Slashdot Mirror
Ask Slashdot: Will the NSA Controversy Drive People To Use Privacy Software?
Nerval's Lobster writes "As the U.S. government continues to pursue former NSA contractor Edward Snowden for leaking some of the country's most sensitive intelligence secrets, the debate over federal surveillance seems to have abated somewhat — despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata. Even so, will the recent revelations about the NSA cause a spike in demand for sophisticated privacy software, leading to a glut of new apps that vaporize or encrypt data? While there are quite a number of tools already on the market (SpiderOak, Silent Circle, and many more), is their presence enough to get people interested enough to install them? Or do you think the majority of people simply don't care? Despite some polling data that suggests people are concerned about their privacy, software for securing it is just not an exciting topic for most folks, who will rush to download the latest iteration of Instagram or Plants vs. Zombies, but who often throw up their hands and profess ignorance when asked about how they lock down their data."
two words: television, facebook.
With the exception of a few people, American's just don't care about anyting-- unless it interrupts their viewing pleasure.
no. People don't practically care plus they have the memory of a fish.
If you send an email "through the cloud" (and how else are you going to send it today) then the NSA collects the "meta-data" (at least).
If your message is encrypted then the NSA also holds onto the message. Even if they do not decrypt it.
If you store your data "in the cloud" then the NSA can copy that as well.
Being able to erase stuff on your personal machine does not matter in these instances. Even if the average person could understand the issues.
That's an easy answer, Mr. Betteridge: no, it won't. (People are way too much comfortable with not being careful about their privacy, otherwise the whole Facebook thingy would never have gotten off the ground. Now you're asking them to become techno-savvy just because of privacy reasons?)
Ezekiel 23:20
We already know that the NSA flags encrypted traffic as suspicious and keeps it forever. If we assume they have enough computing power to target on a particularly interesting set of data (based on headers and routing info which can't be encrypted or it doesn't work), then how is it much better than having them store your data in the clear?
Some techies will, but most people won't. They don't care.
...despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata.
Looks like the MSM's tactic to make this all about the messenger rather than about the revelations has worked again!
The spooks decide to make using such tools a felony.
After all, they don't want people to NOT be spied upon now would they?
Use this software, and you are a criminal by default. You are nicked!
You don't have the right to remain silent and no lawyer will be made avilable to you.
The NSA gets a great deal of information through metadata and traffic analysis, so how much does encryption really matter? It might even call more attention to yourself: If you are just somebody surfing an Islamist website or emailing your school friend in Pakistan, the NSA will note it but possibly ignore it, if there's nothing else suspicious to connect you to. But if you are sending streams of encrypted data to those same locations, wouldn't that raise red flags?
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
I made a tutorial designed to help non tech-savvy people set up usable email encryption and even with the best narrator and script it's still terrible.
There are way too many steps involved, and in spite of how radically the usability has improved over the last decade or so it's still not at all user friendly. Default values are set poorly; things that should be completely automated and happen transparently in the background, like keyserver operations, require manual intervention.
It's almost enough to make me suspect a consipracy to keep these tools out of the reach of the average user, but realistically I suspect (unproductive) laziness combine with a lack of empathy for non-experts is the real culprit.
Polls showed that more than 1/2 of American's weren't bothered by the spying..
51% also voted for Obama a second time..
Coincidence?
First of all, to use these software are hard to use for the average person. Second, some concept are very hard to understand, like what is man in the middle, and why does the NSA "keep" the encrypted information. (This is easy to understand for people in the business but not for my parents)
And finally, I have personally use some of them and they have "lots" of bugs.. I mean, does not work properly..
And you want me to trust some company that opened it's door less than 2 years ago ?
Reddit is a much more fun site and more positive experience.
But does the NSA monitor them more, or less?
Sheesh, evil *and* a jerk. -- Jade
I'm in IT and I can't figure out the gibberish that passes for documentation on open source security products. Without exception, they presume you already undrstand the issues, or they explain them badly...
On twitter recently #drm was trending over the ms new console. People might not think it issue 1 but somehow the eff have pushed in to people brains.
End to end encryption does not exist, a design flaw.
Ssl is tied to domain names, I had the recent experience of purchasing ssl on a site with no ssl. The irony of that statement i will let sink in
Will the NSA controversy drive people to revolt against their government and overthrow these dictators?
Yes we live in a dictatorship - Any idea of a republic or a democracy is simple a lie, a sham, fabricated, completely false.
Seriously, fuck a privacy software. People need to handle things their own way - and I'm not talking about installing some privacy software to make the ass fucking more smooth.
If all of the past disclosures and leaks haven't prompted them to do so, why would this one be any different? Did people really think the NSA put their toys away and went home after the Room 641A exposure? It's not like that was ancient history. It's the core of Congress' retroactive grant of immunity for warrantless wiretapping which was all over the news less than two years ago. And domestic spying was old news even before 641A.
Polls showed that more than 1/2 of American's weren't bothered by the spying..
51% also voted for Obama a second time..
Coincidence?
Meaningless, unless you show correlation between the two sets.
Sheesh, evil *and* a jerk. -- Jade
Most of the comments I have seen here have been depressingly (and unjustifiably, IMO) negative.
I think it is obvious that people are becoming more concerned about privacy, now that they see how much of it they have inadvertently allowed to be taken from them.
I only hope that when they start using "privacy protection measures", they don't forget to fight against the reason they need to: abusive assholes (at least half of whom seem to be in government).
