Slashdot Mirror
Keeping Your Data Private From the NSA (And Everyone Else)
Nerval's Lobster writes "If those newspaper reports are accurate, the NSA's surveillance programs are enormous and sophisticated, and rely on the latest in analytics software. In the face of that, is there any way to keep your communications truly private? Or should you resign yourself to saying or typing, 'Hi, NSA!' every time you make a phone call or send an email? Fortunately there are ways to gain a measure of security: HTTPS, Tor, SCP, SFTP, and the vendors who build software on top of those protocols. But those host-proof solutions offer security in exchange for some measure of inconvenience. If you lose your access credentials, you're likely toast: few highly secure services include a 'Forgot Your Password?' link, which can be easily engineered to reset a password and username without the account owner's knowledge. And while 'big' providers like Google provide some degree of encryption, they may give up user data in response to a court order. Also, all the privacy software in the world also can't prevent the NSA (or other entities) from capturing metadata and other information. What do you think is the best way to keep your data locked down? Or do you think it's all a lost cause?"
It stinks, but I can see if anyone's been intruding. So far it is totally secure.
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
Only way you can keep your data yours while sitting at rest is to have it on your own servers and utilize proper encryption and security on those servers. That means don't use "cloud" anything unless it's on equipment you own, run your own email servers, etc. Remember that even doing this, emails that you send to other people can be accessed through whatever servers they use.
+++ATH0 NO CARRIER
I think that the regular postal mail is still protected from the NSA. They have to have a really good reason to open that otherwise the postal service gets real touchy. The nice part about electronic communication is that it is so easy to tap. in addition, I think as we have seen over in Iraq and Afghanistan that the SneakerNet approach does work. In this, someone creates a document or multiple documents, places them on a flash drive, and then either hand delivers or uses a courier. While most likely impractical for common documents in the united states, if someone was up to something that they truly wanted to keep secret they could employ this approach. Or be somewhere where the pneumatic tube system was still intact. Those things were so cool, I kinda miss them.
I don't want "it all". I just want our government to respect our rights and our Constitution. Is that too much to ask?
1. Use an email provider nobody's heard about.
2. Keep social network data private, more importantly don't post anything sensitive.
3. Don't engage in terrorism, they really hate that.
4. Somewhere between "get off Windows" and use a live disk, I don't think any OS is truly secure.
5. Don't save anything locally, keep your accounts hidden, no email notifications.
Wave at the black SUV outside your window as not having any traceable data may warrant suspicion in itself.
Move to SA (either one).
Those who worry are usually those who have something to hide or something criminal in the works.
You won't mind me wiretapping your phones, installing caneras in your home and adding keyloggers to your computers? You're not a criminal with anything to hide, right?
You are looking for a technical answer to a problem that isn't technical. It is a people problem. We put these people in power and let them get away with this crap. Most people are to apathetic or sheepish to care.
That's silly. Privacy is a constitutional right -- so important that it's part of the original Bill of Rights (first 10 amendments). To state that the desire to MAINTAIN your right to privacy means you have ill intent to "do wrong" (whatever the hell THAT means) is saying that nobody has any rights whatsoever -- since whatever is "granted" is as easily revocable and ostensibly temporary.
Furthermore, what constitutes "wrong"? Who's the judge? It's a moral characterization to actions of an inalienable right afforded by our founding fathers. Your statements simply don't make sense.
When you trigger an investigation by using one of their keywords and they beat your door down without a warrant while holding you and your family at gunpoint I hope you have the same mindset.
Just game the system. I've started typing random shit in gmail before I do anything ... let 'em see lots of false positives.
You know, I'm glad nobody KILLED OBAMA. Durka durka, mohammed jihad. Monsanto sucks. Bush was a simpleton. Death to American cheese.
Gotta go, someone's at the door ...
I DO want it all. I want it all. I want it all. I want it all. And I want it NOW!
Geeks are so full of shit that "beating the crap out of them" takes a whole new meaning.
That has some UI implications (i.e. gmail can't search the bodies of your encrypted emails). But still seems like a better idea to have your email on your client anyway; so why not have the search index there as well.
Then you're looking at it wrong. Everyone has a right of privacy, and everyone is entitled to care (or not) about preserving that right. When a portion of a government tries to stomp on that right they've done a serious injury to you, and while you're free not to care about it, I'm also free to care a LOT about it without being faced with the accusation that I must "do wrong or plan on doing wrong" because I care about my rights.
...if two of them are dead. Viva la revolucion! Or whatever.
On a more serious note: it's not private if you let it out of you in some manner. Want Cheetos? Pay with cash, and don't let the NSA learn about your high-caloric, high-sodium diet.
And stop googling, "How to make an atomic [insert whatever here]." It doesn't help your cause.
As with all things, assume that your communications are going to be monitored, whether electronic or not. I know, I know, it's not the answer you want; but the truth is...we put innocent people to death. If we are willing to do that, and not tear down our societies in an act of grief over the loss of a single innocent life, looking deeply within and without as to how or why we allowed this to happen, and how we can prevent it from ever happening again, then caring about protecting your privacy from the monsters waiting outside your door is the wrong approach. You're fighting Evil himself, and he aims to win by any means; if putting a gun to the head of one your children's heads to get you to decrypt your hard drive is what it takes, then he will do it, no hesitation.
I am John Hurt.
Actually, privacy isn't mentioned in the Bill of Rights at all. It has been inferred though not explicitly mentioned.
use Duck Duck Go for search
use NoScript and AdBlock plus in Mozilla Firefox for browsing
use MEGA for cloud storage if at all
use your own email address
use Tor for private browsing
keep what you want to yourself to yourself
The weak link of the chain is you. And they have very convincing methods to get what they want, especially if you have the habit of hiding your data in a suspicious way.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." Cardinal Richelieu.
See, when your government spies on everything you do, sooner or later someone will come along and decide that since they already have this information, they can use it for other things.
If you don't grasp this, I suggest you read more about Joseph McCarthy -- America is entirely capable of political persecution as any other government.
Bottom line, with your attitude, you deserve to be dragged off in the night, because you're part of the problem with the complacency and people not seeing what's really wrong here. That's kinda how I see it.
Since you're not part of the solution, you are the problem.
Twenty years ago, the US would make jokes about "papers please" and the Soviets. Now, that's just normal routine.
Lost at C:>. Found at C.
Live in a cabin in the mountains that is over 100 miles from the nearest cell phone tower. Also ensure that you have top cover so satellite surveillance cannot see your house. Add enough insulating material (dirt would be easiest) above your cabin so that there is little/no thermal footprint. And never leave your new found cabin, since cars and feet all leave tracks.
sudo make me a sandwich
ok, but shipping takes a few days...
People in cars cause accidents....accidents in cars cause people
Your an idiot.
/facepalm
If facebook, google are right to say that NSA did not have a direct access to their servers and that NSA actually had all emails and stuff that means that they were able to decipher all SSL / TLS encrypted communications or that they have the private keys of those big content provider. No ?
PGP. It's good enough for WikiLeaks and Edward Snowden and good enough for me
While one could attempt to encrypt everything that you send over the internet, and everything that you store in a "cloud", it simply isn't practical.
HTTPS (and other SSL/TLS-enabled network protocols) can protect the data going over the wire from snooping, but it does nothing to protect the data at the endpoints. In particular, if one of the end-points is a service provider your data ends up sitting on their disks in plaintext.
Email could be encrypted using something like S/MIME, but that requires that *everyone* that you send email to has an email certificate and is setup to handle S/MIME emails.
You cannot *ever* use any "free" internet service (anything from Google, Facebook, etc). Almost all of the data that you store on such services is stored in plaintext on the provider's systems. Even most of the for-pay services store your information in plaintext. Why? Because if the data residing on their servers is really encrypted, they cannot take any action on that data on your behalf. Google could not send emails for you if they cannot read your address book, for example. AWS cannot operate if it doesn't have the ability to read your data stored in their cloud. etc, etc, etc.
There are some cloud storage systems in which your data-at-rest on the provider's systems is encrypted. However, the only service that those types of systems can provide is to ship the encrypted data back to you where you decrypt it locally to do something. Even then, one has to check carefully to ensure that they are doing the key management correctly such that the only place that has access to the plaintext version of your keys is your local workstation. This does keep your data secure,but relegates the service provider to being nothing more than an internet-connected, encrypted hard drive. All computations performed on your data can only be done on your local workstation (i.e. no "cloud" services for your data other than the delivery of the encrypted data back to your workstation).
