Slashdot Mirror

Correct, the Supreme Court does not have original jurisdiction in the matter of the NSLs. This is why, if you read the heavily redacted documents about the case you will see, on the first page of each document, that this is being heard in US district court in California. If this gets appealed (and that seems likely to me regardless of the outcome), then the Supreme Court will get to hear it based on its appellate jurisdiction, which it has regarding all other cases, as quoted from the constitution by several other poster already.

Wow, it's July 17 all over again.

Furthermore, it is unlawful to collect, store, analyze, or disseminate the CONTENT of the communications of US Persons without a warrant. Period. This is not some kind of a joke.

Are you so naive?? It is well know, that NATO allies are doing this for US. And US is doing this for US allies.

But lately, they don't even care to go around laws, just simply break them.

https://www.eff.org/issues/nsa-spying

Of course, EFF is a Kremlin controlled state organization bent on destroying the west, right? right??

This tracking, discovered by Stanford researcher Jonathan Mayer, was a technical side-effect—probably an unintended side-effect—of a system that Google built to pass social personalization information (like, “your friend Suzy +1'ed this ad about candy”) from the google.com domain to the doubleclick.net domain.

As a side note, Vanilla cookie extension for Chrome is awesome.

No. It wasn't any sort of active attempt at hacking. It wasn't breaking any encryption. Even the EFF admits it was probably unintended.

Saying Google "used a loophole" is just a loaded way of saying Safari had a bug. The technique had been known for at least two years, and was used by companies other than Google.

What's with the snarks? What's so funny?

http://cis471.blogspot.com/2011/01/before-twitter-revolutions-there-was.html

http://w2.eff.org/Activism/russian_coup_netuse.article

Date: Tue, 20 Aug 91 00:17:31 +0300 (MSD)

            Hi!

            Don't worry, we're OK, though frightened and angry. Moscow is full
            of tanks and military machines, I hate them. They try to close all
            mass media, they shutted up CNN an hour ago, Soviet TV transmits
            opera and old movies. But, thanks Heaven, they don't consider
            RELCOM mass media or they simply forgot about it. Now we transmit
            information enough to put us in prison for the rest of our life :-).
            Hope all will turn out well at long last...

            Polina

Date: Wed, 21 Aug 91 21:12:26 +0300 (MSD)

            Thank you, Larry!

            Now all information media are on, CNN transmites our
            "Time" TV program, and I can watch them both!
            I'v heard (may be it was CNN) that they withdraw
            armed forces from Baltics cities. I'm not near the
            parliament, I'm still at the computer, but the situation
            on the net became lighter now and I hope to sleep a little, it was
            my dream during last two days :-)

            You can't even imagine, how grateful we are for your
            help and support in this terrible time! The best thing
            is to know, that we aren't alone.

Looking at the above, and then looking at this "discussion", I have one word for all of you: regression.

* https://www.eff.org/pages/switzerland-network-testing-tool
* https://www.eff.org/testyourisp

Switzerland Network Testing Tool

"Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.

Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.

You can download the latest release of Switzerland here. Before you run Switzerland, be sure to check out the notes about privacy, security, and firewalls. Switzerland is currently in alpha release as a command line tool. In other words, right now it is aimed at relatively sophisticated users. However, because it's an open source effort, we anticipate making it easier to use over time (please please please let us know by email, by IRC, or by filing bugsif you're running the client but it isn't working for you â" we've seen some clients reconnecting in cycles that makes us think there's a bug we should fix!).

Switzerland is designed to detect the modification or injection of packets of data traveling over IP networks, including those introduced by anti-P2P tools from Sandvine (widely believed to be used by Comcast to interfere with BitTorrent uploads) and AudibleMagic, advertising injection systems like FairEagle, censorship systems like the Great Firewall of China, and other systems that we don't know about yet.