With all the recent talk of internet privacy in light of this NSA business, I decided to start using tor.
Particularly because using tor makes one a target for NSA tracking.
I am sure the NSA will be extremely interested in the onion-routed search I did tonight: "Why do cats smell like ham?".
um who do you think the "girls" are? This is the internet, everyone loves games and all girls are really government agents spying on you.
i thought once I was found, but it was only a dream.
It may speed up adoption of FOSS (or homegrown) by other countries.
Though OTOH, I can't imagine any of them would have been blind enough not to see this coming.
As for terrorists, didn't aQ switch from cell phones to couriers about a decade ago? Anyone who gets found out on the basis of the activities we now know about is either careless or stupid.
Sheesh, evil *and* a jerk. -- Jade
As mentioned, if enough people become that concerned enough that they'll encrypt all their communications, they'll all become targets of suspicion. At the same time if you can get enough people to encrypt their data, the NSA will drown in their own data flood. The problem is getting literally everyone on the net to start encrypting their communication. Would that be considered an act of protest or an act of treason?
But, unfortunately, before they reached that failure point they would have laws passed to make it illegal to protect your privacy via encryption.
Arguably, people are entirely correct when they throw up their hands and profess ignorance. The fishing-expedition style attacks that have been revealed so far appear to concentrate on a combination of sniffing out activity between nodes on the network(which are also the data required to route traffic between those nodes, which makes hiding it difficult) and getting wholesale dumps from collaborating companies(which you pretty much have to assume is all of them unless specifically proven otherwise on jurisdictional or architectural grounds).
The problem trying to counter that sort of network based attack is that you can't really 'just install security software' and have done with it. Everyone you wish to interact with has to as well. There is no software, however much expertise I am willing to bring to bear, that will allow me to send a message to user@gmail.com without showing up in the monitoring of his account. Same deal for phone calls, and others.
several non-tech folks have stopped communicating with me except for face-to-face, simply because they don't want the government to read our conversations. my text and emails have gotten very matter-of-fact ever since the snowden revelations leaked.
as a result, i've been researching the available encryption resources out there so we can actually have private conversations without worry. there aren't many that are really simple to use and actually effective. i'm talking with a friend about setting up a home server we can VPN into for chat sessions until there's a workable solution for non-tech types.
i've wanted to do this for a while, but no one else around me cared. now they care.
Why would the average person give a fuck about their privacy? Most people have nothing to hide, and unless they are a fanatic or a hobbyist, they could not care less who reads their stuff.
This security stuff is NOT about the average guy, though. It's about movers and shakers... politicians, lawyers, businessmen, members of the media... people who have power in some ways to affect change, and who communicate in ways which REQUIRE privacy.
Likewise, the NSA monitoring the average person does not matter in the least. It is about them monitoring movers and shakers. It's about people who could potentially upset the powers that be.
So cut me a break with the ruminations about whether Joe Six Pack or Susy Soccer Mom is going to encrypt their email. The real question will be, will the next candidate for high office, who aims to shake things up, and who thinks the current Republicratic overlords need to GTFO... the question is... will he us it, and will he continue to be monitored.
Mod down people who tell people how to mod in their sigs
I think the whole fiasco is going to convince a lot more companies located outside of the U.S. to stay away from U.S. based cloud-providers and SaS. As a Canadian, I'm looking for a Canadian cloud provider that guarantees data is located in Canadian data centres, is Canadian-owned (U.S. law treats subsidiaries of U.S. companies as U.S. companies), and is only subject to Canadian laws.
I suspect many non-U.S. companies are going to do the same- I'd rather be subject to laws I have some influence over.
The problem is it's really a pain to use encryption on your email and the end result is no one will send you email, which defeats the purpose of having email.
It would be really great if SMTP had a way to query for a public key so it could be encrypted before sending automatically. That's the only way I could ever see encrypted email becoming common, and even then there are a lot of difficulties.
"First they came for the slanderers and i said nothing."
As a result, the US passed the Patriot Act, legalizing the mass surveillance of US citizens and providing retroactive immunity to those who broke the laws that were against such surveillance in the past.
So, now we're seven years later and some guy re-reveals the exact same mass surveillance apparatus, with some new evidence. The world is shocked, SHOCKED, that this sort of thing is going on.
I think the answer is safely "No".
you get the idea.
Answer so far is no.
https? no way, i'm too lazy living off my fat slashdot editor salary.
You can tip the system in your favour when you're being watched, you can have "them" know what you want "them" to know. Make everything you do on the Internet with companies as public as possible, so the authorities have nothing additional to what the rest of the world already knows. Treat the corporatocracy that is the mainstream Internet services like being outdoors in public and treat your own personal computer(s) as the private area and simply use encryption there. That way, when you use Free, Open-Source Software you'll maintain privacy on your own machine without arousing the suspicion of the authorities. The end result is transparency that even public figures do not have, "they" think they have everything but you still have real privacy on your own private network(s). When you need to communicate with friends privately, bridge networks using a VPN. Stick to common sense and enjoy your life, the NSA have won nothing if you use your brain and stick to keeping things you can't make public as private.
... that I still do not know what to think of it.
...
I thought that the "Skype" had a strong encryption. I did not know that my conversations with my spouse were supervised and recorded. Gosh
Doesn't matter if you are on the "up and up". Things can be taken out of context. Might as well not give them ANY ammo to use. They say to always exercise your right to be silent. This is a preemptive way to do that.
I think you would be stupid not to try and keep your personal information away from strangers. Also make sure to kill your RFID chips in your credit cards. But for the rest of you, ignorance is bliss. Enjoy.
