Ten Steps You Can Take Against Internet Surveillance

Hugh Pickens DOT Com writes "Danny O'Brien writes for the EFF that as the NSA's spying has spread, more and more ordinary people want to know how they can defend themselves from surveillance online. 'The bad news is: if you're being personally targeted by a powerful intelligence agency like the NSA, it's very, very difficult to defend yourself,' writes O'Brien. 'The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.' Here's ten steps you can take to make your own devices secure: Use end-to-end encryption; Encrypt as much communications as you can; Encrypt your hard drive; Use Strong passwords; Use Tor; Turn on two-factor (or two-step) authentication; Don't click on attachments; Keep software updated and use anti-virus software; Keep extra secret information extra secure with Truecrypt; and Teach others what you've learned. 'Ask [your friends] to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node; or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.'"

Use end to end encryption?

[bazmail]

Good idea, but can't really see that catching on, unfortunately.

Re:Use end to end encryption?

[phantomfive]

And it doesn't always work, because one end is compromised.

Re:Use end to end encryption?

You're probably right. People are too lazy. They can't be assed to spend 10 minutes to set it up, thereby having it for the entire future.

But there's no fundamental reason why it can't catch on. It's easy, and free, and good even if not perfect. People COULD chose to use it. They just don't generally give a shit, and won't lift a finger to fight the surveillance state.

Re:Use end to end encryption?

Me neither. I wouldn't use Gmail, Twitter or Facebook. Encrypted or not.
I use IPv6 over IPv4 and my own encryption. /64 networks are cool.

Re:Use end to end encryption?

I use ssh for remote access, surely that is end to end encryption? Same for sshfs . . .

Re:Use end to end encryption?

é÷ÖúöÜHòÙ¥’`^&FQòÔ`sqÅxEÀÍ_,Bnâ|©1ßÉ*'

Re:Use end to end encryption?

[__aaacoe2998]

I can see this being the thing that pushes the next generation of processor development and operating system development. If companies can make encryption automatic, easy and invisible to the end users - and trustworthy, it will catch on. At first it will slow our computers which will drive demand for bigger/faster computers. Then, someday, it'll be ubiquitous and common practice.

Re:Use end to end encryption?

[bazmail]

True, but nobody outside the IT dept is going to use ssh, install security plugins like OTR or use PKI. Unless this is all baked directly into the product,is on by default amd is zero-config, it will fail.

Re:Use end to end encryption?

[SuricouRaven]

If the spies are actively targeting someone, yes. But they can't hack *everyone* - not only would it be expensive, but they'd be detected in no time at all. So if your objective is to avoid the dragnet, it works.

Re:Use end to end encryption?

[davester666]

end-to-end encryption is only part of the battle.

once anybody else has some of your data, it's over for that data. It's a business record and they shouldn't even need a warrant to have it.

Re:Use end to end encryption?

[AHuxley]

The US gov is still at the exchange/isp level with your first and last ip hop. Encryption is just a glowing sign to the NSA to 'look' and track'.

Re:Use end to end encryption?

[ObsessiveMathsFreak]

Not with major browsers like Firefox screaming blue murder at encrypted connections that haven't been officially by certification authorities. We can't have an encrypted web if browsers themselves are hostile towards it.

Re:Use end to end encryption?

[tlhIngan]

Good idea, but can't really see that catching on, unfortunately.

Even worse, it does absolutely nothing to stop metadata collection.

Every e-mail you send, the NSA can see the source and destination, even if they can't read the contents. If you believe they only collect metadata, well, they aren't missing anything. Every website you visit, likewise - they got the IP address. They might not know the exact site, but they knew you talked to that server.

And they can figure out your traffic from metadata quite easily. If it's on port 22, well, it's probably SSH. If it's 443, and they see an initial small burst of up traffic followed by a larger down traffic, it's HTTP.

If you really want to hide traffic, you need to implement two things - everyone uses the same source and destination ports for all traffic, and for the duration of the connection, the bandwidth consumed must be level. If it's a low upload connection, you need to maintain the upload for the entire duration, and any up and down traffic has to be equalized so they don't reveal anything - i.e., bursty traffic has to be made constant. This may involve uploading a bunch of random-contents "null" packets.

This way all your connections just seem to be constant traffic.

Re:Use end to end encryption?

[WaywardGeek]

I suspect this is how they caught the Silk Road guy. Tor is likely entirely transparent to the NSA, just from metadata. It kills me to see articles like this one recommending running a Tor node. I ran one for a while after hearing about it's use to avoid political oppression, but the traffic, from my reading of the meta-data, was dominated by video downloads. In theory, Tor is about freedom, but in reality, it's about porn.

It is 100% possible to provide the kind of freedom Tor in theory was created to provide. First, do exactly what you said, and eliminate the meta data leaks. So long as the network is used to provide freedom rather than illegal video, the bandwidth per volunteer node will be very low, even with the techniques you describe. Freedom is about basic communication like accessing email lists, not watching 2 hour videos for free.

The second part is insuring your bandwidth is used for goals you support, like freedom of expression, rather than the crap Tor is used for. This can be done with "secret identities", as in Super Man and Spider Man. Each user would have their actual identity protected as a secret, while their "public" identity would have their network behavior, such as which web sites they visit, documented in a public unencrypted P2P social network. This would allow individuals to safely collaborate on worthy goals, while keeping illegal video sharing goons from wasting our bandwidth.

Re:Use end to end encryption?

So others will suffer because you refuse to stick your neck out?
Solidarity. It's not just for commies anymore. I am Spartacus and all that jazz daddy-O.

Re:Use end to end encryption?

[Fnord666]

If the spies are actively targeting someone, yes. But they can't hack *everyone* - not only would it be expensive, but they'd be detected in no time at all. So if your objective is to avoid the dragnet, it works.

Reminds me of when people said that they couldn't listen in on everyone, which was true right up until they figured out a way to do it.

Re:Use end to end encryption?

[Fnord666]

If companies can make encryption automatic, easy and invisible to the end users - and trustworthy, it will catch on.

How do you make this happen when the government can compel companies to add backdoors to the processor and also compel them to not tell anyone they did it?

Re:Use end to end encryption?

[anagama]

Which is exactly why real reform will require revisiting the the Third Party Doctrine. The 3PD is a Supreme Court principle that if you share information with a 3d party, even if that 3rd party promises confidentiality, and even if they do not breach confidentiality, the Feds can just have the info _without_ any sort of 4th Amendment analysis -- the 4th is just not applicable. The logic behind this is that the 4th only applies when you have a reasonable expectation of privacy, and if share information with anyone at all, you lose that expectation.

I don't agree with this -- it's sort of the Long John Silver standard, dead men tell no tales. I think there is place where people do act reasonably when they share info with at least some third parties because the fact of the matter is, you can't navigate modern life without such sharing. Justice Sotomayer recently made this point in her concurrence in the Jones GPS case. See PDF page 19: http://www.law.cornell.edu/supct/pdf/10-1259.pdf

Anyway, Section 215 of the PATRIOT Act is merely a codification of the 3PD. Destroy 3PD, and you instantly unconstitutionalize the masspionage.

Re:Use end to end encryption?

[SuricouRaven]

If we can't stop them, then we can still make it as expensive as possible. Even the NSA's budget isn't without limit.

Re:Use end to end encryption?

[lsatenstein]

Good idea, but can't really see that catching on, unfortunately.

===
The ones who will use it will not be individuals, but corporations. Boeings, Westinghouses, GE's and high tech that need to protect their designs from competition. Do they need to protect it from the NSA? No. But they do need to protect from the NSA, all areas pertaining to pricing, commissions paid to lobbyists, and all the crap that pertain to dealing with the Federal and State and municipal governments.

Boycott of US & UK products

Less money for these countries could mean less money for privacy invasion agencies.

Re:Boycott of US & UK products

They'll just take it from the healthcare and education budget allocations. They don't give a fuck. Its all about protecting their own positions of power against the plebs.

Re:Boycott of US & UK products

[amiga3D]

Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.

Re:Boycott of US & UK products

Nevertheless, I will start to boycott these countries. I cannot accept this kind of behavior.

Re:Boycott of US & UK products

[Burz]

Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.

Um, we're not talking about washing machines here. Ever hear of Cisco?

Re:Boycott of US & UK products

[shentino]

They might do that anyway to keep the plebs dumb and helpless.

It's hard to use your brain to defend yourself if the powers that be have laid siege to its food supply.

Re:Boycott of US & UK products

The estimates for revenue lost for US based tech companies already range in the area of tens of billions of dollars. So clearly boycotting has already in such a short time had significant impact on the ICT sector.

Big foreign companies are now taking information security seriously and it shows.

Re:Boycott of US & UK products

Slashdot is an American company. Bye.

Re:Boycott of US & UK products

[ArbitraryName]

Are you being facetious? The United States is the world's second largest exporter (although Germany might challenge that spot this year).

Re:Boycott of US & UK products

[Jmc23]

You mean that brand that other countries aren't buying because of all the backdoors? You want us to stop buying it twice?

Re:Boycott of US & UK products

[SuricouRaven]

Oppression can be ranked. The UK and USA certainly have their oppressive aspects, the spying on individuals being just one of them, but there are plenty that are far, far worse.

Re:Boycott of US & UK products

[AHuxley]

Yes expect to see a lot more past generation patched up white box solutions with open source software on 'more' cheap prosumer hardware vs low power, fast, new bespoke US solutions.

Re:Boycott of US & UK products

[lxs]

Yes, but I use their services with an ad-blocker in place thereby wasting precious resources. We're taking your whole evil system down. One lost ad click at a time.

Re:Boycott of US & UK products

Maybe not for much longer if Antigua have their way :)

Steps You Can Take Against Internet Surveillance

[MRe_nl]

Step one: Don't post on forums.

use Tor

I would have thought using Tor would be the last thing you'd want to do, taking into account the fact that most of the .onion sites are now massive honeypots.

Re:use Tor

[amiga3D]

Not only that, I expect Tor users get special targeting. It's most likely considered probable cause for a warrant to bug your house.

Re:use Tor

You know TOR can access regular Internet sites too, right?

Of course, a large number of the "exit nodes" to the regular Internet are probably honeypots too. But just don't give out any personal information on TOR, and you shouldn't be identifiable.

Speaking of SSL

Speaking of SSL, is Slashdot ever going to support it for anything more than the login page?

Re:Speaking of SSL

[ravenlord_hun]

If you want to post something on ./ that warrants HTTPS, you are probably already doing it wrong.

Re:Speaking of SSL

[bmo]

I use https because I don't feel like broadcasting my slashdot (and others) username and password to all and sundry over unencrypted wifi.

--
BMO

Re:Speaking of SSL

[ravenlord_hun]

I thought the login was already HTTPS though, and only the rest site isn't. So your password should be safe. People may read your (publicly available) comments over wifi, though!

