Resources for Little Brother
Little Brother is, among other things, a story about the effect of new technology on our lives. As such it is from time to time, rather technical, featuring regular explanations about topics like encryption and Bayesian probability. Below are links to resources on some of these technical topics, for those who wish to learn more about the concepts behind the show. They are presented, more or less, in the order they appear in the story.
The novel on which the play is based included a bibliography.
Radio Frequency ID (RFID)
Here’s an explanatory video from Adafruit industries.
Since 2007 , when the novel came out. RFID has been joined by NFC (Near Field Communication). described in this Popular Science article.
To some degree, concerns about tracking individuals with RFID chips have diminished. Most RFID systems can only scan tags at very short ranges, and it is much easier to track someone via their GPS enabled smartphone.
Augmented/Alternate Reality Game (ARG)
Until last year, ARG was a term you had to explain to most people. Then Pokemon Go happened. While people tend to be familiar with Augmented Reality because of games like Pokemon Go and. to a lesser extent, its predecessor, Ingress, the general concept of overlaying digital data on the real world has a number of other applications. This story from the Guardian discusses the latest generation of VR/AR hardware and links to a number of applications.
Web of Trust
Unfortunately, Web of Trust is also the name of a popular browser extension which many computer security experts believe spied on its users. If you type Web of Trust into a search engine many of the pages you will see listed refer to this browser extension instead of the broader concept.
To explain the web of trust (the concept) let’s start with what it isn’t. When you go to a secure website (https://…..) You see a padlock icon next to the web address, if you see an additional identifier next to the lock icon, the site owner has undergone additional verification of their identity. Your browser knows that the site is what it claims to be because the site presents a certificate (see Encryption below for a more detailed explanation). That certificate is cryptographically signed by a Certificate Authority (CA). If that certificate authority is hacked or compelled by a government , it might issue certificates that look correct (green padlock) but aren’t. See for example, the cautionary tale of DigiNotar.
Web of trust is the alternative to centralized certificate authorities. Someone’s cryptographic credentials are signed (vouched for) by other individuals or entities. Rather than relying on a central authority, when someone you don’t personally know presents you with a new key, you make decisions on how much to trust that key based on who else you know who has signed it. The process of signing someone else’s key is a bit more complex, and was omitted from the script.
In this video of a session from the Chaos Computer Congress, Seth Hardy discusses web of trust and key signing practices. (the basic explanation is in the first 14 minutes)
Since the development of computers, encoding messages has meant math (lots of math). In this video the RSA algorithm , which makes public key cryptography work, is explained.
To send private messages, each person has a key pair: a private key, which they keep secret, and a public key, which they don’t. Messages encrypted with one key can only be decrypted with the other. This allows you to encrypt a message with someone else’s public key and be sure that only they (having the corresponding private key) can decrypt it. It also allows you to encrypt a message with your private key. Anyone who decrypts this message with your public key can be sure that you are the one who sent it.
The original commercial version of the software was PGP (Pretty Goof Privacy) and the most commonly used open source implementation is GnuPG (Gnu Privacy Guard) The Electronic Frontier Foundation has produced this PGP tutorial.
False Positives and Bayesian Analysis
This page from Boston University shows how to calculate rates of false positives and negatives.
If you prefer , here’s a video from King’s College London.
The same math that allows us to figure out how likely it is for someone who triggers a terrorist detection algorithm to actually be a terrorist allows us to figure out how likely it is for an email containing certain spam markers to actually be spam.
See A Gentle Introduction to Bayesian Analysis
At the time of the novel, Paranoid Linux was a made up thing. Of course soon after someone actually started developing it. Although that project died off, there is a project that does many of the same things, and it was in fact originally developed by the US Government, TOR
The Amnesiac Incognito Live System (TAILS) incorporates TOR in an operating system designed to boot off a USB stick so as not to leave any trace of a user’s activities on the drives of the computer he or she is using.
It’s important to remember that identity verification (which encryption is good for) and anonymity are to some extent cross purposes. If you are using a browser like Tor or an operating system like TAILS and log in to a site, you may reveal your identity. See TOR Anonymity: Things Not to Do While Using TOR
There is evidence in the Snowden documents that using or perhaps even researching services like TOR causes the NSA to pay attention to someone.