Make a video with fewer steps.
Worth the trouble? You should weight how much it costs you privacy vs what could cost you don't worry about it, but unfortunately, english is a bad language to realize how important the future is.
How it could affect you? You can check what have the FBI/NSA about you. You can see precedents of what NSA did with private information (if that the respect that soldiers in the battlefield deserve, good luck about you). You can see the starting trend of misusing information and how it could impact you in the future.
I think that the widespread perception of the danger is not enough... yet. But as jailing/killing the people that could inform you about the real situation is the new normal, you probably won't be aware of why you should had done it before until it hits you. Or won't have the chance, as the next salvo probably will be outlawing consumer encryption (it already started). Some of the things that you can do could be complex or cumbersome to do, but you can start progressively with this tools, taking the path of least resistance, it will protect you not just from the NSA, but from other evil people and organizations too.
.... in a word "Sheeple" for the spying on the people is not to find so called terrorist and it never has been, but is as a part of the manipulation of the people feedback loop for which the controlled news media often refereed to as MSM (Main Stream Media) is the other part. To make the spying useless the sheeple need to stop watching or reading MSM and awaken into being real people aware of all the corruption the government is involved in at the expense of the tax payers. Reading the Declaration of Independence would be a real good start in waking up. Applying the instruction the founders wrote in it, would prove one is awake.
I didn't watch your tutorial, but I found installing PGP virtually trivial. It was a matter of running it, and pressing "return" a few times to accept the default key sizes and such. That was it.
If, as a population, we've reached the point where doing that is considered "hard", then I weep for our species. It's all over - maybe the next intelligent species will do better than we did.
Yep. And, regarding your "even if they do not decrypt it", I can't help quoting one of my favourite books on security: "The main problem facing the worldâ(TM)s signals intelligence agencies is traffic selection â" how to filter out interesting nuggets from the mass of international phone, fax, email and other traffic. A terrorist who helpfully encrypts his important traffic does this part of the policeâ(TM)s job for them. If the encryption algorithm used is breakable, or if the end systems can be hacked, then the net result is worse than if the traffic had been sent in clear." (See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c09.pdf p31)
VKh
You're doing it wrong.
Our corporate overlords are already dealing with those pesky users daring to hide their online activity from prying eyes of NSA. Expect more measures to dismantle last remains of privacy - including choking off privacy tool vendors, labeling users of such tools as 'terrorist suspects', somewhat skewed patent lawsuits, outright banning certain classes of tools etc.
Privacy software will be a red flag, they will see this coming a mile away, hell, I wouldn't be surprised if the NSA wasn't indirectly funding a few of these apps themselves just to give you some false sense of security.
:)
:)
In the end, if you want your privacy, well, keep it private!
But beware social media and most of all, be smart. You don't want people to know, then don't use electronics for your very sensitive stuff, or at the very least, keep it hush, sneaker net, or word of mouth.
Sure you could be a genius and create your own e-mail and electronic data transfer app with your own private key system for security, using your own encryption, and perhaps, passing this info and software only to those in the 'need-to-know' and then, use the old snail mail system to distribute the software and the key(s), etc..
If you have need for this, well, you lead a way more complicate life than I would want for myself!
Despite claims to the contrary, most Americans approve of NSA spying. If they cared, the people in power would be voted out of office. I would be willing to bet that roughly 99% of all votes cast in the next election will go to the ruling Republicrat party and absolutely nothing will change. It may even get worse. I will be voting for a third party like I always do, but I seem to be an oddity.
Please tell me you're not a software developer.
If you think the problem to be solved is as simple as making it easy for users to install PGP and create a keypair, you're like a contractor who pours a foundation and then declares he's just completed a skyscraper.
...despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata.
Really? Maybe the submitter needs to learn to use the Internet better.
http://www.buzzfeed.com/ellievhall/40-best-signs-from-the-restore-the-fourth-rallies
I've little to add besides my agreement. Privacy cannot be assumed in public spaces. Nothing's more public than the Internet. Act accordingly.
... because exchanging public keys with someone from that point is really, really hard?
Privacy software is no answer. It is only a panacea and does not address the disease.
The disease is the perception of power that the National Security Agency and its bureaucracy gives to the President and Federal Government agencies who answer to the President.
The only way to rid this disease from the USA is Civil War to destroy the Federal Government and all its institutions and current employees.
However the USA may not be at the point of Civil War with the Federal Government for many years to come.
The disease will continue to grow and spread as long as there is food to nourish it.
When the rate of growth exceeds the rate of food consumption the disease will be unsustainable and weaken.
If the reproduction rate of the disease can also be attacked then unsustainability will be strengthened and the disease further weakened.
Perhaps more importantly, it will lead to use developing new protocols that employ decent security. This is needed. For example, all email should be sent encrypted, not clear text. In addition, email should be re-developed so that it pushes a distributed architecture while removing the spam.
I prefer the "u" in honour as it seems to be missing these days.
My classes in Internet Security at http://www.freegeek.org/about/classes/ were pretty well packed yesterday.
There is nothing wrong with yr Internet. Do not attempt to adjust the picture. We are controlling the transmission - NSA
It can be done, the system needs an overhaul, as companies route data in an insecure or unencrypted manner then those companies are at least in a position to snoop. If these companies become excessively profit driven or are obliged to (Plc) then that data is a profit center and no longer private.
