Ten Steps You Can Take Against Internet Surveillance

Hugh Pickens DOT Com writes "Danny O'Brien writes for the EFF that as the NSA's spying has spread, more and more ordinary people want to know how they can defend themselves from surveillance online. 'The bad news is: if you're being personally targeted by a powerful intelligence agency like the NSA, it's very, very difficult to defend yourself,' writes O'Brien. 'The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.' Here's ten steps you can take to make your own devices secure: Use end-to-end encryption; Encrypt as much communications as you can; Encrypt your hard drive; Use Strong passwords; Use Tor; Turn on two-factor (or two-step) authentication; Don't click on attachments; Keep software updated and use anti-virus software; Keep extra secret information extra secure with Truecrypt; and Teach others what you've learned. 'Ask [your friends] to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node; or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.'"

Use end to end encryption?

[bazmail]

Good idea, but can't really see that catching on, unfortunately.

Re:Use end to end encryption?

[phantomfive]

And it doesn't always work, because one end is compromised.

Re:Use end to end encryption?

é÷ÖúöÜHòÙ¥’`^&FQòÔ`sqÅxEÀÍ_,Bnâ|©1ßÉ*'

Re:Use end to end encryption?

[__aaacoe2998]

I can see this being the thing that pushes the next generation of processor development and operating system development. If companies can make encryption automatic, easy and invisible to the end users - and trustworthy, it will catch on. At first it will slow our computers which will drive demand for bigger/faster computers. Then, someday, it'll be ubiquitous and common practice.

Re:Use end to end encryption?

[bazmail]

True, but nobody outside the IT dept is going to use ssh, install security plugins like OTR or use PKI. Unless this is all baked directly into the product,is on by default amd is zero-config, it will fail.

Re:Use end to end encryption?

[SuricouRaven]

If the spies are actively targeting someone, yes. But they can't hack *everyone* - not only would it be expensive, but they'd be detected in no time at all. So if your objective is to avoid the dragnet, it works.

Re:Use end to end encryption?

[davester666]

end-to-end encryption is only part of the battle.

once anybody else has some of your data, it's over for that data. It's a business record and they shouldn't even need a warrant to have it.

Re:Use end to end encryption?

[AHuxley]

The US gov is still at the exchange/isp level with your first and last ip hop. Encryption is just a glowing sign to the NSA to 'look' and track'.

Re:Use end to end encryption?

[ObsessiveMathsFreak]

Not with major browsers like Firefox screaming blue murder at encrypted connections that haven't been officially by certification authorities. We can't have an encrypted web if browsers themselves are hostile towards it.

Re:Use end to end encryption?

[tlhIngan]

Good idea, but can't really see that catching on, unfortunately.

Even worse, it does absolutely nothing to stop metadata collection.

Every e-mail you send, the NSA can see the source and destination, even if they can't read the contents. If you believe they only collect metadata, well, they aren't missing anything. Every website you visit, likewise - they got the IP address. They might not know the exact site, but they knew you talked to that server.

And they can figure out your traffic from metadata quite easily. If it's on port 22, well, it's probably SSH. If it's 443, and they see an initial small burst of up traffic followed by a larger down traffic, it's HTTP.

If you really want to hide traffic, you need to implement two things - everyone uses the same source and destination ports for all traffic, and for the duration of the connection, the bandwidth consumed must be level. If it's a low upload connection, you need to maintain the upload for the entire duration, and any up and down traffic has to be equalized so they don't reveal anything - i.e., bursty traffic has to be made constant. This may involve uploading a bunch of random-contents "null" packets.

This way all your connections just seem to be constant traffic.

Re:Use end to end encryption?

[WaywardGeek]

I suspect this is how they caught the Silk Road guy. Tor is likely entirely transparent to the NSA, just from metadata. It kills me to see articles like this one recommending running a Tor node. I ran one for a while after hearing about it's use to avoid political oppression, but the traffic, from my reading of the meta-data, was dominated by video downloads. In theory, Tor is about freedom, but in reality, it's about porn.

It is 100% possible to provide the kind of freedom Tor in theory was created to provide. First, do exactly what you said, and eliminate the meta data leaks. So long as the network is used to provide freedom rather than illegal video, the bandwidth per volunteer node will be very low, even with the techniques you describe. Freedom is about basic communication like accessing email lists, not watching 2 hour videos for free.

The second part is insuring your bandwidth is used for goals you support, like freedom of expression, rather than the crap Tor is used for. This can be done with "secret identities", as in Super Man and Spider Man. Each user would have their actual identity protected as a secret, while their "public" identity would have their network behavior, such as which web sites they visit, documented in a public unencrypted P2P social network. This would allow individuals to safely collaborate on worthy goals, while keeping illegal video sharing goons from wasting our bandwidth.

Re:Use end to end encryption?

[Fnord666]

If the spies are actively targeting someone, yes. But they can't hack *everyone* - not only would it be expensive, but they'd be detected in no time at all. So if your objective is to avoid the dragnet, it works.

Reminds me of when people said that they couldn't listen in on everyone, which was true right up until they figured out a way to do it.

Re:Use end to end encryption?

[Fnord666]

If companies can make encryption automatic, easy and invisible to the end users - and trustworthy, it will catch on.

How do you make this happen when the government can compel companies to add backdoors to the processor and also compel them to not tell anyone they did it?

Re:Use end to end encryption?

[anagama]

Which is exactly why real reform will require revisiting the the Third Party Doctrine. The 3PD is a Supreme Court principle that if you share information with a 3d party, even if that 3rd party promises confidentiality, and even if they do not breach confidentiality, the Feds can just have the info _without_ any sort of 4th Amendment analysis -- the 4th is just not applicable. The logic behind this is that the 4th only applies when you have a reasonable expectation of privacy, and if share information with anyone at all, you lose that expectation.

I don't agree with this -- it's sort of the Long John Silver standard, dead men tell no tales. I think there is place where people do act reasonably when they share info with at least some third parties because the fact of the matter is, you can't navigate modern life without such sharing. Justice Sotomayer recently made this point in her concurrence in the Jones GPS case. See PDF page 19: http://www.law.cornell.edu/supct/pdf/10-1259.pdf

Anyway, Section 215 of the PATRIOT Act is merely a codification of the 3PD. Destroy 3PD, and you instantly unconstitutionalize the masspionage.

Re:Use end to end encryption?

[SuricouRaven]

If we can't stop them, then we can still make it as expensive as possible. Even the NSA's budget isn't without limit.

Re:Use end to end encryption?

[lsatenstein]

Good idea, but can't really see that catching on, unfortunately.

===
The ones who will use it will not be individuals, but corporations. Boeings, Westinghouses, GE's and high tech that need to protect their designs from competition. Do they need to protect it from the NSA? No. But they do need to protect from the NSA, all areas pertaining to pricing, commissions paid to lobbyists, and all the crap that pertain to dealing with the Federal and State and municipal governments.

Boycott of US & UK products

Less money for these countries could mean less money for privacy invasion agencies.

Re:Boycott of US & UK products

They'll just take it from the healthcare and education budget allocations. They don't give a fuck. Its all about protecting their own positions of power against the plebs.

Re:Boycott of US & UK products

[amiga3D]

Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.

Re:Boycott of US & UK products

[Burz]

Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.

Um, we're not talking about washing machines here. Ever hear of Cisco?

Re:Boycott of US & UK products

[shentino]

They might do that anyway to keep the plebs dumb and helpless.

