Trainhopper, Squatter Encrypted Your Text Messages (1 Viewer)

S

soodoenim

I closed my account
Moxie Marlinspike: The Coder Who Encrypted Your Text Message
Moxie Marlinspike: The Coder Who Encrypted Your Texts
Dreadlocked programmer has spooked the FBI by creating a tool that police can’t crack

BN-JH794_MOXIEj_J_20150709134041.jpg



DANNY YADRON
July 9, 2015
SAN FRANCISCO—In the past decade, Moxie Marlinspike has squatted on an abandoned island, toured the U.S. by hopping trains, he says, and earned the enmity of government officials for writing software.

Mr. Marlinspike created an encryption program that scrambles messages until they reach the intended reader. It’s so simple that Facebook Inc.’s WhatsApp made it a standard feature for many of the app’s 800 million users.

The software is effective enough to alarm governments. Earlier this year, shortly after WhatsApp adopted it, British Prime Minister David Cameron called protected-messaging apps a “safe space” for terrorists. The following week, President Barack Obama called them “a problem.”

That makes the lanky, dreadlocked and intensely private coder a central figure in an escalating debate about government and commercial surveillance. In a research paper released Tuesday, 15 prominent technologists cited three programs relying on Mr. Marlinspike’s code as options for shielding communications.

His encrypted texting and calling app, Signal, has come up in White House meetings, says an attendee. Speaking via video link last year as part of a panel on surveillance, former National Security Agency contractor Edward Snowden, who leaked troves of U.S. spying secrets, urged listeners to use “anything” that Mr. Marlinspike releases.


That endorsement was “a little bit terrifying,” Mr. Marlinspike says. But he says he sees an opening, following Mr. Snowden’s revelations, to demystify, and simplify, encryption, so more people use it. He finds most privacy software too complicated for most users.


The former teenage hacker studies popular apps like Snapchat and Facebook Messenger, trying to understand their mass appeal. He says he wants to build simple, “frictionless” apps, adopting a Silicon Valley buzzword for “easy to use.”

“I really started thinking about, ’How do I be more in touch with reality?’ ” he says.

Those who know him say he has both the will and the technical chops to popularize complex technology.

A few years ago, Matthew Green, a cryptographer and professor at Johns Hopkins University, unleashed his students on Mr. Marlinspike’s code. To Prof. Green’s surprise, they didn’t find any errors. He compared the experience to working with a home contractor who made “every single corner perfectly squared.”

BN-JH797_MOXIEj_P_20150709134313.jpg
ENLARGE
Coder Moxie Marlinspike and a government official missed meeting one another at a San Francisco burrito joint because the visitor assumed the dreadlocked Mr. Marlinspike couldn’t be the person he was there to see. PHOTO: JASON HENRY FOR THE WALL STREET JOURNAL
During chats about surveillance and security, Mr. Marlinspike also won over Morgan Marquis-Boire, a researcher who has worked on security for Google Inc. In a fellowship recommendation for Mr. Marlinspike, Mr. Marquis-Boire wrote, “There are very few people who write privacy tools that I trust, and Moxie is one of them.”

Mr. Marlinspike says it is more important that users trust his software than trust him. “It’s easier to trust that I haven’t made mistakes,” he says.

Even by the standards of privacy activists, Mr. Marlinspike is unusually secretive about himself. He won’t give his age, except to say he is “in his 30s.” In an interview, he wouldn’t say whether Moxie Marlinspike was his birth name. In an 2011 online interview with the website Slashdot, however, he wrote, “the name my parents put on my birth certificate is ‘Matthew.’ ” Friends and former associates say they know him only as Moxie.

Consumer encryption tools like Mr. Marlinspike’s have been around since the early 1990s, but most are so cumbersome that few people use them. A popular email-encryption program, PGP, or Pretty Good Privacy, requires users to swap a series of thousands of random letters and numbers with anyone they wish to contact. Sending a message requires several clicks, a password, and sometimes, copying and pasting.

A young Mr. Marlinspike once thought users would eventually adopt such tools. “That hasn’t really worked out,” he says now.

Phil Zimmermann, who invented PGP, says he rarely uses it because “it doesn’t seem to work well on the current version of MacIntosh.”