Encryption is no where near enough though! If anyone knows where our data is they can corrupt or steal it, or force you to give up passwords to it. It needs much more than pgp email or similar as these are layers on top of a currently brocken system. SMTP etc. will require servers and these can be snooped on and until we move away from servers and allowing others access to our data then it's going to continue as is with loss of privacy and ultimately liberty.
Huge disclaimer I work for this project novinet it's open source (dual license) and aims to provide people with a network that ensures privacy and security in a manner that's invisible to people and this is key. It's very new and like all new ideas will have detractors, but when people dig into the detail it becmoes clear that this or something very like it is required if we want privacy ever again.
If hackers focus on this issue with the above project or other ideas to achieve the same end goals then it will be achieved. My contention, however, is that we need another way of putting our data on this Internet of ours and we need to do so in a manner that allows more options than today with much better user experiences. From experience though this is not a simple job and does require a lot of new thinking and more importantly it requires to be available to everyone, not a % of the code and ideas but 100% available, however that's achieved.
Polls showed that more than 1/2 of American's weren't bothered by the spying..
51% also voted for Obama a second time..
Coincidence?
Meaningless, unless you show correlation between the two sets.
More than meaningless, when you consider that Obama simply expanded on his predecessor's groundwork. Unless you're willing to consider that exactly the same people voted for Obama as voted for Bush in this era of polarized politics.
I could encrypt my communications in order to drive up the marginal cost of Prism-like surveillance. However, since I have nothing interesting to hide, I'd do it if the cost was minimal (transparent in my apps), and it was transparent to my receivers, i.e. zero effort on their side.
However, as long as the most important data, the metadata, is still plain to read, I'm not that interested. If I can't hide that I'm sending an email to person X or a text message to person Y, then I don't really have any privacy with encryption either.
You're never going to bring masses to a new platform in order to get privacy. You've got to bring the privacy to them. Making it possible and easy for users to encrypt their messages does not protect metadata, but it's a significant improvement over the status quo. It will have a larger positive effect than asking users to abandon email for an entirely new platform - the network effect ensures that.
That means "click and send" only. nothing else. at all. If you expect the plebes to be exchanging keys, I have a bridge to sell you.
Encryption should be there by default. And it has to be easy. Ideally the email program should be encrypting all emails from and to people in my contacts. Just automatically generate a key for each contact... Can't be that difficult.
Considering how many people on this site are pirates, then yes, NSA monitors Slashdot more.
Just because we know how and don't subscribe to DRM and other crap doesn't mean we're "pirates".
The cesspool just got a check and balance.
They expect privacy and security, as long as someone else takes care of it.
Considering how many people on this site are pirates
I don't know, how many Somalians are here?
Ezekiel 23:20
What is this article on about? Who the fuck is SpiderOak, Silent Circle? GPG, pgp, gnuPG are standards of encryption, not some un evaluated service, or new software.
And there are *literally* people taking to the street:
http://news.cnet.com/8301-1009_3-57592368-83/san-francisco-protests-the-nsa-spying-program-in-july-4th-march/
http://rt.com/usa/nsa-protests-july-4-700/
http://mashable.com/2013/07/02/restore-the-fourth/
And these are just the top 3 google news articles. I agree that the software solutions are terrible, and hard to use. And I agree that the news media are doing a good job of shifting the focus to: "Edward Snowden for leaking some of the country's most sensitive intelligence secrets". Which is agonizing to watch, but not half as agonizing as stupid articles like this couched in the voice of the people, but in actually spinning the story away from the truth.
People are angry, there are secure solutions, it has to be open source and on your own computer under your direct control to be secure. Open source software development is notorious for flubbing the user experience, but that is the bad news. We do care about privacy and personal security, we can fix the software to be easier to use, and we are actually fighting for our rights. So STFU with your crap message about our doomed future, and stupid populace. Of course it's not easy, but people like Snowden keep coming along and reminding us to be more vigilant.
The average user doesn't care about it. I mean, if you ask them they'll say yes, but they don't do anything about it. Talk like they care, act like they don't. It's how governments get away with it in the first place. If this had kicked off pre-9/11 then things would be slightly different, but not much.
Please tell me you're not a software developer.
If you think the problem to be solved is as simple as making it easy for users to install PGP and create a keypair, you're like a contractor who pours a foundation and then declares he's just completed a skyscraper.
No, he's like a government security contractor who doesn't screen employees walking out for usb keys.
Recently, I tried to add a signed key to my emails so people could "prove" they were from me. I was requested by everyone using some Microsoft package for email, to stop, as Microsoft was messing up the formatting of the email, and adding the key as plain text to the email, unlike other packeges I was using and treating the signature a bit like an attachment, something you can click, but is not shown as part of the main message.
So until this rubbish is sorted out, people will not be able to use even simple things like signing messages, let alone encrypting messages.
Take Nobody's Word For It.
Yes we need to make continuous improvements for sure. There are many ways and many issues but that is the hacker way, we try them all. We need to get back to the start and do it properly, getting there is, as you say, not easy but if we are to go forward freely then we must do something and face the challanges those changes will bring.
We are the problem not the end user.
We have failed to provide basic communication infrastructure that protects the end user.
Expecting people to use optional add-on technology requiring x additional software and y additional knowledge is obviously not going to happen regardless of how small x and y can be made.
The only way to fix the problem is wholesale replacement of existing bullshit (e.g. SMTP) with a solution that is secure by default. Users simply must not have the choice of skipping rational and meaningful key exchange steps before communication. It can be made easy or hard to give users control of the security tradeoff but it must not be optional.