Basically, if you are performing any sort of communication over the Internet, or are trying to make use of any sort of hosted service, you are pretty much sunk. If you have lots of money and time, you can try to setup your own servers/cloud - and as long as you can prevent hackers from compromising your systems you can keep your plaintext data hidden behind your firewalls and export only services to the Internet - but that is a lot of work and money to do and it is notoriously difficult to keep all hackers out if you should become a target of interest.
Or you're a tea party supporter trying to start a nonprofit.
If I have been able to see further than others, it is because I bought a pair of binoculars.
The old 'if you are innocent you have nothing to fear' argument. I thought that one went out of fashion when the German Jews realized that being innocent is no defense again tyrants.
The solution is encrypt everything (OpenPGP for emails, etc.), plus decentralization. If everyone either hosted their own email, or used a minor hosting company, then it would be much more difficult for the NSA to round up all those emails. Then, if even half the population used OpenPGP for emails, we could hide in the mass, and the NSA etc. will have no hope of reading all those emails.
As soon as you have just a few spots (e.g. FarceBook, Google-, Murdoch'sSpace) that host the significant majority of a certain type of communication, then you have a huge weak spot. Solution is decentralization and federation.
Use tools like Diaspora, StatusNet, Jabber, SIP, and email. Don't use tools like Skype, Yahoo Messenger, AIM, Facebook, etc.
See also: http://autonomo.us/ and particularly Reducing vulnerability to massive spying with free network services?
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
This is the kind of crap that was held up as examples of why communist countries were so much worse than the US.
People, the government is supposed to work for you, not the other way around.
If I were God, wouldn't I protect my churches from acts of me?
Everyone should be concerned because all the other governments will see the US doing this and copy it.
Wait, you don't have a social media account, Comrade? Why are you being anti-social? Don't you like our society?
We don't have a state-run media we have a media-run state.
The problem with heavily encrypted solutions is that they rely on human perfection. There was a story a few months back about Sabu. He eluded the FBI for months until, in a hotel room, he made the mistake of logging into IRC without using Tor first.
That was all it took. One non-Tor login, and the FBI had him.
Human beings are not designed for constant watchfulness. We make mistakes. We screw up. Even if *you* stay perfect, the person or persons you're communicating with may not, and if the FBI or NSA wants the details of what you're talking about, they can "break" the encryption at either end of the conversation. Maybe they can't find you -- but if they find the people you're talking to, they can still grab the info.
I'm not saying that all security is useless, or that there's no benefit to raising the bar. My point is that the solution to this is to *stop spying.* Because, in the long run, almost everyone screws up.
Hint: It's the part that indicates the list isn't all inclusive and that reserves all rights not enumerated therein to the people. Or is that too far in for you to read?
Q: Is there any way to keep your communications truly private?
A: No.
The NSA has worked on infiltrating highly secure military networks in the past, it would be foolish to think you can keep data away from them and use the Internet at the same time.
Perhaps things like inventing your own symmetric key end-to-end encryption software on the basis of combining existing technology and algorithms (+ hand to hand key distribution) or hooking up random number generators to your computer and producing and distributing OTPs may callenge and potentially annoy them for some time. That's about it.
9th Amendment.
Is not their problem if you feel that you don't have anything to hide. You could be committing 3 felonies a day without being aware of it. Anything that you did in your past could be used against you, even if not a matter of national security, or against some friend to frame you if they think you did something wrong. And could be in your side to prove that you are innocent, something that could be costly if even possible.
And not forget that the **AA are in bed with them, the wrong you did could be having a background music in the video you took in a birthday party or that silly theme that you were singing with your friends when drunk.
Don't think just in the present, and your precarious today's safety, Things will change. And for worse.
So, in an effort to hide from NSA you go all out HTTPS. However, to avoid getting those pesky "this site is dangerous!!!" messages browsers show you on self-signed certificates, you buy your keys from any of the larger certificate authorities. Safe? Sorry, no. Almost all those CAs work under American jurisdiction, or on delegation from American CAs. Assuming NSA doesn't get the keys in other ways, all they have to do to get them is to ask the CA and the company would have to hand them over.
With those private keys available they can listen in on the HTTPS conversations in real time, and there is no way for the participants of the conversation to know this.
Amusingly enough, the safest bid (well, to hide from NSA at least) would be to use self-signed keys despite all the browser warnings.
If you still want to get valid keys, here is an interesting discussion on which CA to choose.
And the next time the US chastises another government for this kind of thing, they'll get told to blow it out their rear.
As you say, Google, Microsoft, et al have established the precedent they'll be willing to do this ... so every other government is going to tell them they want the exact same level of monitoring, and will expect to get it.
Lost at C:>. Found at C.
Security concerns are not about common people, or even criminals being tracked. It's aboud political opposition being tracked.
Snowden said he could listen in on conversations of anyone he wanted, including powerful people, and proceeded to do so as a test. No one came to get him for doing so without a warrant.
Among hundreds, maybe thousands of agents, it's trivial to insert an operative to listen to opposition.
He says he has data ready to release in case he's arrested. I hope it includes embarrasing conversations of said powerful people. Maybe then these jackasses will wake up.
All people want is a system design that tracks and records everything the government does, as it tracks and records everyhing we do, from Twitterers to opposition discussing political planning.
That currently does not exist.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I use quadruple ROT13 encryption. I've never felt so safe!
I'll presume that you're a troll but you drag out the age old "If you've got nothing to hide... argument"
Here are a couple of issues with this argument.
1. Retroactive violation of new laws:
Let's imagine that you're a smoker and that you smoke in your house. The government could pass a law saying "Smoking is not allowed inside any building. Anyone caught must pay a $500 fine." They can now either go back and look at their surveillance data and retroactively charge you for smoking in your house in the past or they can put you on a list of people to watch and then catch you smoking in your house.
2. If this is your stance that you have nothing to hide.... I presume that you don't have shades. Why don't you post your credit card statement on your front door for your neighbors to inspect "Hey, you've got nothing to hide". In fact let's make your browsing history completely public. How about your health records?
You may nothing to hide but I suspect you're also not eager to share your personal details with the world.
Yes Francis, the world has gone crazy.
I only use one time pads when tweeting.
...puts a crimp in the number of followers though.
We get it. I believe the reason that there is no right to privacy, the right to be left the hell alone, guaranteed in the Constitution including the original Bill of Rights is that no one of that time could have been reasonably expected to foresee that it would ever become an issue. The technical means for mass gross intrusion, and the present extreme degree of police state, could not possibly have been imagined at that time. One can criticise the oversight as a failure of imagination, but nobody is perfect.
OTOH, the failure to recognize the problem and provide a new Amendment to banish it in modern times is an egregious failure of the system.
Antonin Scalia would disagree with you.
While in theory I agree. Then again what the government is doing is criminal. Did you not see the /. post yesterday about relational metadata and how it can be used. It was a very interesting read, and I actually did RTFA. It showed how innocuous data mining like this could be used to identify people, in this case the data was used to show how seemingly innocent data could point to potential threats in this case it was Paul Revere.
I can fully see how this can be used to stop terrorist attacks, but so far we have finger pointing from every corner that says our intelligence community has had prior knowledge of several potential attacks and neglected to follow through. It is far more likely this will be used against law abiding citizens. What if I am a law abiding citizen but I begin speaking out against the injustices the administration is committing in the name of fighting terror and they use my data to pin point and come after me. I've committed no crime other than I could be labeled a terrorist for speaking up for my rights.
The way I see it it's just another way the government can abuse or circumvent checks and balances that were put in place to protect our rights.
Do you honestly want your government to know every minute detail of your life?
I am Bennett Haselton! I am Bennett Haselton!
So let me get this straight. You've got a military that spends trillions of dollars. You've got eight national defence organizations screwing with your own citizens. And a) you think that you can dodge an organization that has spent that many dollars purely to find you, and b) you think that you don't have a cultural problem?
Where do you think all of those funds come from? For every tax dollar that you spend, how much goes to military, para-military, and anti-crime organizations? How much of it winds up in actual crime? Are you spending more on anti-crime than you would on crime in the first place?
Maybe you should solve the actual problem. Maybe you should start electing officials who spend your money on things that you like, instead of things that you dislike. I can't vote for you.
And correct me if I'm wrong -- you see, my country earned its independence by asking nicely -- doesn't your country believe in violently fighting your own government to break free of restrictions to your freedoms? Have you forgotten how to do that? Your right to fight would seem to be the only freedom for which you do fight, and then you don't use that right to protect your other freedoms.
One of these days, you'll wake up to realize that you've kept the right, but eliminated the opportunity. What good is the right to bear arms when you can't get away with using it?
Really people, its for you, its for me, its for everybody. Everybody has something to hide. I have often told people they should encrypt their disk, they often say there is no real reason for them to use encryption but then you give some examples. Ranging from legal to illegal things they have.
For example do you want your mother to see your porn? I wouldn't care too much, but its probably for the best that she doesn't see all my porn.
How about movies or games you gotten from less legal places, you don't want the cops to find those.
Passwords and other general information like bank passwords. You would be surprised how many people save those in some txt or whatever. Your laptop being stolen could also result in your bank being emptied.
Face it, you have things to hide. Things to hide from all kinds of people. Its impossible for people to do only those things the law allows because the law is big and old. It spans many things that once upon a time may have indeed been bad but no longer are.
The reality is, you want to hide your stuff from everybody. And you fucking should.
Everybody does something criminal. On the average of three felonies a day.
http://kottke.org/13/06/you-commit-three-felonies-a-day
Want some bread with your water?
There are two types of people in the world: Those who crave closure
This presupposes that privacy is a right, rather than a privilege.
Wrong, wrong, wrong! And wrong!
It's a common fallacy spouted by those who foist surveillance on us. See here, here, or any other of the many hits when you search for privacy "nothing to hide"
It goes right along with the "privacy and security are mutually exclusive" fallacy.
People like you that are trading your long-term liberty and privacy for a current sense of security are going to rue this day eventually. These essential freedoms need constant vigilance. Many of our forefathers died defending them. They're rolling in their graves now seeing how so many are nonchalantly pissing them away.
Here's your homework. Go read the Constitution of the United States of America. No, really. Read it line by line and understand why some say it's the most important and influential document created in the last 1000 years.
I must have missed it... where is the government spying on its citizens allowed in the constitution?
That's clearly the tenth amendment, although it's a state government power, not a federal government power.
I'd say yes it is covered by the 4th and if it's too vague for you the 9th is worded so it may be covered there.
I'd say the government using tax dollars to create a repository and every communication is unreasonable. Not even bringing into account the lack of a warrant. If it wasn't covered by the 4th no warrant would ever have been needed for any wiretap.
I am Bennett Haselton! I am Bennett Haselton!
Never read the Federalist Papers, eh? There is no presumption on my part.
Yes we can! Yes we can!
I am Bennett Haselton! I am Bennett Haselton!
Here is how I see it.
If my life is so dull and boring and there is nothing to see why are you looking? Why are you wasting your time too look? Why are you wasting tax payers money on boring old me? Why is my phone company paying people for this (and in effect me paying for it with higher phone rates)?
If your only answer is 'just in-case you might do something' then you need to go back and re-read the constitution and understand why each of the lines are there.
All of this must be some sort of sick joke because I clearly remember making fun of other countries for spying on their own people.
Also even if it is on 'non Americans' it is still not right. It may be legal but morally it is wrong.
What the hell do you think funds these programs?
Deficit spending?
--- The American Way of Life is not a birthright. Hell, it's not even sustainable.
Not having a social media account could put other ideas in their heads, what are you trying to hide by distancing yourself from society?
You may squarely land yourself in the cross hairs for not belonging.
I am Bennett Haselton! I am Bennett Haselton!
And don't say it can't happen here. It just did.
We don't have a state-run media we have a media-run state.
If your data is on an Internet-connected computer you have already accepted some amount of risk.
Forgot this. Give power to the NSA. After all, they won't abuse that power, no? Well, they did, in 2008 NSA itself used to intercept phone calls from your fellow soldiers in Middle East to their loved ones, and even shared between them "interesting" calls. Are you prepared to not have that kind of privacy neither?
The parent should be modded up. It's factual, relevant, and worth remembering.
The problem is that your right maybe someone else's breach of freedom. That's always the issue.
E.g. You eat peanuts, the guy beside you is allergic. He has to leave the event because he can't be within 20 metres of peanuts...
Collection of information can protect citizens from crooks but also impede on said individuals privacy. Which one is more important? Is there a balance?
None of those things will help you. To the NSA, the content of your email may be less important than with whom you are communicating. Yes, the care about the content of some emails, but their dragnet appears to be for network analysis -- sender, recipients, date, time, etc. The NSA almost certainly catalogs every DNS lookup you do. This is the stuff that is erroneously being referred to as metadata.
One possibly surprising way to keep your communications private is to read/post your communications to a very public forum. That way the intended recipient is difficult to determine. Keep the communication slightly covert -- a little steganography goes a long way if you can fly under the radar. Just don't trust others with your privacy.
Our rights are inalienable -- but only if we use them.
the growth in cynicism and rebellion has not been without cause
We need a campaign to turn off http. Only https should be allowed, websites should be discouraged from allowing http access. Browser makers should help too, but having popups whenever someone goes to an http site.
Those who worry are usually those who have something to hide or something criminal in the works.. Bottom line, you can't care about this, unless you do wrong or plan on doing wrong. That's kinda how I see it.
Of course, some don't have such myopic views that they worry only about what will happen to the data today, but wonder what will happen 5 years, 10 years, or longer from now when the government has a huge database of everything we do and who we do it with, and that a future government may decide that someone or something that we've associated with years ago is against the public good. Or maybe someone has political aspirations and doesn't want the party in power to able to dredge up all sorts of gossip at the click of a button. Or maybe one thinks that those that control the information also control who comes into power through the use of that information, perpetuating a surveillance state.
There are lots of reasons to not want the government tracking our every move.
Do it to me. I'll make my invisible big brother wish he or she could sell everything and go Amish inside of a month. Do you know how many LEGAL actions are possible within the privacy of my own home? That I can do in the full knowledge that you'll HAVE to watch them? This goes both ways you know, what you see you can't unsee and at some point I can guarantee you I'll make you take everything out just so you never have to see any of it again.
Here's to hot beer, cold women, and Glaswegian kisses for all.
This presupposes that privacy is a right, rather than a privilege.
This is part of the reasons we have so many problems with government. At the time the US government was formed the premise was:
The people have all the rights; the government has no rights at all, except those granted by the people through the constitution.
For most people today the belief similar, except they swap people and government.
//TODO: Think of witty sig statement
Certificate-based encryption (like HTTPS) is only as secure as the certificates that sign sub-certs. If you accept certificates signed by a trusted CA, and that CA is compromised (i.e. controlled or accessible by the NSA, which all of them are), then you have no privacy, and all of your communications can be monitored without your knowledge or consent.
Here's a good writeup on how it works:
http://theorylunch.wordpress.com/2013/01/24/ca-mitm/
How would you interpret this:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
What part of that do you feel authorizes the government to collect detailed information about our private lives? Or do you think email is not "papers" because it's stored electronically and that if our founding fathers meant for email to be included, they would have had the foresight to include electronic document storage?
It's naive people like you that are the real problem, because you're happy to have no rights.
Just goes to show you the founding fathers must have been criminals according to the popular belief of "no reason to worry if you have nothing to hide".
Well, strictly speaking, they were criminals before they became the founding fathers. Waging war against your own government, whether necessary or not, is, I think, rather universally in the "shit the government says you're not allowed to do" column.
But don't let my pedantry give the impression that I think there's anything other than soft-headed cowardice behind that authoritarian bootlicking.
Or you're a tea party supporter trying to start a nonprofit.
Or a political advocacy group illegally trying to file as a non-profit.
Let me get it straight -- you want to keep NSA away from your personal data? NSA spends billions of dollars to snoop your data while Chinese government spend billions of dollars sending people to space trying to mine the resources from outer space. Which is more stupid?
Don't conflate the https/TLS protocol and the Certificate Authorities.
With DNSSEC and DANE you can create your own certificates and publish them in DNS. No Certificate Authorities needed.
Nice Queen reference.
"That's right...I said it."
You could...
Host your own mail server. Of course, you'd probably have to upgrade your internet service to a tier where incoming mail ports aren't blocked. You'd also need to have SSL/TLS support, ensure everyone whom you email hosts their mail on your server and that you can personally trust them. Not exactly practical.
Instead of Skype, use a decentralized chat system like RetroShare. Takes some doing to trade PGP keys with friends, but works.
Use an encrypted proxy for all of your surfing. Practical and quite easy.
Use encrypted SIP for VoIP communications. No idea how easy or difficult this is, haven't researched it.
Throw away your landline and cell phone. Goodbye 911 service.
The point is that the middlemen have proven themselves unworthy of our trust and we should seek to avoid them. The larger and more daunting point is that this breakdown of trust could ultimately lead to a society's collapse.
Nope. You don't see it at all. Because illegal is not a synonym for wrong .
