Slashdot Mirror
Carnivore No More
wikinerd writes "FBI has retired the controversial Carnivore software, strongly criticized by privacy advocates for its email capturing abilities. However, it is believed that unspecified commercial surveillance tools are employed now. What does that mean for Internet users' privacy?"
Check this little image from the article. "Carnivore's official logo shows bload-soaked incisors closing over a stream of data". EVIL!
It's a packet sniffer that reconstructs data (mail and web sites, as it seems from the article), not a boogieman! I agree, it can be a dangerous tool for privacy in the wrong hands, but still, it's not like you can just put it in your PC and start reading your neighour's mail.
The article mentions it was ran on ISPs with no capabilities to monitor their users' Internet usage. I wonder how many they are; for starters, mail is a no brainer to monitor, unless it's webmail on remote server (Hotmail, f.ex.). And even then, the conection is encrypted.
It means that it's time to start encrypting your email. 4096 bit public key encryption should suffice. I can't believe this isn't more prevalent in today's world. We need WDIV Chopper News 4 to do an expose on how everyone is spying on your email. Maybe that would get the public's attention. What I'm surprised about is that AFAIK, none of the webmail providers support encrypting email. You could probably get the browser to encrypt it using Javascript or even with a Java applet. Anyway, having the option would be nice.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
in this article one of the things they note is "a rapid turnover among the bureau's information technology personnel." in addition to which they appear to have as many problems as any other large organization trying to manage their tech infrastructure.
Hmmmm. MS gets into the anti-spyware business, and the FBI suddenly decides it doesn't need its custom spyware anymore...
Sheesh, evil *and* a jerk. -- Jade
They budgeted quite a bit of hard cash to develop Carnivore...
so who is going to be held responsible for that wasted cash due to bad planning?
IMHO that's a ton of money that can be used for many useful things... it was taken from our taxes... and now just sits on some cvs server (assuming they save it).
That cash could have been used to pay for some armor for troops deployed in Iraq. Or perhaps fund development of improved airline security equipment... something that would be beneficial.
Why the hell did this get approved if commercial equivilants were in the works? What seriously ill planning went into that?
If the FBI were a company... heads would roll. This wouldn't be acceptable.
BTW: This page has a small image of the carnivore logo (for anyone interested).
Good points but I've progressed past them. In reality, things are just the other way around.
Objecting to law enforcement operating without proper controls is futile. Proper controls are always argued on a case by case basis anyways, as well they should be.
Objecting to the cost of law enforcement is the only real consideration. This is the way it works. If we don't object to the cost there will always be a need for more money. Not putting a cap on the cost is inviting corruption.
fast as fast can be. you'll never catch me.
Exactly, I work for an ISP, we are still installing these things for the FBI. I don't know much about the new version of Carnivore but I can tell you they have some bugs to be worked out still. (eg. they are not entirely passive, and the IP space needs to be added into them.) This makes network changes a PITA because I don't have access to configure new IP blocks into the new Carnivore platform. If they are going to make us install these things they should at least make them work seamlessly :P
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
So ... the trick is to use some form of plain-text encryption that doesn't appear to be anything but a somewhat long-winded normal message discussing the weather or the latest playoffs.
Something like text based steganography (demo 1, demo 2)? Slashdot has covered steganography before.
To-do List: Receive telemarketing call during a tornado warning. Check.
Pardon me? FUD?
Given the FBI's history of misconduct, I don't think that this is FUD whatsoever. You claim that this assertion is "factless", but it is really not illogical to presume that if they've done something before, they'll likely do it again.
In this case, the justification for suspicion is not technically "factual" (this would be near-impossible, since the FBI operates with a great degree of secrecy), but rather, logical. It is logical to presume that an organization which has behaved badly and resists reform intends to continue to behave badly. The fact that they resist oversight and transparency only adds to this perception, and rightfully so.
FUD is UNFOUNDED suspicion, I might remind you, not well-founded suspicion. I would submit that suspicion toward the FBI is quite well-founded given a history of misconduct from that organization. Please learn what the word (or acronym) means before you throw it around.
To fight the war on terror, stop being afraid.
You underestimate us.
You know what amuses me about that attitude?
Knowing people that do in fact work for the government with top secret clearance (NSA and Military) and knowing how HIGHLY incompetent some of them are in almost every facet of computer science. Some are more skilled than others, naturally, but none of them I would consider even remotely on par with the average mid-skilled Geek. No, it isn't an act. Some of these people I've known since highschool, others much longer.
One of them went so far as to tell me all of the things they could do dispite every claim he made being totally impossible.
My favorite laughably stupid comment was something to the effect of "They can even monitor your network conversations even if you aren't connected to the internet. They can get in through your power lines and read every e-mail, web-site, and chat you've ever had." People without a clue who want to be taken seriously should at least know WHEN to STFU.
The smartest one of that I know says the least probably because what he does know he isn't allowed to say. However, I did get him to admit to me on at least one ocassion that for an entire team of people there is normally only one really bright person getting anything done, and their productivy is often stifled and drown out by the sea of stupidity they have to deal with constantly.
He has also told me that the NSA might not often be much more competent than any reasonably skilled group of sharp geeks (and normally much less) but they are normally good enough to get the job done because most of the time they don't have to work against highly competent people.
That argument makes sense, for the most part. It's easy to take on 99% of the population when 99% of the population are even less competent than you are.
He did finally say one thing that bothered me. He said "Don't worry though, if they were watching you and felt you had the technical advantage on them, they'd find other ways of getting to you. When they can't win on that front, they'll just win on another. Compared to you, they have unlimited resources."
And THAT scares me more than any of their technical abilities.
It's hard to win against an organization that can throw national security up as a shield from liability for any actions they may take against a person.
-FUSE-