[Cryptography] Is Traffic Analysis the problem (was Re: Good private email)

[Perry E. Metzger]

On Mon, 26 Aug 2013 14:53:54 -0400 Richard Salz <rich.salz at gmail.com>
wrote:
> > Traffic analysis is the problem
> 
> Do you really think that for most people on the planet, that it is?

Probably. If one's threat model is mass dragnet surveillance, traffic
analysis is far too useful a way for the enemy to figure out who to
subject to detailed analysis. The fact that quite so much traffic
analysis data is being collected and saved right now should be a
warning -- people who have huge budgets seem to think that it is an
interesting way to snoop.

Imagine you're the dictator of a country, and you want to figure out
who all your political enemies are so you can throw them in camps.
Simply producing the social network graph connecting up a few known
activists to their tightest cluster of common contacts is going to
give you loads of juicy information on who to spy on in detail and
likely who to detain. Indeed, the traffic analysis information is
probably the best way to figure out where to look for the needles in
the haystack.

> Hey folks, go off and design your perfect secure system. Build a
> prototype or alpha-test even. And then watch while the millions of
> people who could benefit from private email, and the few who could
> use it as an infrastructure to build more services, ignore you.

It doesn't have to be either-or. :)

There are a lot of people in the community. Working on many different
approaches is probably for the best. It is hard to tell, a priori,
what will happen to take off.

Perry
-- 
Perry E. Metzger		perry at piermont.com