Over 2000 years ago, Sun Tzu pointed out that when the laws imposed by the rulers are aligned with the customs and ethics of the people, societies are prosperous and resistant to crime, war and rebellion. When the rulers lose the way, as the corporate overlords of the USA have, the people become unhappy and the society becomes progressively more fragile over time. Eventually a neighbor invades or a province revolts and the rulers are replaced, because nobody's willing to die to protect them anymore.
These root servers root packets to their correct locations....
So duplicates of these packets can be routed to any other location...
And analyzed for interesting material and then either saved or dicarded...
So, no, there's not squat you can do. All internet traffic in the USA, regardless of form or format is theoretically possible to search, analyze and store. There may not be enough capacity to save all of it, but the interesting stuff, I'm sure, is compressed, catalogued and stored.
Can "interest" be evaded? Probably. Encrypting within .pngs and .jpgs might work. Simple agreed upon coding systems in plain text might evade detection. Zipped and encrypted files, I expect, would all be saved for later processing.
Would allusion packed Klingon poetry get through? Navajo? Elvish? Hard to say. You'd probably take up someone's time though. Keyword flooding might work to overload the filters, but it's hard to say how much capacity is involved. Flooding might not work.
Partial separated messages would also probably work if there were no obvious semantic or other identifiable similarity. Tricky as well.
This is just off the top of my head. There are undoubtedly more effective ways to use internet communication in an invisible way, which unfortunately leads me to the conclusion that this effort is going to be fairly effective at catching stupid people and lax people, but not people who are either sufficiently bright, or sufficiently paranoid.
It obviously also doesn't have a lot of predictive power, otherwise two pseudo-Islamic nutjobs in Boston would have been stopped before they bought their first pressure cooker.
Please do not read this sig. Thank you.
Even if we never send or receive an email, never access the web, and never make or receive a call, most of us can still be pretty accurately tracked. If you carry a mobile phone with the battery charged, you can be tracked by GPS, or by triangulation from nearby cell towers (even if your phone is "off"). If your car has OnStar or a similar service, it can be tracked as well. The government could use this to build a very accurate picture of where you go and who you associate with (e.g. what church, if any, do you attend? where do you work? where do you live? do you obey speed limits? etc.). This can lead to inferences such as ability to predict what political party you're likely to support, or whether you're likely to own a gun. Even if you trust the current administration to only use this data for anti-terrorism purposes, the very existence of the database of "who associates with who" will inevitably lead to abuse by a few bad apples (e.g. local law enforcement) in the government.
This presumes that reading the worlds gmails and facebook posts will actually stop terrorism, just as you presume that somebody who has a mythical allergy to being within a 20 meters radius of peanuts would venture beyond the assured safety of his home.
Over 2000 years ago, Sun Tzu pointed out ...
spot on.
Hmm?
I've had this signature since we found weird routing in Ultima Online. My hope is that some poor asshole has had to read
every
single
one
of
my
emails
for the last 15+ years.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Tell me if this isn't a more exact definition of privacy than simply stating: "People have a right to privacy."
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
That's why DHS was monitoring the anti-war protestors in Boston instead of looking for terrorists with bombs, right?
Because TERRORISM!
Face it, the jokers in power aren't Republican or Democrat. They're authoritarians.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Okay. Tell me your name and where you live so I can get started.
I don't want "it all". I just want our government to respect our rights and our Constitution. Is that too much to ask?
That depends on which Constitution you are referring to. If it is the one written as a founding document of the United States, as written, with a long period of interpretation and decisions in the courts, then that isn't too much to ask for. If it is the same constitution, ignoring the long history and results of jurisprudence, but with a strong added dose of common misunderstanding and possibly fortified with fringe theories, then that probably is too much to ask for. The only thing you are likely to get is the first, but many people desire something like the second.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I'm being pedantic, and I know it.
The fourth amendment protects against warrantless search and seizure; but it does not provide a right to privacy. There is a difference.
I'd say the government using tax dollars to create a repository and every communication is unreasonable. Not even bringing into account the lack of a warrant. If it wasn't covered by the 4th no warrant would ever have been needed for any wiretap.
I agree that the government shouldn't be using tax dollars to monitor every communication, I agree that they shouldn't be doing this kind of monitoring without warrant, but I disagree that privacy is a constitutionally protected right.
Oh and I'm going to need a signed affidavit stating you're fine with that. Do hurry with that.
fuck the peanut guy thats evolution telling you that you lost.
These laws aren't stopping terrorism. Period.
If they were effective at all, then we'd never have had those bombers in Boston. What caught them was regular police work, not an online omni-surveillance.
We have rights. When the government breaks the laws of the constitution, IT LOSES ITS LEGITIMACY TO GOVERN!
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
let me give you a small tidbit as to how many US parties respect our rights and our constitution. It's a number slightly less than 1, and it's an integer. There are very, very few individuals in any party that do respect them, and the majority does not.
Why, exactly, are you posting as an Anonymous Pussy?
- X/Y -
The problem with that amendment is the "against UNREASONABLE searches" bit. With the culture of fear created after 9/11, a significant portion of the population feels that this is reasonable if done in the name of fighting Teh Terrorists(tm), which has thus far made the surveillance at least appear constitutional.
I guarantee you that merely putting cameras inside your home would easily subject you to being found illegal by many laws in any state in the entire US.
I don't think you understand even the smallest shred of why this shit matters. There is nothing you can do that would stop other people from wanting to look at you, because merely posting this online they could probably extrapolate into "terrorist threat/subversive of the US/rebellious against the US" and you'd be gone.
your statement is so full of shit it's laughable.
Don't be such a drama Queen
Personally, I can accept that with technology advancements, the speed of which crime / terrorism / evil can adapt and execute has gotten equally faster. Countermeasure that do not keep pace have been or will soon be rendered obsolete. Therefore, losing some privacy may be a necessary evil.
The problem is the lack of any checks and balances to prevent abuse. If the NSA has to access my phone records because they have credible evidence that doing so may prevent a crime, no problem. By the time they apply for and receive a warrant or wiretap, it may be too late.
But the NSA employee who happens to disagree with my political beliefs, or is screwing my wife, or merely wants to discredit or inconvenience me (or worse) because he thinks I cut him off in traffic... those are the missing protections that need to be put in place along with the access of my data.
You stereotypers are all the same...
you have been automatically registered on an elite list of wannabe bozos..thank you come again.
It's a question of balance. Your freedom is the currency on which govermnent operates. Are you getting your 'moneys' worth for what you are giving up? I think the only possible way you can say that is true for something like massive data collection and archival is from a terribly naive viewpoint. Governments rarely give up power. They just don't. Even if you consider what is currently known to be acceptable, it is inevitable that it will expand as time goes on. Considering the possible abuses, and the potential magnitude of damage those abuses could cause to everything that democracy stands for, I cannot imagine any realistic threat worth taking that risk. Make no mistake, these are the -seeds- of a future we do not want. They may seem almost benign now, but have the potential to grow into something far worse than a few people with bombs.
Software options compared to mainstream products courtesy of the EFF
http://prism-break.org/
Were the Federalist Papers adopted as law? I was under the impression they were not official documents, and as such conveyed about as much authority as discussions like this.
I must have missed it.... where is privacy protected by the constitution?
(Hint: it's not in the fourth amendment.)
Similar to "what is a right?" The concept of privacy is pervasive but not worded literally per 21st Century American English for an 18th Century document.
Since the First Amendment provides for the right of beliefs and expression, and what is "wrong" is a moral consideration governed by personal beliefs, then the notion of privacy (freedom FROM observation, intrusion, and attention) is covered by the same Amendments which provide the rights FOR even having beliefs.
Same argument supports the second amendment as well. If the Framers intended for me to own an M4, they'd have specified it. No, the principle's the thing here. Do we have a right to privacy in our affairs or not? I read the 4th amendment to say we do. I also read the 2nd amendment to say we have a right to own modern firearms.
Peace is easy to achieve, just surrender. Liberty is much harder get/keep.
The 4th's ban ban on general warrants (that's what it means when it mentions "warrants" in its historical context) strongly implies a privacy right. General warrants were authorization from the crown for its agents to search any person or premises they desired to, blanket authorization. The 4th amendment bans that. The government has to have specific cause, evidence already at hand related to a specific person or premise, to search at all.
That the government in general has no right to search means by very strong implication that you have the right to the privacy which results. What else is it but your privacy that the 4th amendment says the government can't intrude on? It's nonsense not to find a right to privacy as a necessary implication of our constitutional protection from general warrants.
"with their freedom lost all virtue lose" - Milton
Which one is more important?
Privacy, obviously. Anyone who says otherwise is a naive fool.