It's hard to use your brain to defend yourself if the powers that be have laid siege to its food supply.

Re:Boycott of US & UK products

[ArbitraryName]

Are you being facetious? The United States is the world's second largest exporter (although Germany might challenge that spot this year).

Re:Boycott of US & UK products

[Jmc23]

You mean that brand that other countries aren't buying because of all the backdoors? You want us to stop buying it twice?

Re:Boycott of US & UK products

[SuricouRaven]

Oppression can be ranked. The UK and USA certainly have their oppressive aspects, the spying on individuals being just one of them, but there are plenty that are far, far worse.

Re:Boycott of US & UK products

[AHuxley]

Yes expect to see a lot more past generation patched up white box solutions with open source software on 'more' cheap prosumer hardware vs low power, fast, new bespoke US solutions.

Re:Boycott of US & UK products

[lxs]

Yes, but I use their services with an ad-blocker in place thereby wasting precious resources. We're taking your whole evil system down. One lost ad click at a time.

Steps You Can Take Against Internet Surveillance

[MRe_nl]

Step one: Don't post on forums.

Re:Speaking of SSL

[ravenlord_hun]

If you want to post something on ./ that warrants HTTPS, you are probably already doing it wrong.

Better to vote out the scum that runs the country

Better to vote out the scum that runs the country: All of them.

Re-elect no one.

End perpetual war. Bring the Army back within the borders. Allow Japan, South Korea and Australia to take the lead in their own defense. Disband the obsolete Joint Military Command, NATO.

End to end encryption on /.

when i use https://slashdot.org/ i feel more secure, even if it redirect me the http:/// because it do that in a secure why...

Do you think you are special?

[Calibax]

According to news reports, there are around 1000 analysts at NSA engaged in surveillance. Let's assume half of them are looking at foreign traffic and half at domestic traffic. That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

Personally, I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Re:Do you think you are special?

[PolygamousRanchKid+]

What makes you think you are special enough to deserve their attention?

Well, if you are the ex-girlfriend of an NSA analyst, you might be special. Although, I guess that doesn't apply to Slashdotters.

Maybe an NSA analyst has a grudge against you, dating back from High School times . . . ?

In Soviet NSA, everyone gets their attention . . .

Re:Do you think you are special?

[amiga3D]

People who want to blow things up need to be hunted down. They and others with bad intent should be abused. The problem is their idea of "bad" has become so broad as to encompass a lot of people who are no threat to anyone but themselves. You might be just a little paranoid though.

Re:Do you think you are special?

[girlintraining]

Let's assume half of them are looking at foreign traffic and half at domestic traffic.

Bad assumption. The NSA's primary focus is foreign surveillance. It's right there in their mission statement that the tin foil hat brigade apparently has never read. The only reason they have taps on wires domestically is because much of internet travel originates, passes through, or is destined for, an IP address located outside of the US. Even the President of the United States has said as much. The NSA does gather information for domestic surveillance operations, but it's disengenuous to suggest they are providing high level analytics along with the captured data -- their role within the government is to gather intelligence, sort it, package it, and provide a deliverable intelligence product to other organizations. The NSA is basically tech support for the FBI, CIA, DHS, DEA, etc.

What makes you think you are special enough to deserve their attention?

When I was born, my mom thought I'd be President of the United States or some-such. Maybe they're just pre-emptively guarding me for my future ascention to the throne, did you consider that? :P

Personally, I'm much more concerned about the way commercial organizations are spying on us.

As am I. People yell at me on Slashdot all the time: "Why do you use Tor?! It's been compromised by the NSA!" Okay, sure... but who said I care about the NSA? I mean really guys...

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Let me put the actual risk in perspective. I know someone who is on parole for a previous drug conviction. This individual regularly uses their cell phone, much of it via text messages, to arrange drug deals. So here we have an ex-felon, on parole, who is trading in Schedule I drugs on a daily basis, using what has been widely panned as the single biggest device used by the NSA to track us all... No black helicopters have come for this individual to date, and this person has been doing it for two years so far.

Guys, be glad you aren't getting all the government you're paying for. I mean it; for all this crap about government surveillance on everyone... there's a shockingly low amount of critical thinking going on about how, exactly, the government would go about doing this with its existing labor and financial resources.

Re:Do you think you are special?

[CrimsonAvenger]

Personally, I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

So, you're "much more concerned" about social media spying on you than the Government, even though the Government gets the take from the social media PLUS their own "special" modes of spying....

Re:Do you think you are special?

[sI4shd0rk]

What the hell? You think spying on everyone so we can maybe catch a few terrorists is acceptable in a country that's supposed to be the land of the free and the home of the brave? You think it's okay for our government to blatantly violate the constitution and then claim that they didn't actually do so because some secretive court rubberstamped general warrants?

You might be just a little paranoid though.

There has never once been a government that has failed to abuse its powers throughout history. Why do you believe me to be paranoid when I suggest that allowing the government to collect nearly everyone's communications is an awful idea? Do you believe the people in the government to be perfect angels? I do not understand why you would say such a thing otherwise.

I hope you were joking; otherwise, you are profoundly ignorant and naive.

Re:Do you think you are special?

[auric_dude]

If using Moilla Firefox then add the lightbeam aka collusion addon https://www.mozilla.org/en-US/lightbeam/ then visit a few sites just to get an idea of how special the avertising companies think you are. This will work better if you disable Noscript, Requestpolicy, Httpeverywhere and whatever else you use to keed your surfing safish. Security services may not have the time to monitor your movements across the web but plenty of commercial companies do have the time, the kit and yet pay you nothing for thed ata they collect and I expect sell on to others.

Re:Do you think you are special?

[Maintenance+Goof]

It's not that I am special enough for their attention. It's that I am really boring. Surveillance duty on me is an internal punishment. The nice thing about being watched is that whenever my phone is getting bad reception all I have to do is say the magic phrase, "Jehad Pressure Cooker!" and my phone reception becomes perfect!

Re:Do you think you are special?

[Burz]

Its the threat that they can decide to make you "special" when and if it suits their cronies' prejudices and career prospects.

Do you think you are special?

We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.

Chickenshit apologists, take a backseat.

Re:Do you think you are special?

[grantspassalan]

My wife and I recently searched the Internet for some shoes for her and now I see lots of ads for shoes. What is so bad about that? I would rather see that than random ads for condoms or sex enhancement drugs.

Re:Do you think you are special?

[Luke_22]

That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

But since you have so many people to check, doesn't that mean that they are going to make a massive use of automation to do the checks?

Remember how good the spamfilters are? And they are designed against something extremely frequent

Now remember how infrequent a terrorist attack is? And what about that False positive paradox?

It's not about feeling special or not, it's just the the system is broken by design... and the algorithms are surely perfect...

Re:Do you think you are special?

I will make this more blunt. Here is how the NSA has affected me:

1: NIST records have given me a security baseline. Most is common sense, but other stuff like esoteric Solaris features come in handy.

2: NSA-derived algorithms like DES, even with its tiny keylength have stood the test of time.

3: They did a lot of work fixing Linux (SELinux), and a heap of work locking down OS X. OS X is a lot more secure with even stuff like storing passwords securely than it was in the path.

This is how private snooping have affected me:

1: I had a picture of me posted onto Facebook when I was wondering in a humidor. A week later my health insurance company demanded I have a physical with bloodwork or else pay higher rates retroactively as a smoker.