Re:Speaking of SSL

[maxwell+demon]

The authentication token goes over the net for each access (or how else is Slashdot to know whether you are the logged-in person?)

Re:Speaking of SSL

[lgw]

Just because you don't understand someone's desire for privacy, you argue he has no need for that privacy? Attitudes like that are why TFA had to be written in the first place.

Don't ever argue for less privacy. This is just like security - you take the least privilege you can and offer the best security you can; it's not a question of why. Give the user the most privacy you practically can in every way that you practically can - it's not a question of why, that's a broken mindset.

Re:Speaking of SSL

[ravenlord_hun]

Frankly, I'm finding it funny how you talk about privacy... by securing a completely public forum. What's next, encoding the newspapers? Someone might read them!

Fight for privacy where it matters and makes sense. If my login data weren't secure, I'd pretty peeved off by Slasdot. As it stands, I am not. Whether they implement HTTPS for the rest of the site is irrelevant, because the data is freely visible already anyway.

Re:Speaking of SSL

[ravenlord_hun]

Haaa, that's a good one. I completely forgot about them blasted cookies. Well, I guess you could hijack my session, fair enough! But I'd expect that one solved by merely logging out - and you still can't get any sensitive data about me. Though you could troll with my username in the interim.

Re:Speaking of SSL

[mlts]

If one subscribes, they can use SSL for every page.

Re:Speaking of SSL

[tepples]

Though you could troll with my username in the interim.

And change your password and e-mail address.

Re:Speaking of SSL

[lgw]

You might pause to consider why one might write an anonymous "letter to the editor" to be published, all public-like, in the paper. You might pause to consider how that applies to HTTPS. Or you might bull on ahead blindly with no consideration for anyone's circumstances but your own. Or you might admit that you're not omniscient, and thus there might be some need for privacy that you just don't happen to see, and so advocate for as much privacy as possible, everywhere, all the time.

Re:Speaking of SSL

[ravenlord_hun]

Only, that letter will NOT be anonymous. You will be recorded by the servers of ./ or the newspaper; most places to keep access logs, if nothing else. Sure, you can use VPN or proxy, but then you need to worry about the those logs instead. HTTPS won't save you. Or, if you are actually banking on HTTPS alone to save you... well, best of luck.

If you really wanted to publish something but still remain anonymous, you'd better use a service built for that purpose - like securedrop. If you want privacy, it needs more than screaming HTTPS EVERYWHERE. Because it's a helluva more complicated issue.

Re:Speaking of SSL

[ravenlord_hun]

Nope. You would need to know my actual password for that. The security token itself won't suffice.

Re:Speaking of SSL

[cffrost]

If you want to post something on ./ that warrants HTTPS, you are probably already doing it wrong.

That's funny, but if you're encrypting only what you think needs to be encrypted, rather than encrypting that which can be encrypted — I think it's you who's doing it wrong. You announce: "Attention: I am now transferring sensitive data!"

It's much like shredding only those documents that contain sensitive information, and throwing away the rest intact: You're answering your adversary's question, "which of these documents should we concentrate on reassembling/examining?"

Re:Speaking of SSL

[tepples]

Change e-mail address, click link in e-mail to finalize change of address, reset password. Or does finalizing a changed e-mail address likewise need the user's password?

Re:Speaking of SSL

[bingoUV]

HTTPS saves the poster's username from being visible to network owner (or anyone capable of sniffing). Could be office IT, ISP whatever.

Re:Speaking of SSL

[lgw]

You really really don't get it. Can you step out of your arrogance for a second there? OK, you, personally don't see the point. We get that. Can you admit that you lack godlike omniscience? Is it mathematically possible there would be some privacy interest served here?

You seem stuck in geek-OCD "it's perfect or it's worthless" mode. Stop that. Sometimes privacy from someone less competent than the NSA is important. Some important whistle-blowers only need to be anonymous to their employer. Some people can benefit from just HTTPS (hiding the content only) to protect from dumb, automatic searches.

Re:Steps You Can Take Against Internet Surveillanc

Especially Slashdot.

Better to vote out the scum that runs the country

Better to vote out the scum that runs the country: All of them.

Re-elect no one.

End perpetual war. Bring the Army back within the borders. Allow Japan, South Korea and Australia to take the lead in their own defense. Disband the obsolete Joint Military Command, NATO.

End to end encryption on /.

when i use https://slashdot.org/ i feel more secure, even if it redirect me the http:/// because it do that in a secure why...

Do you think you are special?

[Calibax]

According to news reports, there are around 1000 analysts at NSA engaged in surveillance. Let's assume half of them are looking at foreign traffic and half at domestic traffic. That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

Personally, I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Re:Do you think you are special?

[sI4shd0rk]

What makes you think you are special enough to deserve their attention?

What makes you so damn selfish that you only care if the government abuses you? Is it not a problem if they abuse anyone? There are people who are 'special enough' for the government to harass.

You're trivializing the issue, and I strongly suspect it's because you don't truly understand the situation.

Re:Do you think you are special?

[PolygamousRanchKid+]

What makes you think you are special enough to deserve their attention?

Well, if you are the ex-girlfriend of an NSA analyst, you might be special. Although, I guess that doesn't apply to Slashdotters.

Maybe an NSA analyst has a grudge against you, dating back from High School times . . . ?

In Soviet NSA, everyone gets their attention . . .

Re:Do you think you are special?

This is nonsense. There is always a chance that you could be harassed. There have been people who have been harassed by the government merely for making a bomb joke; why do you have so much faith in these thugs that you believe they won't take things out of context, or abuse the data outright? Has there ever been a government that hasn't abused its powers throughout history? No. So, why are you not worried that government thugs are collecting this much data?

I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

They're both extremely creepy, but I don't see Facebook et al. ruining my life through the use of prison and violence; usually, only governments have that sort of power.

Re:Do you think you are special?

[amiga3D]

People who want to blow things up need to be hunted down. They and others with bad intent should be abused. The problem is their idea of "bad" has become so broad as to encompass a lot of people who are no threat to anyone but themselves. You might be just a little paranoid though.

Re:Do you think you are special?

You should be worried. Just because you believe you are following the law today, doesn't mean you will tomorrow. It doesn't take much to make ordinary activities "illegal".

And your analysis of 1 person for every 70K people is so very flawed. Ever heard of pattern recognition? You don't need to comb through records by hand anymore.

I dare you to start making lots of small transfers between different bank accounts. See what happens next, just for fun.

Re:Do you think you are special?

[girlintraining]

Let's assume half of them are looking at foreign traffic and half at domestic traffic.

Bad assumption. The NSA's primary focus is foreign surveillance. It's right there in their mission statement that the tin foil hat brigade apparently has never read. The only reason they have taps on wires domestically is because much of internet travel originates, passes through, or is destined for, an IP address located outside of the US. Even the President of the United States has said as much. The NSA does gather information for domestic surveillance operations, but it's disengenuous to suggest they are providing high level analytics along with the captured data -- their role within the government is to gather intelligence, sort it, package it, and provide a deliverable intelligence product to other organizations. The NSA is basically tech support for the FBI, CIA, DHS, DEA, etc.

What makes you think you are special enough to deserve their attention?

When I was born, my mom thought I'd be President of the United States or some-such. Maybe they're just pre-emptively guarding me for my future ascention to the throne, did you consider that? :P

Personally, I'm much more concerned about the way commercial organizations are spying on us.

As am I. People yell at me on Slashdot all the time: "Why do you use Tor?! It's been compromised by the NSA!" Okay, sure... but who said I care about the NSA? I mean really guys...

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Let me put the actual risk in perspective. I know someone who is on parole for a previous drug conviction. This individual regularly uses their cell phone, much of it via text messages, to arrange drug deals. So here we have an ex-felon, on parole, who is trading in Schedule I drugs on a daily basis, using what has been widely panned as the single biggest device used by the NSA to track us all... No black helicopters have come for this individual to date, and this person has been doing it for two years so far.

Guys, be glad you aren't getting all the government you're paying for. I mean it; for all this crap about government surveillance on everyone... there's a shockingly low amount of critical thinking going on about how, exactly, the government would go about doing this with its existing labor and financial resources.

Re:Do you think you are special?

1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

If I were that analyst, I'd set up a program to search for the bad guys. I know, I'll add people to the "no fly" list if they mention buying drugs in their posts.

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Bingo! Add "Calibax" to the list.

Re:Do you think you are special?

[CrimsonAvenger]

Personally, I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

So, you're "much more concerned" about social media spying on you than the Government, even though the Government gets the take from the social media PLUS their own "special" modes of spying....

Re:Do you think you are special?

[sI4shd0rk]

What the hell? You think spying on everyone so we can maybe catch a few terrorists is acceptable in a country that's supposed to be the land of the free and the home of the brave? You think it's okay for our government to blatantly violate the constitution and then claim that they didn't actually do so because some secretive court rubberstamped general warrants?

You might be just a little paranoid though.

There has never once been a government that has failed to abuse its powers throughout history. Why do you believe me to be paranoid when I suggest that allowing the government to collect nearly everyone's communications is an awful idea? Do you believe the people in the government to be perfect angels? I do not understand why you would say such a thing otherwise.

I hope you were joking; otherwise, you are profoundly ignorant and naive.

Re:Do you think you are special?

How is garbage like this getting modded up? I didn't think Slashdot was so accepted of the 'Nothing to hide, nothing to fear' crowd.

Re:Do you think you are special?

[auric_dude]

If using Moilla Firefox then add the lightbeam aka collusion addon https://www.mozilla.org/en-US/lightbeam/ then visit a few sites just to get an idea of how special the avertising companies think you are. This will work better if you disable Noscript, Requestpolicy, Httpeverywhere and whatever else you use to keed your surfing safish. Security services may not have the time to monitor your movements across the web but plenty of commercial companies do have the time, the kit and yet pay you nothing for thed ata they collect and I expect sell on to others.

Re:Do you think you are special?

[Maintenance+Goof]

It's not that I am special enough for their attention. It's that I am really boring. Surveillance duty on me is an internal punishment. The nice thing about being watched is that whenever my phone is getting bad reception all I have to do is say the magic phrase, "Jehad Pressure Cooker!" and my phone reception becomes perfect!

Re:Do you think you are special?

[Burz]

Its the threat that they can decide to make you "special" when and if it suits their cronies' prejudices and career prospects.

Do you think you are special?

We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.

Chickenshit apologists, take a backseat.

Re:Do you think you are special?

[grantspassalan]

My wife and I recently searched the Internet for some shoes for her and now I see lots of ads for shoes. What is so bad about that? I would rather see that than random ads for condoms or sex enhancement drugs.

Re:Do you think you are special?

