Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, it does make a huge difference, actually. If the traffic is travelling to outside servers, it can be encrypted, and there's no mitigation that they can do to get access. But if it ends up on the servers inside the country, they control the endpoint where it has to be decrypted to be processed. Then it becomes a kind of a reverse https://en.wikipedia.org/wiki/SORM#SORM-2 set-up, with every prominent service provider having a preinstalled tap for the agencies.


I wonder what the Kremlin thinks of Livejournal.ru these days? Livejournal's a "back in the 2000s" memory for most of the English world, but as far as I know, Livejournal.ru is the top blogging-oriented network in Russia (http://blog.webcertain.com/targeting-russia-the-top-8-russia...). Also as far as I know, LJ's servers are still in the USA.


Mentioned this in another thread off the same converasion: Russia intelligence services can almost certainly break consumer grade encryption.


There is no supporting infrastructure for this at the moment, even if you presume, that they stole secret keys from some CAs.


Are you claiming that the Russian government doesn't have a domestic surveillance infrastructure?


Technically it has, but only for unencrypted communications and without cooperation from internet companies. Which they really want to change with all the new laws and everything.


So the assertion is that Russian intelligence services cannot thwart encryption, including the encryption that it standardized for civilian use?

If this were true, I would feel very comfortable speaking about politics in Russia, as in the United States all consumer-grade encryption is being broken by our intelligence services.


I'm not sure what you mean by "civilian use encryption". If it's SSL, then I don't see how they would have the means - so far as I know, it's still cryptographically secure, and unlike US, they can't just force certificate authorities to cooperate and allow them to do MITM.

There have been some attempts by the ISPs to enable MITM, but it's very crude - they basically block SSL, except for their own custom root certificate that they explicitly require you to install, and then they use that to MITM you. It's all very blatant, and I think there was only one ISP actually trying to do it.

Also, I'm not aware of any cases of dissenters caught because their encryption was broken. Most people who get persecuted for their views said all the things they did out in the open, either to make a stand, or because they were careless.


There is no "encryption for civilian use", they did, however, standardize the encryption for government use.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: