Personally, I don't like the idea that every Tom, Dick, and Harry can just scan my emails and read everything. Especially every Dick. Our everything is generally boring and mundane, but some of it is not nice. And none of it is anybody's business.
While we are waiting for the big boys to simply encrypt all communication in such a way that even governments can not grab them along the way, we played with encryption and did some thinking.
We found Big Brother a catchy but insufficient metaphor of what's happening.
This is in no way meant to belittle the great Mr. Orwell, also known as a Blair we like.
We are dealing with machines programmed by humans. Some of these humans are good guys, and some bad. Some are good guys during the day, and bad guys after the sun goes down.
So, we learned encryption from the good guys. What can we learn from the bad guys?
Malware writers and cyber criminals are good at disguising malicious program code and at make believe.
The make believe part has a name: social engineering. That email with an attachment you just cannot resist to click is a prime example. There is not much practical use in this for average users, unless we reverse it: nothing for me to see here.
And what better way to achieve this than disguising stuff?
That's how Project CuttleFish started. Who says that an email has to be plain text or html?
Why not use a .wav audio file as an "envelope" for a text message? After all, the letters, spaces, and emojis you see on the screen are nothing but 1s and 0s.
So, CuttleFish takes the 1s and 0s and sticks them into a .wav file. Sounds like rain if you play it in your favorite media player.
Or it makes a .png image. Not a very pretty one, more one that looks broken. It even creates a zen like QR code, which is really just an image file with a very specific structure.
Since we have never really liked PDFs much, CuttleFish also produces and reads a nice broken looking .pdf.
For the QR code and the pdf, CuttleFish turns your text into gibberish. Not encrypted text, mind you, just gibberish used in other contexts to save or transmit data safely.
So, your army of underpaid Chinese censors will mostly think you are an incompetent user.
Cannot even produce a good .pdf file.
And the automated censors have to work a bit harder. Someone has to add code for them to now look at every darn .wav file in order to see if it might contain text.
CuttleFish will also get "executable" envelopes for fun. Both human and machine censors hate unknown executables. Again, these exes will not "work" but in order to figure that out, the machines will have to work a few seconds longer, and the humans will stay away from them without much thought.
No comments:
Post a Comment