Re: [Libreboot] Libreplanet keynote questions

[Daniel Tarrero]

On Wed, Mar 16, 2016 at 07:40:56PM +0100, Denis 'GNUtoo' Carikli wrote:
> On Wed, 16 Mar 2016 10:59:52 +0100
> Xavi Drudis Ferran <address@hidden> wrote:
> 
> > I don't understand. What cases do you mean ? Are you afraid of
> > speaking in dreams or of someone threatening you to give them a
> > passphrase ? If the later I don't see what difference can make how do
> > you give it to them (orally or typing it in a keyboard, or typing it
> > in the kind of keyboard or environment were you're used to typing
> > it). 
> In the kind of setup I described and its problematic (targeted physical
> attacks against activists), the passphrase is the cornerstone of the
> security.
> 
> In some countries, you can condemned to death just for blogging or
> participating in the promotion of (software) freedom.
> 
> In the movie citizen four, at some point, Edward Snowden mention that
> even if he really wanted to give the passphrase, he would be unable to.
> 
> So I was wondering how it was possible, and if it would be accessible
> enough to regular activists.
> 
> Denis.

i think the best approach to "i dont want to be the weakest link in the 
security chain", and i guess Snowden did something like that, are OTP (one time 
passwords). We can call them "one-use passwords".

For that strategy to work great, it has to be "advertised", as i guess Snowden 
did with his presecutors; i'm not sure if that can be the situation of activist.

OTP is, for example, the code you receive via SMS from bank for approve online 
purchases.

Usually that is combined with the "dead man button" strategy. This is a button 
that launches something when it's NOT pressed.
For example: You can have someone you trust in the other side of the SMS 
center, and tell him "ey, if i dont call you in X hours, dont send me more OTP"


And for activist: dont let yourself be bright, let the message to be that; mix 
with the mass, make the mass more active.

good morning dudes!
d