2: I had friends of mine turned down for jobs because a private party branded them as "racist." The cause? Asking why we should press 1 for English.

3: I have gotten turned down for a job because some behavioral tracking place had me stated as a "gun nut", and chasing this trail down, this came around because I liked a page about camping equipment, and apparently it flagged me as a survivalist type.

4: A friend of mine got permanently banned from a store chain, not because he was arrested, but he mentioned doing something goofy over 15 years ago, twice the limit on the statute of limitations, and something caught it.

5: The ad companies seem to not be able to keep their servers clean, and in my experience, the #1 vector for malware are ad servers.

6: Some companies I have to use Facebook to authenticate to their services, and they demand their application (with the permissions to slurp anything they so choose) have access. It becomes harder to keep things separate so company "A"'s info isn't accessible and salable by company "B".

So, given the NSA versus greedy companies, I'll take the NSA any day. At least they don't take every click I make on my computer, each E-mail I send to an unsecured endpoint, each TV channel I watch, each IP packet coming out of my computer, and sell of that to anyone that wants.

Lets be real; I fear companies like Facebook more than the NSA because the NSA actually has to keep mum or else they blow their hand. FB can sell anything they want even if I'm not using their service by using data dredged up from other people. FB also has taken over a lot of communication vectors. Think people check E-mail over a FB message? Yeah right. To boot, last time a friend sent me a PGP message, it was refused. If the NSA actively blocked messages in transit that were not easily readable, there would actually be real people putting their foot down.

Finally, the NSA gives a shit about security. Private companies don't give a flying fuck about it because to them, it has no ROI.

Re:Do you think you are special?

[sI4shd0rk]

So, given the NSA versus greedy companies, I'll take the NSA any day.

There is no such dichotomy, and you should be extremely concerned about the NSA spying on everyone's communications. The US is a country founded on the idea of distrusting authority, and yet you basically suggest that we should not care when the government is essentially crumpling up the constitution and tossing it into the garbage. What a sorry state of affairs this is that people so naive even exist.

Re:Do you think you are special?

[grantspassalan]

That is why I don't use Google mail or any of the other "free" email services

Re:Do you think you are special?

[Kazoo+the+Clown]

Presumably, protecting yourself against government spying will also protect you against commercial spying.

Example: post all tweets as images of captcha text. If it can't readily be OCR'ed, they won't be collecting keywords without paying some cheap labor somewhere to manually transcribe everything. And if we all did it, that would be a really big and/or slow job. Tweets are designed to be read by human eyeballs only anyhow, aren't they? Captcha them all.

Re:Do you think you are special?

[Kazoo+the+Clown]

A good way to get past the 140 character limit as well. The only non-captcha text should be the hashtags & user refs.

Re:Do you think you are special?

[Kazoo+the+Clown]

Well, as long as she doesn't search for a pressure cooker, or some random terrorist doesn't find some way to make a bomb with the shoes she bought, you'll be OK.

Re:Do you think you are special?

[cffrost]

What makes you think you are special enough to deserve their attention?

What makes you so damn selfish that you only care if the government abuses you? Is it not a problem if they abuse anyone? There are people who are 'special enough' for the government to harass.

You're trivializing the issue, and I strongly suspect it's because you don't truly understand the situation.

If sI4shd0rk's post deserves to moderated -1 Troll, so does my reply — I completely agree with what sI4shd0rk wrote here.

Re:Do you think you are special?

[FuzzNugget]

Seriously, this should not have to be explained on Slashdot.

Data can be wrong. Interpretations can be wrong. Police tend to intepret everything as an act of wrongdoing as soon as they have a single data point or dumb-ass idea that suggests you are a suspect.

Case in a point: David Marie (jump to 5:00). He enters a subway station. He's flagged as a suspect because he's "wearing a jacket." Seriously. The Bumblefuck Police Department then use this as justification to raid his apartment where find a page of random scribbles they deem as "subway map" (seriously, look at the drawing in the video, it's just fucking random scribbles) and proceed to charge him as a terrorist. Oh, he's not in prison, he just can't get a Visa, leave the country or expect to ever be free from constant restrictions and "unwanted attention" in his life.

Amazing how someone can be too dangerous not to be watched, but not dangerous enough to imprison. I wonder how it feels to be stupid enough to engage in that level of cognitive dissonance and not go insane.

Re:Do you think you are special?

[grantspassalan]

Well we already have a pressure cooker and my wife canned some green beans from our garden harvest. Now the NSA, CIA, KGB, Gestapo and similar agencies will know this! So now when they outlaw pressure cookers, only outlaws will have pressure cookers and we will be classed among the outlaws. :)

Re:Do you think you are special?

[AHuxley]

The contractor count with new clearances in the past 10 years is up a lot. "1000" "in surveillance" analysts at NSA would be the inner core of crypto experts, the people who shape global telco standards with mil experts and language people too.
i.e. if the US gov wants to give out a small number they class "in surveillance" as the smallest set of full time top staff.
The tracking is bought on the open market in bulk, fed in vis the states or federal gov or foreign helper nations.
http://www.fas.org/sgp/othergov/intel/clear-2012.pdf page 4 has some numbers in both gov and contractor on table 2.
Page 6 gives some pending security clearance investigations FBI and NSA numbers.
Add in public private partnerships, state "staff", former staff who can be re activated in hours, a contractor with the ability to help "clear" all staff under them. - thats hundred of thousands of US workers
Once you ratio that out by overall political active members of the US population the numbers start getting East German like.

Re:Do you think you are special?

Do you think you are special?

We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.

It's a shorter way of saying "if you're not doing anything wrong you have nothing to fear", which saddens me. I'm really surprised at the number of people who parrot that line at me verbatim, or very close to, when I try to discuss the massive NSA and commercial spying that goes on. It scares me even more that now the NSA thing is out in the light and all the attention it's been getting, even in mainstream media, there are a lot of people (morons?) I talk to who insist nobody would want to spy on them and that nobody is and then try to use phrases like "tin foil hat", "conspiracy theorist" and "paranoid" to belittle and dismiss anyone who declares otherwise. It's exactly the reaction the powerful have been training into them for a long time.

I try to counter that line of thinking with arguments about how the computer doesn't care; it will happily compile a data file on your activities even when no person is looking. Once that data file contains information about your habits, likes and kinks it can be used against you. Perhaps what is legal now will become illegal later. One short search of the database gives them a big group of people they can "investigate". Perhaps you become a thorn in the side of a powerful person, but are doing nothing illegal. A quick scan of the file will give them all the dirty dirt on you that they can release to embarrass or discredit you.

An example I like to use to demonstrate this point is movies. Pick a film - any film, but better if it a documentary that is critical of the government, and even better if it was available for electronic download as the primary distribution method. That film is probably legal to possess today. Along comes the next Snowden/war/scandal. All of a sudden the wanabe-oppressive gumbiment goes into damage control mode and passes a bunch of new laws to try and silence any criticism that arises. The new laws include banning possession of this film that is critical of the government.

Now the government needs to show off the size of its g-peen so they search this large database to find anyone who downloaded a copy of the film. Then they scan the files looking for other potentially embarrassing or dubious activity. They pick out a handful of the most egregious people, raid a few houses and arrest a bunch of people for possession of something that was legal a week ago.