The software uses a semi-P2P, server-and-many-clients architecture. Whenever the clients send packets to each other, the server will attempt to determine if any of them were dropped, forged, or modified (if you're interested in how it does that, you can read the design document here â" we'll try to continually revise that document so that it accurately describes the code, though inevitably it may lag a little behind). Switzerland is a much more sophisticated successor to the pcapdiff software that we released last year. It automates many of the things that had to be done by hand with the earlier code.

One advantage this architecture has over other network testing toolsis that it can spot arbitrary kinds of packet modifications in any protocol â" it doesn't assume that the interference comes in the form of TCP reset packets or web page modifications, and it isn't limited to BitTorrent or any other specific application. In the future we expect it to offer a good platform for collecting statistics on bandwidth, bidirectional latency, jitter and other traffic performance characteristics that might be signs of prioritization of some applications over others.

How do I run tests with Switzerland?

There are a few different ways to run tests with Switzerland. Any packets exchanged between Switzerland clients connected to the same server will be tested automatically. The question is, how do you find other clients and talk to them using the protocols you want to test? For now, the easiest way to set up tests is to co-ordinate them through this wiki page.

If you want to test whether BitTorrent downloads are working correctly, go to that page and find some torrents that others are seeding from test machines. If you want to test if your ISP is interfering with BitTorrent seeding, you can post a link to a torrent file on the wiki, seed that torrent while running a Switzerland client and other people can find it on the wiki and try

* https://www.eff.org/pages/switzerland-network-testing-tool
* https://www.eff.org/testyourisp

Switzerland Network Testing Tool

"Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.

Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.

You can download the latest release of Switzerland here. Before you run Switzerland, be sure to check out the notes about privacy, security, and firewalls. Switzerland is currently in alpha release as a command line tool. In other words, right now it is aimed at relatively sophisticated users. However, because it's an open source effort, we anticipate making it easier to use over time (please please please let us know by email, by IRC, or by filing bugsif you're running the client but it isn't working for you â" we've seen some clients reconnecting in cycles that makes us think there's a bug we should fix!).

Switzerland is designed to detect the modification or injection of packets of data traveling over IP networks, including those introduced by anti-P2P tools from Sandvine (widely believed to be used by Comcast to interfere with BitTorrent uploads) and AudibleMagic, advertising injection systems like FairEagle, censorship systems like the Great Firewall of China, and other systems that we don't know about yet.

The software uses a semi-P2P, server-and-many-clients architecture. Whenever the clients send packets to each other, the server will attempt to determine if any of them were dropped, forged, or modified (if you're interested in how it does that, you can read the design document here â" we'll try to continually revise that document so that it accurately describes the code, though inevitably it may lag a little behind). Switzerland is a much more sophisticated successor to the pcapdiff software that we released last year. It automates many of the things that had to be done by hand with the earlier code.

One advantage this architecture has over other network testing toolsis that it can spot arbitrary kinds of packet modifications in any protocol â" it doesn't assume that the interference comes in the form of TCP reset packets or web page modifications, and it isn't limited to BitTorrent or any other specific application. In the future we expect it to offer a good platform for collecting statistics on bandwidth, bidirectional latency, jitter and other traffic performance characteristics that might be signs of prioritization of some applications over others.

How do I run tests with Switzerland?

There are a few different ways to run tests with Switzerland. Any packets exchanged between Switzerland clients connected to the same server will be tested automatically. The question is, how do you find other clients and talk to them using the protocols you want to test? For now, the easiest way to set up tests is to co-ordinate them through this wiki page.

If you want to test whether BitTorrent downloads are working correctly, go to that page and find some torrents that others are seeding from test machines. If you want to test if your ISP is interfering with BitTorrent seeding, you can post a link to a torrent file on the wiki, seed that torrent while running a Switzerland client and other people can find it on the wiki and try

Fact:
No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA [askcalea.net].

