Slashdot Mirror
How To Block the NSA From Your Friends List
Atticus Rex writes "The fact that our social networking services are so centralized is a big part of why they fall so easily to government surveillance. It only takes a handful of amoral Zuckerbergs to hand over hundreds of millions of people's data to PRISM. That's why this Slate article makes the case for a mass migration to decentralized, free software social networks, which are much more robust to spying and interference. On top of that, these systems respect your freedom as a software user (or developer), and they're less likely to pepper you with obnoxious advertisements."
On a related note, identi.ca is ditching their Twitter clone platform for pump.io which promises an experience closer to the Facebook news feed. Unfortunately, adoption seems slow since Facebook, Google, et al have an interest in preventing interoperability and it can be lonely on the distributed social network.
I read the article from theatlanticwire, and it did not even suggest that Google was forwarding anything. It stated that the NSA wants a "Google" for emails, not that Google is forwarding emails. It stated that NSA analysts were listening to phone sex from US troops overseas, not the Google was forwarding phone sex calls.
I did not read the first article about the Google employee who monitored chats of teenagers. However as I recall, he was fired and convicted.
Google might be involved in something sinister, but you have not highlighted anything.
Never take a picture of it or video of it. Lock it in a safe. That might work, but we can't be sure.
We need new standards to minimize cross site scripting throughout the web, like maybe :
- If you want to run code from a site other than your own then you need that code to jump through various obnoxious approval hurdles, which suck so bad that people abandon cross site scripting.
- Restrict all off site cookie access massively as well.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Easier said than done...
A decentralized social site isn't very useful if none of my friends are on it.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
The internet started far more distributed than it is now, and people flocked en-mass to centralized networks to which they could give complete control over their data and communications. People do not think beyond their immediate personal convenience, so any such idea for the long term good is doomed from the start if it requires the slightest bit of forethought.
Still even people who take privacy seriously obsess over government spying and not the corporate spying. People are voluntarily signing over their privacy rights to corporations more powerful than the governments for peanuts. "One bag of peanuts free if you let us eternal access to all your private data" The line will wind around the block in no time.
Problem 1: Most people don't take privacy seriously.
Problem 2: People who do, focus on the less powerful government and ignore the more powerful corporations
Problem 3: There is no profit in helping people keep their data private to balance the profit to be made by exploiting the private data.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Yeh, I'm not so anti-Google as you, but that data was only available for the NSA because Google chose to collect it. THEY made the decision to collect live search, THEY made the decision to track search history per IP. By collecting that data, THEY made a honey pot waiting for an NSA warrant.
I'll give it to them that mail storage is a function of mail, but all the linkage of data together with Android device, search, email, name (ever paid by credit card), telephone number (2 part authentication & Android), all of that is a function of them spanning so many markets and forcing linkage of the data via the privacy change a few years ago. THEIR choice.
So I've switched to Duck Duck go, because the EFF said it was ok (and I'll change again when a better non-US alternative comes along), and I've switch from Gmail to ISP mail with encrypted connection and POP3. Since now a lot more emails will no longer transit US networks, and encrypted TLS connection will make content more difficult to grab.
Social networks were always a problem and always will be. Google are not the worst there, Facebook is (and I think Zuckerberg is a f**ing liar on this NSA matter, I wouldn't be surprised if NSA was among his early venture funders). But Google take their share of blame.
Skype is gone, I read the PRISM intercept, and everything can be watched live.
That is what I'm missing, a good encrypted open source replacement for Skype with end to end encryption.
If a service does not charge you money the service will either 1) spy on you and sell your information, 2) bombard you with advertisement or 3) fail (or a combination of the three). When Facebook promises that their service will always be free they're really promising you that they will always either bombard you with ads or spy on you or both. You'll get what you pay for.
Email is failing, albeit slowly. Back in the olden days you used to pay your ISP for email. Now you don't, so you'll get what you pay for. Email is still decentralized and maybe there's a founder effect that keeps it decentralized for now, maybe because the cost of changing it would be too high, but sooner or later email will fade away and be replaced by a small number of walled gardens that are funded by advertisement and/or spying and that communicate with one another by special agreements between the owners of the walled gardens.
If you want ad-free decentralized communication to win, the first thing you need to figure out is how you're going to get people to pay for it. It might be enough for each user to pay a dollar a month, but getting them to do that will not be easy, because the wast majority users will never suffer any adverse effect from the spying, so for them paying for a spy-free social network is basically an insurance plan.