Will the NSA Controversy Drive People To Use Privacy Software?
No.
Not here in A-meh-rica.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
To be able to use encryption effectively, you need to understand how it works.
Case and point is the current CA system for SSL communication. It is completely retarded to believe that it is secure from 3 letter agencies, yet, most people think it is "secure" because they have some lock on their browsers. Not only they believe it is secure, they believe that it is not possible for the information they enter to be compromised. They lack understanding on what SSL+http even refers to, never mind understanding how it works.
Encryption cannot be made effective and user friendly. It's akin of making user friendly firearm. All you will do is getting more people hurt due to their misplaced sense of security.
Take another example. Tor. Tor is already heavily curtailed by western spy agencies. They either control the nodes (many are sponsored by them) or they monitor traffic between to/from the nodes. That way they can figure out who is communicating with whom by analyzing traffic patterns.
As I keep repeating over and over again, *what* is being communicated is less important. The *what* can be determined other ways than technological (search warrant, coercion, etc.) No, it does not mean torture. They can simply say "decrypt it or you go to jail for contempt until you decrypt it". All legal. All used already.
This is why "it is just metadata" is the largest bullshit of the current century. Hence encryption is almost meaningless when it comes to 3-letter agencies.
everythign now gets encryption THEY ARE after all storing it all cause they cant decrypt it ...yet....
THUS i calculated that about 150 billion a year will shortly be the cost of hard drives for this operation.
when it gets to 300 billion and what point will the usa say that one plot catching per 5 years is worth 1.5 trillion ?
and the peeping toms you work for ok...its sick and a weird behaviour...
and failed
and im biting back real hard.....
and ill add
you sacks a shit better smarten up
your only 300 mill vs 6.8 billion others, it wont end well if you keep up with no real friends.
Please tell me you're not a software developer.
If you think the problem to be solved is as simple as making it easy for users to install PGP and create a keypair, you're like a contractor who pours a foundation and then declares he's just completed a skyscraper.
Indeed. The real problem can be seen in the following rhetorical question.
How many lightbulb moments does it take to change a nation?
Run this on your little RPI Router:
https://bitbucket.org/hroll/alternative-f-r-unschuldige/src
All the users need is already on their systems (an https www browser) and a password. One guy needs to be able to run a tcp server via a DSL modem. Geek 101. Use TOR for anonymization.
NSA will translate the German strings for you at translate.google.com. Feel free to change the strings and to modify whatever you need. Copyright is with you, the 99% they want to make transparent like communications fiber.
@NSA: If one of you have a conscience left, forward this message to a distribution list built from your haystack. Thanks.
Some people (like myself) are a bit paranoid and already surround ourselves with encryption. We pretend that it actually makes our lives more private, and it does to a small extent. It's not actually changing anything, or addressing the root issues, but it makes us feel a bit better.
Some people will have been shocked by these revelations. They'll be waking up now and realizing how bad things are getting and how much steam this out of control locomotive has picked up. These will be your new privacy software adopters.
I swithced to e-mail from Yandex.com (based on Moscow) months ago. The KGB can read the data, but it does not share it with the NSA. My friends now encrypt all messages using OpenPGP keys. All your data gets stored somewhere, but spread it around so it isn't all stored in the same place. Washington, Moscow, Beijing don't tell each other your secrets. spread your business to all three and nobody knows everything.
Analogy: Your neighbor knows what time you leave for work in the morning. The office guard knows what time you arrive at work. But only by sharing information can they compute how fast you drove. Merged databases are much more dangerous than isolated databases.
The key to protecting your data: SPREAD IT AROUND.
P.S. I live in Bangkok. Edward Snowden can sleep on my floor any time.
https://bitbucket.org/hroll/alternative-f-r-unschuldige/src
Even though it is not OTR, I do claim it is already dead-simple for everybody, including the guy running the server.
Even ignoring informants could compromise anything: http://slashdot.org/comments.pl?sid=3942179&cid=44203093
Our society needs to face up to all the implications of this new technology and transcend to social structures built on a post-scarcity paradigm and ideas of intrinsic & mutual security. That entails extensive rethinking in many areas including economics, education, manufacturing, security, governance, healthcare, welfare, and more. It's hard to argue that hiding what you have to say is going to help a lot with a global mindshift in that sense.
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
"but realistically I suspect (unproductive) laziness combine with a lack of empathy for non-experts is the real culprit."
Reality is no one predicted the internet and that the human mind never evolved defense mechanisms for electronic and invasive spying. If you follow someone around with a camera, they get upset and/or call the police. Do even worse electronically and the human mind for many doesn't give a fuck.
It just comes down to the fact the human brain did not evolve mechanisms to safeguard oneself in this kind of environment.
I call guys like you "Headless chickens". TOR is something of the best we have. Route your traffic via Russia and Mongolia if you think that is necessary. And, build your own Mixnet system, which transmits and receives at a constant rate. That is going to do it to their traffic analysis efforts.
Besides, there are tons of orgs without a "total picture" and TOR does defend you against those. Think of Vodafone, the Italian mafia, Russian crooks and the special operatives of your own financial industry, which might be the worst menace of all. Including NSA.
CatKeys. Mod GnuPG so the keys are cute and fuzzy.
There is nothing wrong with yr Internet. Do not attempt to adjust the picture. We are controlling the transmission - NSA
Boys and girls on Slashdot don't care if there are boys and girls on Slashdot. We're all nerds here, Mr Ijustmadeanacounttospamreddit.