If you are an individual (e.g. not an intelligence agency), and the NSA is actually interested in your communications, then you have far more serious problems than data privacy. If they are your adversary, you have probably lost whatever game you were trying to play.
Let's get drunk and delete production data!
The problem with that amendment is the "against UNREASONABLE searches" bit. With the culture of fear created after 9/11, a significant portion of the population feels that this is reasonable if done in the name of fighting Teh Terrorists(tm), which has thus far made the surveillance at least appear constitutional.
In my reading, even a reasonable seizure should be covered under a warrant supported by probable cause. It would be hard even for a secret FISA judge to claim that there's probable cause to search the records of millions of Americans who are not suspected of committing any crime.
Whenever someone uses the "nothing to hide" line (and unfortunately I work with some) I ask: "When you go to the bathroom at home, do you close the door? Even if you're the only one home? What are you hiding?"
Which is why our government should be open in its actions, correct?
So you don't mind giving us your real name, home address, phone number, e-mail address, password to said e-mail account, SSN, date of birth, credit card number (with expiration date & security code), and all your bank account information (including ATM PIN code) right? After all, if you're trying to keep that private, that must mean (by your owm argument) you're doing or planning something criminal in nature.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
That's silly. Privacy is a constitutional right
Thats right. Good old Article 9.
Those who worry are usually those who have something to hide or something criminal in the works.. Bottom line, you can't care about this, unless you do wrong or plan on doing wrong. That's kinda how I see it.
That is a wonderful vision you have, that would only work in a world where there is no evil. You may not have anything evil or criminal to hide, but that most often is not true of whoever is seeking your information.
A sufficiently advanced simulation is indistinguishable from reality.
Easier to fake arson than a flood.
I come here for the love
Most of you posers want it all, but aren't willing to give anything for it in return. You make me sick. The Constitution is meant to evolve. It's made up of amendments. it was written in English, by people who then knew the language. It's an amazing piece of work and even those who wrote it, knew they couldn't foresee everything. That's why they are called AMENDMENTS. And the engine which powers this is called DEMOCRACY. The power of the voters.. But that went awry the moment laws were drafted in favors of special interest groups, instead of the actual people the Government is supposed to govern. That's called CORRUPTION. Anyways, as usual, we can agree to disagree. This was fun..
The 9th Amendment covers it quite well. Since the government is not granted an explicit power to infringe the right of privacy, it is a protected right.
Nowhere in the Constitution is the government granted a power that overrides privacy. Taken together, the 4th and 9th Amendments should guarantee that privacy is a right which may only be overridden by a warrant issued based on probable cause.
The government powers should be read as follows:
Order Deny, Allow
Deny from all
Allow powers as written in Constitution
Unfortunately, it's been re-interpreted as:
Order Allow, Deny
Allow from all
Deny as few powers as possible without causing a revolt
The 9th, however, does guarantee a right to privacy.
I'll take you up on that offer. Name and address please.
how about this: if you float and live, you are a witch and we will burn you at the stake, but, if you sink and drown and die you are not a witch.
is a can't win.....
fine, you may sacrifice your privacy. just leave mine out of your decisions.
Then support a Constitutional Amendment that revokes the 9th. Otherwise, you're supporting the willful ignoring of a system that you may one day need to use. If it happens that someone is in power who doesn't like you (for whatever reason that may be, some petty, some not), they'll use the old justification that you supported saying the ends justify the means.
Apparently you have no problem with what McCarthy did, since that's exactly what you're attempting to justify.
And how, exactly, are you going to provide for your family when the FBI kicks in your door and hauls you to a detainment center because they felt you were a threat? Perhaps you think that because you're a good guy and supported this, that you won't be targeted? You know, a lot of McCarthy supporters thought so too. Every bit of power you give to the government will be abused, there is no discussion on that. Checks and balances don't work well when it's one part of the government answering to another. Personally, I'd rather have a terrorist group that has to work to hurt me than a government that doesn't.
Sure, the google search term "Bill of rights" should get that for you.
Its in there but you have to be able to read and comprehend it. Maybe the word "Privacy" is not in the document, but it most certainly describes privacy in your right to be free from unreasonable searches. Go re read the 4th mmkay?
... expect someone else to see it. It really is that simple. Anytime data leaves your network or has a means of leaving your network, expect that someone else can and is looking at it. Of course you can encrypt everything, use Tor, only go to HTTPS sites, etc, but as soon as you place or pull data from someone else's systems or networks, expect there to be a trail or log of that happening at the very least. This isn't conspiracy theory or whatnot, it's common sense really. Do I like it? No. Do I not like it enough to quit using the internet, phones, etc?? Hell no!!! I'm just aware (as I have always been) that if I use someone else's stuff, don't expect the experience to be fully private, that's all...
sigs are like a box of chocolates, they all suck remove the underscores to email me
Or anyone targeted by McCarthy's hearings.
then you don't believe in your country.
When the statement is made similar to "Those who worry are usually those who have something to hide or something criminal in the works," they are speaking directly to government surveillance on a massive scale. If I'm not significantly breaking the law I'll just look like background noise. It is a valid position to take based on privacy alone. If you are specifically targeting one person, then that's a completely different argument and completely unrelated to what is happening here. You are interested in your target. You have invested of your own funds and time to spy. If your target is not a criminal, what is your return on that investment? You are likely interested in damaging your target in some way. Conversely, the government's intention is not to damage its target. It is targeting everyone because that's easier than targeting people individually where they would need separate warrants for each case.
Personally, I don't agree with it because it erodes rights, and at some point, unless history has taken a new turn that it never has before, this government will become so corrupt that it will need to be replaced or significantly modified. What the State will do with the information it has and is still collecting at that point is to defend itself in its current form by attempting to destroy its opposition or to control the citizens with tyranny. People who read history books can see this coming and are opposed to this erosion of rights. Those who live in magic pink pony land defend this erosion of rights because they somehow think that the human race has evolved beyond the point of repeating history.
There is not now, and never was, an absolutely free society. It's probably logically impossible. This is why I'm not an anarchist.
Similarly, there is no totally unfree society. That's probably logically possible, but not at all practical.
The argument should be about which particular freedoms are necessary, and which rules are acceptable. Unfortunately, from their very nature governments tend to desire a more controlled society, no matter how controlled their current society is. Different parts of the government desire different kinds of controls. Spying groups want to be free to spy on anyone and everyone. Is that freedom or control? Police groups want to be free to use any degree of force they find useful. (Some of them go a bit beyond that and want to be free to use any degree of force they chose to.) Is that freedom? The same can be said of local bullies and gangsters. Is THAT freedom?
It's not a simple question. If my right to swing my arm ends with your nose, what if I just come close? What if you intentionally put your nose in the way?
The government has clearly gone further than most libertarians think acceptable. Many conservatives, however, seem to feel that any action that suppresses "deviants" (defined as those who deviate from their interpretation of the convervative belief) is justified. Many fearful people seem to feel that any government action that causes them to feel safer is justified. Notice that that has *no* evidencial test. Etc.
I have my doubts that more than 50% of the people believe the government has gone too far. It would probably need to approach 75% before there was massive counterpressure.
I think we've pushed this "anyone can grow up to be president" thing too far.
Fuck my country. Fuck the IDEA of county. My country (like all countries that I know of), is run by people. People are stupid, greedy, self-centered and any other description you care to name. I don't want to give the PEOPLE that run my country any more power over me and the other PEOPLE that inhabit this country than I have to.
>> Fortunately there are ways to gain a measure of security: HTTPS, Tor, SCP, SFTP..
Don't those all rely on SSL?
Do you REALLY believe that the NSA still hasn't cracked/can't decrypt SSL (or any of the stuff mentioned) yet?
The thing is that the spies who naturally consider themselves to be the good guys, don't want to be spied on themselves, but want to have complete freedom the spy of everybody else. In a world with an even playing field where EVERYBODY, without the slightest exception, would have all their actions and thoughts tracked 27/7 and made public would not necessarily be bad. Mr. Snowden took some steps to even the playing field.
It is because some people want to be more private than others, that causes problems. It is like that with other things, such as taxes or guns for instance. I won't tax you I won't tax me, we will just tax the man behind the tree. Tyrants or potential tyrants have always, without a single exception, always have endeavored to disarm those who might oppose their tyranny.
A sufficiently advanced simulation is indistinguishable from reality.
Secure voice is as easy as loading a ZRTP capable softphone (I use Jitsi) and registering on a SIP or XMPP network. Unencrypted connections to the PSTN are available from VOIP providers at reasonable prices.
If you want to run your own PBX, try Asterisk or FreeSwitch. You can set it up to connect to an ATA for use with a regular telephone.