[Luke_22]

That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

But since you have so many people to check, doesn't that mean that they are going to make a massive use of automation to do the checks?

Remember how good the spamfilters are? And they are designed against something extremely frequent

Now remember how infrequent a terrorist attack is? And what about that False positive paradox?

It's not about feeling special or not, it's just the the system is broken by design... and the algorithms are surely perfect...

Re:Do you think you are special?

I will make this more blunt. Here is how the NSA has affected me:

1: NIST records have given me a security baseline. Most is common sense, but other stuff like esoteric Solaris features come in handy.

2: NSA-derived algorithms like DES, even with its tiny keylength have stood the test of time.

3: They did a lot of work fixing Linux (SELinux), and a heap of work locking down OS X. OS X is a lot more secure with even stuff like storing passwords securely than it was in the path.

This is how private snooping have affected me:

1: I had a picture of me posted onto Facebook when I was wondering in a humidor. A week later my health insurance company demanded I have a physical with bloodwork or else pay higher rates retroactively as a smoker.

2: I had friends of mine turned down for jobs because a private party branded them as "racist." The cause? Asking why we should press 1 for English.

3: I have gotten turned down for a job because some behavioral tracking place had me stated as a "gun nut", and chasing this trail down, this came around because I liked a page about camping equipment, and apparently it flagged me as a survivalist type.

4: A friend of mine got permanently banned from a store chain, not because he was arrested, but he mentioned doing something goofy over 15 years ago, twice the limit on the statute of limitations, and something caught it.

5: The ad companies seem to not be able to keep their servers clean, and in my experience, the #1 vector for malware are ad servers.

6: Some companies I have to use Facebook to authenticate to their services, and they demand their application (with the permissions to slurp anything they so choose) have access. It becomes harder to keep things separate so company "A"'s info isn't accessible and salable by company "B".

So, given the NSA versus greedy companies, I'll take the NSA any day. At least they don't take every click I make on my computer, each E-mail I send to an unsecured endpoint, each TV channel I watch, each IP packet coming out of my computer, and sell of that to anyone that wants.

Lets be real; I fear companies like Facebook more than the NSA because the NSA actually has to keep mum or else they blow their hand. FB can sell anything they want even if I'm not using their service by using data dredged up from other people. FB also has taken over a lot of communication vectors. Think people check E-mail over a FB message? Yeah right. To boot, last time a friend sent me a PGP message, it was refused. If the NSA actively blocked messages in transit that were not easily readable, there would actually be real people putting their foot down.

Finally, the NSA gives a shit about security. Private companies don't give a flying fuck about it because to them, it has no ROI.

Re:Do you think you are special?

[sI4shd0rk]

So, given the NSA versus greedy companies, I'll take the NSA any day.

There is no such dichotomy, and you should be extremely concerned about the NSA spying on everyone's communications. The US is a country founded on the idea of distrusting authority, and yet you basically suggest that we should not care when the government is essentially crumpling up the constitution and tossing it into the garbage. What a sorry state of affairs this is that people so naive even exist.

Re:Do you think you are special?

"I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn"

Idiot.

You have no choice in certain areas but to engage in communication with the state. Yes privacy, security, individual rights and liberties are at risk and are valuable.

I have no loss of privacy with any of these other sites as you have the option of declining to engage with them.

Re:Do you think you are special?

And yet, my sources at Google Email say you clicked on every "Make satisfy much love long time", "Secret for pen1s bigger longer", and "Get cheap V1AGR4 now!!!" link in your spam folder emails...

Re:Do you think you are special?

[grantspassalan]

That is why I don't use Google mail or any of the other "free" email services

Re:Do you think you are special?

What is so bad about that?

What's so good about it? It's creepy, distracting time consuming because they're almost useful without actually being useful (irrelevant ad's are easier to ignore), possibly causes "buyer's remorse" and is a waste of the shoe company's (and thus their customers) resources.

I would rather see that than random ads for condoms or sex enhancement drugs.

Irrelevant. They weren't going to see those. The fact is that ad "relevancy" is a big scam where the target sees 2 in 10000 ad's relevant to them instead of 1 in 10000. So what? The cost/benefit isn't even remotely there.

Re:Do you think you are special?

[Kazoo+the+Clown]

Presumably, protecting yourself against government spying will also protect you against commercial spying.

Example: post all tweets as images of captcha text. If it can't readily be OCR'ed, they won't be collecting keywords without paying some cheap labor somewhere to manually transcribe everything. And if we all did it, that would be a really big and/or slow job. Tweets are designed to be read by human eyeballs only anyhow, aren't they? Captcha them all.

Re:Do you think you are special?

[Kazoo+the+Clown]

A good way to get past the 140 character limit as well. The only non-captcha text should be the hashtags & user refs.

Re:Do you think you are special?

[Kazoo+the+Clown]

Well, as long as she doesn't search for a pressure cooker, or some random terrorist doesn't find some way to make a bomb with the shoes she bought, you'll be OK.

Re:Do you think you are special?

[cffrost]

What makes you think you are special enough to deserve their attention?

What makes you so damn selfish that you only care if the government abuses you? Is it not a problem if they abuse anyone? There are people who are 'special enough' for the government to harass.

You're trivializing the issue, and I strongly suspect it's because you don't truly understand the situation.

If sI4shd0rk's post deserves to moderated -1 Troll, so does my reply — I completely agree with what sI4shd0rk wrote here.

Re:Do you think you are special?

[FuzzNugget]

Seriously, this should not have to be explained on Slashdot.

Data can be wrong. Interpretations can be wrong. Police tend to intepret everything as an act of wrongdoing as soon as they have a single data point or dumb-ass idea that suggests you are a suspect.

Case in a point: David Marie (jump to 5:00). He enters a subway station. He's flagged as a suspect because he's "wearing a jacket." Seriously. The Bumblefuck Police Department then use this as justification to raid his apartment where find a page of random scribbles they deem as "subway map" (seriously, look at the drawing in the video, it's just fucking random scribbles) and proceed to charge him as a terrorist. Oh, he's not in prison, he just can't get a Visa, leave the country or expect to ever be free from constant restrictions and "unwanted attention" in his life.

Amazing how someone can be too dangerous not to be watched, but not dangerous enough to imprison. I wonder how it feels to be stupid enough to engage in that level of cognitive dissonance and not go insane.

Re:Do you think you are special?

[grantspassalan]

Well we already have a pressure cooker and my wife canned some green beans from our garden harvest. Now the NSA, CIA, KGB, Gestapo and similar agencies will know this! So now when they outlaw pressure cookers, only outlaws will have pressure cookers and we will be classed among the outlaws. :)

Re:Do you think you are special?

[AHuxley]

The contractor count with new clearances in the past 10 years is up a lot. "1000" "in surveillance" analysts at NSA would be the inner core of crypto experts, the people who shape global telco standards with mil experts and language people too.
i.e. if the US gov wants to give out a small number they class "in surveillance" as the smallest set of full time top staff.
The tracking is bought on the open market in bulk, fed in vis the states or federal gov or foreign helper nations.
http://www.fas.org/sgp/othergov/intel/clear-2012.pdf page 4 has some numbers in both gov and contractor on table 2.
Page 6 gives some pending security clearance investigations FBI and NSA numbers.
Add in public private partnerships, state "staff", former staff who can be re activated in hours, a contractor with the ability to help "clear" all staff under them. - thats hundred of thousands of US workers
Once you ratio that out by overall political active members of the US population the numbers start getting East German like.

Re:Do you think you are special?

How about you don't use FB, Twitter, LinkedIn, Google, and other social media???? You can opt out of those, you can't opt out of NSA spying on you.

Re:Do you think you are special?

I wish I had the option of no contact with those sites. However:

1: I get tagged on FB with my name and that gets harvested even with no FB account.

2: When wanting jobs, a lot of employers ask for one's FB account during the interview to friend (or demand username/PW access to), and if not, you get immediately walked. When I told interviewers that I didn't have an account, I was told to leave, that they want people, not Luddite fossils.

3: If you want to have a social life, people use FB to organize events and have discussion groups. The days of just signing into a mailing list are long gone. So, unless I want to be a self-imposed pariah, FB is pretty much a must. It is like the nasty dive bar, but it is the college place to go unless one wants to spend their lives on World of Warcraft.

So, to me, the NSA has not affected my life in any way. It is the private companies are the ones that keep me from getting jobs or cause my health insurance rates to go up, companies that I have to interact with if I want any form of social life.

Re:Do you think you are special?

Do you think you are special?

We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.

It's a shorter way of saying "if you're not doing anything wrong you have nothing to fear", which saddens me. I'm really surprised at the number of people who parrot that line at me verbatim, or very close to, when I try to discuss the massive NSA and commercial spying that goes on. It scares me even more that now the NSA thing is out in the light and all the attention it's been getting, even in mainstream media, there are a lot of people (morons?) I talk to who insist nobody would want to spy on them and that nobody is and then try to use phrases like "tin foil hat", "conspiracy theorist" and "paranoid" to belittle and dismiss anyone who declares otherwise. It's exactly the reaction the powerful have been training into them for a long time.

I try to counter that line of thinking with arguments about how the computer doesn't care; it will happily compile a data file on your activities even when no person is looking. Once that data file contains information about your habits, likes and kinks it can be used against you. Perhaps what is legal now will become illegal later. One short search of the database gives them a big group of people they can "investigate". Perhaps you become a thorn in the side of a powerful person, but are doing nothing illegal. A quick scan of the file will give them all the dirty dirt on you that they can release to embarrass or discredit you.

An example I like to use to demonstrate this point is movies. Pick a film - any film, but better if it a documentary that is critical of the government, and even better if it was available for electronic download as the primary distribution method. That film is probably legal to possess today. Along comes the next Snowden/war/scandal. All of a sudden the wanabe-oppressive gumbiment goes into damage control mode and passes a bunch of new laws to try and silence any criticism that arises. The new laws include banning possession of this film that is critical of the government.

Now the government needs to show off the size of its g-peen so they search this large database to find anyone who downloaded a copy of the film. Then they scan the files looking for other potentially embarrassing or dubious activity. They pick out a handful of the most egregious people, raid a few houses and arrest a bunch of people for possession of something that was legal a week ago.

When it comes to court the prosecution goes on a character assassination and admits into public evidence all the dirty dirt about the defendant. The court ignores most of it as irrelevant, but the media takes hold and uses it to make an example of how everyone who watched a copy of this film must be the devil. Even if the court rules in favor of the poor defendant their life is now in ruin - they probably spent every dollar they had on their defense, and they probably lost their job during the court proceedings. The dirty laundry is only a quick Google away so they'll be hard-pressed to get another.

It's a hypothetical, but it's an example of what can happened when the government undertakes massive unchecked surveillance and data gathering on everyone.

Captcha: untoward - how appropriate.

Re:Do you think you are special?