As a Canadian, I'm looking for a Canadian cloud provider that guarantees data is located in Canadian data centres, is Canadian-owned (U.S. law treats subsidiaries of U.S. companies as U.S. companies), and is only subject to Canadian laws.
Good luck with that. Canada is one of the senior partners of the ECHELON program (a program that mandates the exchange of information).
And even then, the ECHELON program isn't abiding by any law, whether they be Canadian laws, British laws, or even US laws.
It's also good at making you look bad without having to actually be (particularly) bad; the concept that "the winner writes the history" is a truism. You will NEVER be the winner in any contest with the security agencies. And, since our magnificent congress no longer resists making ex post facto laws, what you did legally today may be made illegal tomorrow, and here comes that knock-knock.
In a nation that does not respect informed consent, you will never be safe.
Does a bear shit in the woods?
A normal person for normal communacation SHOULD NOT have to encrypt their comunications no more than a person has to speak in code when talking in a public setting. Our goverment should not be spying on us. The problem is not that people are not using encryption, it's that they should not have to. This is exactly the reason there has to be a right of privacy so people can speak and think freely and unhindered.
There is information that is explicitly private and people should be educated in use of encryption to secure that information. But for normal day to day data, it's an unecessary hinderance.
Comment removed based on user account deletion
Comment removed based on user account deletion
You people are a bunch of circle-jerk paranoid obsessive
compulsive pathetic losers.
And you don't have the first clue what it takes to really have
privacy.
I'll give you one hint : the spooks are so far ahead of you if you knew
just how bad it was you might just take a bottle full of Midol and end your
PMS symptoms for good.
Create a keyword substitution code. Make a list of keywords for your subject, and a list of substitution words. Let the the most frequently used substitution word be "Viagra". Your message will land in the NSA's spam bucket and be forgotten.
There is no substitute for common sense. Especially, no body of rules will do.
The Serval Mesh software for android encrypts voice and text messaging by default. Though it's focused on enabling communications in a disaster when everything else has failed, and doesn't have any internet based message routing. It's perfectly fine for a small community, or for sneaker-net based messaging.
They're also starting an indiegogo campaign to build and sell a device with much longer range than Wi-Fi.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Or better yet, transparant government. Demand it by law. No more secrets.
I think technology and progress are the natural enemies of privacy. Less privacy is inevitable. But it should be both ways.
After all the governement is the people, and both business and polics are both games best played in broad daylight.
Seriously, just what is the point. By this time all good privacy software is riddled with government mandated back doors.
The only way would be through open source software. But then again, what would be the point? By this time all commercial operating systems purposely leak private information by design to the corporation for their "marketing partners" (anyone willing to pay, including the US government with just takes using their secret laws).
The only way would be an open source OS. But then again, what would be the point. By this time all hardware has doubtless been compromised by either the US government, or the Chinese government.
So, please tell me. Just what is the point? Everyone is up in arms over the NSA's "questionable" behaviours, but I notice not a single recall petition against Obama, or those congresscritters behind the so called "patriot act" has been filed. Not a single demand for criminal investigation of all the three letter agencies involved, or their corporate masters.
Here is a solution. Modify Thunderbird, or create an add-on. Upon installation, generate a key pair without even asking the user. Encrypt the private key with a generated password, which is stored lightly obfuscated in the registry or somewhere. Totally insecure, of course. Append a special Mime attachment to every outgoing mail, with the public key. Check every incoming mail for this kind of attachment, and store the contained key in the address book. When sending to recipients whose public key is known, encrypt automatically.
In a short time it will be known that if you use Thunderbird, all mail exchanges with other Thunderbird users will be encrypted, with no hassle for anyone. People will begin telling each other about it.
Offer a configuration dialogue to set a proper password for the private key, a password which is not stored, but will be prompted for. Nerds and people who needs it will use it. But mails on the wire will look no different, and attract no more attention from the NSA.
Provide a simple synchronization function for those who use IMAP and multiple PCs/laptops/ipads.
This will make people switch to Thunderbird. But only if it's Thunderbird or something with a similar user base, not some new and obscure app.
Then the makers of other clients will add similar and compatible features to their stuff. The ball is rolling. At some point Google and Hotmail will offer snake-oil competition, encryption with the host controlling the keys. A few years later they will offer encryption in the thin client, with the keys stored in the user's system.
There is no substitute for common sense. Especially, no body of rules will do.
Anyone here have a fuck or two to give to Mister Google Fanboys as a parting gift?
No? Oh well.
This space unintentionally left blank.
The massive use of Facebook kinda shows that very few people give a shit about piracy. It is possible to use Facebook reasonably sensibly if you only provide the minimum required for it to work, but then its usefulness is hampered and the vast majority of FB users prefer to fill in every single field available on their profile.
The thing is, yes, the NSA et al are not interested in the average Joe as long as he remains an average Joe. But if that average Joe suddenly emerges as a "threat", by organising some big Occupy movement etc, they will already have all the private dirt on him they need to discredit him if necessary. This is why the average Joe should care, even if he doesn't. It's about the future, not just the present.
... unless thy start selling data to advertisers.
now we need to go OSS in diesel cars
I didn't watch your tutorial, but I found installing PGP virtually trivial. It was a matter of running it, and pressing "return" a few times to accept the default key sizes and such. That was it.
If, as a population, we've reached the point where doing that is considered "hard", then I weep for our species. It's all over - maybe the next intelligent species will do better than we did.
When it comes to humanity, always bet on stupidity.