When it comes to court the prosecution goes on a character assassination and admits into public evidence all the dirty dirt about the defendant. The court ignores most of it as irrelevant, but the media takes hold and uses it to make an example of how everyone who watched a copy of this film must be the devil. Even if the court rules in favor of the poor defendant their life is now in ruin - they probably spent every dollar they had on their defense, and they probably lost their job during the court proceedings. The dirty laundry is only a quick Google away so they'll be hard-pressed to get another.

It's a hypothetical, but it's an example of what can happened when the government undertakes massive unchecked surveillance and data gathering on everyone.

Captcha: untoward - how appropriate.

Re:Do you think you are special?

[Fjandr]

It's pretty easy to narrow things down once there's a massive database to search.

Re:Steps You Can Take Against Internet Surveillanc

[girlintraining]

Step one: Don't post on forums.

Step Two: Terrorists Win.

When you opt not to speak out against the government out of fear of reprisal, then you effectively have lost your right to free speech. Forums like Slashdot need to embrace the use of proxies like Tor, etc., instead of shutting them down with giant ugly off-red pages saying "Blocked!" Anonymization services like Tor are invaluable for creating a safe haven for free speech; in countries like Iran, North Korea, United States, France, Iraq, and Egypt, people are being harassed, arrested and imprisoned for chastizing the government for being a police state. We need websites to publish information about these governments' activities for the world to see, and sites like Slashdot that block Tor and similar technology are simply enabling those governments to build a digital iron curtain around themselves to lock down political dissent.

Run a Tor node?????

[NoNonAlphaCharsHere]

More like "Steps to take to get on an NSA watchlist". Maybe use IRC a lot in your spare time.

Re:use Tor

[amiga3D]

Not only that, I expect Tor users get special targeting. It's most likely considered probable cause for a warrant to bug your house.

Re:Better to vote out the scum that runs the count

[amiga3D]

Ah! A fellow isolationist. I with you brother, that makes two of us.

10 Steps You Can Take Against Rapists

Wear unattractive clothes, don't wear makeup, stay sober, don't flirt, don't leave drinks unattended, don't be out after dark, don't be out alone, learn to cook, find a good husband, teach others what you learned.

Re:10 Steps You Can Take Against Rapists

Feminazi moderator doesn't get it.

Re:10 Steps You Can Take Against Rapists

[gmuslera]

Forgot to add live locked in your house, and don't talk to anyone. Lets put all the blame on you, not on the rapists. That is what is doing the NSA&US government, becoming liable for try to live in freedom, anything that you in public/internet/wherever do could make turn you into a target.

Re:10 Steps You Can Take Against Rapists

[Fjandr]

Too bad I don't have mod points to counteract the idiot who modded you down for obvious satire.

Re:Speaking of SSL

[bmo]

I use https because I don't feel like broadcasting my slashdot (and others) username and password to all and sundry over unencrypted wifi.

--
BMO

There is only one way

[nurb432]

Don't use the network. No matter what you do to prevent it, there are holes if you are well funded ( and have the fear of the 'law' behind you )

Re:There is only one way

[cpghost]

No, not using the network makes you even more suspicious. In fact, it makes you a prime suspect nowadays! Use the network in a "harmless" way, i.e. in a way that doesn't give away information about you. Be as invisible as possible, by blending in with the sheep. Just don't draw attention to you, even if you're not a person of interest.

Re:There is only one way

[Tablizer]

Don't use the network

But carrier pigeons make too much of a mess in the backyard, and their cooing bothers the neighbors.

What about email

[mpol]

Maybe I'm naive or ignorant, but what can a normal user do about e-mail?
Most e-mail from ISP's runs over port 25, and it all gets logged by logboxes and tappers. I don't think the default for an MTA is port 465 or 587, but still 25. If I'm wrong. please correct me.
What should be done here, can someone inform me. Is there something a user, admin or mta-developer should do here?
I read my mail over imaps and pop3s, and store it on my own-hosted imap server. But what to do about smtp-traffic?

Re:What about email

[mpol]

I know GPG. But I do not know anyone who is using it. I haven't seen a gpg-signature in years, except my own :).

Re:What about email

[CRCulver]

But the only way to get there is for people to adopt it, and to help their friends and family adopt it.

Friends and family are likely using Windows, which is already compromised, so having them adopt GPG won't offer any resistence against government surveillance. It would just be a false sense of security.

Re:What about email

[mlts]

As a normal user, it is hard. Once the mail hits the main SMTP relay and heads out, it is in plaintext unless one is running Exchange which has secure connectors and one sets up TLS links with other sites.

It would be nice to have a TLS/SSL mechanism where company E-mail servers would be checked if they had a secure transport port, the key fetched and checked with a CA, and then the mail sent.

However, there are really only three choices for E-mail:

1: Have both users share the same provider so mail is just delivered locally.

2: Use S/MIME. The problem with this method is that few mailers except for Thunderbird, mail.app, and Outlook have S/MIME ability. iOS requires special setup to get S/MIME working, and Android varies on MUA.

3: Best of all, have a PGP/gpg web of trust and an application/app which can easily encrypt/decrypt from the clipboard. This way, the message security is entirely independent of every party in between. However, this is very rarely done. The last time I had a truly meaningful PGP-encrypted conversation (other than "yay, I sent you an encrypted message... this is cool" tripe) was in the 1990s when discussing a very obscure bug on a CC: list, and there was worry that the bug could be an easy target for blackhats.

PGP is a very neglected program. It would be nice to see working security token support so a private key would not have to leave a token to be used. One can buy a SafeNet (formerly Aladdin) eToken and use the commercial version of Symantec's PGP to do this, but the $400-500 total cost can be expensive.

If a company really wanted to set the bar higher for security in general, they would make a dedicated security token that one could copy a private key on, and the token would do the decryption/signing on it, so the key never gets exposed to the computer. Bonus points if this can be implemented in an OS-independant way (perhaps present the USB device as a drive with files that act as devices, so one can input the unlock key by appending to a file, send up the file to be signed by another append, then read from the second file for the signed OpenPGP packet.

Re:Speaking of SSL

[ravenlord_hun]

I thought the login was already HTTPS though, and only the rest site isn't. So your password should be safe. People may read your (publicly available) comments over wifi, though!

Re:Better to vote out the scum that runs the count

Careful! I think that other guy is a government informant ...

nonsense, that's just cowering

[rubycodez]

Quit voting for mega-corporate bitches like Obama or most Republican candidates. Quit voting for those that support the police-state policies of Bush/Cheney and Obama administrations. Make people aware of what is happening to their freedoms. Raise awareness.

Re:nonsense, that's just cowering

[sI4shd0rk]

Why can't you do both?

Re:nonsense, that's just cowering

[grantspassalan]

I don't think it is possible to vote FOR anybody anymore. What we can really do is to vote ALL all the scoundrels out of office by voting out EVERY person now in office. Sure that might mean throwing out a few good eggs with the rotten ones, but most of the eggs in the box that have been in the box for an awful long time are rotten and stink to high heaven.

That does not mean that those who are running against them are all that much better, since the really decent, smart and good people have long ago given up running for public office, especially the higher positions, because of the muddy election campaigns, where complete life history of a candidate is put in the public spotlight. Because nobody is perfect and everybody makes mistakes and those mistakes are most likely information available to the political opposition, these mistakes then end up in the headlines.

The perhaps lesser scoundrels hoping to benefit financially from public office and endure that public election ordeal, would get the message from the voters that they can be thrown out by the electorate and that it will take at least a while for most of these newly elected ones to re-establish the bribery networks the present ones now have with the lobbying establishment.

