Snowden OPSEC Megathread

We need to have a root of trust. Where we do put it? There are many good choices but in this topic we are going to have Edward Snowden as our root of trust. Snowden has said he uses Qubes OS.

Why root of trust in Snowden? He has proven to everyone that he is willing to risk his life to give privacy for everyone. He saw that corruptness NSA was doing and all the other countries NSA were corruptly collaborating with to loop hole the laws and constitution so they can do illegal mass surveillance. Edward Snowden is a symbol that everyone deserves privacy.

Also, it is very likely that every single deep state and state actor in the entire world is targeting Edward Snowden. They all want to know what data he has on his devices, his browsing history, who he’s talking to and about what. At least USA’s deep state wants to. I don’t actually know if russia does because I know so little about russia but on one hand it would make sense they want to keep a close eye on him but on the other I think he has proven himself that there’s no chance he’s still working with USA intel and maybe russia really treats him just like any other of their citizens. But he is still one of the most targeted people in the world and his threat model is probably “everything”.

All of the above is why Edward Snowden is going to be our root of trust. And in this topic we will try to collect from all sources what his opsec is. We will try to do out best to keep it up to date because privacy and security is always changing. Information about his opsec is scattered and it’s a bit of a puzzle to piece it all together and keeping it up to date. What he wrote 10 years ago might not be relevant any more.

Edward Snowden has clearly said he uses both Qubes OS and Whonix. He is a great promoter of these two tools. But there is so much more to know about his opsec. There are so many ways to use Qubes OS and Whonix. Just the fact that Snowden uses Qubes OS should put all doubts to rest about if we can trust Qubes OS (I’ve seen a few people making those kind of topics).

For example does he use Tor browser for non-onion websites too? Or only for onion websites? Does he use I2P?
Where and how did he buy his laptop? How did he decide which laptop to buy? Does he think anti-interdiction services are reliable enough to detect tampering?

For money privacy he has said he think ZEC is the best because he thinks governments will never allow Monero. ZEC is optional privacy and regulations will force everyone to show all transactions. It’s sad he has this opinion because this kind of regulated optional privacy is not really any privacy at all. Maybe he has changed his opinion because it was a long time ago I read that.

There are so many questions like which email providers he uses, VPNs, how has he configured qubes templates and so on. How does he communicate with which people. I know he has recommended Signal but does he use Signal for everything?

We have to remember Snowden has had a unique insider look into how NSA operates. He knows how the deep state works and he probably has contacts and info which we don’t have which helps him to know which software to use and how to opsec. This makes him a great person to learn from and try to copy his opsec.

3 Likes

I like your Idea, and every Megathread has to start with the first answer :smile:
Luckily for most of us, we don’t face the threats that Snowden faced and probably still faces. I’m still very interested in what a man in his position uses, as I’m interested to find out the choices of Schneier, Alan Cox or Linus Torvalds.

2 Likes

ZEC is not the best, have never been the best, and will not be the best.

Monero has a Full Chain Membership Proofs upgrade to its protocol coming up, look it up. After that, Monero will basically have an anonymity set of its transactions the size of the total number of enotes in its blockchain (aka, like zec’s shielded transaction pool, BUT much much larger in its size).

Optional privacy is no privacy. The systems that we use and design has to be protective of the user privacy, by default. Otherwise, we see, over time, regulatory and corporate capture of these systems and the enacting of information asymmetry which turns these systems into predatory systems taking advantage of the mass users.

3 Likes

I don’t think Linus is a great root of trust. Linus is probably compromised because he has finally given in and started sanctioning people with russian names from an open source project, that’s crazy. And he also has given his full support for Google Chrome in linux. There is no evidence that Linus has good opsec and is a good root of trust. Snowden otoh is a symbol of neutrality, privacy and he is 100% on the side of the people. We can’t find a better root of trust than Snowden imo.

I personally agree with you and I said some of the same things in my post that optional privacy is not any privacy at all really. But in this topic we will assume that Snowden knows best even if it’s hard to accept his opinion that ZEC is better than Monero. Just keep in mind how much experience he has and insight into deep state operations. Maybe Monero really is a losing battle because regulations will never approve monero and there will never be much of an adoption of monero then. I’m not saying that is a fact, just that it’s maybe what Snowden was telling us. And I also don’t know if Snowden’s opinion has changed since then. Outside of this topic we can if we want to keep believing that Monero is better but this is Snowden’s opsec topic.

2 Likes

Well, Snowden is wrong about this. His word is not infallible Gospel.

Monero is making serious inroads at reaching the “critical mass” of its users in numbers. More and more online stores offering goods and services for XMR. We don’t need the approval of the politicians. This is happening without them.

3 Likes

Even opsec-wise, using ZEC is an error. XMR offers better infosec/opsec protections if you are going to use a crypto currency and not be tracked&traced.

3 Likes

Linus Torvalds is complying with the US governments sanctions, breaking the law incurs penalties hence Linus Torvalds adheres to the current policy regarding foreign contribution to security critical systems. It is important to remember that people have families and responsibilities which come before protecting their moral values; This was a sacrifice which Edward Snowden was willing to make, I do not say this as a comparison of penalties but in a more general sense.

Many projects we rely on are in violation of these severe sanctions and as such are federally prosecutable, I have not read on the subject enough to know what the consequences of breaking this particular sanction are but it is certainly an issue and a great decrement to the worlds ability to freely technologically innovate.

The Linux foundation published this blog post on the matter: Navigating Global Regulations and Open Source: US OFAC Sanctions

3 Likes

The trusted setup in the form of the “ceremony” that was used to instantiate ZEC is a big source of worry. Assuming one could trust the ceremony, Snowden’s analysis was otherwise correct.

But all this is moot if we move over to crypto based on zk-STARKs (which like ZEC is the work of Ben-Sasson and company). They offer the same zero knowledge, but require no trusted setup. Plus, IIRC, they depend only on a single cryptographic primitive, a cryptographic hash function, which we can choose to be quantum secure.

3 Likes