According to the EFF (which has actually been involved in litigation of this matter, and is a source I trust far more than your liberal University professors or journalists), CALEA does NOT require monitoring of content, which was the matter under discussion. CALEA only requires recording of header data: times of activity, etc.

But the context here was CONTENT, which you seem to have forgotten in your reply.

CALEA does not apply to internet CONTENT, at all. It does not, in itself, allow Law Enforcement monitoring of the content of internet traffic. It DOES allow that for telephony.

From the EFF website: "CALEA requires communications carriers to be capable of providing both "call-identifying information" (CII) and call content to law enforcement. In the circuit-switched world of traditional telephony, the meaning of CII was clear: telephone numbers are CII, and the conversations are content. But in the packet-mode world of the Internet, communications are encapsulated (see 16 below â" link), and each protocol layer is associated with different "signaling information." Whether a component is "signaling information" or "content" depends on which layer is reading it. Thus CII on the Internet is not a clearly defined concept, although it is in traditional telephony
...
Law enforcement is now attempting to broaden CALEA by requiring communications service providers to design their networks to make it easy and fast for law enforcement to perform wiretaps, pen-register, and trap-and-trace surveillance on a large number of people."

In simple terms: it ain't done yet. And maybe it never will be.

the Supreme Court of the US has said over and over https://www.eff.org/issues/anonymity/ that the First Amendment means anonymous speech.

Even the bloody Roberts court has upheld the anonymous component.

Screw Blizzard. They did this:

https://www.eff.org/press/archives/2002/04/08

The headline: "Blizzard Freezes Bnetd Gaming Platform, Sues Own Customers"

I've never bought anything from Blizzard ever since, and never will.

The FISA Amendments Act of 2008 clearly specifies that an properly adjudicated, individualized warrant from a court is required to collect, process, analyze, store, or disseminate the content of the communications of a US Person.

Except for those 7 days when they don't need a warrant.

If you think the government will just ignore the law and do whatever it wants anyway, then any discussion of the law is moot.

You mean like that time they were spying on everyone, got caught, then passed FISA to make it all OK and prevent anyone from suing them?

Seriously.. just read it.

there should have been a link to that to: https://panopticlick.eff.org/

That's some fancy Jason Bourne stuff you're talking about. Ever thought about writing? Sure, you can't prevent people from posting pictures, since every grunt's wife wants pictures of her man in uniform. But that's a concern at all military installations. There are protocols for these things and all communications are generally reviewed from really sensitive areas or people who have made mistakes. They should build a nondescript room for accessing the 'net so people can take webcam pictures without worrying about that.

I was thinking of the other end with my post. Some foreign gov't could set up a false VPN company, or put a Secret Closet into an existing VPN provider's facility, and have some people post glowing recommendations for it here. Or at any rate, they would know where the VPN endpoint is, with company name and/or location, which is very valuable intelligence. Since the asker is looking for what I assume is a set of the most popular opinions, it's a pretty ripe opportunity.

Why, it even sounds like something US intelligence would do! For example, https://www.eff.org/cases/hepting . Don't put anything past other people if we're doing it too.

when the locked-down computer/device prevents you from seeing them?

Not sure if that's what's going on here - but being plain-text does not necessarily mean readable. I don't know how to see/read cookies on my ebook reader, for example.

A good argument for knowing something about how your device works. I don't have an e-Reader, so don't know whether it's even possible to clear cookies (maybe they're needed to maintain access to purchased ebooks). Anyway, this whole rigmarole strongly reinforces Eben Moglen's recent suggestion. The spying behavior of locked-down devices is making his case very clearly.

On a PC (not yet locked-down by UEFI), it's not sufficient just to clear cookies and LSOs. We have Opera set to delete its entire cache as well when you exit, and the kids know to clear their browsing history regularly (curious how quickly they learned that one). Firefox is also set to clear its cache and browsing history automatically on exit. On Chromium and Chrome, it's necessary to manually clear the entire cache and browsing history.

