffective against cryptanalysis as there's an insufficient amount of entropy to mask the meaning of each statement as it is conveyed over the radio. It also works at a high enough level that as soon as certain meanings can be deduced, related context can be further elucidated by listening to conversations sampled over time. As an example, the only reason Navajo code talkers were successful was due to their comparative obscurity and rarity; that they were using a layered code (code words embedded in a language the Japanese had no idea how to translate) provided additional protection, but the fundamental security was embedded in the fact the cryptosystem--if you will--exploited a means unavailable to the Japanese.
Given enough time, money, and interest, they might've been able to decipher it, but access to anyone who could speak Navajo was almost certainly limited to the continental US. It's not something that should be counted on though. Leastwise, not over a longer term whereby potential adversaries may eventually break otherwise simple codes.
It's also why simple Caesar ciphers (also known as simple replacement ciphers) have never been considered secure. One such example is ROT13 which shifts the alphabet by 13 places. You can see why this would be ineffective.
The other problem with conversational encryption is that it fails the forward secrecy test. Forward secrecy defines whether or not a message that has been captured can be decoded at a future point by deducing the methods or the keys used to encrypt the ciphertext. In the case of conversational encryption, once the "code" is deduced, all prior messages can be deciphered ad infinitum.
Electronic systems that implement perfect forward secrecy are more resistant to this form of attack because keys are renegotiated periodically during the connection. This is the case with more recent versions of TLS (that you use on HTTPS sites); even if the server's private keys are leaked, new keys are derived between the client and server such that any captured communications between the two cannot be deduced unless the ephemeral keys are extracted. It's not impossible, of course, but it would require a weakness either in terms of the key exchange protocol or a weakness in the key derivation. That's why quantum crypto is vaguely concerning since it would allow most key exchange protocols to be broken since they rely on prime factoring. Fortunately, we're almost certainly decades away from this point.
I apologize for the essay, however. Cryptography is a point of interest for me, and as a systems implementer, I use a variety of cryptographic libraries on a regular basis. So some knowledge of how they work is required in order to implement them securely.
But yes, all of this is moot if the people who would be required to use such systems are technophobic or averse to its use because they might not understand it. This is incredibly unfortunate, because strong cryptography absolutely will confound potential adversaries.
There's a ton more I could write on the subject, but I don't want to bore you anymore than I no doubt already have.
That’s interesting to me, thanks. I agree.
My simple point was that they could run some AI and disable all comms
Now say a local “gang” was raiding your area. It might be useful to have simple analog devices used minimally and cryptically. Idk what the other option is
TBH "ease of use" and "durable" are unfortunately antithetical to the "other option," which would be an easy to use, highly secure system.
I'm afraid to say that "easy" and "secure" combined are two as yet unsolved problems, because even highly simplified systems that combine strong crypto (think Signal) can still be subverted. Without some knowledge of how that's possible, it can expose the user to a platform they think is secure but really isn't.
As an example, if you're talking with someone whom you've spoken to before on Signal, it will record fingerprints of their public key. If that ever changes, you should assume that their device or account have been compromised and need to re-verify their key fingerprints out-of-band (telephone, email, radio, whatever).
If you expected most people will just dismiss the warning dialog that tells them the person they think they're talking to isn't who they claim to be, well, you'd be right.
I don't think the human part of any of these equations is well-solved, sadly. I don't think it will ever be.
I don't believe they can turn the internet off. They need the masses in their shackles.
Therefore: what do you think about bitmessage?
You'd have to advocate older tech for internet only devices with no gps, but it seems simple enough.
I have a suspicion protonmail is run by the NSA.
Exactly right. That, and there's different backbone providers who would all have to cooperate. Plus too many companies that depend on it.
There are some providers who lease time on the private Internet--i.e. backbones bought and paid for by companies for comms between their own datacenters who sometimes sell spare capacity. Even if some major backbones were down, you might be able to find some VPS providers who lease their spare bandwidth.
Never used it, but their cryptographic implementation seems reasonable. They're using the same elliptic curve crypto Bitcoin uses, which is well-vetted at this point.
Element (via matrix.org) is another option if you're looking for something that's pretty easy to set up and can be figured out by people without too much fuss. It does require use of the Matrix protocol.
Possibly. They're based out of Switzerland, so it's hard to say.
That said, email is still another (low tech?) alternative that's perfectly viable if you combine it with something like GNUPG, with the noteworthy exception that GNUPG is a bit painful to use. Plus side is that it doesn't matter who the provider is.