Slashdot Mirror
How To Block the NSA From Your Friends List
Atticus Rex writes "The fact that our social networking services are so centralized is a big part of why they fall so easily to government surveillance. It only takes a handful of amoral Zuckerbergs to hand over hundreds of millions of people's data to PRISM. That's why this Slate article makes the case for a mass migration to decentralized, free software social networks, which are much more robust to spying and interference. On top of that, these systems respect your freedom as a software user (or developer), and they're less likely to pepper you with obnoxious advertisements."
On a related note, identi.ca is ditching their Twitter clone platform for pump.io which promises an experience closer to the Facebook news feed. Unfortunately, adoption seems slow since Facebook, Google, et al have an interest in preventing interoperability and it can be lonely on the distributed social network.
I squat my asshole down on filthy cocks.
I read the article from theatlanticwire, and it did not even suggest that Google was forwarding anything. It stated that the NSA wants a "Google" for emails, not that Google is forwarding emails. It stated that NSA analysts were listening to phone sex from US troops overseas, not the Google was forwarding phone sex calls.
I did not read the first article about the Google employee who monitored chats of teenagers. However as I recall, he was fired and convicted.
Google might be involved in something sinister, but you have not highlighted anything.
We need better cross site script blocking apps. Ghostery is a nice start, but you must block facebook connect and may other's too. And then it starts getting complicated.
Every try using stackexchange sites with javascript blockers blocking cross site scripting? Very tricky!
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Never take a picture of it or video of it. Lock it in a safe. That might work, but we can't be sure.
whatever floats your boat
We need new standards to minimize cross site scripting throughout the web, like maybe :
- If you want to run code from a site other than your own then you need that code to jump through various obnoxious approval hurdles, which suck so bad that people abandon cross site scripting.
- Restrict all off site cookie access massively as well.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I totally agree, I deactivated my fb, and taking steps into delete my Google account, currently I am on twitter and thinking into moving to an open source free network.
what's so distributed about identica and what's so good about pumping your updates to everyone on the distributed network? or plenty of key exchanging.
more to the point has someone done a distributed tor like social network with client side encryptions and easy key exchanges for adding new friends? like, is there anything we could move on to then..
world was created 5 seconds before this post as it is.
Wont solve any of the current problems. Very tricky to understand!
Easier said than done...
Start posting madly on your social networks on how you are such a great astronaut, phrenologist, sharpie shooter, and day-time tv show star; your generosity towards the RAWD (Retarded African Wild Dog) foundation; your hobby as a Soucier specializing in spiritual sautes. Because posting your actual information to get a little acknowledgment from 'friends' was so worth it.
Not only NSA will be annoyed by you, but they will probably hire you to intercept somebody else's conversations.
A decentralized social site isn't very useful if none of my friends are on it.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
It's for your own good, wage slaves! 90% of population is not capable of critical thinking. That's why elites must watch over you and plan your life, give something to do, allow some entertainment.
Please don't resist. America was always about slavery: native people, indentured servants, etc. Now it's economic slavery.
90% of you will never escape it, no matter what. Just accept agencies in your life and you will not be harmed.
The internet started far more distributed than it is now, and people flocked en-mass to centralized networks to which they could give complete control over their data and communications. People do not think beyond their immediate personal convenience, so any such idea for the long term good is doomed from the start if it requires the slightest bit of forethought.
8 characters only for the password? That's not secure.
Still even people who take privacy seriously obsess over government spying and not the corporate spying. People are voluntarily signing over their privacy rights to corporations more powerful than the governments for peanuts. "One bag of peanuts free if you let us eternal access to all your private data" The line will wind around the block in no time.
Problem 1: Most people don't take privacy seriously.
Problem 2: People who do, focus on the less powerful government and ignore the more powerful corporations
Problem 3: There is no profit in helping people keep their data private to balance the profit to be made by exploiting the private data.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I can see this ending up with the same fate as Diaspora, and for the same reason.
If you post as an AC, don't expect me to spend a mod point on you.