FWIW, this site will tell you what can be discerned from your browser just visiting a page. It's likely to increase your paranoia level a bit, especially when this site tells you just how unique your browser is. Ours all appear to be unique, probably largely due to the installed fonts and plugins.

Has anyone else noticed the appalling sensationalism in headlines these days? Slashdot is in danger of becoming just another gutter-press gossip site.

https://www.eff.org/deeplinks/2012/06/us-government-still-insisting-it-can’t-be-sued-over-warrantless-wiretapping

Browse through the links on that page, you'll find many references and all the evidence you want.

Can "other trackers like pixels, scripts" track actual identifying data?

Yes, they can. Check http://panopticlick.eff.org/ - in their report, they show that nearly everyone on a desktop computer with javascript enabled is uniquely identifiable.

The only way to browse the Internet with privacy is to disable javascript, or use a mobile browser. Some mobile browsers are uniform enough that their users can't be distinguished.

What does multiple browsers help when you're browsing from the same IP address? I think Google's smart enough to figure that out.

Actually, our entire household browses from a single IP address. In that case, if we each used one unique browser (or mostly just that one) per user, the multiple browser approach would assist in differentiating people for advertising purposes. As it is, we each use any of 3 PCs which all run Xubuntu, but identifiably unique due to display resolutions, installed fonts, etc. Similarly, even the kids use two or more browsers each while my wife and I use three or four regularly, and everyone knows to clear their cookies after visiting any dodgy sites (cookies are generally cleaned on exit anyway). We probably present a difficult case for analysis, and don't get any particularly well-aimed "targeted" advertising.

BTW, it's interesting to see what your browser might reveal when your visit a site, even neglecting cookies. Quite often, your browser reveals enough to identify it uniquely.

"Then what do they have to track you?"

Your unique system+browser configuration?

Intent may be inferred from their actions.

The only telecom that asked for warrants instead of requests lost big bucks federal contract right afterwards. https://www.eff.org/deeplinks/2008/06/spying-telecoms-receive-billions

It would be unreasonable if Google didn't expect a similar reaction were they to "voluntarily" make any choice other than the one requested.

DuckDuckGo.com is now my default search engine for exactly this reason. They simply don't keep historical search records that are identifyable to me. Of course, they too would have to legally comply with any government request, but their historical data is of little use.

While I trust Google to be as secure as can be reasonable, I do *not* trust the likes of the FBI (readup on National Security Letters), or other TLAs that decide they have a bee in their crotch and want to through their legal weight around for little reason.

With NSA's warrantless wiretapping laws fully protected now, I don't trust the government to honestly care about my privacy. I trust Google to Do The Right Thing (TM), but they're hands are tied when the government wants something.

Government cannot compel a particular response without a warrant or court order: Google is not obligated to respond to the a request that is not accompanied by a warrant or court order in any particular way. Google may CHOOSE to comply with a request because there is nothing inappropriate about a business deciding to comply with a lawful request from a government agency.

If I had the mod points, I'd mod you up. This is an important distinction.

My guess is that Google wants to keep the feds on their good side. Google is getting rather large and wants to make sure that the Feds remember that Google helps them "catch terrorists". Unlike the populous, the federal government has long memories and can hold grudges for long periods of time.

Fortunately, if you don't like Google's policy, you can choose not to use it.

This is easier said than done. Google, like Facebook, has become tightly integrated with our society, so much so that it's weird when I see product placements for other search engines on shows and movies. I can't remember the show but I remember seeing a product placement for Yahoo search. I remember saying out loud, "Who still uses Yahoo?"

I would say it's easier to simply not register an account on Google. However, they may still know who you are based on your browser fingerprint.

Switzerland Network Testing Tool

"Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.

Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets."

