Hello, The original message below about my PhD thesis sent to this list was not sent by me. I do not use protonmail and while I find the impersonation to be a kind of semi-creepy flattery, it may be something worse, of course. I'd encourage people to download my thesis from the university library [0] or my university home page. I had no interest in advertising the thesis here and I was mildly surprised to see it pop up on the list, especially sent by someone using my name with all the implications included. With that said, it has been sent to the list and I hope it is an interesting read for people who want to read it. Unlike my university library, the PDF on my home page [1] does not watermark or edit the PDF on a per visitor basis. The PDF on my home page is also slightly revised because of an unexpected book printing error. The PDF on my home page also has an improved general index, it fixes a small number of typographical issues, and of course it should fix the surprising last minute print alignment errors. People who want a printed copy are welcome to contact me privately by email. I will probably mail you a book or maybe I will hand it to you personally. The book is not for sale, and I probably won't send it to people who won't read it. I have a limited number of printed books that I am mailing myself at my own personal expense. I want to encourage paper book readers to read it as well. With that said - I find the PDF much more readable because of the extensive use of hyperlinks and cross referencing, also it's trivial to search a PDF and less so for a printed book. The general index in both the PDF and the book should make it possible to ask smart questions of the thesis directly. For example - look up a vendor or product, find out if they are a collaborator or a target of large-scale adversaries (or perhaps find that they are missing!), read the original source documents, study the listed implants for the vendor in question, and then it should be possible to consider how it could impact you in your everyday life. It is not comprehensive of all the implants or programs known in the world and things left out are not a critique of other research. There is much work to be done in cataloging and indexing a worldwide history of capabilities and programs. Bugged Planet [2], Cryptome [3], and WikiLeaks [4] remain useful for finding further original source documents and analysis of information on these topics. As usual with this mailing list like many other forums, we can expect some folks to dismiss matters written about in the thesis. Surveillance targets and other politically exposed persons in danger are frequently attacked by such people. We can also expect that those same people will not discuss the substantial facts or cryptographic designs, except superficially if at all, and they will attempt to distract, divide, disrupt, degrade, and destroy. The usual JTRIG playbook is to be expected when discussing topics such as JTRIG (see chapter 4) and especially other secret services who collaborate with JTRIG directly (again see chapter 4). Even those who simply wish to copy their methods or obtain similar results will draw out a defense of some capabilities; capabilities whose very existence is an abuse by relying on suspect interpretations of law and politics (again see chapter 4). In the usual spirit of the cypherpunks I encourage readers to ignore any bad faith trolling by using client side filtering. We can expect that the usual or even new elements of the controlled opposition (especially in the anglophone-sphere) will seek to make it personal, to speak poorly of individuals, and they will also denigrate the struggles and issues faced by those individuals. They will also project their own issues on others, and of course they will try to draw out personal and professional fights relentlessly. We may also see flooding of messages about many topics - like a manic eruption to distract any would be reader by burying this email reply among many other emails. I encourage everyone to ignore such bad faith engagements; this thesis is part of a different conversation with different goals. I hope this thesis sparks further discussion among those cypherpunks who are still writing Free Software for all of humanity and that it helps potential users who want to protect their own privacy and security. I hope that any discussion enhances how we build what we need to build, and that the results are usable by regular people. There is still much to be done - but I firmly believe we can make huge progress in protecting traffic in our own autonomous spaces (homes, cafes, conferences, etc), and ideally we can also make the same progress with the Internet as well. Specific protocol design and implementation discussions using the issue tracker pages of Vula [5] and REUNION [6] are welcome. Kind regards, Jacob [0] https://research.tue.nl/en/publications/communication-in-a-world-of-pervasiv... [1] https://www.win.tue.nl/~jappelba/Communication_in_a_world_of_pervasive_surve... [2] https://buggedplanet.info/index.php?title=Main_Page [3] https://cryptome.org/ [4] https://www.wikileaks.org/ [5] https://vula.link/ [6] https://rendezvous.contact/ On 3/30/22, Jacob Appelbaum <jakeappelbaum@protonmail.com> wrote:
Communication in a world of pervasive surveillance Citation for published version (APA): Appelbaum, J. R. (2022). Communication in a world of pervasive surveillance: Sources and methods: Counter- strategies against pervasive surveillance architecture. Eindhoven University of Technology. Document status and date: Published: 25/03/2022 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement: www.tue.nl/taverne Take down policy If you believe that this document breaches copyright please contact us at: openaccess@tue.nlproviding details and we will investigate your claim.
Wer die Wahrheit nicht weiß, der ist bloß ein Dummkopf. Aber wer sie weiß und sie eine Lüge nennt, der ist ein Verbrecher." 1 — Bertold Brecht, Das Leben des Galilei, Seite 71
Appelbaum, Jacob R.. /Communication in a world of pervasive surveillance : Sources and methods: Counter-strategies against pervasive surveillance architecture. Eindhoven : Eindhoven University of Technology, 2022. 327 p. https://research.tue.nl/en/publications/communication-in-a-world-of-pervasiv...