Yeh, I'm not so anti-Google as you, but that data was only available for the NSA because Google chose to collect it. THEY made the decision to collect live search, THEY made the decision to track search history per IP. By collecting that data, THEY made a honey pot waiting for an NSA warrant.
I'll give it to them that mail storage is a function of mail, but all the linkage of data together with Android device, search, email, name (ever paid by credit card), telephone number (2 part authentication & Android), all of that is a function of them spanning so many markets and forcing linkage of the data via the privacy change a few years ago. THEIR choice.
So I've switched to Duck Duck go, because the EFF said it was ok (and I'll change again when a better non-US alternative comes along), and I've switch from Gmail to ISP mail with encrypted connection and POP3. Since now a lot more emails will no longer transit US networks, and encrypted TLS connection will make content more difficult to grab.
Social networks were always a problem and always will be. Google are not the worst there, Facebook is (and I think Zuckerberg is a f**ing liar on this NSA matter, I wouldn't be surprised if NSA was among his early venture funders). But Google take their share of blame.
Skype is gone, I read the PRISM intercept, and everything can be watched live.
That is what I'm missing, a good encrypted open source replacement for Skype with end to end encryption.
If a service does not charge you money the service will either 1) spy on you and sell your information, 2) bombard you with advertisement or 3) fail (or a combination of the three). When Facebook promises that their service will always be free they're really promising you that they will always either bombard you with ads or spy on you or both. You'll get what you pay for.
Email is failing, albeit slowly. Back in the olden days you used to pay your ISP for email. Now you don't, so you'll get what you pay for. Email is still decentralized and maybe there's a founder effect that keeps it decentralized for now, maybe because the cost of changing it would be too high, but sooner or later email will fade away and be replaced by a small number of walled gardens that are funded by advertisement and/or spying and that communicate with one another by special agreements between the owners of the walled gardens.
If you want ad-free decentralized communication to win, the first thing you need to figure out is how you're going to get people to pay for it. It might be enough for each user to pay a dollar a month, but getting them to do that will not be easy, because the wast majority users will never suffer any adverse effect from the spying, so for them paying for a spy-free social network is basically an insurance plan.
I think that the only way that the decentralized social web and, in the long run, the decentralized web itself could realistically win is if the amount of ads eventually grows so large and annoying and immune to ad-blockers that people become prepared to pay for services just to get rid of the ads.
I wouldn't call a person who respects a warrant/subpoena/wiretapping request that is deemed legal in his jurisdiction "amoral" per se.
On the other hand, there was a time when we called those who had the guts to stand up for his beliefes, even the authorities heroes and not traitors.
Well, I guess it's up to history to decide who was what.
bickerdyke
My way of coping with that has always been *disabling Javascript execution completely*. This stops mashups dead on their tracks. I pay this price happily for the benefit of not running in my box all the random, badly written to malicious crap the Web throws at my browser.
Whoever thought this to be a good idea must have been out of their wits.
Facebook and other social networks are useful because they host your pictures. That is not as useful as it once was because phones have much more storage space and much faster networking than they did 7 years ago.
I'd like to see a social network app that runs on phones (and PCs, and even big servers for people who need major horsepower because they have a lot of "friends" like celebrities). Maybe with the ability to backstop your media on a variety of sources like dropbox, or even a bittorrent swarm of all your "friends" so that when your phone is turned off, or out of cell bandwidth (versus wifi bandwidth) your friends can still get access to your shared media.
Facebook is "over centralized" in that anyone on facebook is equally close to you all the same server farms - but that ignores the entire point of having friends. All we need is a system where your phone knows about the ip addresses of the people on your friends list. It is OK if it takes a lot longer find the people who are not your friends list because accessing their data is going to be pretty rare.
When information is power, privacy is freedom.
We already figured that was the case
Just increase the noise.
Friend EVERYONE.
Call random numbers from your cell.
Setup your own spamming mail server.
Put key words in white text in your posts.
Start fake twitter/facebook/youtube channels.
A few million of us generating 2 fake identities each could soon drown out the real data.