Re:nonsense, that's just cowering

[Fjandr]

Absolutely anyone else on the ballot.

Re:Steps You Can Take Against Internet Surveillanc

[t4ng*]

Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if the NSA really has any decent spying capabilities at all. What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.

All these "leaks" about the NSA spying on everyone in the world could just be a desperate attempt by a government that realizes it has very little real control over people to try to keep people in line. Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.

EFF instructions don't work

[mutube]

The video on the EFF site gives instructions for downloading a Vidalia Bundle for Mac - but this doesn't exist on the Tor website. The only downloads that I can see available are the 'Tor Browser Bundle' which is an auto-launching Tor node and browser combination.

So you can't run a node without a Tor browser window open all the time?

Re:EFF instructions don't work

[alostpacket]

IIRC the "Vidalia Bundle" is just an older name for the "Browser Bundle"

Re:EFF instructions don't work

[alostpacket]

Sorry, my above post is not entirely correct. it seems, for Windows at least, it Vidalia control panel is included in the Browser Bundle.

https://blog.torproject.org/blog/plain-vidalia-bundles-be-discontinued-dont-panic

Not sure about OSX/Linux, but I assume it is similar

Re:EFF instructions don't work

[mutube]

Thanks for the link - that cleared things up nicely.

The Tor site is a tad jargon heavy methinks.

Also...

[gmuslera]

... switch to alternatives like the ones proposed in http://prism-break.org/. Won't be fail safe, but will be some steps closer. And will add enough a bit of sand in the NSA machinery. In some point they will have to choose between snooping only on "easier", in the open, targets, focus in very specific people, or try to cope with the amount of people using open and with safe encryption people (and risk meltdowns because people sharing lolcats in encrypted channels)

Run a TOR Node?

[turgid]

Are you nuts?

What sort of people run TOR nodes? Have you been following the news?

You'll be straight on the authorities' list of very-likely-some-kind-of-crimials. Probably a terrorist, drug addict/dealer, paedophile or pirate of Madonna/Boys-R-Us/One Direction/Lady Gaga music.

Intel Inside

[SuperCharlie]

I saw a news story yesterday saying that Snowden has dirt on Intel but hasnt released it yet. Chances are good that your processor is probably compromised. Its a no-win deal here.

Run!

[cookYourDog]

In instances like these, I find it best to do what my uncle taught me to do: roll up into a defense ball.

No one wants to eavesdrop on a naked, crying, obese man laying in the fetal position. No one.

Just be more prudent

[cpghost]

When using the network, always assume that you're being under observation... and act accordingly. Give less private information to the world. In fact, apply the principle of "need to know" in reverse: if the world doesn't need to know that you've taken your dog out 2 hours ago, then don't post it. Don't even mail it to your friend using PGP. It's as simple as this. Really. Be less talkative, be less open, and be more suspicious.

By the way, thanks NSA for forcing us to censor our thoughts in our head, before we even write them down and tell them to someone. I couldn't have imagined that we'd come to live in a totalitarian-like world (at least that how it feels when you apply censorship in your head) just a few decades after the Iron Curtain was torn apart, and that this totalitarian world is being brought forward by a western country that formerly championed free speech and freedom in general.

Re:Just be more prudent

[auric_dude]

A modern day https://en.wikipedia.org/wiki/Panopticon with NSA, GCHQ and others on the outside looking in and millions posting their innermost thoughts each and every hour on the hour. Has the population as a whole voluntarily committed themselves to the Panopticon, if so then why?

Re:Just be more prudent

[HiThere]

Not when it's done to suit someone else's agenda.

Re:Better to vote out the scum that runs the count

[Maintenance+Goof]

As a true isolationist, I don't want anything to do with you two!

Un-standing out is standing out

[Tablizer]

If you use "excessive" methods to hide, then you may be flagged as suspicious, because typically mostly criminals and terrorists take such extra measures. Better to act mostly average and fill up your traffic with BS chatter like "OMG ponies!".

Re:Run a Tor node?

[sI4shd0rk]

Why is the EFF suggesting that people run Tor nodes?

Presumably, that's if you want to help other people out.

Re:Steps You Can Take Against Internet Surveillanc

[girlintraining]

Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if

Back up the fail train there. The NSA wasn't tasked to find the Boston bomber, the FBI was. And they did. Bengazi is a figment of the tea party's over-active imagination -- there's no evidence that anything other than poor judgement and incompetence at a local level occurred. And Snowden... well, that's the only thing you mentioned that has any weight. The NSA management was warned about him long before "the incident" by Homeland Security. They ignored that warning. The case can be made this was a mistake -- but it seems from the after action reports online they're addressing their structural/organizational deficits that allowed it to happen post-incident. The fact is, there's always a risk of a defector, no matter how good your agency is. Every major intelligence agency from every major government in the world has had it happen. This is not a statement on the overall competence of the NSA as an intelligence organization.

What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.

That's pretty much the working definition of law enforcement everywhere, man. There's only 1 police officer for every, what, 10,000 citizens? It's a practical impossibility for the NSA to do all the things the tin foil hat brigade claims they're doing -- monitoring everyone's cell phones, everyone's e-mail, the entire internet... and just to keep things interesting, doing all that while cracking foreign powers' high level cryptography and military communications systems. To do everything they claim they're doing, even assuming their technology is twenty years more advanced than the civilian sector equivalents, would imply multi-trillion dollar budgets per year to sustain and a workforce vastly higher than the numbers available suggest.

Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.

The data collection is a massive operation because the data being sent only has data retrospectively; When they identify a potential suspect for development, based on those "classic investigation techniques", without that infrastructure they're starting at day zero. But if everything is logged, they can proceed immediately with looking into his/her background and recent communications. In the intelligence world, there are three things that give an asset value; Timeliness, accuracy, and analytical support. It does you no good to find the terrorist after the bomb has gone off, it does you no good to identify the wrong person, and it does you no good to have all the information that could have met the first two criterion if nobody analyzes it and suggests a course of action (arrest, drone strike, whatever).

Once you understand that the analytical side of the intelligence cycle is the real bottleneck here, you quickly realize that the NSA can't possibly care about your marijuana stash, or even the warrant for your arrest. To develop leads and maintain a solid intelligence cycle, they can only focus on a tiny fraction of the data they're pulling in... so unless you're a .01%'er in the world of terrorism, counter-intelligence, spying, or foreign military... forget it. They don't care.

Re:Steps You Can Take Against Internet Surveillanc

[grantspassalan]

The government has never shown that spying on millions of people has netted them any real valuable information, such as preventing terrorism. If the NSA wants to know that I am going to visit my grandson on the weekend, who cares? Most things that most people communicate about, whether on the phone or on the Internet are so mundane, that if the NSA would pay attention to all that, they would all die of boredom. There are thousands of websites where hundreds of thousands, if not millions of people have made negative comments about our government.

If the government wanted to arrest everyone that has made in some cases some very nasty comments about Obama and his administration and other politicians, they would need a huge army of goons willing to do the dirty work and would overcrowd our prisons to the bursting point.

Instead of wholesale spying on everybody, the NSA could concentrate its resources on targeted surveillance on people that are already suspect of suspicious behavior or that they may be warned about by other governments. If they had done that, they could have most likely prevented the Boston Marathon bombings.

Sock puppet, begone!

[Okian+Warrior]

According to news reports, there are around 1000 analysts at NSA engaged in surveillance. Let's assume half of them are looking at foreign traffic and half at domestic traffic. That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

Okay, let's look at those statistics more closely.

