-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathFAQ
28 lines (14 loc) · 5.79 KB
/
FAQ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Frequently asked questions:
* Why did I create darm?
Besides the fact that making it is an interesting challenge for me, one that I enjoy a lot, I'm developing it because I feel most people don't really know how unprotected they usually are when they are browsing the Internet from home, work, or even while having a drink in some bar. I feel it is necessary a tool to demonstrate how dangerous it can be not taking the necessary precautions before browsing the Web or reading their email while connected to some public network.
Most privacy problems could be solved with encryption. Many companies have secure versions of their homepages or critical services so that others cannot eavesdrop or intercept their communications. Having this system in place is more expensive than not having encryption at all, so that most companies assume a compromise and decide to encrypt the most important areas of their sites (e.g. their login pages) while leaving all other parts insecure. Some really, really big companies who could actually afford to encrypt all their traffic (and whom I'm not sure I should mention) provide services to millions of people all around the world while not providing any security at all against eavesdroping or interception. All these people happily use their services without even knowing about this. This lack of awareness is what I hope I'll change by creating this app.
Some may say that by doing this kind of tools, then I'm making it easier for criminals to violate the law. I for one don't believe that security through obscurity is effective at all, specially because the basis of tools like darm is in fact very basic and easily reproducible by anyone with a little bit of knowledge about network protocols.
I like to use this metaphor to illustrate my point of view. Most people would never walk into a mall crowded with people and start yelling their ATM password. They wouldn't broadcast their home alarm code through the radio, or pay for an ad on TV consisting in pictures of their families. Why? Because they have no expectation of privacy in those environments or media. With Wi-Fi (802.11x) communications, the only thing that is different between these examples is the part of the electromagnetic spectrum you are using to 'yell' that information. When you enter your password using a plain text protocol over an unencrypted wireless network, you are basically screaming your password in the 2.4GHz area of the spectrum. In order to listen to those passwords you just need a different kind of 'radio' (in this case, a computer). In the same way that guy yelling in the mall does not have any expectation of privacy, neither should that other guy who is browsing reddit on some coffee shop. If he actually expects to have privacy while doing that then that expectation is based on his ignorance about the system he's using. Once again, it is that ignorance of the general public what I hope to diminish.
* Isn't this illegal to make?
The legality of one's actions depend on the laws of a particular country. While it may be illegal in Iran to go jogging while wearing skin tight shorts, it isn't illegal in many other countries. While you're talking about an international medium as it is the Internet you should be aware that it is ridiculous to expect all the people of the world to follow the laws of all the countries in the world (yes, even including laws that contradict other laws).
That being said, I'm from and I live in Argentina. I'm not aware about the legal status of writing a tool like this in my country. I'd find it ridiculous to suddenly discover that making a computer security tool like this would be illegal, specially because security experts rely on tools like this one and many others which are in fact a LOT more powerful and scary. Anyone who thinks that making this kind of tools should be forbidden is most possibly a lawyer or politician with zero knowledge about current technologies (or with really, really bad advisors). Finally, please don't expect me to follow the laws of >insert-random-country-here<. I don't think that it is humanly possible for me to know and follow all legal codes in the world.
* Isn't this illegal to use?
As I said in the previous question I'm unaware about the laws in each of the world's countries, but stil I think it's fairly reasonable to assume that if you are using this app (or any other) to peep into the communications of others, without their knowledge and approval then most likely you are violating other people's rights, or maybe some law, who knows. I'd suggest you to use common sense and not using this against others. This tool was made in order to make you aware about security problems, in the same way most knives are made for cutting your food. This doesn't mean you should be using knives to stab people, or this app for spying on others. In any case you are responsible for your own actions, not me :)
* This kind of apps endanger us all and can't be used for anything positive.
I don't think so. When Firesheep was released it had a lot of repercussion, and many people wondered whether this kind of app actually served any good purpose. Few months after, the increased awareness of the public and their claims towards sites such as Twitter and Facebook resulted in that these sites added the possibility of sustaining a continuous encrypted communication. Sadly, it is not the default option and most people don't have it activated, but still it was a progress.
I think it is necessary to increase people's awareness about security problems so that we all start using more secure systems. The world needs a public demanding security, so that companies and developers take it seriously. It's important for all of us to know that the systems we are using are secure, and that there isn't some guy (or maybe a government agency?) watching what we do each time we put our hands in a computer.