Threat Model: Parents

Gadit Bielman thetransintransgenic at gmail.com
Tue Jun 2 14:10:40 PDT 2015


Yes, I am. I'm assuming that, if someone were to see some sort of generic
parent solution, and they knew that their parents worked at the NSA and
were able to use specialized technical skills, then they would know that it
was just not applicable to their situation. But I'm assuming that that
would nevertheless be useful for 90% of people. Or am I completely wrong
about that?

I don't know exactly what I want/expected. Like, it would be absolutely
brilliant if there was some general,
accessible-to-an-arbitrary-more-tech-savvy-than-average-teenager, howto
security, possibly for simplicity specialized to parent-situations, but
accessible security is in general a huge unsolved and possibly unsolvable
problem. I suppose I was hoping to at least start.

On Tue, Jun 2, 2015 at 4:49 PM, Travis Biehn <tbiehn at gmail.com> wrote:

> You're just assuming that the generic parental threat isn't omnipotent?
> Employees of the military industrial complex are parents too. There is no
> 'generic parental threat model.'
>
> What more do you want? What outputs are you expecting here? A flow-chart?
> Graphs & diagrams?
>
> The advice is the same as any other scenario:
>
> Threat Intelligence to figure out what the motivations and capabilities
> are.
> Standard opsec advice, such as compartmentalize as best as possible.
> Employ techniques and technologies used to achieve resilience in the face
> of generic nation-state attackers.
> Pursue externally mediated resolution [invoke the State's controls or
> employ physical manipulation] where it is merited.
>
> -Travis
>
> On Tue, Jun 2, 2015 at 4:37 PM, Gadit Bielman <
> thetransintransgenic at gmail.com> wrote:
>
>> On Tue, Jun 2, 2015 at 3:03 PM, Travis Biehn <tbiehn at gmail.com> wrote:
>>
>>> Well,
>>>
>>> Depending on your particular bent options range from:
>>> Subversion, Evasion, Opposition, Resistance or Appeal to Authorities,
>>> such as teachers, law enforcement and so on.
>>>
>>> Arguments abound, and are largely the fodder of flame-bait and trollery.
>>> [Which is the source of my earlier comment, "accepting paternalism during
>>> youth is the slippery slope to paternalism from the state" - this is a
>>> popular opinion on this list, I'm sure, as are the gamut of opposing
>>> viewpoints.]
>>>
>>> This topic is ridiculous, there is no difference between hiding from
>>> 'your parents' and hiding from a nation-state attacker, in both scenarios
>>> you assume all of your equipment is untrustworthy, you have the advantage
>>> with 'your parents' because you know who they are, where they live, where
>>> they sleep and have physical access to all their devices.
>>>
>>
>> There's a big difference. A nation-state attacker you assume is maximally
>> competent. Parents you don't. A nation-state attacker cannot personally
>> monitor all their citizens. Parents can personally monitor all their
>> children. As long as you aren't caught, a nation-state attacker cannot
>> arbitrarily restrict your movement. Parents can. Besides non-automated
>> methods such as looking up browser history, parents have a finite set of
>> commercially-available software, with a mostly common set of capabilities.
>> Nation-states have to be sort-of cautious -- if there was a mass-reveal of
>> total surveillance of everyone, there would at least be some blowback,
>> whereas there's not any social pressure on parents at all. In terms of what
>> they care about, parents will prioritize moral issues -- being gay, trans,
>> atheist, etc., among other stuff, depending on the family -- whereas
>> nation-states will prioritize direct plans of action against them.
>>
>> There's probably a lot more differences, and I probably messed up on some
>> of them. Here's someone else's probably-pretty-inexperienced attempt at
>> threat modelling parents:
>> http://ilzolende.tumblr.com/post/110002779072/parents-as-a-threat-model .
>> But there's not "no difference".
>>
>
>
>
> --
> Twitter <https://twitter.com/tbiehn> | LinkedIn
> <http://www.linkedin.com/in/travisbiehn> | GitHub
> <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> |
> Google Plus <https://plus.google.com/+TravisBiehn>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5788 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150602/2302c265/attachment-0002.txt>


More information about the cypherpunks mailing list