Such headaches have limited the use of encryption to a level law enforcement has mostly learned to live with. Big technology companies like Google, Microsoft Corp. and Yahoo Inc. usually maintain access to customer messages and provide user emails and contact information to authorities when faced with a court order, even if they oppose it. Consumer services like these typically haven’t had strong encryption.

Adding easy-to-use encryption that companies can’t unscramble to products used by millions changes that calculus. After Apple Inc. tweaked its iPhone software so that the company could no longer unlock phones for police, the director of the Federal Bureau of Investigation accused Apple of aiding criminals. Apple Chief Executive Tim Cook counters that he is defending user privacy.

The incident sparked a continuing war of words between Silicon Valley and Washington. “Encryption has moved from something that is available to something that is the default,” FBI Director James Comey told a congressional panel Wednesday. “This is a world that in some ways is wonderful and in some ways has serious public-safety ramifications.”

Technology companies, once cozy with Washington, sound increasingly like Mr. Marlinspike. Apple, Facebook, Google and others are resisting efforts to give the government access to encrypted communications.

Last fall, WhatsApp added Mr. Marlinspike’s encryption scheme to text messages between users with Android smartphones, but there is no easy way to verify that the encryption software is actually turned on. The app maker, acquired by Facebook for $22 billion last year, plans to extend encryption to images and iPhone messages, a person familiar with the project said.

Behind the clash lurks this reality: Even if the big tech companies come around, there are others like Mr. Marlinspike who will pick fights with code.

Mr. Marlinspike argues for safe spaces online. His personal Web address is thoughtcrime.org, a reference to George Orwell’s “1984.”

As a teenager, Mr. Marlinspike says, he was more interested in breaking software than creating it. He turned to protecting data as he grew more concerned about surveillance.

He moved to San Francisco in the late 1990s and worked for several technology companies before the dot-com bust, including business-software maker BEA Systems Inc. Since then, he often has lived on the edge of the Bay Area’s tech-wonk scene.

During the mid-2000s, he and three friends refurbished a derelict sailboat and spent summers being blown around the Bahamas, without a backup motor, as depicted in a home movie Mr. Marlinspike posted online.

In 2010, Mr. Marlinspike’s company, Whisper Systems, released an encryption app, TextSecure. Twitter Inc. bought Whisper Systems for an undisclosed sum in 2011 primarily so that Mr. Marlinspike could help the then-startup improve its security, two people familiar with the transaction said. He worked to bolster privacy technology for the social-media firm, leaving in 2013.

Around that time, the State Department was looking to use technology to support pro-democracy movements overseas. Mr. Marlinspike’s work caught the attention of Ian Schuler, manager of the department’s Internet freedom programs. Encrypted messaging was viewed as a way for dissidents to get around repressive regimes.

With help from Mr. Schuler, Radio Free Asia’s Open Technology Fund, which is funded by the government and has a relationship with the State Department, granted Mr. Marlinspike more than $1.3 million between 2013 and 2014, according to the fund’s website.

Mr. Marlinspike was hardly a conventional Washington player. He and a government official missed meeting one another at a San Francisco burrito joint because the visitor assumed the dreadlocked Mr. Marlinspike couldn’t be the person he was there to see, Messrs. Schuler and Marlinspike said.

Mr. Marlinspike now runs a new firm, Open Whisper Systems, from a low-rent workspace in San Francisco’s Mission District. He has received other grants but says he isn’t interested in venture capital, partly because he would have to promise returns to investors.

His latest app, Signal, promises users secure text messages and voice calls. He acknowledges that it still has some kinks. Calls can drop if a user receives a traditional phone call while on an encrypted call. Mr. Marlinspike won’t disclose how many people use the app.

He still has work to do if he wants typical users to adopt encrypted communications.

But its minimalist blue-and-white design looks like something that could have emerged from Facebook.

Mr. Marlinspike says the San Francisco Police Department called last year to ask whether the app was secure enough for its officers to use. A spokesman for the department said it “did look at this vendor."
 