[Fjandr]

It's pretty easy to narrow things down once there's a massive database to search.

Re:Do you think you are special?

So, to me, the NSA has not affected my life in any way.

The NSA has violated the constitution and your freedoms; they have affected you. That you care so little about freedom and the constitution that you would bring up false dichotomies speaks volumes about you.

Re:Do you think you are special?

"When I told interviewers that I didn't have an account, I was told to leave,"

I find this interesting, not something I have experienced, but then I haven't been on a job interview in many years. I do not like this but I will observe that you are still free to remain unconnected to FB and find a job with another private sector employer. This is not a right or wrong question, but a question of what is acceptable to society, and if most people find this ascceptable and employers have no problem hiring staff, then there is little you can do.

"If you want to have a social life"

I have lived all my life without FB and have more than enough social life, thank you very much. If you think FB is necessary for such a thing then I rather think the battle is well over with you, just go out there and sign yourself up.

"So, to me, the NSA has not affected my life in any way. It is the private companies are the ones that keep me from getting jobs or cause my health insurance rates to go up"

Really? You are sadly mistaken my friend. Look at it this way, why would employers want to make health care costs go up? What do they have to gain from this? It makes no sense whatsoever. Try and think these things through with the mind god gave you, don't just follow what mayou learn from others who may have an agenda. Think about these things.

Re:Steps You Can Take Against Internet Surveillanc

[girlintraining]

Step one: Don't post on forums.

Step Two: Terrorists Win.

When you opt not to speak out against the government out of fear of reprisal, then you effectively have lost your right to free speech. Forums like Slashdot need to embrace the use of proxies like Tor, etc., instead of shutting them down with giant ugly off-red pages saying "Blocked!" Anonymization services like Tor are invaluable for creating a safe haven for free speech; in countries like Iran, North Korea, United States, France, Iraq, and Egypt, people are being harassed, arrested and imprisoned for chastizing the government for being a police state. We need websites to publish information about these governments' activities for the world to see, and sites like Slashdot that block Tor and similar technology are simply enabling those governments to build a digital iron curtain around themselves to lock down political dissent.

Run a Tor node?????

[NoNonAlphaCharsHere]

More like "Steps to take to get on an NSA watchlist". Maybe use IRC a lot in your spare time.

Re: Run a Tor node?????

Good. Get thousands of innocent people willing to show the government how useless bulk spying can be. That's the point of the post.

Re:Run a Tor node?????

That is the main problem. They fucking need to accept that they can't know what ordinary people are talking about.

Re:Better to vote out the scum that runs the count

[amiga3D]

Ah! A fellow isolationist. I with you brother, that makes two of us.

10 Steps You Can Take Against Rapists

Wear unattractive clothes, don't wear makeup, stay sober, don't flirt, don't leave drinks unattended, don't be out after dark, don't be out alone, learn to cook, find a good husband, teach others what you learned.

Re:10 Steps You Can Take Against Rapists

Feminazi moderator doesn't get it.

Re:10 Steps You Can Take Against Rapists

[gmuslera]

Forgot to add live locked in your house, and don't talk to anyone. Lets put all the blame on you, not on the rapists. That is what is doing the NSA&US government, becoming liable for try to live in freedom, anything that you in public/internet/wherever do could make turn you into a target.

Re:10 Steps You Can Take Against Rapists

[Fjandr]

Too bad I don't have mod points to counteract the idiot who modded you down for obvious satire.

There is only one way

[nurb432]

Don't use the network. No matter what you do to prevent it, there are holes if you are well funded ( and have the fear of the 'law' behind you )

Re:There is only one way

[cpghost]

No, not using the network makes you even more suspicious. In fact, it makes you a prime suspect nowadays! Use the network in a "harmless" way, i.e. in a way that doesn't give away information about you. Be as invisible as possible, by blending in with the sheep. Just don't draw attention to you, even if you're not a person of interest.

Re:There is only one way

[Tablizer]

Don't use the network

But carrier pigeons make too much of a mess in the backyard, and their cooing bothers the neighbors.

What about email

[mpol]

Maybe I'm naive or ignorant, but what can a normal user do about e-mail?
Most e-mail from ISP's runs over port 25, and it all gets logged by logboxes and tappers. I don't think the default for an MTA is port 465 or 587, but still 25. If I'm wrong. please correct me.
What should be done here, can someone inform me. Is there something a user, admin or mta-developer should do here?
I read my mail over imaps and pop3s, and store it on my own-hosted imap server. But what to do about smtp-traffic?

Re:What about email

Maybe I'm naive or ignorant, but what can a normal user do about e-mail?

It's hard to hide WHO you are talking to, which is a big problem. But you can at least hide WHAT you are saying.

Use public key crypto. That makes it hard for your traffic to be intercepted. Sure, if the NSA is after you in particular, you are fucked no matter what you do. But for the vast majority, the threat is "casual interception" where they are logging everybody's traffic "just in case". And that, you can do a lot to combat.

GPG is free, easy to use, and there are plugins or native support for all kinds of mail and IM programs. Use it.

Re:What about email

[mpol]

I know GPG. But I do not know anyone who is using it. I haven't seen a gpg-signature in years, except my own :).

Re:What about email

True, the "network problem", where not enough people use it to achieve critical mass.

But the only way to get there is for people to adopt it, and to help their friends and family adopt it. There has to be enough people using it for it to catch, but that'll never happen if nobody starts.

Re:What about email

[CRCulver]

But the only way to get there is for people to adopt it, and to help their friends and family adopt it.

Friends and family are likely using Windows, which is already compromised, so having them adopt GPG won't offer any resistence against government surveillance. It would just be a false sense of security.

Re:What about email

Just because something isn't 100% perfect doesn't make it not useful at all. It's known that the NSA is doing widespread surveillance. It's highly doubtful that they have specifically targeted everyone by compromising their machines. Yes, if they are after you in particular because they think you are a terrorist or whatever, you are fucked. But that isn't true of the vast majority.

The perfect is the enemy of the good. It's easy to throw up your hands and say "there's no point". But there IS a point, and it DOES help. A lot. If everyone used it, the society wide dragnet they have in place now wouldn't be working very well, at least for IM and email, and phone if we had decent encryption available for voice comms.

Re:What about email

[mlts]

As a normal user, it is hard. Once the mail hits the main SMTP relay and heads out, it is in plaintext unless one is running Exchange which has secure connectors and one sets up TLS links with other sites.

It would be nice to have a TLS/SSL mechanism where company E-mail servers would be checked if they had a secure transport port, the key fetched and checked with a CA, and then the mail sent.

However, there are really only three choices for E-mail:

1: Have both users share the same provider so mail is just delivered locally.

2: Use S/MIME. The problem with this method is that few mailers except for Thunderbird, mail.app, and Outlook have S/MIME ability. iOS requires special setup to get S/MIME working, and Android varies on MUA.

3: Best of all, have a PGP/gpg web of trust and an application/app which can easily encrypt/decrypt from the clipboard. This way, the message security is entirely independent of every party in between. However, this is very rarely done. The last time I had a truly meaningful PGP-encrypted conversation (other than "yay, I sent you an encrypted message... this is cool" tripe) was in the 1990s when discussing a very obscure bug on a CC: list, and there was worry that the bug could be an easy target for blackhats.

PGP is a very neglected program. It would be nice to see working security token support so a private key would not have to leave a token to be used. One can buy a SafeNet (formerly Aladdin) eToken and use the commercial version of Symantec's PGP to do this, but the $400-500 total cost can be expensive.

If a company really wanted to set the bar higher for security in general, they would make a dedicated security token that one could copy a private key on, and the token would do the decryption/signing on it, so the key never gets exposed to the computer. Bonus points if this can be implemented in an OS-independant way (perhaps present the USB device as a drive with files that act as devices, so one can input the unlock key by appending to a file, send up the file to be signed by another append, then read from the second file for the signed OpenPGP packet.

Re:Better to vote out the scum that runs the count

I favor perpetual war. Other than that, his ideas seem good.

Re:Better to vote out the scum that runs the count

Careful! I think that other guy is a government informant ...

nonsense, that's just cowering

[rubycodez]

Quit voting for mega-corporate bitches like Obama or most Republican candidates. Quit voting for those that support the police-state policies of Bush/Cheney and Obama administrations. Make people aware of what is happening to their freedoms. Raise awareness.

Re:nonsense, that's just cowering

Who do you recommend to vote, then?

Re:nonsense, that's just cowering

[sI4shd0rk]

Why can't you do both?

Re:nonsense, that's just cowering

[grantspassalan]

I don't think it is possible to vote FOR anybody anymore. What we can really do is to vote ALL all the scoundrels out of office by voting out EVERY person now in office. Sure that might mean throwing out a few good eggs with the rotten ones, but most of the eggs in the box that have been in the box for an awful long time are rotten and stink to high heaven.

That does not mean that those who are running against them are all that much better, since the really decent, smart and good people have long ago given up running for public office, especially the higher positions, because of the muddy election campaigns, where complete life history of a candidate is put in the public spotlight. Because nobody is perfect and everybody makes mistakes and those mistakes are most likely information available to the political opposition, these mistakes then end up in the headlines.

The perhaps lesser scoundrels hoping to benefit financially from public office and endure that public election ordeal, would get the message from the voters that they can be thrown out by the electorate and that it will take at least a while for most of these newly elected ones to re-establish the bribery networks the present ones now have with the lobbying establishment.

Re:nonsense, that's just cowering

[Fjandr]

Absolutely anyone else on the ballot.

OFFLINE

Start by closing your Slashdot tab.

Re:Steps You Can Take Against Internet Surveillanc

Step three: online petitions and celebrity videos count for nothing. Write, call, fax and email (all of them!) your locals that get to play in DC.

Re:Steps You Can Take Against Internet Surveillanc

[t4ng*]

Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if the NSA really has any decent spying capabilities at all. What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.

All these "leaks" about the NSA spying on everyone in the world could just be a desperate attempt by a government that realizes it has very little real control over people to try to keep people in line. Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.

Girls!

From one of TFA:

Promote CryptoParties to rebellious 13 year old girls. Declare success if rebellious 13 year old girls demand to attend your parties.

Hanlon's razor tells me that is just a bad wording, right?

EFF instructions don't work

[mutube]

The video on the EFF site gives instructions for downloading a Vidalia Bundle for Mac - but this doesn't exist on the Tor website. The only downloads that I can see available are the 'Tor Browser Bundle' which is an auto-launching Tor node and browser combination.

So you can't run a node without a Tor browser window open all the time?