That little logic bulb went off in my head a while back. There are a left and right voting population who never vote for another party. Then there is a small non-partisan swath which the politicians focus on, learn how to manipulate, and which virtually decide every election. So yeah, the same people who put Bush in office also put Obama in office. This is a rather trivial point of logic once you realize it, but most people never do. When their guy "wins" they just file it away in the back of their head that a majority of people in the country unified on a specific choice because of the reasons *they* tell themselves that they voted for the person--when in fact they were never going to vote for the other party, even if Zombie-Hitler was running on their ticket.
I object to power without constructive purpose. --Spock
I made a tutorial designed to help non tech-savvy people set up usable email encryption and even with the best narrator and script it's still terrible.
Thanks. I found the tutorial useful.
Webmail operators don't offer IMAP or even pop3 support easily. Most of slashdot has webmail accounts with the major us providers ousted in the leak, even if they use something else for work or main personal email. The issue is with securing those accounts for maximum impact. Incoming mail from online subscriptions and pw resets and non-tech friends will still remain mostly unencrypted. Most slashdotters serious about this will end up segregating security by creating even MORE free (bugged) accounts for their tech-savvy friends.
Someone else here said that encrypted data can put you on TLA watchlists. We're just trying to be safer and protect our friends, but doing all this within the USA is counterproductive even if they can't decrypt our random stuff --metadata is bad enough. I don't use personal email enough to keep me encouraged for long, but will probably play around.
I agree with dcavens. My company -- European -- has hired the services of US hosting companies since 1998 and now is looking for new hosting providers in Europe, not the US, not the UK, not Canada -- sorry for this, but those governments doesn't seem to care much about privacy issues or laws. Sweden or Switzerland are the more probable countries we are moving to.
Young people do care and do protest, get out there and meet some dude. You know none.
And 95% of yougsters do put rubish in the the bins, and wtf have potholes got to do with any thing? The local council fixes that, from the rates they charge.
Old people , well their children should help.
The hungry can all be fed, if the damn USA or military stopped buying for 1 week.
Wasted space is most likely owned by DoD corps.
TV shows have a purpose as did Shakspear or Drama on stadiums in the old greek cities, yes fiction drama is and always has been around. Its not just mindless.
TO SLASHDOT, your code sucks, how is Grrrrrrrrrrrrrrrrr triggering a repeating filter? Can your code hihlight it in future or is that too hard?
WTF is this ???? Your the lamers.
Lameness filter encountered. Post aborted!
Filter error: Too much repetition.
Liberty freedom are no1, not dicks in suits.
Test results went OK
Wikipedia says that Yahoo Imap forbids desktop clients. Verizon doesn't provide Imap support. Bit the bullet and tested OK over gmail. I might add a sig pointing to the same tutorial to help spread the word with tech friends
Thunderbird has removed the checkbox that silences subject-line-free mail under the "Sending" tab.* I didn't find a about:config pref and saw that people resort to some TB extension to fix it. Along with the Tabs-on-top, menus-are-hidden-by-default-for-no-reason, there are subtle signs of Mozilla's controversial Firefox GUI decisions creeping into this sister project. Oh well, I doubt Eudora mail and Windows Live Mail support this Enigmail tutorial out of the box.
C'mon nerds. It is sad that nobody has stepped up to make an alternative to Gmail with strong encryption on disk. We have all kinds of options for encrypted cloud storage, but not email. Looks like a business opportunity to me.
On one side you have those that see the problem, but see no real way to do anything about it. Just a few stating they don't want to bring (ahem) attention to themselves. On the other side you have those that will do nothing. Who state you can't do anything because security in the States is not really security. Most security in the tech world is done by third parties that can be breached by the NSA. You also hear of those that complain but see no outlet because big tech companies like Facebook have so far gotten a free ride at the expense of their members personal information. Policy means nothing unless the public is actually protected.
... and the reaction of EU governments is very sad. They all have blood on their hands!
... its classified secret then leaked....
Since we don't really know the keywords we cannot really be sure when a human is monitoring us or just a computer. At this point it seems pretty obvious that at least a computer monitors EVERYTHING. Something I would have considered paranoid before Snowden let us know what is really going on.
If you want to have some fun, you can set up your mail software to throw in suspicious keywords into the (MIME headers) of your messages:
http://www.gnu.org/software/emacs/manual/html_node/emacs/Mail-Amusements.html
https://github.com/emacsmirror/spookmime/blob/master/spookmime.el
If you're not going to use encryption, you might as well have fun with your plain-text.
We've been reading this kind of shit here on Slashdot for at least 15 years now. After a while you just fucking give up. The human race is hopeless.
Most of us here are part of the very small minority of humans that gives a shit about their privacy and about chilling effects of widespread electronic eavesdropping, not to mention the possible future ramifications of STORING all the data they are now storing, for decades or longer.
We look around us and we see the intelligence organs of our own supposedly democratic governments building the MOST VAST AND POWERFUL TOOLS OF OPPRESSION that have existed in ALL OF HUMAN HISTORY, and yet we can't get our parents or our neighbors or ANYBODY not already in our little club to understand the implications of this or care.
History virtually guarantees that we, the human race, are going to suffer some really miserable bad shit in the future because of what these assholes are doing today. But people don't care, as long as they have their bread and circuses, they can't be bothered to be outraged. Which is why we fucking deserve the bleak future that will eventually be coming our way because of this shit.
That little logic bulb went off in my head a while back. There are a left and right voting population who never vote for another party.