Best Regards
On 3/31/22, grarpamp <grarpamp@gmail.com> wrote:
https://research.tue.nl/en/publications/communication-in-a-world-of-pervasiv... Appelbaum, Jacob R.. /Communication in a world of pervasive surveillance : Sources and methods: Counter-strategies against pervasive surveillance architecture. Eindhoven : Eindhoven University of Technology, 2022. 327 p.
CHAPTER 1 Introduction
"Wer die Wahrheit nicht weiß, der ist bloß ein Dummkopf. Aber wer sie weiß und sie eine Lüge nennt, der ist ein Verbrecher." 1 -- Bertold Brecht, Das Leben des Galilei, Seite 71
Electronic surveillance systems, in their twenty-first century totality, create an environ- ment of pervasive surveillance where most, if not all, communications channels are mon- itored in some capacity. Sociologists and other academic researchers define surveillance in many different ways [Mar15]. We consider the definition from Lyon from Surveillance Studies: "any systematic, routine, and focused attention to personal details for a given pur- pose (such as management, influence, or entitlement)" [Lyo14]. Today's Internet is the pri- mary terrain of struggle [GBC11, Kat90, Her00, Ziz08, Cun15, GE07] between those com- mitted to attacking electronic communications, whether in targeted [Bam16] surveillance of individuals or indiscriminate mass surveillance [Eur18, Eur78, Eur06, Eur84, Eur10, Eur87, Eur15, Eur16] of whole populations, and those committed to securing communi- cations from attack. The two most prevalent surveillance adversaries are state [Gre14b] and corporate [Zub19, Int21a, Int21b] actors, though in some situations there is no meaningful distinc- tion between these. Fusion Centers [Wik21i] for example, are an American domestic intelligence apparatus that aggregates data provided by government agencies, corpora- tions, and private persons, resulting at times in Americans being persecuted for engaging in constitutionally protected activities. Surveillance data of all kinds collected from other terrains [Goo21, War15b] readily merges into the Internet's IP traffic flows. This collec- tion is not merely through passive observation of our communications, but also through active interaction and exploitation, along with analysis of behavioral data, other systems data, and data at rest. To name just a few examples: · In-person, face-to-face meetings when personal or professional electronic equip- ment is present in the same room [ATL06, CCTM16]. · Targeted and mass surveillance of telephone metadata and call content [SM13, GS14]. · Targeted and mass surveillance of postal mail [Nix13]. · Public and private video surveillance, especially when used in tandem with machine learning for identification based on height, gait, and/or facial structure among oth- ers [EKGBSBA16]. · Stylometry of written text to identify anonymous authors [BAG12]. · Analysis of video and images of biological structures such as veins, ear shape, as well as of body modifications such as piercings and tattoos [RP14]. As new sources of data become available in nearly every realm of life, we find new surveil- lance tools being designed to exploit them. Understanding these surveillance practices is critical for building defenses. It is now commonly understood that the US Government does "kill people based on metadata" [Col14] including children [Sca13a, Bon13, Kri19, AR21], intentionally 2 and unintentionally. The state's capacity for violence is enhanced with additional surveillance capabilities. Historical as well as contemporary use of data and metadata to socially sort [Lyo03] has enabled human rights abuses such as persecuting political refugees [CM+ 17, DNI21], assassinations [Col14] and genocide [Bla12]. Modern proponents of both targeted and mass surveillance regularly claim that grant- ing authorities surveillance powers will help to prevent terrorist acts. We know that while this is sometimes true [EM13, BSSC14], it is often false, with disastrous conse- quences [GRS14, Rot15]. We also know that the existence of interception capabilities puts both the operators [Bam16] and users of communication infrastructure at direct risk, and that the same surveillance methods intended for terrorists are diverted to tar- geting democratically elected leaders [JAS13]. This leads us to ask: In order to protect our societies from terrorist acts, must we leave ourselves vulnerable? Is it worth the trade-off to occasionally catch the least competent would-be terrorists, corrupt officials, spies, criminals, and thieves? The questions themselves seem absurd when the answer promotes criminality of all kinds: corporate espionage, economic warfare, government espionage, human-rights violations, lawfare, so-called "targeted killings" (assassinations), untargeted killings, etc. Yet an affirmative answer to those questions is an observable na- tional policy in countries around the world. The deployment of standardized communications protocols in the last century made it possible to perform surveillance in a highly automated fashion. We investigate some of these surveillance systems extensively with help from documents exposed by whistle- blowers, known and unknown, or other anonymous insiders. We compare the intentions and stated beliefs of surveillance adversaries with those of protocol designers, who in recent years have belatedly started to introduce the term surveillance, and later mass surveillance, into Internet-related protocol publications [FT14, BSJ+ 15a].
1 "He who does not know the truth is merely a fool. But whoever knows it and calls it a lie is a criminal." 2 The President of The United States of America is directly involved in some assassination decisions [Poi14, Par15], something of an explicit concern [Ken11] to the founders of the country.