- https://www.eff.org/pages/switzerland-network-testing-tool

EFF "Switzerland" packet monitor tool looks for ISP meddling

- http://arstechnica.com/uncategorized/2008/08/eff-switzerland-packet-monitor-tool-looks-for-isp-meddling/

https://projects.eff.org/~barlow/Declaration-Final.html

In case you're unaware, the way this tracking works is by the tracking party embedding an image on a third party page (for Google, this is usually adwords, for Facebook, it's the like buttons). When a user hits that image, they send a request to the tracking party's server to fetch the image. Along with that request, it sends the cookies for that domain. The tracking party can then determine that the user with that cookie, visited third-party page X.

And here's how it works via ETag (and referrer info; which, even though it's voluntary, is a fact of life for regular users, and even required for some sites to work properly)

The first time the resource is requested, there's obviously no ETag. So you simply generate a unique ID, encode that into an ETag which you send back. You write the hit ("user [FRESHLY GENERATED ID] browsed [REFERRER]"), and wait. The next time the user requests that same resource, *if* their browser cache isn't cleared (I know that's a big if, but who cares? Spammers, viruses, marketers go for the weak links; and if that ends the discussion for you, you're just not part of it.), the browser will send that ETag (along with the referrer hopefully). Of course you don't implement 304 not modified, but instead re-encode the ID, so you get a new ETag with the same info in it, and send that back with the response. Then you merrily take not that ID #23189428931 visited again, this time coming from page X.

Sure, it's brittle, but so are cookies, and ETags plus other things like browser fingerprints*, can bridge the gap for each other (say, you clear cookies, but not the cache, or the other way around).

* https://panopticlick.eff.org/ ---> mine is unique :/ Be honest, how about yours, not changing any settings before doing the test?

### This post was intended to educate people, not to give poopy asshats ideas. "If you're a poopy asshat, kill yourself." -- Bill Hicks ###

In practice, an ISP has complete control over what they return in this situation.

The Used could be redirected to the EFF.org or to the official legislation that forbade access, or one might be redirected to the homepage of a list of proxy services. If it were me in charge and I wanted to provide a public service befitting the mythical status of the benign ISP, I'd set up a simple HTML page including all of the above with a disclaimer stating that my company took a neutral position on the question of support for the newly minted Ministry of Information, and I'd include a link to Terry Gilliam's, Brazil, as well as Marshall McCluhan's official website.

After the first line of your post, I'm rather dismayed that the link you provided didn't start, "https://" ... :(

If you like using HTTPS, here are two plugins to ensure you're using it where it's supported:

HTTPS Everywhere
Enforces HTTPS use on supported websites using rule list.

HTTPS Finder
Detects HTTPS support on newly visited sites and creates new rules for HTTPS Everywhere.

End to end encryption as standard for everything. Censorship resistant technologies.

There is no resisting rubber-hose decryption.

That's not always the case; torturing me for SSL/TLS session keys would be painfully futile. This holds for >50% of my web traffic, thanks in part to EFF's plug-in, HTTPS Everywhere.

I love the way software patents advocates present dystopian hypotheticals as a form of argument when we already KNOW what the world looks like without software patents.

It's a world of Turing Machines (1936) and von Neumann architecture (1945), machine language and assembly language (1951), compilers (1952) and loops and switch and if / then statements and LISP (1958) and packet switching (1960s).

It's a world with operating systems and databases and word processors and spreadsheets and browsers and web pages.

It's a world with the ARPANET, TCP/IP, the internet and HTTP and FTP and DNS.

In other words a world where the most fundamental, most visionary, most complex, most resource intensive, most ambitious and most beneficial contributions to humankind are conceived, created, disseminated, taken up and used in creating incalculable social, scientific and economic benefit for all.

So just remember this next time you hear someone going on about what a bad place the world will become if we abolish software patents.

And please, give generously each year. Your continued ability to pay your bills depends on it.

http://www.ffii.org/Donations

https://www.eff.org/

If this bothers you, or anyone else, try to use https and secure connections wherever possible.
This means that without some directed effort on the part of your ISP (MITM/brute force) all your ISP knows is which site you visit, not the contents of your conversation with the servers.

