How To Block the NSA From Your Friends List

Atticus Rex writes "The fact that our social networking services are so centralized is a big part of why they fall so easily to government surveillance. It only takes a handful of amoral Zuckerbergs to hand over hundreds of millions of people's data to PRISM. That's why this Slate article makes the case for a mass migration to decentralized, free software social networks, which are much more robust to spying and interference. On top of that, these systems respect your freedom as a software user (or developer), and they're less likely to pepper you with obnoxious advertisements." On a related note, identi.ca is ditching their Twitter clone platform for pump.io which promises an experience closer to the Facebook news feed. Unfortunately, adoption seems slow since Facebook, Google, et al have an interest in preventing interoperability and it can be lonely on the distributed social network.

Cross site scripting

[Weezul]

We need new standards to minimize cross site scripting throughout the web, like maybe :
- If you want to run code from a site other than your own then you need that code to jump through various obnoxious approval hurdles, which suck so bad that people abandon cross site scripting.
- Restrict all off site cookie access massively as well.

Re:Write your list on notebook paper

[Torvac]

but reading real books and writing on real paper makes you suspicious

A social network has to be popular to work

[TWiTfan]

A decentralized social site isn't very useful if none of my friends are on it.

will never happen: requires forethought

The internet started far more distributed than it is now, and people flocked en-mass to centralized networks to which they could give complete control over their data and communications. People do not think beyond their immediate personal convenience, so any such idea for the long term good is doomed from the start if it requires the slightest bit of forethought.

Privacy concerns are over stated.

[140Mandak262Jamuna]

People who take privacy seriously, people who are willing to jump through hoops to protect their privacy, people who are upset about government spying are a small minority. Corporations have been powerful, more powerful than governments for a long time. JPMorgan bailed out the U.S government in the early 20th century. The East India Company ruled entire India till 1856. Now a days the multinational companies pledge or feel no allegiance to any government and they are more powerful than ever.

Still even people who take privacy seriously obsess over government spying and not the corporate spying. People are voluntarily signing over their privacy rights to corporations more powerful than the governments for peanuts. "One bag of peanuts free if you let us eternal access to all your private data" The line will wind around the block in no time.

Problem 1: Most people don't take privacy seriously.

Problem 2: People who do, focus on the less powerful government and ignore the more powerful corporations

Problem 3: There is no profit in helping people keep their data private to balance the profit to be made by exploiting the private data.

Re:Privacy concerns are over stated.

I grab a coffee near every work day on lunch, and the cashiers practically get pissed at me for not signing up for that gas stations "club", since I'd get a free coffee after five. I tried explaining to them I don't need them tracking me via scanning my card so I can save $1.50 a week, but they don't seem to understand. Instead now, I just tell them I'm an asshole. It's much more simple, and they only ask me half the time now.

Re:Privacy concerns are over stated.

[coId+fjord]

Problem 2: People who do, focus on the less powerful government and ignore the more powerful corporations

You're generalizing.

Also, while corporations can have a lot of influence, there are few that can ruin your life as well as a government can.

Re:Privacy concerns are over stated.

You are an asshole, that is why they don't like you. They don't care why you don't want one but you feel obligated to tell them and I assume it is in a snippy manner as well. When asked if you want their bonus card, just say "no thanks" or "I'm not interested" and move along. The person at the register is probably not the business owner, the manager, or the owner. Why would you think they cared about your ideals or weather you ever come back again? Do you argue with the homeless people asking for money too? Telling them that they should have stayed in school and so on? My guess is you are also the type of person that drives in the fast lane and stays their because you feel you are going fast enough and only an asshole would want to go any faster.

Duck duck go away NSA

Yeh, I'm not so anti-Google as you, but that data was only available for the NSA because Google chose to collect it. THEY made the decision to collect live search, THEY made the decision to track search history per IP. By collecting that data, THEY made a honey pot waiting for an NSA warrant.

I'll give it to them that mail storage is a function of mail, but all the linkage of data together with Android device, search, email, name (ever paid by credit card), telephone number (2 part authentication & Android), all of that is a function of them spanning so many markets and forcing linkage of the data via the privacy change a few years ago. THEIR choice.

So I've switched to Duck Duck go, because the EFF said it was ok (and I'll change again when a better non-US alternative comes along), and I've switch from Gmail to ISP mail with encrypted connection and POP3. Since now a lot more emails will no longer transit US networks, and encrypted TLS connection will make content more difficult to grab.

Social networks were always a problem and always will be. Google are not the worst there, Facebook is (and I think Zuckerberg is a f**ing liar on this NSA matter, I wouldn't be surprised if NSA was among his early venture funders). But Google take their share of blame.

Skype is gone, I read the PRISM intercept, and everything can be watched live.

That is what I'm missing, a good encrypted open source replacement for Skype with end to end encryption.

private social network using crypto..

[nellaj]

Send encrypted messages to a broadcast network (make this efficient by having many geographically local "boards"). The decryption key is sent along with the message but is encrypted with each of your friend's public keys. Your friends have to attempt to decrypt each message on the local board: when they find one which they can decrypt then they have successfully received your message. Messages are also cryptographically signed to validate identity and prevent forged messages.

Free is not the enemy

[Comboman]

If a service does not charge you money the service will either 1) spy on you and sell your information, 2) bombard you with advertisement or 3) fail (or a combination of the three).

If you remove "If a service does not charge you money" from your statement, it is still true. I pay a monthly charge for my phone service plus an additional charge for every text message I send, but all that money I spent doesn't stop the phone company from logging my "metadata" and selling it to the government (and god knows who else). Whether you pay for a service with cash or ad views, you're just a vulnerable to spying. Stop focusing on how services are paid for and focus on who is controlling them. Controlling them yourself (e.g. running your own email server on hardware you control) is ultimately the best solution.

Re:distributed?

[ArcadeMan]

We need a "Facebook is not the Internet" campaign.

Re:Just Block Google

[fast+turtle]

You don't find anything wrong with the collection of a psycological profile of everyone on the planet? What about the centrilzed collection of all Pii (personally identifialbe information) as part of the Psycological profile? Who knows what information Google shares with governments around the world w/o telling us? Just like the recent article about their attempt to develop automated detection of CP (by who's definitian?) that can then be used to auto detect individuals of interest - biometric facial recognition. Why wouldn't the U.K. and other camera states want Google to have access to all of those cameras once that happens?