500 analysts for 350 million people continuously is 500 analysts for roughly 1 million people per day each year, or roughly 1 analyst is spending an entire day looking at 2,000 people. Each year. So there's a 1-in-2,000 chance that sometime this year, an analyst will be pawing through your online behaviour.

(Of course, if you assume that the analyst spends 1 hour on each person, it drops to 1-in-250 chance that sometime during the year you will be "analyzed" by an NSA agent.)

Now consider the power of computers. Is it reasonable to think that 1 computer could collect and analyze the E-mail and online speech of 2,000 people in a single day of compute time? Assuming you put certain keywords in your online text ("I'm going to kill some time this afternoon by watching the presidential debate"), how likely do you think it will be that you win the 1-in-250 chance?

Let's add in ambiguous laws. The recent trend is not to charge people with doing harm, but conspiracy for doing harm. One recent news report told of a couple of people charged with "conspiracy to join Al-Qaeda". Note that these two people didn't do a terorrist act, they didn't contribute to a terrorist group, and they weren't even a member of a terrorist group. They were talking about joining a terrorist group. People are commonly charged with "conspiracy to grow marijuana" (google has many links).

We've reached the point where you can be arrested when no overt crime has been committed.

There's a recent news story where, for the first time, the DOJ is informing a defendant that they used NSA/warrant-less surveillance to gather evidence. They used mass surveillance to get enough probable cause to apply for a real warrant which resulted in evidence of a crime.

The important bit of the previous is that the DOJ was conflicted about revealing this information. The prosecutor felt that it was only a "procedural decision", since no evidence from the mass-surveillance warrant would be introduced at trial. (A couple of lawyers in the DOJ argued for disclosure.)

All evidence indicates that they analyze everyone's online presence all the time, and use that information to pick-and-choose people for prosecution when no overt crime has been committed.

Sock puppet, begone!

Re:Sock puppet, begone!

You are assuming that analysts are working 24 hours per day. You are also assuming that they have nothing better to do than look at random people. They don't have time for that - they have their hands full with people who have come to their notice either through a pattern of behavior (such as attending a terrorist course in Pakistan or a similar place) or because they associate with people who have done that.

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts. If they find someone of interest, for whatever reason, they will be spending days, weeks, months on that person. They aren't looking for you, unless you fall into the category of people that they are tasked to find.

Re:Sock puppet, begone!

[sI4shd0rk]

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts.

You are assuming, of course, that the government is made up of perfect angels that never make mistakes and never abuse their powers. Such a government has never existed throughout history.

To trust all current and future people in the government to such an extent is borderline insane. I honestly have zero idea why people believe the government is only looking out for our best interests here.

Re:Sock puppet, begone!

[shdowhawk]

I disagree completely

I'm a dual citizen .. i'm being looked at. I have a degree in computers and I talk to foreigners ... i'm being looked at. I speak 3 languages ... i'm being looked at. I rarely use any social media - far less than most people hmm.. suspicious ... i'm being looked at. I'm on a site talking about using tor ... i'm being looked at. I used to live in a different country ... i'm being looked at. I have made a political comment about not liking a specific candidate, either over the phone or internet in the last 5 years ... i'm being looked at. I have a higher than normal IQ (above 100) - and i love chemistry ... i'm being looked at. I'm an atheist ... i'm being looked at. I've been tagged in a photo on facebook that was taken on a mobile device and therefor has all the EXIF location data on it letting people know that i was more than 200 miles from where I live... i'm being looked at. I've update my passport in the last 5 years ... i'm being looked at.

Now, once you get over the notion that this is the 1950's and that everyone is in a manila folder with a black and white picture - and that someone is sitting around trying to LITERALLY watch you full time - you can come to understand that the entire country IS being "watched" daily, via electronics, and is being monitored the same way that google (and other search engines) monitor websites. They use spider like software, and every time something "triggers" in their system, your profile gets updated. Think of it like a point system, the more points you have, the more likely you are going to get checked up on. Using the information from Okian Warrior above, you realize that the 1 in 250 chance is scarier than you think. Also, add in that not all 350 million people in the country are being monitored. Take out children under 13 (too low risk), take out old folks who literally can't move, or are senile, or folks in the hospital for long term care (even if only for a week), and that number of people that an analyst needs to check up on drops significantly.

Google is able to index 23+ billion pages (according to some random statistics i found). If google is able to do that the hard way (crawling pages, finding href links, indexing them, hitting all THOSE links), then i'm sure the NSA can do it far easier. Why? Because, according to the surveillance leaks, they already have access to the nicely indexed databases from many/most companies.

Sad thing is ... i'm not even going into tin foil hat mode yet ...

Re:Sock puppet, begone!

[almechist]

You are assuming that analysts are working 24 hours per day. You are also assuming that they have nothing better to do than look at random people. They don't have time for that - they have their hands full with people who have come to their notice either through a pattern of behavior (such as attending a terrorist course in Pakistan or a similar place) or because they associate with people who have done that.

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts. If they find someone of interest, for whatever reason, they will be spending days, weeks, months on that person. They aren't looking for you, unless you fall into the category of people that they are tasked to find.

You talk a lot about who they are looking for, but that's essentially irrelevant to the current discussion, which deals with who they are looking at. The first is what happens in an ideal fantasy world, but the latter concerns what is actually occurring in the US today, and recent revelations indicate there is plenty of reason for concern. Every single US citizen has reason to worry, for why that is so see shdowhawk's reply, which sums it up better than I could ever do.

The NSA as a distraction

[wjcofkc]

Remember the Occupy movement? We seem to have forgotten everything that stood for in favor of the NSA. Funny thing that. Perhaps only so many battles can be fought at once, but I think that was a better starting point. After all, they are in bed together.

Re:The NSA as a distraction

[Jmc23]

ah modded down by the people who can't accept that their society is a cancer draining all the worlds resources. Irony, the same exact reason the occupy movement didn't work.

Re:Speaking of SSL

[maxwell+demon]

The authentication token goes over the net for each access (or how else is Slashdot to know whether you are the logged-in person?)

Windows

[Princeofcups]

"use anti-virus software"

Just come out and say it. Don't use Windows.

How about running your browser as another user

[Marrow]

I think one of the biggest risks is drive-by infections. I have been thinking that running my browser as a different (underprivileged) user might be a nice added layer of insulation. You could add that user's group to your extended group list and still get all the files. But it could not get at yours.

Re:How about running your browser as another user

[tepples]

Chromium does an automatic version of this, running the browser in an underprivileged sandbox and passing sensitive things such as file downloads through a broker process that I assume gets more closely audited than the rest of Chromium.

Re:Steps You Can Take Against Internet Surveillanc

[whoever57]

Back up the fail train there. The NSA wasn't tasked to find the Boston bomber, the FBI was.

Back up the strawman train there. The GP was pointing out that the information gathered by the NSA failed to prevent the Boston bomber, and
prevention is what the NSA claims that its massive surveillance program does.

In reality, what it does is undermine democracy. What if the NSA discovered some embarrassing material relating to Dianne Feinsteinn and is using it to blackmail her to support the NSA? How do you know that it hasn't happened? The answer is that you don't and that's why democracy has been undermined. What would Herbert Hoover would have given to have the information that the NSA has?

EFF are losing their edge

[Burz]

We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.

If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.

The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).

Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.