Now, does anyone have Abu Hamzas twitter details?
Whats the dialing code for North Korea?
There's no promise that the owners of ANY social network won't give data over to the government when ordered to (or even simply asked to). Other than the whole issue of the government itself spying, facebook is actually as secure as you make it. Don't add apps. That will help control privacy. Also, you can control who sees EVERYTHING on your account other than the profile picture and "cover" image, which are always public. If you set everything to "friends" only, a non-friend can't even find your profile in a search, and can't see any information about you at all if they do find your page. People act like facebook is such a huge security breach sharing all aspects of your life. But facebook doesn't go through your house and workplace gathering information about you... facebook can only share what YOU put on it. If you don't post bank account information, your phone number, your vacation schedule, your address, nude pictures of your wife, whatever, then there isn't going to be much to see anyway. Even the information you DO have to enter like your birthdate, gender, etc, can all be set to private where nobody but you can see it. Use it to keep in touch with family and friends, send sensitive messages as private messages like you are supposed to and put the mundane crap on your newsfeed, and there really doesn't have to be any problems.
I'm not on Facebook. Woo, I win.
Send encrypted messages to a broadcast network (make this efficient by having many geographically local "boards"). The decryption key is sent along with the message but is encrypted with each of your friend's public keys. Your friends have to attempt to decrypt each message on the local board: when they find one which they can decrypt then they have successfully received your message. Messages are also cryptographically signed to validate identity and prevent forged messages.
Theres an interesting article over at the 360 Security blog on the universe of possibilities for how PRISM does it's thing, reading through them probably gives you a head-start on how to avoid it.
http://360is.blogspot.co.uk/2013/06/a-quick-enumeration-of-prism-program.html
If you remove "If a service does not charge you money" from your statement, it is still true. I pay a monthly charge for my phone service plus an additional charge for every text message I send, but all that money I spent doesn't stop the phone company from logging my "metadata" and selling it to the government (and god knows who else). Whether you pay for a service with cash or ad views, you're just a vulnerable to spying. Stop focusing on how services are paid for and focus on who is controlling them. Controlling them yourself (e.g. running your own email server on hardware you control) is ultimately the best solution.
Support Right To Repair Legislation.
People who take privacy seriously ARE THE INFLUENCERS that drive markets. The switch from Internet Explorer to Firefox, wasn't led by sheeple.
Problem 1: I do, that's a start.
Problem 2: Corporations aren't powerful without a goverment mandated monopoly, see Myspace in 2006, or Facebook in 2016
Problem 3: Why would I give you my data, when other companies provide the same service without the NSA profit. Welcome to competition.
I left them all. Went back to emails - feels like getting a letter in the post now. Much more personal! Clearly I've gone insane.
This is a great idea, except for being terrible.
Networks work not primarily because they offer certain technical capabilities. They work because they connect people. You use a certain network because other people use that network. This is why Google+ is such a failure. No one uses it because noone else uses it.
For networks to be useful, they need to connect people with each other. Regardless of technical implementation, a network that connects people with other people in a way that lets them know who they're connected to creates a social graph. That graph can be collected and analyzed.
"Small" networks are either largely useless because they don't ofer the people you want yo connect with, or interoperate in ways that recreate the problems of one big network. You can't have it both ways.
I agree. I have been thinking for a while about how a system like that might work (although I am no distributed systems/p2p expert). Smartphones solve the traditional problem with such an approach that people won't install software on desktops, but they will readily install apps on their smartphones. On the other hand, and smartphone app has to minimize its battery and network usage, which makes something like a bittorrent swarm of your friends difficult. I think the right balance is having a network where devices with power and non-cell internet act as normal p2p nodes and the mobile devices choose one (hopefully belonging to a friend if possible) to use as it's server. That theoretically could allow for a lot of the benefits of a centralized system without actually being centralized (e.g. the mobile device's current server would be in charge of push notifications for that device). There's still the social issue of getting enough users to be running p2p nodes (either installed on a desktop or a plugged in mobile device) to have a working network, but I think it's a design worth exploring.