Re:EFF instructions don't work

[alostpacket]

IIRC the "Vidalia Bundle" is just an older name for the "Browser Bundle"

Re:EFF instructions don't work

[alostpacket]

Sorry, my above post is not entirely correct. it seems, for Windows at least, it Vidalia control panel is included in the Browser Bundle.

https://blog.torproject.org/blog/plain-vidalia-bundles-be-discontinued-dont-panic

Not sure about OSX/Linux, but I assume it is similar

Re:EFF instructions don't work

[mutube]

Thanks for the link - that cleared things up nicely.

The Tor site is a tad jargon heavy methinks.

Also...

[gmuslera]

... switch to alternatives like the ones proposed in http://prism-break.org/. Won't be fail safe, but will be some steps closer. And will add enough a bit of sand in the NSA machinery. In some point they will have to choose between snooping only on "easier", in the open, targets, focus in very specific people, or try to cope with the amount of people using open and with safe encryption people (and risk meltdowns because people sharing lolcats in encrypted channels)

Run a Tor node?

Why is the EFF suggesting that people run Tor nodes? It has already been leaked that running a Tor node automatically makes you a "terrorist" and a target to the NSA. Seems kind of counter-productive to me.

Re:Run a Tor node?

[sI4shd0rk]

Why is the EFF suggesting that people run Tor nodes?

Presumably, that's if you want to help other people out.

Re:Run a Tor node?

Which I support. Except our government seems to be under the assumption that running a Tor node means they have a reason to hack into your system. There was an article on this here a few weeks back.

NSA

Half of those are paranoia. The other half should be used anyway, if only to defend from the Nigerian Stealing Apparatus.

Add to that list: if you receive a call from Microsoft trying to fix your computer, hang up.

Run a TOR Node?

[turgid]

Are you nuts?

What sort of people run TOR nodes? Have you been following the news?

You'll be straight on the authorities' list of very-likely-some-kind-of-crimials. Probably a terrorist, drug addict/dealer, paedophile or pirate of Madonna/Boys-R-Us/One Direction/Lady Gaga music.

Intel Inside

[SuperCharlie]

I saw a news story yesterday saying that Snowden has dirt on Intel but hasnt released it yet. Chances are good that your processor is probably compromised. Its a no-win deal here.

Re:Intel Inside

Or maybe Intel was planning to announce the chips with Christina Aguilera in the EEUU like they did in Asia with Girls Generation. Man, those nine cores are hot!

Run!

[cookYourDog]

In instances like these, I find it best to do what my uncle taught me to do: roll up into a defense ball.

No one wants to eavesdrop on a naked, crying, obese man laying in the fetal position. No one.

Just be more prudent

[cpghost]

When using the network, always assume that you're being under observation... and act accordingly. Give less private information to the world. In fact, apply the principle of "need to know" in reverse: if the world doesn't need to know that you've taken your dog out 2 hours ago, then don't post it. Don't even mail it to your friend using PGP. It's as simple as this. Really. Be less talkative, be less open, and be more suspicious.

By the way, thanks NSA for forcing us to censor our thoughts in our head, before we even write them down and tell them to someone. I couldn't have imagined that we'd come to live in a totalitarian-like world (at least that how it feels when you apply censorship in your head) just a few decades after the Iron Curtain was torn apart, and that this totalitarian world is being brought forward by a western country that formerly championed free speech and freedom in general.

Re:Just be more prudent

>By the way, thanks NSA for forcing us to censor our thoughts in our head
Isn't this called self-control?

Re:Just be more prudent

When using the network, always assume that you're being under observation... and act accordingly.

Yes. Since you're always under observation, make stuff they'll know anyway public at your leasure, and you won't stand out of the croud.

Give less private information to the world. In fact, apply the principle of "need to know" in reverse: if the world doesn't need to know that you've taken your dog out 2 hours ago, then don't post it. Don't even mail it to your friend using PGP. It's as simple as this. Really. Be less talkative, be less open, and be more suspicious.

Err... no. Do post that information about taking the dog for a walk. Make sure your friends do similar things too. Make sure you actually have a dog when you post that :) That makes you nomal. Being less talkative, less open, more suspicious will make you just that: more suspicious :) Look at all those shootings. It's like those traits are a requirement for being a GTA rampage shooter. Too many times I've read this remark in regards to a killer: "He (pretty much always masculine) was a quiet boy. Always minding his own business. Always respectful. Always helpful. He never bothered anybody." Nobody remembers abusing him with various chores, just because he's good at them and doesn't say no, or sees any connection.

Oops. Sorry, did I just mark both of us for surveillance? :D

Anyway, do share your mundane stuff - maybe someone will notice that you need help, and help. If you need to share insane stuff, there's always /b/ :)

Re:Just be more prudent

[auric_dude]

A modern day https://en.wikipedia.org/wiki/Panopticon with NSA, GCHQ and others on the outside looking in and millions posting their innermost thoughts each and every hour on the hour. Has the population as a whole voluntarily committed themselves to the Panopticon, if so then why?

Re:Just be more prudent

[HiThere]

Not when it's done to suit someone else's agenda.

Re:Better to vote out the scum that runs the count

[Maintenance+Goof]

As a true isolationist, I don't want anything to do with you two!

Ten steps?

That's a lot, surely they could sum up this complex issue into a neat 3-step article.

Un-standing out is standing out

[Tablizer]

If you use "excessive" methods to hide, then you may be flagged as suspicious, because typically mostly criminals and terrorists take such extra measures. Better to act mostly average and fill up your traffic with BS chatter like "OMG ponies!".

Shortsighted Article

They forgot the most obvious, Do NOT use PRISM firms, like Facebook Twitter, Skype etc

Re:Steps You Can Take Against Internet Surveillanc

[girlintraining]

Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if

Back up the fail train there. The NSA wasn't tasked to find the Boston bomber, the FBI was. And they did. Bengazi is a figment of the tea party's over-active imagination -- there's no evidence that anything other than poor judgement and incompetence at a local level occurred. And Snowden... well, that's the only thing you mentioned that has any weight. The NSA management was warned about him long before "the incident" by Homeland Security. They ignored that warning. The case can be made this was a mistake -- but it seems from the after action reports online they're addressing their structural/organizational deficits that allowed it to happen post-incident. The fact is, there's always a risk of a defector, no matter how good your agency is. Every major intelligence agency from every major government in the world has had it happen. This is not a statement on the overall competence of the NSA as an intelligence organization.

What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.

That's pretty much the working definition of law enforcement everywhere, man. There's only 1 police officer for every, what, 10,000 citizens? It's a practical impossibility for the NSA to do all the things the tin foil hat brigade claims they're doing -- monitoring everyone's cell phones, everyone's e-mail, the entire internet... and just to keep things interesting, doing all that while cracking foreign powers' high level cryptography and military communications systems. To do everything they claim they're doing, even assuming their technology is twenty years more advanced than the civilian sector equivalents, would imply multi-trillion dollar budgets per year to sustain and a workforce vastly higher than the numbers available suggest.

Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.

The data collection is a massive operation because the data being sent only has data retrospectively; When they identify a potential suspect for development, based on those "classic investigation techniques", without that infrastructure they're starting at day zero. But if everything is logged, they can proceed immediately with looking into his/her background and recent communications. In the intelligence world, there are three things that give an asset value; Timeliness, accuracy, and analytical support. It does you no good to find the terrorist after the bomb has gone off, it does you no good to identify the wrong person, and it does you no good to have all the information that could have met the first two criterion if nobody analyzes it and suggests a course of action (arrest, drone strike, whatever).

Once you understand that the analytical side of the intelligence cycle is the real bottleneck here, you quickly realize that the NSA can't possibly care about your marijuana stash, or even the warrant for your arrest. To develop leads and maintain a solid intelligence cycle, they can only focus on a tiny fraction of the data they're pulling in... so unless you're a .01%'er in the world of terrorism, counter-intelligence, spying, or foreign military... forget it. They don't care.

Re:Steps You Can Take Against Internet Surveillanc

[grantspassalan]

The government has never shown that spying on millions of people has netted them any real valuable information, such as preventing terrorism. If the NSA wants to know that I am going to visit my grandson on the weekend, who cares? Most things that most people communicate about, whether on the phone or on the Internet are so mundane, that if the NSA would pay attention to all that, they would all die of boredom. There are thousands of websites where hundreds of thousands, if not millions of people have made negative comments about our government.

If the government wanted to arrest everyone that has made in some cases some very nasty comments about Obama and his administration and other politicians, they would need a huge army of goons willing to do the dirty work and would overcrowd our prisons to the bursting point.

Instead of wholesale spying on everybody, the NSA could concentrate its resources on targeted surveillance on people that are already suspect of suspicious behavior or that they may be warned about by other governments. If they had done that, they could have most likely prevented the Boston Marathon bombings.

Sock puppet, begone!

[Okian+Warrior]

According to news reports, there are around 1000 analysts at NSA engaged in surveillance. Let's assume half of them are looking at foreign traffic and half at domestic traffic. That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

Okay, let's look at those statistics more closely.

500 analysts for 350 million people continuously is 500 analysts for roughly 1 million people per day each year, or roughly 1 analyst is spending an entire day looking at 2,000 people. Each year. So there's a 1-in-2,000 chance that sometime this year, an analyst will be pawing through your online behaviour.

(Of course, if you assume that the analyst spends 1 hour on each person, it drops to 1-in-250 chance that sometime during the year you will be "analyzed" by an NSA agent.)

Now consider the power of computers. Is it reasonable to think that 1 computer could collect and analyze the E-mail and online speech of 2,000 people in a single day of compute time? Assuming you put certain keywords in your online text ("I'm going to kill some time this afternoon by watching the presidential debate"), how likely do you think it will be that you win the 1-in-250 chance?

Let's add in ambiguous laws. The recent trend is not to charge people with doing harm, but conspiracy for doing harm. One recent news report told of a couple of people charged with "conspiracy to join Al-Qaeda". Note that these two people didn't do a terorrist act, they didn't contribute to a terrorist group, and they weren't even a member of a terrorist group. They were talking about joining a terrorist group. People are commonly charged with "conspiracy to grow marijuana" (google has many links).

We've reached the point where you can be arrested when no overt crime has been committed.

There's a recent news story where, for the first time, the DOJ is informing a defendant that they used NSA/warrant-less surveillance to gather evidence. They used mass surveillance to get enough probable cause to apply for a real warrant which resulted in evidence of a crime.

The important bit of the previous is that the DOJ was conflicted about revealing this information. The prosecutor felt that it was only a "procedural decision", since no evidence from the mass-surveillance warrant would be introduced at trial. (A couple of lawyers in the DOJ argued for disclosure.)

All evidence indicates that they analyze everyone's online presence all the time, and use that information to pick-and-choose people for prosecution when no overt crime has been committed.

Sock puppet, begone!

Re:Sock puppet, begone!

You are assuming that analysts are working 24 hours per day. You are also assuming that they have nothing better to do than look at random people. They don't have time for that - they have their hands full with people who have come to their notice either through a pattern of behavior (such as attending a terrorist course in Pakistan or a similar place) or because they associate with people who have done that.