I think that the only way that the decentralized social web and, in the long run, the decentralized web itself could realistically win is if the amount of ads eventually grows so large and annoying and immune to ad-blockers that people become prepared to pay for services just to get rid of the ads.
Just increase the noise.
Friend EVERYONE.
Call random numbers from your cell.
Setup your own spamming mail server.
Put key words in white text in your posts.
Start fake twitter/facebook/youtube channels.
A few million of us generating 2 fake identities each could soon drown out the real data.
Now, does anyone have Abu Hamzas twitter details?
Whats the dialing code for North Korea?
Send encrypted messages to a broadcast network (make this efficient by having many geographically local "boards"). The decryption key is sent along with the message but is encrypted with each of your friend's public keys. Your friends have to attempt to decrypt each message on the local board: when they find one which they can decrypt then they have successfully received your message. Messages are also cryptographically signed to validate identity and prevent forged messages.
If you remove "If a service does not charge you money" from your statement, it is still true. I pay a monthly charge for my phone service plus an additional charge for every text message I send, but all that money I spent doesn't stop the phone company from logging my "metadata" and selling it to the government (and god knows who else). Whether you pay for a service with cash or ad views, you're just a vulnerable to spying. Stop focusing on how services are paid for and focus on who is controlling them. Controlling them yourself (e.g. running your own email server on hardware you control) is ultimately the best solution.
Support Right To Repair Legislation.
No they don't, people use Facebook to communicate with their friends sharing the data they provide.
Whilst I agree it's utterly naive of them, most users are entirely unaware that masses more data about them is inferred from the very little data they provide. Most are even unaware that even their conversations are being farmed.
Most people probably accept that if they like a product then any announcements for that product will be marketed to them, some understand that Facebook builds up a social graph of who they know based on their friends list and who their friends know, but very few are aware that Facebook is also gathering information about who they know from other sources - such as MSN (and presumably now also Skype) contact lists, tying them to liking products purchased outside of Facebook, and mining information about what other things they like and who they know from private conversations.
I think your final post highlights the problem:
"I won't comment on if this is a smart thing to do, but it's the users that shovel data into facebook - and expect it to be processed there!"
If this were true it'd be less of an issue, most people would be fine with that, but Facebook is gathering and linking them to data that they're not shoverlling into Facebook, and is even gathering and storing data about people who have simply never ever even signed up to Facebook. That's the problem - people don't actually have any control of what data Facebook is actually gathering about them, they think it's just want they explicitly enter into it excluding private messages sent to each other, but the reality is it includes mining all those private messages and external data sources as well.
We need a "Facebook is not the Internet" campaign.
Get free satoshi (Bitcoin) and Dogecoins
He's giving you a number, and taking away your name.
How can any of us with more database experience than the average five-year-old think that once indentifiable data is in the wild, on any corporate or government server of any kind, all it takes is access to said data for it to be parsed against every other available database and have it filtered to a single common file? Do you really think your credit report, email history, school transcripts, and every bloody thing else can't be centralized once the access door is opened?
Yeah, go ahead with home-baked encrypted email, abandon Facebook, and use prepaid phones. You're still fucked.
The government owns us. And it's our own damned faults.
Scruting the inscrutable for over 50 years.
Prisoner: What do you want?
Two: Information.
Prisoner: Whose side are you on?
Two: That would be telling.... We want information...information...information!
Prisoner: You won't get it!
Two: By hook or by crook, we will.
Prisoner: Who are you?
Two: The new Number Two.
Prisoner: Who is Number One?
Two: You are Number Six.
Prisoner: I am not a number; I am a free man!
Two: [Laughter]
Be seeing you...
Only if you consider that basically Google turned everyone's account into a G+ account without people really knowing about it.
I'd believe most people on /. have a G+ account because they have/had a Gmail/Picasa/YouTube account at one point in time.
Hell, if we go with that sort of count, we should say IE is the most dominant browser on the planet, being that 90% of all desktop PCs have it installed.
Just because Google has half a billion users (probably more than Facebook - who DOESN'T have any sort of Google account?) though doesn't mean that usage of G+ is comparable to Facebook. Heck, every Android phone sold today basically gives you a G+ account "for free" on setup, yet I'm sure the first app installed for most of them is Facebook. Most don't even realize that their Google account is also a G+ account and don't bother with G+ at all.
Just like how IE may be installed on 90% of desktop PCs, doesn't mean 90% of web users use IE.