You'd need a distributed caching system too, otherwise you're going to find yourself inadvertently DDoSed if your pics go viral.
The real power of facebook isn't the hosting, it's the promotion. Simply putting the files up on a webserver somewhere isn't going to do any good if people don't go to look at them. Facebook makes that happen, alerting all of your friends (who may be far too numerous to email manually) of the new pics.
Corporations have been powerful, more powerful than governments for a long time
That's illogical. Financial "power" (i.e. wealth) cannot trump coercive authority. The defining point of coercive authority (meaning physical force) is that it cannot be trumped by anything other than (drum roll please) another physical force. In other words, might makes right, until a bigger might comes along.
At best, wealth can buy coercive authority, but this is obvisously not a case of wealth "trumping" coercive authority, but rather, wealth doing business with coercive authority.
In case you are a developer, you could help me with an idea I recently had for exactly this kind of app(lication). Based on Apache ZooKeeper. Drop me a line ( you, or anyone else ) if you're interested. I don't care to give the idea away for free; the important thing is that such an app(lication) actually comes to life.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
He's giving you a number, and taking away your name.
How can any of us with more database experience than the average five-year-old think that once indentifiable data is in the wild, on any corporate or government server of any kind, all it takes is access to said data for it to be parsed against every other available database and have it filtered to a single common file? Do you really think your credit report, email history, school transcripts, and every bloody thing else can't be centralized once the access door is opened?
Yeah, go ahead with home-baked encrypted email, abandon Facebook, and use prepaid phones. You're still fucked.
The government owns us. And it's our own damned faults.
Scruting the inscrutable for over 50 years.
.... Who cannot even afford a lawyer be more likely to stick his neck out to protect his customers privacy against the government?
And decentralised means it would cost orders of magnitude more money to run, meaning necessarily either far more ads, or everyone being willing to run one at a huge loss.
Sure, I could see many people running one at a huge loss, but you are not going to get away from 80% of the market, at least, being run by people who can afford to offer better service because they run at a profit, because they host far more ads than FB.
Troll is not a replacement for I disagree.
I don't care to give the idea away for free; the important thing is that such an app(lication) actually comes to life.
Ideas are a dime a dozen. See my original post for an example. The hard part is execution.
When information is power, privacy is freedom.
Prisoner: What do you want?
Two: Information.
Prisoner: Whose side are you on?
Two: That would be telling.... We want information...information...information!
Prisoner: You won't get it!
Two: By hook or by crook, we will.
Prisoner: Who are you?
Two: The new Number Two.
Prisoner: Who is Number One?
Two: You are Number Six.
Prisoner: I am not a number; I am a free man!
Two: [Laughter]
Be seeing you...
It highlighted the fact it is time to move away from these untruthful social sites who you give in to anything, as long as they know it may not get out to the public how in bed they were with the government, politicians, and other companies. There are selling you out, you think they are going to admit to this?
"Hey sorry folks you know how we've been tricking you into thinking we care, well we were joking." They see people as dollar symbols not as humans, and I am sure if they feel they were about to get listed or whistled they would come out and say they were blackmailed, aka you scratch our backs will scratch yours, you know those violations we have let you get away with?
The other part that is also very much a reality, is the NSA illegally hacking into data bases stealing information, (um Hmm collecting) or data. I would find this semi hard to believe since you would require hundreds of elite hackers, or maybe even some sci-fi software to achieve that type of hack. I hope /.'s will correct me on if it is possible? Because I haven't heard of hackers doing this, maybe they have and it has been kept highly secret by the companies (they do not want the public to find out something of this magnitude can be hacked)
IMHO the reason it will or won't happen is entirely up to the FCC and their Network Neutrality rules. I believe the NetNeutrality rules as written (10-201) protect the fully symmetry of the internet. I.e. my right for clients on the internet to not be blocked from my server, even if my server is sitting in my living room connected to GoogleFiber as my residential ISP. Google, and historically the FCC, have seemed to disagree, and believe it is the place of residential citizens to not host servers that compete with gmail/facebook/skype/etc, and instead know their place as *consumers* of content, rather than *producers* and *distributors* and *publishers* of content. Until the FCC and Google realize that *all* internet end users should demand the "right to serve"[1] the market for home server software can be considered to be well and truly muzzled.