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts. If they find someone of interest, for whatever reason, they will be spending days, weeks, months on that person. They aren't looking for you, unless you fall into the category of people that they are tasked to find.

Re:Sock puppet, begone!

[sI4shd0rk]

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts.

You are assuming, of course, that the government is made up of perfect angels that never make mistakes and never abuse their powers. Such a government has never existed throughout history.

To trust all current and future people in the government to such an extent is borderline insane. I honestly have zero idea why people believe the government is only looking out for our best interests here.

Re:Sock puppet, begone!

[shdowhawk]

I disagree completely

I'm a dual citizen .. i'm being looked at. I have a degree in computers and I talk to foreigners ... i'm being looked at. I speak 3 languages ... i'm being looked at. I rarely use any social media - far less than most people hmm.. suspicious ... i'm being looked at. I'm on a site talking about using tor ... i'm being looked at. I used to live in a different country ... i'm being looked at. I have made a political comment about not liking a specific candidate, either over the phone or internet in the last 5 years ... i'm being looked at. I have a higher than normal IQ (above 100) - and i love chemistry ... i'm being looked at. I'm an atheist ... i'm being looked at. I've been tagged in a photo on facebook that was taken on a mobile device and therefor has all the EXIF location data on it letting people know that i was more than 200 miles from where I live... i'm being looked at. I've update my passport in the last 5 years ... i'm being looked at.

Now, once you get over the notion that this is the 1950's and that everyone is in a manila folder with a black and white picture - and that someone is sitting around trying to LITERALLY watch you full time - you can come to understand that the entire country IS being "watched" daily, via electronics, and is being monitored the same way that google (and other search engines) monitor websites. They use spider like software, and every time something "triggers" in their system, your profile gets updated. Think of it like a point system, the more points you have, the more likely you are going to get checked up on. Using the information from Okian Warrior above, you realize that the 1 in 250 chance is scarier than you think. Also, add in that not all 350 million people in the country are being monitored. Take out children under 13 (too low risk), take out old folks who literally can't move, or are senile, or folks in the hospital for long term care (even if only for a week), and that number of people that an analyst needs to check up on drops significantly.

Google is able to index 23+ billion pages (according to some random statistics i found). If google is able to do that the hard way (crawling pages, finding href links, indexing them, hitting all THOSE links), then i'm sure the NSA can do it far easier. Why? Because, according to the surveillance leaks, they already have access to the nicely indexed databases from many/most companies.

Sad thing is ... i'm not even going into tin foil hat mode yet ...

Re:Sock puppet, begone!

[girlintraining]

here's a recent news story where, for the first time, the DOJ is informing a defendant that they used NSA/warrant-less surveillance to gather evidence. They used mass surveillance to get enough probable cause to apply for a real warrant which resulted in evidence of a crime.

This is a far from settled issue, with even the Supreme Court waffling on it, allowing it in some cases and denying it in others. And no, it's not the first time. They were doing warrantless surveillance in the 1960s to deal with vietnam war protesters. Why is it that every generation somehow thinks when it happens to them, it's the first time, and it's never happened before?

The important bit of the previous is that the DOJ was conflicted about revealing this information.

Wait, you mean a bunch of lawyers got together in a room and they disagreed with each other? STOP THE PRESSES! Of course they were conflicted... they're paid to play devil's advocate sometimes!

Sock puppet, begone!

Tin foil hat, remove!

Re:Sock puppet, begone!

[almechist]

You are assuming that analysts are working 24 hours per day. You are also assuming that they have nothing better to do than look at random people. They don't have time for that - they have their hands full with people who have come to their notice either through a pattern of behavior (such as attending a terrorist course in Pakistan or a similar place) or because they associate with people who have done that.

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts. If they find someone of interest, for whatever reason, they will be spending days, weeks, months on that person. They aren't looking for you, unless you fall into the category of people that they are tasked to find.

You talk a lot about who they are looking for, but that's essentially irrelevant to the current discussion, which deals with who they are looking at. The first is what happens in an ideal fantasy world, but the latter concerns what is actually occurring in the US today, and recent revelations indicate there is plenty of reason for concern. Every single US citizen has reason to worry, for why that is so see shdowhawk's reply, which sums it up better than I could ever do.

Heap best way, um

Use American Indian smoke signals.

The NSA as a distraction

[wjcofkc]

Remember the Occupy movement? We seem to have forgotten everything that stood for in favor of the NSA. Funny thing that. Perhaps only so many battles can be fought at once, but I think that was a better starting point. After all, they are in bed together.

Re:The NSA as a distraction

[Jmc23]

oh yeah, those hipsters that didn't really occupy wallstreet, that purported to represent the 99% but were just really the whiny 1%, and which, in relation to the rest of the world, actually did belong to the 1% they were complaining about!

The reason nothing happened is because they only represented their tiny minority view and the rest of the population DOES NOT CARE!!!

It's not hard to understand, 99% want the shiny and they simply don't care how much of the planet they have to rape and how many villages of resources they need to consume to get that shiny. Ok, granted, not everybody wants the shiny and they'll look down on people that do but they'll still have a lifestyle that consumes the resources that a village could live off of.

Re:The NSA as a distraction

[Jmc23]

ah modded down by the people who can't accept that their society is a cancer draining all the worlds resources. Irony, the same exact reason the occupy movement didn't work.

Not as good as this:

Do all encryption on YOUR end ONLY. Never give away unencrypted datastreams or keys, ever!

Technically, it's feasible. Not always convenient, but feasible.

Re:Steps You Can Take Against Internet Surveillanc

Using any of the above might raise some flags, but to use all 10? Are you kidding me? You might as well just set up shop at your local NSA office..

Windows

[Princeofcups]

"use anti-virus software"

Just come out and say it. Don't use Windows.

How about running your browser as another user

[Marrow]

I think one of the biggest risks is drive-by infections. I have been thinking that running my browser as a different (underprivileged) user might be a nice added layer of insulation. You could add that user's group to your extended group list and still get all the files. But it could not get at yours.

Re:How about running your browser as another user

[tepples]

Chromium does an automatic version of this, running the browser in an underprivileged sandbox and passing sensitive things such as file downloads through a broker process that I assume gets more closely audited than the rest of Chromium.

Re:Steps You Can Take Against Internet Surveillanc

[whoever57]

Back up the fail train there. The NSA wasn't tasked to find the Boston bomber, the FBI was.

Back up the strawman train there. The GP was pointing out that the information gathered by the NSA failed to prevent the Boston bomber, and
prevention is what the NSA claims that its massive surveillance program does.

In reality, what it does is undermine democracy. What if the NSA discovered some embarrassing material relating to Dianne Feinsteinn and is using it to blackmail her to support the NSA? How do you know that it hasn't happened? The answer is that you don't and that's why democracy has been undermined. What would Herbert Hoover would have given to have the information that the NSA has?

EFF are losing their edge

[Burz]

We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.

If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.

The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).

Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.

In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).

Re:EFF are losing their edge

> If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info.
As far as I know, the exploit executed code on the user's machine which then gathered the external address and local MAC address and sent it off to the NSA & FBI. Of course that specific exploit only worked on one specific version of the bundle and one specific OS (Windows). If, however, there was an equal exploit that could be triggered on a Qubes user (ability to execute code on the local machine), exactly what protections are in place to prevent gathering their real external IP, MAC, and forwarding it off to the attacker?

Re:EFF are losing their edge

[Burz]

If, however, there was an equal exploit that could be triggered on a Qubes user (ability to execute code on the local machine), exactly what protections are in place to prevent gathering their real external IP, MAC, and forwarding it off to the attacker?

Under Qubes, the Tor Browser (actually, all browsers) operates within its own hardware-enforced (both VT-x and VT-d) virtual machine ensuring that even privilege-escalated code would have no way to access the Internet except through Tor itself. It would have no access to real system settings or personal info, etc., unless for some odd reason you put them into that VM.

The system architecture is a series of VMs that have varying levels of risk assigned to them. Even the firewall, IP stack and X11 graphics (with attendant hardware drivers) run in their own separate VMs under Qubes, booted from a non-writeable system template.

The hypervisor itself is a desktop GUI disconnected from any networking devices.

Re:EFF are losing their edge

[Burz]

I'd also like to point out that Qubes isn't dedicated to the idea of anonymity... The Tor VM is a separate download image, and most VMs that run applications have fairly regular network access (filtered through the firewall and network VMs).

Re:Steps You Can Take Against Internet Surveillanc

[ubrgeek]

Nah. Posting here is fine. The SNR is so high NSA decided it wasn't worth bothering to filter through everything.

More NSA produced propaganda

Read the article, and a number of things SCREAM out.

1) FUD about passwords, specifically designed to encourage people to use weak passwords, or to store their passwords in easily found locations.
If you tell people that most passwords easily fall to hackers, too many people think "to hell with this bother" and go for easy to remember passwords. The PROBLEM with passwords is twofold.
- people using encryption systems where the 'encrypted' password is an obtainable object, allowing reverse-table methods where people create massive databases of commonly used passwords, and their equivalent encrypted forms. Systems like Truecrypt do not have this flaw.
- people told that passwords need to be obscure in a non-Human readable, re-memorable fashion. This is untrue- a long phrase in plain English is PERFECT, so long as the phrase is UNIQUE, and non-searchable. There is NOTHING inherently weak in a password that ONLY uses alphabetic characters, so long as the phrase is long enough, and UNIQUE. PS obviously, never ever type your phrase into Google to see if it already exists. Google records ALL search terms, KNOWING that sometimes the search is testing the 'strength' of a password phrase. Google a password phrase, on it goes onto the NSA master-list.

2) The terrible terrible advice to encrypt using the utilities provided by Apple, Microsoft and Google. This ONLY provides casual protection against other ordinary people with access to your computer. Any official body has access to files encrypted this way.

O'Brien the shill does mention Truecrypt in passing, but he'd look way suspicious if he gave no reference at all to this proper encryption solution. But O'Brien the NSA shill carefully makes no mention that Truecrypt can handle ALL normal OS encryption duties.

Re:More NSA produced propaganda

[HiThere]

Who has audited the current version of Truecrypt? Why do you trust them?

It's better for different people to use different approaches, so that no one compromise will take down everyone. But this makes communication difficult.

I don't have a real answer, this side of one time pads.

Re:Steps You Can Take Against Internet Surveillanc

[BradMajors]

The NSA has great spying capabilities. It just isn't using this ability to find terrorists.

If everyone was a node, then it would work better

[Marrow]

If everyone were a node and there was just no telling what packets would come out of anyones box, then they basically would not be able to use IP addresses anymore.

Is OTR on every platform?

[tepples]

They can't be assed to spend 10 minutes to set it up, thereby having it for the entire future.