We sell all kinds of other stuff in our Etsy store!

landpirate

campervan untilising nomadic traveller
Joined
Dec 18, 2011
Messages
968
Location
Brighton, United Kingdom
yeah very interesting. It was in the papers over here yesterday that the government are pushing to ban Whatsapp because of its use of encrypted messages. I think its pretty naive to think that shutting down a messaging system will in anyway prevent acts of terrorism. Its just another way to censor us and snoop, so i hope David Cameron enjoys all the stupid dog pictures I send and rubbish I chat with my mates!

http://www.express.co.uk/life-style/science-technology/590061/WhatsApp-UK-Ban-Weeks-Snoopers-Charter
 

Matt Derrick

Semi-retired traveler
Staff member
Admin
Joined
Aug 4, 2006
Messages
10,260
Location
Austin, TX
Website
youtube.com
I met Moxie at a crimethinc gathering a few years back, and I never would have guessed he'd go in this direction, but I'm glad he did. I'm really looking forward to a seamless encryption scheme for text, calls, and anything else we can do it with.
 

4t7

Rambler
Joined
Jul 5, 2015
Messages
98
Location
NC
Saw the pic of him at top and couldn't figure out where I had seen this guy before. Turns out he's that kid from that one sailboat documentary (can't remember the name of it...anyone know? Adrift maybe?) Never woulda guessed this guy would become privacy researcher and app developer. Nor that snowden would vouch for him, lol. Cool shit though. I wouldn't trust an app like whatsapp though for providing encryption. Especially since there's no way of even verifying that it's actually encrypting the messages lmao.
 

Odin

ANTISOLIPSIST
Joined
Apr 6, 2013
Messages
2,431
Location
Earth
Website
www.youtube.com
Cool shit though. I wouldn't trust an app like whatsapp though for providing encryption. Especially since there's no way of even verifying that it's actually encrypting the messages lmao.

Interesting... then what's the alternative ?
 

Odin

ANTISOLIPSIST
Joined
Apr 6, 2013
Messages
2,431
Location
Earth
Website
www.youtube.com
I dunno... not that much of a computer wiz. Just saying if you can't trust the code that someone else writes for the apps you mentioned, then what is the alternative?

If you are gonna use encrypted messaging, the article spoke of software that is less user friendly than an app. Do you think there is a reason to trust that software more so than apps? Do you suggest one.

Or are there other methods of communication you suggest for being private.

I mean you can always do it the old mafia way. Speak in person or use trusted runners. You know, like this is Two Times Tony, "A Friend of Ours." ::cigar::
 

landpirate

campervan untilising nomadic traveller
Joined
Dec 18, 2011
Messages
968
Location
Brighton, United Kingdom
I mean you can always do it the old mafia way. Speak in person or use trusted runners. You know, like this is Two Times Tony, "A Friend of Ours." ::cigar::

I've always been told that if you wouldn't stand up and say it in a court of law then don't write it down, don't text it and don't email that shit. Basically if you are doing anything you could get in trouble for, then face to face is the only way to communicate.
 

Odin

ANTISOLIPSIST
Joined
Apr 6, 2013
Messages
2,431
Location
Earth
Website
www.youtube.com
Basically if you are doing anything you could get in trouble for, then face to face is the only way to communicate.

Well yea, you could look at it from that perspective... and thats related to the reasoning that David Cameron is arguing against private communication from your earlier post. Big Brother is doing it for your protection.

Still If you want to communicate privately and securely it's not necessarily for criminal reasons. Sensitive business plans, research, or just not wanting the feeling of thinking someone could read/intercept messages from your private relationships. Its not always the end of the world... but in some cases such as being say famous... think of how they get hacked or embarrassed with private communications taken from cellphones or emails or whatever.
Also there are a lot of people... just regular folks that value they're privacy as simply a human right. At least in a civilized world I think. It's a human right.

People who have had they're privacy violated in past ages... basically throughout human history all over the world... that was condition imposed on someone who was treated as property, an indentured servant or a slave right?

Did an enemy captured in war and thrown on a slave galley ship have privacy?

Did plantation owners respect the privacy of slaves?

Or women treated as property and traded in arranged marriages, or sex work/trafficking...

:(...

I could think of some more examples but the point I'm making is that You could argue that the violation of privacy, when privacy is expected!... is a crime akin to imposing a condition of slavery on a person.

It's sad but in someways the more the world changes... the more it stays the same.
 