[1] http://slashdot.org/comments.pl?sid=3643919&cid=43438341
http://slashdot.org/comments.pl?sid=3871729&cid=44023567
http://slashdot.org/comments.pl?sid=3503531&cid=43033891
People have done just fine for many years without this crap.
Anyone who thinks it is necessary is a fool.
Of course there are a lot of fools. But their abundance doesn't
make them any less foolish.
They'll feel that alright. They'll spend the rest of their time friending each other.
You don't find anything wrong with the collection of a psycological profile of everyone on the planet? What about the centrilzed collection of all Pii (personally identifialbe information) as part of the Psycological profile? Who knows what information Google shares with governments around the world w/o telling us? Just like the recent article about their attempt to develop automated detection of CP (by who's definitian?) that can then be used to auto detect individuals of interest - biometric facial recognition. Why wouldn't the U.K. and other camera states want Google to have access to all of those cameras once that happens?
Mod me up/Mod me down: I wont frown as I've no crown
I have heard speculation that it is called PRISM because they are actually mirroring the front end internet connections. This speculation is that at the ISP level, they are recording ALL traffic into and out of companies such as Google and Facebook. They don't have to hack into anything, just sift through the traffic.
Anything open on the Internet is trivially slurped by NSA systems. Any big enough company has a visit from NSA agents informing them that they WILL volunteer to give the NSA full assistance, whether they like the idea or not.
The NSA is like the Gestapo or Stasi, only with vastly more power. It can't directly intimidate ordinary law-abiding citizens- that's the job of the FBI. But the NSA has complete dominion over any company big enough to matter.
The owners of Slashdot are now engaged in a different form of the "go back to sleep, sheeple" black propaganda. They are trying to tell you there are NSA proof ways of using the Internet that do NOT include strong end-point encryption that is proof against 'man in the middle' attacks.
Team Obama grab all electronic traffic and store it on systems using the same hardware/software design as those used by Google. This data is mostly mined for two purposes. To discover information that can be used to coerce and blackmail people in positions of power. To read the mind of the population in general.
For the monsters that rule rule, it is all a giant game of 'Sim America'. The NSA spying gives them the intelligence required for them to decide their next game move.
Which is why I use Noscript in paranoid mode - Block All by default and for those that I convince to install noscript and firefox or compatible, I setup the same way. Helps but it's not perfect by a long shot. For myself I use a combination that includes a custom hosts file to block much of the tracking done by Google and Others. In fact, I never access facebook or any of their product pages due to this. Google I use but it's reaching the point that I've begun limiting (probably too late) the amount of information they get from me by blocking what I can. It's the same for those who I happen to assist. I've got a subset of the hosts file edited to block most of Google, Amazon and the most annoying advertisers (punch the monkey - win an iphone) shit like that. Some of them have indicated that the host file alone has sped up their internet (a few are still on dial-up) while others are using slow dls (128 - 512) can it even be considered broadband if it's less the 10Mbps?
Mod me up/Mod me down: I wont frown as I've no crown
I live in Cheltenham. Moving my social networking to a decentralised model won't stop The Man snooping on my social network activity; like anyone who lives near Cheltenham several my social network friends work at Cheltenham's Largest Employer anyway. I'd be pretty annoyed if they *weren't* reading my updates. They'd better damned well turn up for Dungeons & Dragons tonight (I've bought pizza, even though I'm skint this month), and we've got the Geek Pub Quiz in a couple of months - if the spooks don't know about that, our team will be completely missing any Tolkien, Lovecraft or Star Trek experts. Two wins in six games, although I suspect our next victory won't be until the Oct/Nov session where Doctor Who will be the main topic. Spooks or no spooks, our team will be all over that one. And I'm kinda hoping that my expression of interest in seeing World War Z (ZED, goddamnit) will mean that one of my kids' godparents will volunteer to babysit.
