Highest Rated Comments


ewe_dew_real_eyes6 karma

IMO DefCon and the other security conferences present an opportunity to conduct HUMINT against the infosec commuity. Nobody in their right mind can believe the participants in these conferences are not deeply profiled by the powers that be. Individuals serious about the politics of infosec and anonymity should probably avoid the conferences altogether.

A. What is your opinion of the above statements.

B. What countermeasures do these conferences undertake to make profiling more difficult, and anonymity possible?

Thanks.

ewe_dew_real_eyes1 karma

Thanks for your response.

The same statements can be made of your traffic/packets, your ISP, your SSN, social networking sites, etc...

Sure, but DefCon is self-selected for an affinity to all things infosec. So there's a meaningful distinction to be made here. Attending says "watch me" and presenting...

If you don't see Defcon as a vulnerability, it's hard to patch. The measures you mention are necessary but insufficient. For example, if the hotel CCTV is active, as it most certainly is, the rule against public photography is moot, as passive facial recognition attacks can be conducted from the hotel security control room.

It's not enough to say that every conference enjoys the same vulnerability, or that people who attend chose to be public. The question is: is it possible to attend (any) conferences anymore without being profiled, ingested? The answer must be no, especially if we're using the half-way countermeasures you describe. I think it's an interesting problem, fundamental to conferences in general, and not a special topic, or sub-heading. It's the thing itself.

After all, if an organization can conduct passive facial recognition attacks on Defcon, then you guys are being hacked.

For me this is a puzzle worth solving.

Edit: Privacy village, powered by Google. LOL. It's like the smart people gave up.

If you are interested in helping out with this year's Crypto and Privacy Village, feel free to join the Google Group (https://groups.google.com/forum/#!forum/cryptovillage), reach out to us on this forum, or on Twitter at @CryptoVillage (https://twitter.com/CryptoVillage).