That or they choose, for other reasons, to use a mobile platform to which OTR messaging happens not to be ported yet. Webmail also has well-known problems with PGP. Or have those been solved yet?

Use tor against surveillance?

[Windwraith]

Recommending tor for safety is like telling someone that if they paint themselves orange and shout at the top of their lungs, nobody will notice them in a crowd.
Let's face it, tor is pretty much synonymous with "pedophile, drug user, crook". Despite its best intentions, it's like painting a huge target on your back for the spies to focus on you, not "oh, this one is using tor! our efforts have been foiled!".

Re:Use tor against surveillance?

[Skapare]

This advice does not apply to Tor sites run by the NSA.

Re:Use tor against surveillance?

That may or may not occasionally happen, but it's not as if TOR users are constantly being harassed or bugged. So, unless you have evidence that many people are being targeted just because they try to remain anonymous and/or use encryption, this silly meme needs to die.

But why should one even need to subscribe?

[tepples]

What is the rationale behind Slashdot's business decision to make SSL available only to subscribers? And why does it continue this policy even after Google's announcement of AdSense over HTTPS last month?

Countries that have adopted paperless taxation

[tepples]

Unless you happen to live in a country that requires individuals to file income tax returns online and refuses to provide a paper option.

Re:Countries that have adopted paperless taxation

[nurb432]

Then you move to a less oppressive and invasive country.

Re:Better to vote out the scum that runs the count

[Mr.+Slippery]

A fellow isolationist.

How ludicrous that suggesting an end to global military occupation is now labeled "isolationist". There are many ways for nations to interact besides militarily.

Webmail

[tepples]

If friends and family use webmail, how can they use PGP over webmail without giving a private key to the webmail provider? Mailvelope doesn't work in Safari or IE, and Chrome Web Store apps don't work on Chrome for Android.

Help me understand global transitive trust

[tepples]

Best of all, have a PGP/gpg web of trust

Which requires expensive travel to participate in key signing parties in other cities unless you only want to communicate with others living in the same city. Sure, you can trust that someone is the person described by a particular government ID, but that's orthogonal to how much you trust her to sign others' keys.

Can't vote against all incumbents

[tepples]

When you vote against the incumbent in a general election, all you get is whatever candidate from the party currently out of power is best at pandering to its base in the primary election. You can't vote against all incumbents in the primary because the polling place gives you only one party's ballot.

Re:Can't vote against all incumbents

[grantspassalan]

I know there a problem with the party system, but even so, if all those that are currently in office found themselves to be unemployed, it would send a message to whoever did get elected, to heed the voters more rather than the lobbyists who bribe them. Also the laws could be changed so that anyone who registered as an independent voter, could vote for any person running for any office in any election, whether primary or otherwise.

Re:Can't vote against all incumbents

[tepples]

Also the laws could be changed

By whom? Each state's legislature sets the rules for the legislature's own primary.

Re:Can't vote against all incumbents

[grantspassalan]

Some states have an initiative process that voters can use force such laws down the throat of recalcitrant & bribed politicians. Voters used that process while we were still living in California to the reign in overzealous tax collectors and beat politicians into submission with the famous proposition 13 way back when. Oregon voters did the same thing with measure 5 not too long after that.

Re:Steps You Can Take Against Internet Surveillanc

[theronb]

Umm, are you thinking of J. Edgar Hoover, director of the FBI for decades?

It's called chaff

[tepples]

But if 1% of American households run an exit node, that's 7 million on said list. I doubt the authorities have time to follow 7 million exit nodes at once.

Re:It's called chaff

Yes. Yes they do. I thought this was incredibly obvious by now.

Re:It's called chaff

I doubt the authorities have time to follow 7 million exit nodes at once.

Duh. Automation can follow exit node activity and flag suspicious activity. They're called "computers".

Re:It's called chaff

[tepples]

The point as I understand it is to diffuse the suspicious activity across all exit nodes. New TCP connections switch to a different circuit every 10 minutes. Or is plausible deniability obsolete?

Re:Steps You Can Take Against Internet Surveillanc

Who exactly has been a victim because of reprisals from the government for speaking their mind? And Snowden doesn't count since he actually broke a law that has nothing to do with the freedom of the press. Drake also broke a real Law when he first disclosed information on the NSA program years ago. What individual or group has been targeted for their posted political ideologies? And secondly why do the ignorant masses think they are important enough that the government will even notice them? I can see if you are planning an armed insurrection you might be worried that you have to start planning all over again because the NSA is on your tail. The government might be collecting data but they do not even come close to having the sheer manpower that would be required to analyze and act on the data collected. People seem to be forgetting just how much data we are talking about here if the NSA is actually doing all the things they are accused of. Even the most advanced keyword algorithm would spit out millions if not billions of hits a day that would require a human analyst to follow-on.

This is how we Europeans do it

We'll use our smartphones to take pictures of our genitals. every 10 seconds, in HD. and randomly we write "terrorist stuff" on our skin. poor NSA workers have to view each of them, print them and show them to their managers.

Re:This is how we Europeans do it

[HiThere]

ROTFLOL.

Resident visa

[tepples]

Can you recommend a country as well as a walkthrough for getting a resident visa in that country?

Re:Resident visa

[nurb432]

Off the top of my head i doubt much of the middle east has gone digital. I am sure there are others ( aside from the US, i still print and us-mail my taxes in each year )

Re:Steps You Can Take Against Internet Surveillanc

[duke_cheetah2003]

Considering the Government's mishandling of just about any other IT related project (healthcare.gov anyone?), gosh, I could just about believe it's nothing but bluster and show. Almost.

Step Two: Terrorists Win.

[MRe_nl]

As much as my comment was a jest, pure and simple;
There's no such thing as a "terrorist", the term is a confabulation, a nebulous entity somewhere between "opponent" and "boogeyman".

Re:Steps You Can Take Against Internet Surveillanc

[whoever57]

Umm, are you thinking of J. Edgar Hoover, director of the FBI for decades?

He's another Hoover, they are all the same, aren't they? But really, yes. I did mean J. Edgar.

Re:Steps You Can Take Against Internet Surveillanc

[tokencode]

"That's pretty much the working definition of law enforcement everywhere, man. There's only 1 police officer for every, what, 10,000 citizens? It's a practical impossibility for the NSA to do all the things the tin foil hat brigade claims they're doing -- monitoring everyone's cell phones, everyone's e-mail, the entire internet... and just to keep things interesting, doing all that while cracking foreign powers' high level cryptography and military communications systems. To do everything they claim they're doing, even assuming their technology is twenty years more advanced than the civilian sector equivalents, would imply multi-trillion dollar budgets per year to sustain and a workforce vastly higher than the numbers available suggest." This being Slashdot, I would hope that people here would take into consideration automation of the information gathering process. The ration of analysts to citizens has almost no relevance. At a reasonable bitrate, you could records every telephone conversation made in the US on just a few racks of equipment. All text-based communication storage is trivial. It is all about access to the infrastructure. That does not mean they are capable of producing actionable intelligence, but they are most definitely capable of collecting everything and running some queries against it. If the data is being queried, even if it is not included in the results, the data is being unlawfully searched.

Re: Steps You Can Take Against Internet Surveillan

Yeah, that's why you have to vigorously defend your trademark.

By the people

[holophrastic]

Nice democracy/republic/free country you have there. Since it's your government, and they're working with your tax dollars, you might not want to make things more expensive for them. You might, however, want to cut their budget, and vote them out, and impeech them, and whatever else you do when you both check and balance your government.

sheesh.

Re:By the people

[Fjandr]

No, at this point the only thing that will work is to bankrupt the country. If everyone uses absolutely every service available to them to the maximum extent, it'll happen faster.

NOPE

Use end-to-end encryption - You should, but it's undermined by how much you trust both ends.
Encrypt as much communications as you can - But software defaults often do not.
Encrypt your hard drive - And then when you forget the key, your data is lost forever. There is currently no solution.
Use Strong passwords - Nope, use long passphrases instead.
  Use Tor - Do NOT use Tor, it's also undermined by how much you trust the other end, which is to say, don't trust.
  Turn on two-factor (or two-step) authentication - Do it, I dare you. The problem is most people use the same device for both steps, thus undermined.
  Don't click on attachments - This should be a "NO DUH", always save attachments and let the antivirus program scan it, and even then, never open anything that you didn't ask for.
Keep software updated and use anti-virus software - This should be a "No Duh" but there are no functional antivirus products outside of Windows. Windows Antivirus products do more passive harm than good, often having super-bloated user interfaces, large memory footprints and killing the power savings on laptops.
Keep extra secret information extra secure with Truecrypt - again, unless there is way for people to recover the keys, this will never catch on.
and Teach others what you've learned. 'Ask [your friends] to sign up to Stop Watching Us and other campaigns against bulk spying - Not entirely useful.
Run a Tor node - And this is where I must say "NO, and ARE YOU INSANE?" Last thing you need is for law enforcement to come knocking at your door because some pedophile uploaded childporn through your Tor node. No. Just No.

For reasons stated above Tor has been deeply undermined and should not be used for any purpose. Tor needs a better way of telling the connecting nodes where they exist geographically, so that routes never start or exit in the same legal jurisdiction. Having your average joe run a Tor node while they are under survailance will just create a dragnet operation against all the traffic that goes through it.

What needs to happen is Tor needs to be redesigned so that it acts as a cryptographic "layer" on top of the existing internet, and not simply used as entry and exit points for warez and pedophones to hawk things. It may hide the criminals, but it paints everyone who uses it as a criminal, not as law abiding.

Perhaps one way of establishing how trustable an entry or exit node is would be to send out various types of DNS queries through Tor that would normally clue as to the legal jurisdiction. For example the pirate bay is blocked in some countries, so if the DNS for TPB doesn't match where it actually is, or is unresolvable, that probably means that exit node can't be trusted.

At any rate, it's probably better to hide in plain sight by simply not doing sneaky things that can be traced in the first place. If you have something to hide, you should probably not be sending that data over the internet and are better of encrypting a usb stick and mailing that. Most software and media pirates are not the targets of such surveillance ( Your tax dollars are work, are fighting counterfeit tiffany silver and nike shoes instead.) The most recent news about Silk Road also proves that people who wish to stay hidden to do illegal things aren't the brightest people in the world at all.

Re:Steps You Can Take Against Internet Surveillanc

[girlintraining]

Back up the strawman train there. The GP was pointing out that the information gathered by the NSA failed to prevent the Boston bomber

Strawman? That word... I do not think it means what you think it means. A government agency that wasn't tasked to assist with the case didn't come up with anything. In other news, the Army Corp of Engineers failed to find him too. Shame on them.

Show me where the NSA was assigned the job of catching them, and then maybe you got something. How ever you got a +5 with such a glaring inconsistency is beyond me.