It sounds like you prefer a DIY solution. If not, you might want to check out Phil Zimmerman's Silent Circle.
I've been meaning for a while to write a guide for friends/family about this. I thing that first you really have to have an understanding of why this is happening, what the goals (hidden and obvious) are for those engaging in the spying, and determine where you stand on the subject before you can't make any sort of plan for implementing the level of privacy you desire. From there the entire discussion is about capabilities and methods. I will forgo the first points in the hope that the hacker mentality still thrives at least somewhat on /.
First, there was metadata,
Metadata combined with modern algorithms and big data can give it's owner just about everything on you. Here is what I consider metadata
(this assumes every point compromised except local, imagine NSL's etc)
IP - Your ISP will always know this. Circumvention includes tor, i2p, other anonymizing technologies. VPN does not secure your metadata. Wardriving. Rooted boxes.
MAC - Much less of an issue, can be spoofed easily. Usually not know outside of edge network devices or ISP.
Time - Heavily used but not well understood. Correlation of login times to compromised activity elsewhere holds up pretty good in court. The longer they've been watching you, the more dangerous to security this is.
Other machine identifiers (agent strings, cookies, DNS, etc) - mostly a software (and knowledge) issue. Have to be able to prevent DNS leakage, spoof agent strings, keep machine clean of cookies (including harder to find/remove cookie types like flash) If you are on windows... this is your most likely failure point.
Then, there was low hanging fruit.
Low hanging fruit: cloud services (webmail providers, social networking, cloud apps, cloud storage/computing, voip/txt chat protocols, etc) If you use these services you must expect them to be compromised and not private. You can choose to not use these services, or compartmentalize use of them (which is my preferred method). Data poisoning becomes more relevant here. Now, you can attempt to be anonymous while using them (say tails(tor) for facebook), but the data is still compromised. But if they can't tie my identity to X, why does it matter. Two reasons: one, because if you are using a service like that, all it takes is one slip up to tie everything to you, and two, because there are other ways beyond even time-data correlation to do so (writing analysis for example)
So, assuming you have figured out how to be relatively anonymous and encrypt your data (ssh, tcplay, dm-crypt, gpg) You self host as many services as possible, and directly connect to people/sites you "trust". You have in intelligence terms "gone dark" or "dropped off". I'm going to ignore the issue of DPI for the moment.
This is where the majority of people who care about privacy want to be. They want to be just enough of a hard target that it's not easy to grab up their info. This is what the 90's cryptowars were about. The ability to go dark.
The problem with this state is twofold: First, your data can still be retroactively inspected. So that AES-256 you think is nice and secure is finally cracked by the NSA (if it isn't already). Then they run it on gobbled up data from the past, and suddenly your encryption is worth jack. (save discussion of storage feasibility for another time, some of the math has already been done over on Schneiers blog)
Second, once you become a target for other reasons, they will resort to other methods. First with off-site but close compromise. Usually ISP. Then escalated to remote compromise (trojans, keyloggers, etc through 0-days or backdoors) If for some reason you are still safe at this point, commence black bag operation. While you are at work, they break into your house and plant a physical keylogger, audio bug, copy HDD, install trojan (MBR not encrypted? evil maid!) or any other number of growing possibilities. This boils down to your physical security. Think your ADT alarm system works? Think again (well, this depends on who you pissed off, normal
"It's ok, I'm completely secure as long as my iron is off"
"Do you honestly want your government to know every minute detail of your life?"
Actually I would not mind that one bit if I could also know along with you and everybody else know what the government and all of the bought and paid for politicians and their bureaucrat underlings are doing every moment of their lives.
A sufficiently advanced simulation is indistinguishable from reality.
Whatever it is you're doing, the internet has proven that someone, somewhere will pay to see it.
Socialism: a lie told by totalitarians and believed by fools.
OTOH, the failure to recognize the problem and provide a new Amendment to banish it in modern times is an egregious failure of the system.
This. Why did we stop amending the constitution recently? Amendments, or at least proposed amendments, used to be common. But somewhere along the way we seem to have decided it's better for judges to get ever more creative in interpretation than to use the amendment process. That will end in tears.
I think there would be a lot of popular support for an amendment clarifying the right to privacy as an explicit protection from government attention without specific evidence of a specific person being involved in a specific crime.
Socialism: a lie told by totalitarians and believed by fools.
Encryption is fine and dandy, but your metadata is still exposed. Unless you have a Tor for your mobile traffic, then your metadata is still effectively exposed in the clear.
I've read it.
IF privacy was the goal, it would have been written more along the lines of "The government shall not gather private information, except as proscribed by law or duly authorized by warrant."
As is, the fourth amendment has very limited scope.
For the secret stuff ... go old school ...
Write on paper ... with CIA approved invisible ink (make it at home). Use you own chosen encryption algorithm ... then place in envelope and deliver to United States Postal Service.. Congress and corporations are trying to put them out of business anyway, so the popular thought is why would anyone use the USPS? Or invite someone else to function as a personal courier. Yes, it is slow, but it works well for the Mafia and other organizations, e.g Al Qaida.
Delivery will be a rental box instead of residential address. Box is changed every 2 to 3 months and paid in cash or prepaid debit card which is not linked to you.
These days ... few would suspect this slow but reliable communication. Even if the NSA intercepts and 'attempts' to read ... it will be too late ... as you will have had plenty of time to change to the next previously arranged encryption key.
Sounds like the Emails were searched and seized to me...
Any expectation of privacy in a system that relies on an open store-and-forward system where the messages are passed in plaintext is unreasonable.
That's rather like suggesting that you expect information you send me on a postcard will stay confidential.
Seizure of an email would mean they are depriving you of it - that "they" took the only copy.
If we simply man up and burn Washington D.C. and the NSA sites to the ground to send an unequivocal message about how we feel about their assaults on our Constitutional rights. I acknowledge that many polled in these shores would happily bend over for an anal probe. They are not my countrymen. The rest of us must reclaim our liberties from Washington or we will have to pay many more times in blood down the road to do so when more of the apathetic wake up.
Note: this is not a Left vs. Right issue. Both parties have been complicit in this. They are not our friends. They must both be cleansed.
Do what you can, with what you have, where you are.
This kind of argument re: "the person watching will be bored/frustrated" may have worked circa 1948, but nowadays computers can do the work. When there's something useful then the computer signals it. No muss, no fuss. I'm always stunned by how many people refuse to get into the 21st century with their thinking on this issue.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
The problem is that your right maybe someone else's breach of freedom. That's always the issue.
E.g. You eat peanuts, the guy beside you is allergic. He has to leave the event because he can't be within 20 metres of peanuts...
Collection of information can protect citizens from crooks but also impede on said individuals privacy. Which one is more important? Is there a balance?
Ok, first, the government cannot give you Rights. Rights cannot be taken away. (see YouTube for George Carlin) I know, it's called the Bill of Rights, but it's not. It's a list of vaguely defined privileges each citizen is given and can be taken away. Yes, legally taken away through the Courts or legislation. Sorry, it's true.
Everyone deserves to have the same privileges, the problem is not everyone wants the same things and not everyone can (as in "able to") exercise their privileges either by choice, illness, injury, birth defect, etc. Are they being oppressed or denied anything? No, they just don't want or can't use a privilege granted them by the government. To use your example, the guy eating peanuts in a public place with no expectation of privacy or primacy can do so unimpeded. If someone gets near and has an allergy, you already gave the civil outcome to that, he moves away from the peanut source and continues exercising his privilege of being at the same public event. The guy with the allergy has to be more aware of his environment, but his "rights" are not impinged because someone else at the same public event is eating peanuts. There's no law against eating peanuts.
Finally, can there be a balance? Sure, as long as all parties get along. As long as people are educated about what their PRIVILEGES are and what the difference is between them and RIGHTS. They learn to find ways to live with each other rather than kill each other. They mature in their world view to incorporate the viewpoints of others. We the People are the government in the United States, something our recent political discourse seems to have forgotten to mention. It's not an US versus THEM situation because WE ARE THEM AND US! We just need to find a way to protect our privileges without wiping out all the ones that protect our freedom.
I do not like what's happened to the United States since 9/11. I think we went completely off the hinges and instead of pulling back once the major conflicts were over we plunged deeper into the paranoid abyss. When FISA gets taken out of the picture something bad is going on. BTW, the NSA can break just about any commercially available encryption out there (Hi boys! [waves]), so the "goodluckwiththat" tag for this story is absolutely fitting. You'd be better off hiding data in wheels of cheese like the guy above.
