Slashdot Mirror
EFF Launches Surveillance Self-Defense Site
justin.foell writes "The Electronic Frontier Foundation (EFF) has created a Surveillance Self-Defense site. Created with the help of the Open Society Institute, the site intends to serve as a how-to guide for protecting your private data against government spying. From their press release, they 'aim to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government's hands.'"
In the section on encryption they note that your lawyer may get you your hardware/data back after seizure. If you do, DON'T use it without taking some precautions that it hasn't been tampered with. Quite what precautions, I'm not sure.
Ian
I commend the EFF's good efforts and their attempts to protect 'We the people' from, well, other men in the middle. However, as valuable as the information is, it will have little to none tangible benefit. The users reading those pages in the first place are already the one's interested in such technologies, probably already use some of them and are generally not the target group. The big mass of people will never read these pages, nevermind implement the solutions laid out there. Thus they force even the privacy-conscious to remain unsecured in their communications with them, as both sides need certain setup's (encryption etc.).
So the real question is this: How do we not just get a nice write-up about what we *could* do, but how do we get these features activated by default?
For example, AFAIK none of the popular Linux distributions enables IM (OTR) encryption out-of-the-box. Why not?
Why have we still not come up with a way to enable opportunistic encryption for e-mail (think GPG in the background without user intervention), as well enabled by default?
etc.pp..
It is the experience of every geek, that most 'normal' people leave things fairly alone and just try to use them as they come. Since most OS' and program's defaults are insecure, it is, IMHO, one of the primary reasons that everything is so easily monitored, stored and...eventually used against you. .0.0.0.1beta version on the disks, but make a true effort to secure their shipped communication-related programs. If usability-issues exist, they should also be addressed. That, and only that, would make any kind of real-life difference: Make security and privacy the default!
Here the Linux distributions could make a dramatic impact overall and I would welcome something like an official "privacy-year", where the distros focus less on cramming the latest
Avoid Microsoft products where possible. Computers using the Microsoft Windows platform are especially vulnerable as of this writing (although no operating system is immune to all potential attacks). Consider using a non-Microsoft operating system if possible. However, if you have to use Microsoft Windows and you are connecting to the Internet, your best bet is to minimize the number of Microsoft Internet applications you use â" for example, use Firefox as a browser or Thunderbird as a mail client. Microsoftâ(TM)s Internet Explorer and its email programs Outlook and Outlook Express are very difficult for even professionals to secure. Furthermore, adversaries tend to attack more popular platforms and applications.
Keep your software updated. Use the latest stable version of your operating system. As of this writing, Windows 95, 98, and ME are utterly obsolete. You should be using at least Windows Server 2003 for servers and Windows XP for clients, with all patches and service packs applied. For Macintosh computers, use OS X 10.4 or greater, with all patches applied. For Linux and Unix, get whatever version is the most recent stable release, and follow all updates. It is especially important not to let server software versions lag behind, since servers are always on and always connected.
Maintain your firewalls. Firewalls are software or hardware components that protect your computer or network from the Internet, blocking traffic based on network-related parameters like IP addresses and port numbers. Firewalls can protect against those who want to access your computer without permission. Configuring network firewalls is pretty tough for the layperson and beyond the scope of this guide, but you should learn how to use the personal firewall software thatâ(TM)s included in most recent operating systems.
For more detailed information about malware, check out the Malware article in the Defensive Technology section.
Slashdot? Oh, I just read it for the articles.
There are already quite a few Freenet sites dealing with oppresive governments. Although it would be cool to see one by the EFF.....
"City hall" in German is "Rathaus" Kinda explains a few things......
It's a fine site with lots of good information. But it skips some things that people interested in privacy should probably know about. I see no mention on the site of Freenet or the concept of darknets/opennets. The section on disk encryption doesn't mention hardware-based solutions at all, even though they are about the easiest for a non-geek user to implement.
Good start. Keep it up, EFF.
FYI, Freenet is to counter content supression. Tor supports hidden servers just fine, with much better performance.