HTTPS-Everywhere helps.

• dodgy deals in Kenya
• search neutrality issues on several occasions (i.e. favouring own products)
• WiFi sniffing was first an unintentional mistake, then a single individual action, then the supervisors knew about it ...
• circumventing Safari privacy protection ...

So, while I do not like simple comparisons like "is Google the new Microsoft?", they have their share of morality issues like most large corporations...

This F-Secure post is not news. The EFF wrote this up on March 5th: https://www.eff.org/deeplinks/2012/03/how-find-syrian-government-malware-your-computer-and-remove-it

Not at will but you can when you have a search warrant specifically designating the server.

Try reading the Bill of Rights sometime. The FBI broke the 6th law in that document (also known as the 4th amendment) which requires obtaining a search warrant from a judge prior to entrance.

You mean something like this? The warrant that was linked to not only in the article but also the summary?

And yes sometimes the bad guy gets away.

That would be a hilarious motto for any law enforcement agency! I'd opt for "We do everything within our legal rights to catch the bad guy."

That is preferable to harassing innocent people & treating them like criminals (example: patting down their breasts and crotches)

You are confusing the FBI and TSA.

(example: randomly searching through cars)

You are confusing the FBI and ... your local law enforcement? Who require probable cause?

(example: arresting people who publish anti-war pamphlets)

The FBI might have done that in the past during Vietnam but it was probably for other trumped up bogus charges and luckily today we have the EFF/ACLU to take up those cases when that happens. Got any recent examples or really any citations at all for this entire post?

(example: rounding-up asian-Americans & tossing them in jail cause it's world war 2)

Wow, dude, that was six decades ago ... yeah it was horrible and I think it's been publicly recognized as horribly racist and is a reason for public shame to the United States. I do not think that's happening today.

(example: assassinating Americans because you SUSPECT they might be terrorists)

Again, I think you're confusing the FBI with some other agency ...

(example: strip-searching old people before they can fly)

But you repeat yourself ... that's the TSA, not FBI. The TSA definitely has no purpose and needs to be dissolved.

(example: forcing a breast-feeding mom to stand in a glass jail for an hour, rather than let her take her pumping equipment home to her newborn kid)

What the hell? Citation?

INFORM yourself of what's happening in the world.

Yep, I'm the misinformed one here, got it. Hey, since all government actions are from the same people (you cross state and federal levels several times there) why don't you go tell your local county clerk to stop murdering Afghan children? Makes about as much sense as the rest of your rambling post ...

Feel that push for CISPA to get real telco immunity? The company is protected from users, using poor code and the feds get CALEA like access.
No more "Marius" momments in the press, it would all be logged under national security.
https://www.eff.org/deeplinks/2012/04/how-expansive-immunity-clauses-cispa-will-facilitate-abuse-user-privacy-0
"If a company learns about a security flaw, fails to fix it, and users' information is misused or stolen, companies cannot be held liable as long as the company acted “in good faith” according to CISPA."
Until then its "Alright sir, I just need to check inside your sever."
Yes, you're a smart admin, aren't you sir?

It's blocked. Got another link to a non-torrent site?

https://www.eff.org/https-everywhere
install that and try again ;)

It's even worse when you consider the sites using mixed content, which passed with flying colors on the analysis. To do a proper test you really need to check every page that uses SSL.

More about mixed content: https://www.eff.org/https-everywhere/deploying-https

Fixing Mixed content is not always so difficult, we replaced image links to use "//" instead of "http://", which allows it to use whatever protocol you are already using. This also works if you still might need to fall back to http:/// for whatever archaic reason (or for us development).