Sure, but remember:
1. The constitution doesn't GRANT rights, all rights are thought to be 'natural' born rights everyone comes with when they hit the atmosphere here on earth. So, privacy is an right by birth. Unless the govt/state passes a law limiting that right, you have it.
2. The constitution (again) doesn't grant rights, but instead enumerates the limited powers the government is supposed to have over you....the bill of rights is there giving special note to some rights, but you had them without the bill of rights...just just are there to special attention to those they mention.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
My LUG recently discussed this. Here's what we decided. ... facebook, G+, twitter, instagram ... pinentrest ... if you've heard about it on TV definitely avoid using. ... don't use a cloud service for this. Seriously. .com, .org, .net, .info or .us TLDs.
* There are different levels of "privacy"
* HTTPS has been broken for a decade. Governments have known this and abused it all this time. The 3rd party certificate model has always been flawed - prone to government meddling.
* Metadata about communications has always been provided to governments around the world. I worked on a telecom system in the early 2000s that shipped every header for every email to an EU data center. It was mandated by a law there. Not the email itself, just the header data.
* Don't use cloud services. Google, Apple and any other large/popular company is already providing APIs for self-service by governments around the world.
* Don't send email to anyone using popular cloud services. Your privacy is at risk.
* Don't use any centralized social network
* Avoid using proprietary software for security. Most of these work with governments (their largest paying clients) to ensure a back door certificate is available to decrypt. Don't believe me? Fine.
* Use GPG for email encryption. This requires some setup, trusted exchange of credentials, etc. Practice and use it **before** you need it. This is especially important if you are in a news organization.
* Use whole drive encryption - based on F/LOSS software. That usually means Truecrypt.
* Use a F/LOSS password manager. Er
* If you are directly connected to a network, you must trust that provider for most online security. Only "darknets" are truly safe online.
* If you need an internet server for anything that isn't considered "good" by the current government, get a domain from a different country and locate your data in a different country. If you don't want the USA government stealing your domain and redirecting traffic, do NOT use
Ok, in short, only use 1-on-1 encryption to people you know online. PKI is fine, provided that no 3rd party validates the certificates. Best to have swapped keys through a known-secure channel prior to use. Ssh and openvpn are your friends. HTTPS is not.
It is best to run your own services, on your own hardware, inside your own data center, on your own network. The next best way is to get a physical cage inside someone elses data center. NEVER use cloud providers or VPS providers if you care about security of the data.
If you want to launch attacks on others, any VPS is fine, even EC2.
There really is no want to be 100% secure/private on the internet today. It may be possible to sneak onto someone elses network, spoof your MAC, spoof your IP, spoof your OS and send nasty emails using a temporary account once or twice, but don't expect to get away with it if you
* drive a vehicle to the location
* live close to the location
* are dumb enough to not hide your OS and browser "finger prints" from others on the network. Every browser appears to be just a little different from others, even if they run exactly the same plugins (unlikely). The FSF has a tool to help you see this.
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin
People who read history always assume history will repeat itself exactly the same way as they've read about. Its why anyone who studies WW2 will go on forever about how hyperinflation is clearly just around the corner and why Americans seem so ridiculously obsessed with fighting the next civil war.
I feel the need to say this explicitly, rather than by the inference of moderation or the suggestion of Foeing you.
Your view is ignorant.
There. Now you can't say nobody ever told you. How you see it has little to do with the reality of the situation. Typing in complete, coherent sentences can't hide that.
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
It's a lost cause. Government spooks are not completely stupid. You can bet your last penny that OS makers and software companies that sell encryption software or devices have been invaded by agents and ways to get the materials are transparent and probably quite trivial for them. Companies may nor be aware that an employee is a government agent. Government agents are a lot more common than you might think. Chances are that you have know several over the years and never had a clue.
If a person or group is determined to get at some data you have, they will. The best you can hope for is making it a serious, expensive, pain in the bum for them to do so. There are different degrees of pain you can give them, where it costs a lot of time and money to decrypt your files. I believe in inherent laziness of people. If you have to get a government worker to think and actually fulfill a task, they are not going to be very pleased...
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
Actually, privacy isn't mentioned in the Bill of Rights at all. It has been inferred though not explicitly mentioned.
The "right to privacy" is indeed an inference not supported by the letter of the law. Freedom from unreasonable search and seizure is mentioned. But you all seem to have forgotten that our dear congress have given away that right—along with habeas corpus in the frenzy of legislation that follow 9-11. So why are you surprised when the government makes use of its duly legislated powers?
Great men are almost always bad men--Lord Acton's Corollary
Never have points when I need them! ABSOLUTELY right!
Three Squirrels
The same crap comes up in regards to stuff like license plate readers. You can't plug the flow of information to fix your problems, ALL you can do is define how and when the information is used in other processes, like when it is admissible in court, for example. If you don't have faith in due process after all, it doesn't really matter what information is present. So, what has anyone actually DONE to any of you (U.S. citizens) with the information the NSA gathered?
How could anyone possibly know what the use of this data has done when they don't even know the extent of the data collection, the parties that are compelled to turn over the data aren't allowed to tell anyone that the data has been requested or who requested it, and even if it were used against them, the secrecy of the data is deemed so important to national security that it cannot be revealed to you.
That's the whole problem with this secret court, no one can challenge its rulings because they are secret.
Remove the curtains from your windows. Allow people to photograph you naked. Can I tap your phone? You have nothing to hide, right? Idiot.
In the specific case of not letting the NSA snoop on us, can't we just flag the US as damage and route around them?
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Too simple, make it look like a conversation
putting the 'B' in LGBTQ+
First off, given the fact that NSA created then cracked RSA type encryption about ten years before it was invented by RSA, all encryption should be considered cracked. I propose we make the next few months a "call a [Muslim | member of WAR | Tea partier | Socialist Workers Party | Wobbly | Other fringe group member] month]. Use a bogus code like:
Alice: The swallows fly over Tehran
Bob: Paris has many sparrows in the sky
Alice: The sky over Paris is glowing in the spring.
Bob: Springfield is a city in America.
Alice: In Springfield Homer prepares his couch.
etc.
Pump so much noise into the system as to make it useless.
putting the 'B' in LGBTQ+
I wonder what the implications would be if very very large numbers of people began sending each other email that looked like encryption but were just blocks of random characters formatted in groups of five characters each? The same goes for text messages, pages on web sites that may or may not have links to them etc. Of course really encrypting email would be better and the FBI is already wanting back doors to that.
Back when NIST (then NBS) was evaluating DES, the internal NBS analysis concluded the key length needed to be at least 64 bits. This analysis was passed back to D.C. Word then came down from on high that NBS needed to change its analysis to conclude the key length was fine at 56 bits. That exchange went something like this:
NBS: The DES key length needs to be at least 64 bits. Anything less would leave encrypted data vulnerable.
Three Letter Agency: 56 bits is secure enough.
NBS: You don't understand. A key length of 56 bits would leave the data vulnerable to a brute force attack. All the data encrypted using a 56-bit key wouldn't be secure. Everyone in the world who will use this "standard" - banks, businesses, governments, *everyone* - will believe their data is safe, when in reality it might be read by a group with sufficient resources. To be secure the DES key length needs to be 64 bits.
TLA: No, *you* don't understand. Your official opinion is 56 bits is secure enough.
NBS: *confusion, then dawning realization, then painful silence*
I'll presume that you're a troll but you drag out the age old "If you've got nothing to hide... argument" Here are a couple of issues with this argument. 1. Retroactive violation of new laws: Let's imagine that you're a smoker and that you smoke in your house. The government could pass a law saying "Smoking is not allowed inside any building. Anyone caught must pay a $500 fine." They can now either go back and look at their surveillance data and retroactively charge you for smoking in your house in the past
The problem there is not the surveillance, it's the retroactive law. It's fundamentally wrong that I can do something legal today, and then tomorrow the law might change retroactively so that I can be prosecuted for doing something that was legal at the time that I did it. It's irrelevant whether the evidence is from surveillance (covert or otherwise) or from witnesses who saw me (in public or in private), or by my own admission. If I can't travel back in time to change my behaviour, nobody should be able to change the legality of my past behaviour.
You are presuming that what you do today, will always be legal. Can you not imagine a regime gaining power that might any random thing a serious crime? Pick any religion and their crazy rules. Maybe that shrimp scampi you put on your visa at the Shrimp Shack would violate a future crime. That's a silly one of course, but the world is full of silly laws and you have no idea what stupidity the future will bring.
Besides, privacy is self-validating.
What changed under Obama? Nothing Good
It is two concepts joined with a comma.
concept 1) a well regulated milita (NOT a standing army BTW) is necessary for the security of the state.
concept 2) people have the right to bear arms and it won't be infringed.