In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).

Re:EFF are losing their edge

[Burz]

If, however, there was an equal exploit that could be triggered on a Qubes user (ability to execute code on the local machine), exactly what protections are in place to prevent gathering their real external IP, MAC, and forwarding it off to the attacker?

Under Qubes, the Tor Browser (actually, all browsers) operates within its own hardware-enforced (both VT-x and VT-d) virtual machine ensuring that even privilege-escalated code would have no way to access the Internet except through Tor itself. It would have no access to real system settings or personal info, etc., unless for some odd reason you put them into that VM.

The system architecture is a series of VMs that have varying levels of risk assigned to them. Even the firewall, IP stack and X11 graphics (with attendant hardware drivers) run in their own separate VMs under Qubes, booted from a non-writeable system template.

The hypervisor itself is a desktop GUI disconnected from any networking devices.

Re:EFF are losing their edge

[Burz]

I'd also like to point out that Qubes isn't dedicated to the idea of anonymity... The Tor VM is a separate download image, and most VMs that run applications have fairly regular network access (filtered through the firewall and network VMs).

Re:Steps You Can Take Against Internet Surveillanc

[ubrgeek]

Nah. Posting here is fine. The SNR is so high NSA decided it wasn't worth bothering to filter through everything.

Re:Speaking of SSL

[lgw]

Just because you don't understand someone's desire for privacy, you argue he has no need for that privacy? Attitudes like that are why TFA had to be written in the first place.

Don't ever argue for less privacy. This is just like security - you take the least privilege you can and offer the best security you can; it's not a question of why. Give the user the most privacy you practically can in every way that you practically can - it's not a question of why, that's a broken mindset.

Re:Speaking of SSL

[ravenlord_hun]

Frankly, I'm finding it funny how you talk about privacy... by securing a completely public forum. What's next, encoding the newspapers? Someone might read them!

Fight for privacy where it matters and makes sense. If my login data weren't secure, I'd pretty peeved off by Slasdot. As it stands, I am not. Whether they implement HTTPS for the rest of the site is irrelevant, because the data is freely visible already anyway.

Re:Steps You Can Take Against Internet Surveillanc

[BradMajors]

The NSA has great spying capabilities. It just isn't using this ability to find terrorists.

Re:Speaking of SSL

[ravenlord_hun]

Haaa, that's a good one. I completely forgot about them blasted cookies. Well, I guess you could hijack my session, fair enough! But I'd expect that one solved by merely logging out - and you still can't get any sensitive data about me. Though you could troll with my username in the interim.

If everyone was a node, then it would work better

[Marrow]

If everyone were a node and there was just no telling what packets would come out of anyones box, then they basically would not be able to use IP addresses anymore.

Re:Speaking of SSL

[mlts]

If one subscribes, they can use SSL for every page.

Is OTR on every platform?

[tepples]

They can't be assed to spend 10 minutes to set it up, thereby having it for the entire future.

That or they choose, for other reasons, to use a mobile platform to which OTR messaging happens not to be ported yet. Webmail also has well-known problems with PGP. Or have those been solved yet?

Use tor against surveillance?

[Windwraith]

Recommending tor for safety is like telling someone that if they paint themselves orange and shout at the top of their lungs, nobody will notice them in a crowd.
Let's face it, tor is pretty much synonymous with "pedophile, drug user, crook". Despite its best intentions, it's like painting a huge target on your back for the spies to focus on you, not "oh, this one is using tor! our efforts have been foiled!".

Re:Use tor against surveillance?

[Skapare]

This advice does not apply to Tor sites run by the NSA.

Re:Speaking of SSL

[tepples]

Though you could troll with my username in the interim.

And change your password and e-mail address.

But why should one even need to subscribe?

[tepples]

What is the rationale behind Slashdot's business decision to make SSL available only to subscribers? And why does it continue this policy even after Google's announcement of AdSense over HTTPS last month?

Countries that have adopted paperless taxation

[tepples]

Unless you happen to live in a country that requires individuals to file income tax returns online and refuses to provide a paper option.

Re:Countries that have adopted paperless taxation

[nurb432]

Then you move to a less oppressive and invasive country.

Re:Better to vote out the scum that runs the count

[Mr.+Slippery]

A fellow isolationist.

How ludicrous that suggesting an end to global military occupation is now labeled "isolationist". There are many ways for nations to interact besides militarily.

Webmail

[tepples]

If friends and family use webmail, how can they use PGP over webmail without giving a private key to the webmail provider? Mailvelope doesn't work in Safari or IE, and Chrome Web Store apps don't work on Chrome for Android.

Help me understand global transitive trust

[tepples]

Best of all, have a PGP/gpg web of trust

Which requires expensive travel to participate in key signing parties in other cities unless you only want to communicate with others living in the same city. Sure, you can trust that someone is the person described by a particular government ID, but that's orthogonal to how much you trust her to sign others' keys.

Can't vote against all incumbents

[tepples]

When you vote against the incumbent in a general election, all you get is whatever candidate from the party currently out of power is best at pandering to its base in the primary election. You can't vote against all incumbents in the primary because the polling place gives you only one party's ballot.

Re:Can't vote against all incumbents

[grantspassalan]

I know there a problem with the party system, but even so, if all those that are currently in office found themselves to be unemployed, it would send a message to whoever did get elected, to heed the voters more rather than the lobbyists who bribe them. Also the laws could be changed so that anyone who registered as an independent voter, could vote for any person running for any office in any election, whether primary or otherwise.

Re:Can't vote against all incumbents

[tepples]

Also the laws could be changed

By whom? Each state's legislature sets the rules for the legislature's own primary.

Re:Can't vote against all incumbents

[grantspassalan]

Some states have an initiative process that voters can use force such laws down the throat of recalcitrant & bribed politicians. Voters used that process while we were still living in California to the reign in overzealous tax collectors and beat politicians into submission with the famous proposition 13 way back when. Oregon voters did the same thing with measure 5 not too long after that.

Re:Steps You Can Take Against Internet Surveillanc

[theronb]

Umm, are you thinking of J. Edgar Hoover, director of the FBI for decades?

It's called chaff

[tepples]

But if 1% of American households run an exit node, that's 7 million on said list. I doubt the authorities have time to follow 7 million exit nodes at once.

Re:It's called chaff

[tepples]

The point as I understand it is to diffuse the suspicious activity across all exit nodes. New TCP connections switch to a different circuit every 10 minutes. Or is plausible deniability obsolete?

Re:Speaking of SSL

[lgw]

You might pause to consider why one might write an anonymous "letter to the editor" to be published, all public-like, in the paper. You might pause to consider how that applies to HTTPS. Or you might bull on ahead blindly with no consideration for anyone's circumstances but your own. Or you might admit that you're not omniscient, and thus there might be some need for privacy that you just don't happen to see, and so advocate for as much privacy as possible, everywhere, all the time.

Resident visa

[tepples]

Can you recommend a country as well as a walkthrough for getting a resident visa in that country?

Re:Resident visa

[nurb432]

Off the top of my head i doubt much of the middle east has gone digital. I am sure there are others ( aside from the US, i still print and us-mail my taxes in each year )

Re:Speaking of SSL

[ravenlord_hun]

Only, that letter will NOT be anonymous. You will be recorded by the servers of ./ or the newspaper; most places to keep access logs, if nothing else. Sure, you can use VPN or proxy, but then you need to worry about the those logs instead. HTTPS won't save you. Or, if you are actually banking on HTTPS alone to save you... well, best of luck.