In reality, what it does is undermine democracy.

So let me get this straight... the NSA is secretly changing your votes to put a puppet president in place? Or... they're arresting people in secret and deporting them to foreign countries? Nope. Umm... infringing your right to bear arms? No. Fifth amendment? Nope.

Dude, democracy isn't being undermined because the NSA turned on a packet sniffer somewhere. This is like saying Obamacare is the "worst legislation ever", and forgetting that bit about Japanese internment camps during WWII, Jim Crow laws, and ... well the list goes on. Take off the tin foil hat and go forth into the sunlight, my basement-dwelling armchair revolutionary. Is the NSA there to stop you from protesting? Nope. The NSA gathers information. That's it. That's all. Maybe they gather too much... but all you can say about them is they invade people's privacy... a right nowhere guaranteed by the Constitution. That's a terribly inconvenient fact, and I urge you to use the as-yet uninfringed by the NSA rights to go out and change that, if you feel so strongly about it.

This kind of logic is like blaming the dash cam in the police car for beating someone up. "Yes, your honor... that camera beat the everloving shit out of me." ... Guh. Fail.

What would Herbert Hoover would have given to have the information that the NSA has?

*facepalm* The NSA was around during the Hoover days. The government just denied its existance until relatively recently.

Re:Steps You Can Take Against Internet Surveillanc

[whoever57]

Show me where the NSA was assigned the job of catching them,

That's a strawman. Neither I, not the GGGP said that the NSA was tasked with catching the Boston bombers. There is no point arguing this further with you since you clearly have a problem with your reading or comprehension skills.

but all you can say about them is they invade people's privacy... a right nowhere guaranteed by the Constitution.

And your knowledge of the US constitution is clearly lacking. You never heard of the 4th amendment? Just because it doesn't use the word "privacy" doesn't mean that a right to privacy is not granted by this amendment -- as the supremes have acknowledged.

More expensive

[manu0601]

From TFA

you can make that kind of surveillance a lot more difficult and expensive

Which means, that unless the problem is addressed at the political level by removing surveillance, you will just work to increase your taxes.

problem is "keeping SW up2date"

[lpq]

When the computer industry was "young", there was little likely hood the NSA had co-opted your developers & SW providers. Now?

With every update you need to wonder if it contains a new backdoor at the request of the NSA, asked via a "security letter", which makes disclosure illegal.

Examples in linux abound as vendors stumble over each other to provide secure-boot distro's, complete with windows-like service managers (systemd), that move config control out of scripts where you can see what they are doing, into binaries, that you have to verify come from a source that is likely too large for most of us to audit -- not to mention the problem looking for a backdoor that might be very well hidden these days... (ex. pre-solved factoring keys for AES encryption), etc... You got the latest certs downloaded from *where-ever* (needed for https and such)? How many aren't already cracked?

I wouldn't have a problem with the NSA's spying, *IF* they didn't share anything not related to national security -- but our entire justice system is predicated on law-enforcement being 'human' and needing warrants to search private stuff -- but now? The NSA doesn't need those, and any info it finds is shared with generic, domestic law enforcement. It's already been seen that the FBI has been getting info dumps from the NSA that it's been using to start determined "take-down" efforts against *persons*. I.e. they just watch the people they want, and find some excuse to 'legally' find out the info, OR, find something else to bust them on.

Of course it's been well documented here on "/.", how both foreign visitors and US citizens lose their constitutional rights when they are at a border -- losing laptops and having decryption keys demanded.

What crap!.

One rectifying solution would be to have any illegally leaked evidence taint prosecution of someone for *any, "hidden", charge*, for some number of years (whatever statute of limitations might be).
By hidden, I mean things they'd have to probe into to find out -- not armed robbery or such...

It sounds problematic, and the details would have to be ironed out, but between that, and the profit motive for "charging" a "rightless" property with "crimes" instead of the person, our legal rights as citizens are falling below western standards and down into the "outcast/illegal/brutal" regimes that we supposedly "invade" for....

Who's gonna invade us to save us from our government? I think the only ones with the ability to save us are "us".

Anti-virus

"use anti-virus software"

And what if the anti-virus vendors have deals with NSA? This question was raised by EFF.

Re:Anti-virus

[biodata]

this

Kill an NSA staffer

[gelfling]

And their family, burn their house the ground. Repeat until no longer needed.

Re:Steps You Can Take Against Internet Surveillanc

[AHuxley]

If you don't have a security clearance post and educate people all you can. If you do have a security clearance welcome to the new digital East Germany :)

Re:Steps You Can Take Against Internet Surveillanc

> doesn't mean that a right to privacy is not granted by this amendment
You may want to read the whole constitution again. It doesn't grant people any rights, only the government.

Re:Steps You Can Take Against Internet Surveillanc

[AHuxley]

Make sure you have full messenger contact lists and use the terms NSA and GCHQ a lot :)

My preference is

[davebarnes]

Overwhelm the bastards
Plutonium implosion trigger components
Weaponized anthrax aerosol
Quantum encryption

Re:My preference is

[Fjandr]

Quantum encrypted plutonium enriched weaponized anthrax.

Re:Steps You Can Take Against Internet Surveillanc

[Seumas]

Oh, Jesus fucking Christ, how many times can you guys talk in circles, here?

His point is that the NSA has justified all of the institutionalized violations of privacy because it somehow prevents terrorism (and for while, they were claiming they've stopped over 50 acts of terrorism when it turns out it was actually only two . . . and maybe not even that), yet with all of this surveillance and violation of people's rights, they weren't even able to stop an angry teenage boy with a pressure cooker.

You keep saying they weren't "tasked with this case", which has fuck all to do with anything. The FBI was tasked with hunting the kid down (and it took the shutdown of an entire city and yanking people out of their homes at rifle-point for several days to hunt down the teenager). The NSA and all of its nefarious sister organizations were tasked with preventing attacks. You know, the thing they keep using to justify their disregard for the Constitution. And, yet, they were not aware of this pending "act of terrorism".

But go ahead and reply with "but the NSA wasn't tasked with this case" for the sixth time.

Re:Steps You Can Take Against Internet Surveillanc

[Seumas]

Ding!

Re:Steps You Can Take Against Internet Surveillanc

Police can't prevent crime

Robber: Hand over your wallet.
Undercover cop: Bang you're dead.
Crime prevented.

NSA act as a deterrent against would-be terrorists

Why do you hate America, you just told all the terrorists that the NSA cant stop them.
Expect a mass terrorist wave now, thanks.

The FBI never asked the NSA for information on this person or engaged any NSA resources

FBI: Are terrorists going to blow up Boston today?
NSA: No
FBI: How about today?
NSA: No
FBI: What about New York?
NSA: No
FBI: Tomorrow?
NSA: No
FBI: Miami?
NSA: No
You're a complete tool if you expect us to believe this is what you believe happens...

Back in the real world, the NSA CLAIMS it can prevent terrorists, as justification of all the bad/illegal stuff they do.
It's therefore part of their job to do this even if the FBI or any other agency dont explicitly ask them in advance.

What if

[koan]

The NSA ran out of room? What would it take to flood them overwriting data with random media? A day everyone leaves their phones on Youtube kitty videos? Is it even possible to overwhelm their storage with the cell network? With the Internet?
Is this what data caps are really about? Surveillance, anti piracy, and monetization?

As far as encryption goes, it decrypts somewhere.

Re:Nice reasoning

I like the way you think. In fact I was just using the same reasoning the other day when talking to my wife. There are guys out there that beat their wives everyday. Since I only beat my wife once a week she really has nothing to complain about and should be happy and content.

Benghazi was a real conspiracy.

[Rujiel]

The whole thing was not even a consulate, but rather, the head office for a weapons running operation for rebels in syria, chemical and biological as well. Former Rep. Kucinich(D) is on the record voicing concern. Google it

Shill detected.

[Rujiel]

You call them "leaks" as if to imply their release was intended by the involved agencies. It wasn't. Leaked documents have illustrated how similar tactics were employed to cast doubt on wikileaks, claiming it was a cia plot. You really expect us to buy into this argument you're having with your sockpuppet?

Re: Steps You Can Take Against Internet Surveillan

[Rujiel]

Bullshit, the bill of rights is not about what government can do. More about what it can't

The FSA can and is monitoring virtually everything

[Rujiel]

This isn't even controversial. The idea is to collect information and use it retroactively to target people. This thread is full of shills like yourself, trying to emphasize some concept of the NSA's ineptitude rather than the evil of what it is doing.

Protecting your system

[lsatenstein]

Most anti-virus programs take a signature of a program of file that is suspect. I gave up on them and did the following.
I wrote a program that takes the md5sum of my computer's system. Weekly (at first it was daily), I redo the checksum file, I transfer it to a flash drive, and from there I read it to compare against a previous scan. Any md5sum difference is flagged. Its my way of creating a signature for each of of the files on my computer.
And it is fast in execution (about 10 minutes for a full / scan). If you have more files than I have, your timing may be longer.

additional measures to be taken

here's some more steps you can take. never use an anti virus based in the usa, or western countries. they use antiviruses to scan for more than just viruses. dont think that other western countries wont sell you out. sweden, czech republic, slovakia, finland, croatia, malta, cyprus, romania, are all dirty. most u.s allies share information. dont use any browser based out of usa or allied countries. dont use any search engine based out of usa or allied countries. dont use voip services based in usa or allied regimes. dont use any messenger service based out of usa or allied countries. dont use any cell phone made by usa or allied countries. this includes south korea, japan, and taiwan. youre probably better off not using a smart phone at all. dont use any operating system based out of usa or allied countries. and finally, stop buying crap from western multinational corporations. you cant complain about internet surveilance, and then run out and buy an iphone, or a bmw. the nsa, and fascist european intelligence agencies get their money from these corporations. if you buy their crap, you just support their authority over you. by the way, iphone tracks your gps movement. i used to use skype, avast, norton, avira, windows, google, chrome, nokia, but i abandoned all of that. not only is it harder for the u.s regime to track me, but i also saved myself a lot of money by doing so.

many kinds of windows 7 keys online sale

windows 7 product key sale , product key windows 7 professional 64 bit free , windows 7 product keys , windows 7 profeessional key , windows 7 license keys, window 7 professionalupgrade key free
        win 7 home premium key sale
        win 8 professional key sale
        win 8 anytime upgrade key sale

Why would you trust Tor?

Tor was originally sponsored by the U.S. Naval Research Laboratory and is funded by the U.S. Government. For those of you who trust it, I have to get in Tiffany Grant as Asuka bitch mode and yell, "ARE YOU STUPID OR SOMETHING???"

Re:Steps You Can Take Against Internet Surveillanc

[intermodal]

There's also the fact that the terrorist threat isn't as significant as they want us to believe it is.