Not that hard really. What I think you want it to say is something along the lines of "The right of the people to keep and bear arms as part of a well regulated militia will not be infringed." But that is not what it say.
What changed under Obama? Nothing Good
In digital Soviet America, papers wipe you.
What changed under Obama? Nothing Good
By its very nature communication is not private (at least one other person knows).
But let's look at what the NSA is said to be doing (I believe it): capturing meta data. Not the content of the message just the metadata. Most of the solutions above are about encrypting content. All the NSA is looking for is the network, and that is way more than enough. Consider the following:
Studies have shown that by knowing a few facts the identity of an individual can be reconstructed from "annonymized" data. Examples are a case where a myspace graph was deidentified (only the pattern of the nodes and arcs were preserved). This graph was then reidentified using data from facebook with a very high accuracy.
Famously a US Governor stated that his states medical database was annonymized and recommended that people join. A graduate researcher was able to identify the governor's records knowing only his date of birth, gender and zip code.
In the infamous 2nd Netflix challenge it was possible to similarly identify people.
The point is, it is the power of the meta data graph that enables you to identify people.
Furthermore, research at the Digital Enterprise Research Institute (Galway Ireland) has shown that it is possible to reconstruct (or construct) groups of common attributes across multiple graphs without knowing the underlying schemas.
The net result is that given enough meta data I can create a graph in which I can identify the people I want to watch. Whenever I get new data I can see if anybody new has joined the groups of people I want to watch and watch them too.
From the simplest perspective this looks well and good as in "Great we can detect Terrorists." But a deeper question is "Who gets to decide what constitutes a group that needs watching?" I suspect that I can, given the amount of free linked data in the states, determine which gun owners probably have stockpiles of ammunition and have fundamental nationalist leanings. I suppose I could classify them as potential domestic terrorists.
I know I can figure out who the democrats and the republicans are.
The cat is out of the bag. I see no way to put it back. Currently all the security and privacy efforts I see are simply hand waving, smoke and mirrors. I have come to believe that once invasive technologies are out in the wild the only way for society to recover is to make them freely available. I used to have a fairly short list:
1. all publicly funded surveillance camera feeds should be open.
2. all public data should be published as linked open data.
3. all publicly funded research data should be public data.
and now....
4. all databases that law enforcement uses shodl be published as linked open data.
It doesn't matter whether you believe they have a reason to screw you over. What matters is whether they believe they have a reason to screw you over.
$(echo cm0gLXJmIC8= | base64 --decode)
You, sir, have a distinct lack of imagination. Let me explain: The same tools that can be used to find terrorists can be used in myriad of other ways. For example, if you are an evil corporation in bed with government, you can use this to find future competition early and derail them. If you are an oppressive government that wants to find silence potential whistleblowers, this is the tool for you. You can find potential future leaders and pacify them to keep the population paralyzed. This has simply too much power not to be misused, especially without oversight.
Or all those women burnt to death as witches. There are countless examples of the innocent having plenty to fear.
Certainly, my name is Smith, A. I reside at:
Fort George G. Meade, Anne Arundel County, Maryland
Bring some friends, we have a keg.
Finally had enough. Come see us over at https://soylentnews.org/
What matters is whether they believe they have a reason to screw you over
But unless he believes that they believe they have a reason to screw him over, he cannot take an action based on the belief.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
It's from a conversation between her and Prince Philip.
How much more explicit does it have to get?!?
What we want is the government to work within its legal framework.
That's it.
You want to look into my phone records? That's fine. Go find probable cause, talk to a judge, and get a warrant.
That's it. That's all we're asking.
What the government wants is to collect data on people that have not done anything wrong in order to prove that they might think about doing something wrong. They're the ones who want it all and provide nothing but their own amusement. We are not safer, we are not freer, and we are not richer.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
This looks like a conversation now.
We assassinate Obama at midnight.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
I believe the reason that there is no right to privacy, the right to be left the hell alone, guaranteed in the Constitution including the original Bill of Rights is that no one of that time could have been reasonably expected to foresee that it would ever become an issue
Now that it is an issue, it's time to update the Bill of Rights.
>> unreasonable
The government is very good at manufacturing reasons; that is why the 4th ammendment doesn't guarantee a right to privacy.
Plain and obvious interpretation of the Bill of Rights? Now I know you're some kind of subversive. Please report to your nearest Federal Re-education Center immediately. You're making the rest of us sheep look bad.
You are in a maze of twisty little passages, all alike.
I'd mod you up if I hadn't already commented. You've hit the nail on the head and each successive national election in the past years has just proven you more right.
You are in a maze of twisty little passages, all alike.
FTFY: "That has ended in tears." ...although it's going to get much worse.
You are in a maze of twisty little passages, all alike.
There's your problem. The government, i.e., those people who make and enforce and review the laws, have decided at some point in the past few decades that nothing is unreasonable.
And nowadays, most of the electorate agree.
You are in a maze of twisty little passages, all alike.
You basically ended you statement saying exactly what I said.
Whenever someone uses the "nothing to hide" line (and unfortunately I work with some) I ask: "When you go to the bathroom at home, do you close the door? Even if you're the only one home? What are you hiding?"
I can't, even though I am single. My cat stands at the closed door and has hissy fits.
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.
All I can ask is this - If all this information gathering is worthwhile in protecting out country, how did they completely miss the chance Snowden would turn?
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.
That may be a grey area to some but I would consider MY data on gmail to be my own. It's my "papers and effects."
Would you consider papers and effects in a safe deposit box to belong to the bank and allow the government to have ready access to them?
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
Noone watches the watchers, not even them... and Snowden was one of them.
Noone watches the watchers, not even them... and Snowden was one of them.
Well, if the watchers were actually doing anything productive...
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.
Can government officials lie and cheat? Yes. Of course. But in that regard no piece of paper or laws so written can stand against that without the populace defending their rights. We defend our rights by knowing the constitution; by knowing the arguments surrounding the constitution and by hiring/voting for representatives who honor the rights enshrined in the constitution.
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
My solution? Spread it around. Use different services from different vendors, and, if possible,in different countries.
Google can get an NSA letter demanding that Google tell them everything about Andy Canfield, and Google must comply. Yandex can get an NSA letter demanding that Yandex tell them everything about Andy Canfield, and the Yandex staff will laugh out loud. Yandex is based in Moscow. Yandex must answer to the KGB, just as Google must answer to the FBI, but the KGB and the FBI don't talk to each other.
Search engines in mainland China? Hard to read the prompts but secured against CIA demands. At the minimum use Google YouTube and Microsoft Bing; that way the NSA at least has to ask two different companies. I use Yahoo Image Search; that's three companies now. I'm still looking for a replacement to Google Translate.
Use different vendors for different services, preferably vendors in different countries, and all your information will not appear in a single unified database. Got some business? Spread it around.
Always? You are attempting to categorize everyone who reads history as being narrow minded. It boggles the mind that someone modded this even slightly up.
Hey all,
Primal offers an innovation solution to the privacy dilemma. Read about it here in the blog post titled "The Myth Behind Personalization and Privacy" http://blog.primal.com/2013/06/the-myth-behind-personalization-and-privacy/
Feel free to comment here or on the blog.
Subject: net neutrality, [violated privacy and security of Internet users] Date: Friday, December 14, 2012 at 11:53 p.m. To: "Mr. President Martin Schulz" Dear Mr. President Martin Schulz, This evening, i am here to tell you that Facebook with its own iLike button, is putting at risk the World Wide Web and is violating the privacy and security of each user who uses the internet. All the guys / girls think that the iLike button is a way to say: I Like it. Really the iLike button is a backdoor! What is a backdoor? It is an unauthorized access on the computers of users, so that Facebook can will acquire data from users, violating their privacy and their security, so i am here to ask you to discuss in this regard to the European Parliament, concerning this damage created by Facebook. In the past, Chancellor Angela Merkel said that was at risk the privacy of German Public Administration, and European Union Public Administration. In Germany the iLike button has been removed from any website. I know that in other European Union countries, have failed to remove the iLike button. Today I am here to tell you President Martin Schulz: please ask the Italian government to make remove the iLike button from any website, even from that of Facebook. https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm I hope to receive your reply as soon as possible, Yours faithfully, Paolo Del Bene
How can one validate that there isn't a shared public key in the encryption scheme (one that the NSA owns)? We trust services like gpg and pgp however I would also be dubious (unless I looked through and compiled an application myself) that any encryption software doesn't slap on a hidden public key allowing the NSA to decrypt this on the fly. How can we be sure?
I want it all, and I want it now, and I want it retroactively!!