Andrew Oakley - www.aoakley.com
A corporation is motivated to make money. A government is motivated to maintain control
A company like Google has no motivation to use my private information to frame me and lock me away. It would be counter to their interest. The only motivation Google has is to use the information to sell me stuff. And guess what - not only do they do that, they ADMIT FREELY to doing it. And I really don't have a problem with it because ads do not sway my opinions very much because I am an intelligent person.
The government on the other hand has entirely different motivations. They are not trying to sell me things. The only motivation the government has to know personal and private information on me, is to control me. This is far, far worse than what a company wants to do with that knowledge.
Just don't add anybody you don't know to your facebook or g+; Not that difficult.
And if I haven't met you in person, its going to take quite a bit of correspondence for me to add you.
The Do Not Track Coffee Club Card!
With every thousandth purchase, we remove one of your SSN digits from our database!
"I did not read the first article about the Google employee who monitored chats of teenagers. However as I recall, he was fired and convicted."
He was promptly filed for unethical use of his acces but no criminal wrong doing was found.
http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-on-chats
I know it sounds more sensational to say he was convicted even though completely false. +5 Informative to the AC!
Less *is* more.
If the major social networking sites cared very much about the people that traffick them and their rights, they should have some kind of software to prevent the NSA from stalking people via social media. But I'm sure that government and advertisers are wrapped up too tight in all of that. Do we have any idea the degree to which the NSA monitors social media? I'm also curious how they plan to advertise these more secure sites and how many users they think they can get.
Let's see:
replicated posts, no central point of failure, high degree of anonymity, no obvious mechanism for relating a single email address to a name or address, free software: sounds to me like Usenet.
I know it's fashionable to jump on the "Usenet is dead, long live social networking" bandwagon but the fact is Usenet technology was developed by people who felt strongly about these things and built a system that would allow free expression and no single point of attack for those who would try to silence the conversation. Over 30 years later, it's still around (although slightly battered, thanks to spammers and douchebags).
When I built the forums for conversation at http://www.dictatorshandbook.net/ I chose Usenet because if you're going to discuss dictatorships and autocracy, Usenet technology gives you more (although not total) anonymity relative to, for example, a discussion group on Facebook. You can even access the dictator.* hierarchy on whatever NSP you want, or use an anonymiser or get there via Tor. It's all the same.
Point is: Usenet has been doing this for ages. The fact that a bunch of young nerds are finally waking up to the inherent weakness in social networking is really funny to us neckbeards who started out on something that provides everything you guys seem to be looking for.
If this were Usenet, I'd killfile the lot of you.
You can't. If you exist, the NSA knows every movement you make.
Pointless when the data more then likely coming from routers (Like Level 3) and not the companies themselves!!!
I'll also point out that there are multiple search engines. More and more I'm splitting my traffic among them, some topics on one, others on another. That will make the profiling performed by any individual search engine shallower. You still have the web tracking to deal with, but the hosts file helps with that.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Information? Or in formation?
I'd rather you do it wrong, than for me to have to do it at all.
Of course, the other way to parse the key wording is "you are, nuber six". Which is one of the core theorys of the show.(e.g. that Number Six is actually Number One, but that he is himself damaged in his own understanding of the circumstance.)
I don't care to give the idea away for free; the important thing is that such an app(lication) actually comes to life.
Ideas are a dime a dozen. See my original post for an example. The hard part is execution.
Seriously. As a software engineer I cannot recall how many times I have heard this exact pitch. "I got this great idea for a program, but I have no idea how to write software or run a company. I will be willing to go 50/50 with you as long as you do all the work." To the GP: Your idea is worth exactly nothing, and you are worth exactly nothing for thinking someone else will do all the work and somehow give you the profit. Also, your idea is probably stupid and will lose money. (Do not feel bad about that last part, few ideas are actually good.)
I'm a good cook. I'm a fantastic eater. - Steven Brust