Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

--- opsec [2013-05-24 14:11] – Added link to KISS principle. house
+++ opsec [2013-05-24 15:57] – house
@@ Zeile 5: / Zeile 5: @@
 OpSec can be hard or easy, it depends to a great deal on the threats you have to counter. To give you an example, let's take a look at someone communicating via e-mail using the same infrastructure. This can be an e-mail client configured with different accounts used by the same person. Even if you encrypt all your e-mail content, you will still be generating transaction logs with addresses in clear. These logs can be on your local machine and very likely on machines belonging to your ISP(s). [[https://www.cryptoparty.at/_media/e-mail_connections.pdf|This graph]] shows the communication structure. Addresses are anonymised. Links between nodes denote communication. Thicker lines mean that more e-mails have been sent. You see two central nodes which are probably the two most used accounts to send e-mails. Recipients overlap, so both accounts have common contacts. There is a lone pair of nodes on the right which indicates a third account being used to send e-mails to a single recipient. Now imagine that the data is anonymised. Logs contain the full e-mail addresses! Everyone accessing these transaction logs can create these graphs very easily.
-OpSec aims to avoid information leaks of this kind.
+OpSec aims to avoid information leaks of this kind (which is a simple example, OpSec is about much more!).
 OpSec also helps to think in different contexts and to grasp the threats behind the technologies used. "I use TOR on my cell phone." turns into "I use TOR on my ankle monitor.". Try not to get too attached to gadgets and tools when thinking about OpSec. Once the power goes out, it's good to know what low-tech and the [[https://en.wikipedia.org/wiki/KISS_principle|KISS]] principle was all about.