4t7

Rambler
Joined
Jul 5, 2015
Messages
98
Location
NC
yeah, idk. Don't really feel like typing out a huge reply about it but yeah, there are def alternatives for secure comms and trusting in whatsapp for encrypted messages def isn't one of them. If you really value your privacy and want to protect it that takes a little education and understanding first about how your privacy is already being invaded (and often used for somebody elses monetary gain) (mostly technologically) and then once you understand that it takes a willingness to actually take defensive and counteroffensive measures to protect that privacy.

If actually concerned about privacy google (and research) terms such as: vpn, tor, tails, openvpn, encryption, pgp, gnupgp, mac spoofing, adblock, whois, aimsi scanner, OS hardening, orbot, xprivacy, firewall, etc, etc, etc.

And no, ufortunately most programs/apps/utilities that aid in being more techno secure/private aren't exactly user friendly and often come with steep learning curves on how to operate and actually implement securely. There's really no easy solution for remaining secure/private and honestly most people aren't willing to learn or just don't givafuck. Yeah sorry this kinda turned into a rant and didn't really answer your question [emoji19]

Lol [emoji16]

I dunno... not that much of a computer wiz. Just saying if you can't trust the code that someone else writes for the apps you mentioned, then what is the alternative?

If you are gonna use encrypted messaging, the article spoke of software that is less user friendly than an app. Do you think there is a reason to trust that software more so than apps? Do you suggest one.

Or are there other methods of communication you suggest for being private.

I mean you can always do it the old mafia way. Speak in person or use trusted runners. You know, like this is Two Times Tony, "A Friend of Ours." ::cigar::
 

Matt Derrick

Semi-retired traveler
Staff member
Admin
Joined
Aug 4, 2006
Messages
10,260
Location
Austin, TX
Website
youtube.com
During the mid-2000s, he and three friends refurbished a derelict sailboat and spent summers being blown around the Bahamas, without a backup motor, as depicted in a home movie Mr. Marlinspike posted online.

Saw the pic of him at top and couldn't figure out where I had seen this guy before. Turns out he's that kid from that one sailboat documentary (can't remember the name of it...anyone know? Adrift maybe?)

hold fast, I think

yep, and we have it stickied in our sailing section:

https://squattheplanet.com/threads/hold-fast.18796/
 

Matt Derrick

Semi-retired traveler
Staff member
Admin
Joined
Aug 4, 2006
Messages
10,260
Location
Austin, TX
Website
youtube.com
there are def alternatives for secure comms and trusting in whatsapp for encrypted messages def isn't one of them.

the real point of encryption is not any one app or system but that encryption becomes the norm; that it becomes so prevalent in our society that it does work as an app that you can 'set and forget' then we'll have truly free communications. despite what the nsa would like you to believe, encryption isn't broken, it just needs to become easier to use. that's why the programs moxie and others are working on are so important.
 

Users who are viewing this thread

About us

  • Squat the Planet is the world's largest social network for misfit travelers. Join our community of do-it-yourself nomads and learn how to explore the world by any means necessary.

    More Info

Support StP!

Donations go towards paying our monthly server fees, adding new features to the website, and occasionally putting a burrito in Matt's mouth.

Total amount
$85.00
Goal
$100.00

Monthly Goals

  1. Paying the Bills
    $50.00 of $50.00 - reached!
    The first $50 in donations go towards paying our monthly server fees and adding new features to the website. Once this goal is reached, we'll see about feeding Matt that burrito.
  2. Buy Matt a Beer
    $75.00 of $75.00 - reached!
    Now that we have the bills paid for this month, let's give Matt a hearty thank you by buying him a drink for all the hard work he's done for StP. Hopefully this will help keep him from going insane after a long day of squishing website bugs.
  3. Feed Matt a Burrito
    $85.00 of $100.00
    Now that the bills are paid and Matt has a beer in his hand, how about showing him your love by rewarding all his hard work with a big fat burrito to put in his mouth. This will keep him alive while programming new features for the website.
  4. Finance the Shopping Cart
    $85.00 of $200.00
    Now that the bills are paid and Matt is fed, perhaps it's time to start planning for those twilight years under the bridge... if only he had that golden shopping cart all the oogles are bragging about these days.