If you watch the polls on political topics, they very rarely go outside the range of 70/30 - 30/70.
I usually mentally exclude 30% on each side of the poll and scale the middle 40% back up to 100, to get an idea how the nonpartisan public feels about the topic.
Sheesh, evil *and* a jerk. -- Jade
The person who posted this is ill informed, there have been several protests nation wide by the restore the fourth movement. Man slashdot I thought you were better than this.
Due to the nature of bueracracies I expect the set of people who are not on a watchlist to rapidly shrink until it's empty.
So people won't be able to read such mail on their phone anymore, huh?
I hope NSA controversy will drive people towards FOSS
Casteism
No I don't have anything to hide. So what! Damn snoops have no business in my business. I'm trying the new Japanese University experiment VPN. Works pretty good, so far. And anything private goes on over something NOT called YAHOO, GOOGLE, MICROSUCKS, etc.
Have you hear of management by exception? That "meta-data"? Those supercomputers work continuously building patterns for each person, each device. Then when your pattern changes, voila, the evil roving eye swings your way. The FBI is a domestic shill for the NSA so as to allow monitoring of citizens that is expressly forbidden by law (or was). And they have a file on every citizen and not in the USA and likely most of the planet. Mess with them. Move your IP to Japan, Korea, Mexico. Move lots. And post as a coward.
cursethedarkness
Metadata means the NSA does not access content. Encrypting your communication does not affect PRISM, assuming we're getting accurate information. Encrypt it, or not. It doesn't matter. They're not looking at content. They are looking at medadata.
With metadata, the NSA can tell is who, when, how long, and where you were when you communicated with your friends, family, local businesses, school, work. With an overview of this information, an analyst can get a very clear idea of what groups exist, where they are, how tightly-knit they are, and who the major players are. If you want to disrupt a group, you'll have a really good idea of who you need to remove (arrest/detain/assassinate) in order to do that. The group itself may not even understand how important some of their members are until they turn up missing.
Okay, that is background information necessary to understand this debate. If you're still worried about whether the NSA is going to bust you for your pot brownies or your gay affair or your racist screeds on Stormfront, or your MP3 downloads: no. That is irrelevant. With respect and no condescension in my heart, please read the first two paragraphs again until you get it. This is important.
What you have to decide for yourself is whether you trust your government, not only now, but now *forever*, to use this information purely for your best interests. You may have trusted Bush's administration, and currently trust the Obama's administration, to use this information purely to keep you safe from the bad guys.
The danger, my fellow travellers, is what will happen when bad-actors gain power. In the sweep of history, even the most exceptional nations occasionally succumb to sociopathic dictators assuming control. That same infrastructure that kept us extra-safe from the bad guys, can now be used to track down political or racial enemies, which just might include you and your loved ones.
Plus! This metadata collection is against the mandate of the NSA, which is to collect information on foreign communications *only*. Not on US citizens. It is illegal, with *no* external oversight. All this... this entire thread, is a distraction.
I looked at this, and almost all Canadian internet traffic is monitored and goes through the US.
Firstly, all of the major Canadian ISPs peer via Chicago in one way or another. I periodically check out the connections to my website from different ISPs, and the traceroutes between ISPs. From my current location, connections to Rogers Canada (Rogers.com) and Bell Canada (Bell.ca) both route through US ISPs and Chicago. I'm pretty certain that this pattern will persist accross the country (I've tried). It would be interesting to see if a connection between Rogers' customer and Rogers.com routes through Chicago too. Somehow, I suspect it might, especially if the customer is far from Toronto.
Theoretically, you could set up conversations between two computers via the same Canadian ISP, and those would be kept in Canada. However, if I had access to well-protected information, I would discover that both Rogers and Bell have sold their souls to the Communications Security Establishment Canada (CSEC), and that organization is an active partner with the NSA. Also, Bell and Rogers both have holdings outside Canada, and as such, both probably work with the NSA directly too.
Some smaller Canadian ISPs, for example TekSavvy, are probably sufficiently small that they are not monitored actively. However, in Ontario, almost all of these smaller ISPs borrow their lines from Bell Canada. As such, if someone really wanted to monitor your conversations, they could just contact Bell Canada.
Finally, I looked at the option of encrypting all my communications between two Canadian locations with the same ISP. Bell and Rogers started throttling all encrypted communications because they assumed all of their users were bandwidth pirates and "torrenting". At the time, Rogers shut down a university research project at the University of Ottawa with this policy. Thus, in Canada, encryption is no solution.
In the end, I decided (a) everything is monitored, (b) most traffic is not monitored accurately - the ISPs are primarily interested in blocking bandwidth hogs, and (c) in Canada their is no way for a single user to stop the monitoring.
I'll put on the tinfoil hat and suspect a conspiracy. Of the same kind that made 9/11 possible: incompetence, laziness, and lack of stimulation of a knee-jerk (which is the only time we get things done, if we can remember long enough). It should be amazing is that noone has lept into the HUGE chasm of opportunity and rolled out a turnkey (but, see knee-jerk).
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
"it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata."
Really? http://usnews.nbcnews.com/_news/2013/07/04/19287215-independence-day-nsa-leaks-inspire-fourth-amendment-rallies
Using privacy software is beyond the abilities (foremost of required abilities being patience) of the average American. Those of us working in technology will probably take a few basic measures. It would be great if PGP were to become more viable and https were more prevalent. To most people, looking out for their privacy means editing their Facebook profile settings and deleting contact and location information. They'll do that, and be comforted by their cosy, false sense of security.