You'll notice, in the Democracy Now transcript of the next (not-to-miss!) piece, https://www.democracynow.org/2012/4/26/targeted_hacker_jacob_appelbaum_on_cispa (and definitely see the NSA whistleblower's horror story of which this follows on the heels: http://www.democracynow.org/2012/4/23/more_secrets_on_growing_state_surveillance ) how Amy Goodman smartly points out that B.O. just recently "threatened to veto" the horrendous NDAA.. but those of us who've been around awhile never believed it for a minute, and were proven right yet again as he didn't veto squat. The Dems appear to be quite a calibrated bit of machinery at "look over there" jujitsu.. keeping would-be concerned citizens constantly SPUN-- too behind the curve to effectively take part in informed democracy when putting food on the table is so all-consuming for most of us..

Also key, is the fact that GOOG et al aren't creating the huge "netroots" groundswell like for SOPA.. they stand to gain (collecting databases on users is after all their biz..) -- says a lot about the nature of the Net Roots, how relatively swiftly/quietly this is sailing thru so far.. hopefully the real citizenry, sans Big Bro Google's help, can raise enough stink by the time this hits Conference Committee. A huge affront to the Bill of Rights-- should be a dealbreaker for any Pol who supports it this election year!
Bottom line: contact your congresscritters, yes. But that's always pretty unrewarding, really-- I've found that printing up many many flyers and posting them widely can be way more satisfying. Perhaps incorporate the well-thought-out Take Action ideas from EFF: https://eff.org/cyberspying
note: they also have a keen infographic on their site somewheres, to entice the visually-orientated.

You'll notice, in the Democracy Now transcript of the next (not-to-miss!) piece, https://www.democracynow.org/2012/4/26/targeted_hacker_jacob_appelbaum_on_cispa (and definitely see the NSA whistleblower's horror story of which this follows on the heels: http://www.democracynow.org/2012/4/23/more_secrets_on_growing_state_surveillance ) how Amy Goodman smartly points out that B.O. just recently "threatened to veto" the horrendous NDAA.. but those of us who've been around awhile never believed it for a minute, and were proven right yet again as he didn't veto squat. The Dems appear to be quite a calibrated bit of machinery at "look over there" jujitsu.. keeping would-be concerned citizens constantly SPUN-- too behind the curve to effectively take part in informed democracy when putting food on the table is so all-consuming for most of us..

Also key, is the fact that GOOG et al aren't creating the huge "netroots" groundswell like for SOPA.. they stand to gain (collecting databases on users is after all their biz..) -- says a lot about the nature of the Net Roots, how relatively swiftly/quietly this is sailing thru so far.. hopefully the real citizenry, sans Big Bro Google's help, can raise enough stink by the time this hits Conference Committee. A huge affront to the Bill of Rights-- should be a dealbreaker for any Pol who supports it this election year!
Bottom line: contact your congresscritters, yes. But that's always pretty unrewarding, really-- I've found that printing up many many flyers and posting them widely can be way more satisfying. Perhaps incorporate the well-thought-out Take Action ideas from EFF: https://eff.org/cyberspying
note: they also have a keen infographic on their site somewheres, to entice the visually-orientated.

[apologies, pholks.. I hit Submit instead of Preview by accident, and am just figuring out that I can't edit a comment. Here's the handy-dandy, and proofread, HTML...}

college&community&public stations a-plenty-- make sure yours is among them:
https://www.democracynow.org/2012/4/26/cispa_critics_warn_cybersecurity_bill_will

And here are the go-to sites for leadership/updates on the issue:
http://www.eff.org/
http://www.epic.org/ (though, just checking.. not sure why EPIC is lagging on this issue thus far.)
And though I don't like ragging on sd'ers, it's a bit troubling that the site which is heralded as bringing the news is "hothardware".. I guess a peeve of mine is overspecialization. Ever the humble polyglot, I make it a point to check aggregators of alternative news daily:
http://www.alternet.org/
http://www.commondreams.org/

and as re Your Rights specifically, a good podcast is http://www.lawanddisorder.org/
... also, CNet puts together a good "Politics and Law" rss feed: http://news.cnet.com/8300-13578_3-38.xml

AMANDLA!