You don't find anything wrong with the collection of a psycological profile of everyone on the planet? What about the centrilzed collection of all Pii (personally identifialbe information) as part of the Psycological profile? Who knows what information Google shares with governments around the world w/o telling us? Just like the recent article about their attempt to develop automated detection of CP (by who's definitian?) that can then be used to auto detect individuals of interest - biometric facial recognition. Why wouldn't the U.K. and other camera states want Google to have access to all of those cameras once that happens?
Mod me up/Mod me down: I wont frown as I've no crown
Which is why I use Noscript in paranoid mode - Block All by default and for those that I convince to install noscript and firefox or compatible, I setup the same way. Helps but it's not perfect by a long shot. For myself I use a combination that includes a custom hosts file to block much of the tracking done by Google and Others. In fact, I never access facebook or any of their product pages due to this. Google I use but it's reaching the point that I've begun limiting (probably too late) the amount of information they get from me by blocking what I can. It's the same for those who I happen to assist. I've got a subset of the hosts file edited to block most of Google, Amazon and the most annoying advertisers (punch the monkey - win an iphone) shit like that. Some of them have indicated that the host file alone has sped up their internet (a few are still on dial-up) while others are using slow dls (128 - 512) can it even be considered broadband if it's less the 10Mbps?
Mod me up/Mod me down: I wont frown as I've no crown
I live in Cheltenham. Moving my social networking to a decentralised model won't stop The Man snooping on my social network activity; like anyone who lives near Cheltenham several my social network friends work at Cheltenham's Largest Employer anyway. I'd be pretty annoyed if they *weren't* reading my updates. They'd better damned well turn up for Dungeons & Dragons tonight (I've bought pizza, even though I'm skint this month), and we've got the Geek Pub Quiz in a couple of months - if the spooks don't know about that, our team will be completely missing any Tolkien, Lovecraft or Star Trek experts. Two wins in six games, although I suspect our next victory won't be until the Oct/Nov session where Doctor Who will be the main topic. Spooks or no spooks, our team will be all over that one. And I'm kinda hoping that my expression of interest in seeing World War Z (ZED, goddamnit) will mean that one of my kids' godparents will volunteer to babysit.
Andrew Oakley - www.aoakley.com
Want to listen to music on Spotify? Need a FB account.
That's simply incorrect. You may use your FB account, or you can create a new Spotify only account, which at least is what I did.
there is no other model
Really? I take it you've never bought a book? Subscribed to a high-quality periodical operated without advertising? Seen a free performance or presentation put on by enthusiastic hobbyists (at their own expense) for the fun of it, or paid for tickets to a non-free performance? Visited a public library or museum? There are many alternate models, in active use, often producing higher quality results than mass-market ad-supported commercialized dreck.
I put up my own web content for various special interest hobbyist concerns on my own dollar --- for literally pocket change even on a student's salary. I can't buy a cup of coffee for less than my monthly hosting expenses for sharing content within my (non-corporate-mediated) social communities. Submission to the demands of megacorporate advertisers --- so they can pass back immensely multiplied costs elsewhere --- is not the only option.
You're talking about Wikipedia: note, Wikipedia isn't ad-laden! Despite serving up a huge volume of material, Wikipedia manages to do so on a community-supported model without advertising and tracking scumbaggery embedded in every page. You want a large-scale functioning example of alternate models, and you've just provided one yourself!
Wikipedia is an example of a still centralized, but advertiser independent (donation supported) distribution model. If you wanted a more decentralized Wikipedia-like system, you could adopt a bittorrent-like model: lightweight centralized indexes of content, but generally downloading the bulk of content from peers. For the thousands of people downloading "Algebra" between edits, the central servers would only need to distribute a handful of updated copies, then direct future requests to grab the page from distributed shared sources. Various distributed servers could take "responsibility" for hosting ranges of (alphabetically organized) words.
And what about search engines, do we just have thousands of search engines who each only catalogue a tiny portion of the web?
If a serious need arose, it's possible to devise distributed indexing models. Consider: what Google does doesn't require one massive supercomputer with a globally shared memory space to process every request; their algorithms already work with more loosely coupled distributed computing systems. Many people banding together could generate distributed indices. Furthermore, a peer-to-peer reputation based ranking system could help fight back against SEO douchebaggery screwing with search results --- the distributed cataloging system could include much more "real human" evaluation of "this is a good and relevant site for this search term, not just a keyword list on a domain squatter's site."