The Middle East's new "Telecommunications Hub" is a country that spent the past decade under the rule of a nation that has no qualms about over electronically spying on its own citizens without a warrant?

I'm sure everyone in the region would by dying to hop on-board and use their service.

Cookies are not the only evidence of tracking. Even Flash LSO, HTML5 local storage, etc.

There's a surprising amount of identifying information in request headers and what's available to javascript. (see http://panopticlick.eff.org/ for a demonstration.) That means, one often needn't accept or store a cookie to be tracked.

A really comprehensive pro-privacy browser extension would munge request headers and enumeration of fonts, plugins, screen resolutions, etc. to match one of, say, the top 5 most common desktop browser fingerprints - and to change every so often (Changing per request would itself be a trivially detectable signature.)

-Isaac

A company so desperate to take over everything, that they back up Verizon on destroying wireless net neutrality.

The biggest enemies of open web are the wireless carriers, but Google is too afraid of them to say anything about THOSE, instead it just joins the club and helps them further to achieve their controlled-web interests.

So.

What can we do which is bigger than the blackout?

I don't want to believe we don't stand a chance. We have to keep fighting.

Start by signing the petitions on EFF and avaaz.org sites. Then spread the word.

Also, you may want to consider setting up a Tor bridge using Amazon free tier (if you can't afford to pay $30 a month to sponsor a more permanent one)... just in case.

The oligarchies of the world do a fair job of controlling media, but they can't control blogs or twitter. They need governments to make sure they can do this for them.

twitter is not representative (thus rather irrelevant). Let me demonstrate by googling on:

CISPA - 1540 results
SOPA - About 673,000 results
lady gaga - About 5,020,000 results
bieber - About 8,030,000 results
pr0n (about 42,100 results) + porn (about 2,070,000 results) - an "total about" of 2,112,100 (what???).

Everybody knows Internet is for porn and the rule 34. Now, you cannot argue that porn is less popular than Lady Gaga or Bieber - therefore Twitter must be non-representative.

Now, I tell you what you can do to prove me wrong (don't bother replying to this post, it's equally irrelevant): just sign the petitions on EFF and avaaz.org . Even better, open or sign a petitions on the We, the people site.
Then, of course, twit about it and prove me wrong.

"This is SOPA being passed in smaller chunks."

So long as all law is made solely to restrict people and _never_to recagnize rights or prevent abuses such as this, it will just be attempt after attempt until a given law passes. It is absolutely inevitable.

The very reason the people should use whatever legal influence they have to show support in delaying (if not stopping) such laws, every time they try to pass them:
petition at Electronic Frontier Foundation
petition at avaaz

It may appear that you also missed the boat in signing a petition on "We the people" (I can't, not being in US). Maybe it's time to start a new one and promote it better?

http://act.demandprogress.org/sign/new_sopa/

Do sign, please. It may not help, but it can't hurt.

While at it, give CISPA a bump... while you still can.

Money is now speech, so bribes are just a way to tell someone what you think. Why are you against the 1st amendment?

It thought that 1st amendment would protect any speech, so why would anyone's speech in opposition to bribes be suppressed?

You think I'm not getting the joke/irony/sarcasm? Well, maybe I do get it, but I'm not quite in the mood to take the things lightly: watch out CISPA.

What motivates this man to be so evil?

This is not half that evil as others... watch out CIPSA

Still better than using Android. Because Apple is making money off of selling the device not ads or services, they are actually de-incentivized from abusing that info because it could drive away their customers and as a consequence they've got a pretty good track record on not giving away your info. Google's whole raison d'être on the other hand is actually gathering that info, correlating it with info from all of their other services and then using it to target you. Plus they've been known to make a run around privacy protections.