If you really wanted to publish something but still remain anonymous, you'd better use a service built for that purpose - like securedrop. If you want privacy, it needs more than screaming HTTPS EVERYWHERE. Because it's a helluva more complicated issue.

Re:Speaking of SSL

[ravenlord_hun]

Nope. You would need to know my actual password for that. The security token itself won't suffice.

Step Two: Terrorists Win.

[MRe_nl]

As much as my comment was a jest, pure and simple;
There's no such thing as a "terrorist", the term is a confabulation, a nebulous entity somewhere between "opponent" and "boogeyman".

Re:Steps You Can Take Against Internet Surveillanc

[whoever57]

Umm, are you thinking of J. Edgar Hoover, director of the FBI for decades?

He's another Hoover, they are all the same, aren't they? But really, yes. I did mean J. Edgar.

Re:More NSA produced propaganda

[HiThere]

Who has audited the current version of Truecrypt? Why do you trust them?

It's better for different people to use different approaches, so that no one compromise will take down everyone. But this makes communication difficult.

I don't have a real answer, this side of one time pads.

Re:Steps You Can Take Against Internet Surveillanc

[tokencode]

"That's pretty much the working definition of law enforcement everywhere, man. There's only 1 police officer for every, what, 10,000 citizens? It's a practical impossibility for the NSA to do all the things the tin foil hat brigade claims they're doing -- monitoring everyone's cell phones, everyone's e-mail, the entire internet... and just to keep things interesting, doing all that while cracking foreign powers' high level cryptography and military communications systems. To do everything they claim they're doing, even assuming their technology is twenty years more advanced than the civilian sector equivalents, would imply multi-trillion dollar budgets per year to sustain and a workforce vastly higher than the numbers available suggest." This being Slashdot, I would hope that people here would take into consideration automation of the information gathering process. The ration of analysts to citizens has almost no relevance. At a reasonable bitrate, you could records every telephone conversation made in the US on just a few racks of equipment. All text-based communication storage is trivial. It is all about access to the infrastructure. That does not mean they are capable of producing actionable intelligence, but they are most definitely capable of collecting everything and running some queries against it. If the data is being queried, even if it is not included in the results, the data is being unlawfully searched.

Re:This is how we Europeans do it

[HiThere]

ROTFLOL.

Re:Speaking of SSL

[cffrost]

If you want to post something on ./ that warrants HTTPS, you are probably already doing it wrong.

That's funny, but if you're encrypting only what you think needs to be encrypted, rather than encrypting that which can be encrypted — I think it's you who's doing it wrong. You announce: "Attention: I am now transferring sensitive data!"

It's much like shredding only those documents that contain sensitive information, and throwing away the rest intact: You're answering your adversary's question, "which of these documents should we concentrate on reassembling/examining?"

By the people

[holophrastic]

Nice democracy/republic/free country you have there. Since it's your government, and they're working with your tax dollars, you might not want to make things more expensive for them. You might, however, want to cut their budget, and vote them out, and impeech them, and whatever else you do when you both check and balance your government.

sheesh.

Re:By the people

[Fjandr]

No, at this point the only thing that will work is to bankrupt the country. If everyone uses absolutely every service available to them to the maximum extent, it'll happen faster.

Re:Steps You Can Take Against Internet Surveillanc

[whoever57]

Show me where the NSA was assigned the job of catching them,

That's a strawman. Neither I, not the GGGP said that the NSA was tasked with catching the Boston bombers. There is no point arguing this further with you since you clearly have a problem with your reading or comprehension skills.

but all you can say about them is they invade people's privacy... a right nowhere guaranteed by the Constitution.

And your knowledge of the US constitution is clearly lacking. You never heard of the 4th amendment? Just because it doesn't use the word "privacy" doesn't mean that a right to privacy is not granted by this amendment -- as the supremes have acknowledged.

More expensive

[manu0601]

From TFA

you can make that kind of surveillance a lot more difficult and expensive

Which means, that unless the problem is addressed at the political level by removing surveillance, you will just work to increase your taxes.

Re:Speaking of SSL

[tepples]

Change e-mail address, click link in e-mail to finalize change of address, reset password. Or does finalizing a changed e-mail address likewise need the user's password?

problem is "keeping SW up2date"

[lpq]

When the computer industry was "young", there was little likely hood the NSA had co-opted your developers & SW providers. Now?

With every update you need to wonder if it contains a new backdoor at the request of the NSA, asked via a "security letter", which makes disclosure illegal.

Examples in linux abound as vendors stumble over each other to provide secure-boot distro's, complete with windows-like service managers (systemd), that move config control out of scripts where you can see what they are doing, into binaries, that you have to verify come from a source that is likely too large for most of us to audit -- not to mention the problem looking for a backdoor that might be very well hidden these days... (ex. pre-solved factoring keys for AES encryption), etc... You got the latest certs downloaded from *where-ever* (needed for https and such)? How many aren't already cracked?

I wouldn't have a problem with the NSA's spying, *IF* they didn't share anything not related to national security -- but our entire justice system is predicated on law-enforcement being 'human' and needing warrants to search private stuff -- but now? The NSA doesn't need those, and any info it finds is shared with generic, domestic law enforcement. It's already been seen that the FBI has been getting info dumps from the NSA that it's been using to start determined "take-down" efforts against *persons*. I.e. they just watch the people they want, and find some excuse to 'legally' find out the info, OR, find something else to bust them on.

Of course it's been well documented here on "/.", how both foreign visitors and US citizens lose their constitutional rights when they are at a border -- losing laptops and having decryption keys demanded.

What crap!.

One rectifying solution would be to have any illegally leaked evidence taint prosecution of someone for *any, "hidden", charge*, for some number of years (whatever statute of limitations might be).
By hidden, I mean things they'd have to probe into to find out -- not armed robbery or such...

It sounds problematic, and the details would have to be ironed out, but between that, and the profit motive for "charging" a "rightless" property with "crimes" instead of the person, our legal rights as citizens are falling below western standards and down into the "outcast/illegal/brutal" regimes that we supposedly "invade" for....

Who's gonna invade us to save us from our government? I think the only ones with the ability to save us are "us".

Kill an NSA staffer

[gelfling]

And their family, burn their house the ground. Repeat until no longer needed.

Re:Steps You Can Take Against Internet Surveillanc

[AHuxley]

If you don't have a security clearance post and educate people all you can. If you do have a security clearance welcome to the new digital East Germany :)

Re:Steps You Can Take Against Internet Surveillanc

[AHuxley]

Make sure you have full messenger contact lists and use the terms NSA and GCHQ a lot :)

My preference is

[davebarnes]

Overwhelm the bastards
Plutonium implosion trigger components
Weaponized anthrax aerosol
Quantum encryption

Re:My preference is

[Fjandr]

Quantum encrypted plutonium enriched weaponized anthrax.

Re:Steps You Can Take Against Internet Surveillanc

[Seumas]

Oh, Jesus fucking Christ, how many times can you guys talk in circles, here?

His point is that the NSA has justified all of the institutionalized violations of privacy because it somehow prevents terrorism (and for while, they were claiming they've stopped over 50 acts of terrorism when it turns out it was actually only two . . . and maybe not even that), yet with all of this surveillance and violation of people's rights, they weren't even able to stop an angry teenage boy with a pressure cooker.

You keep saying they weren't "tasked with this case", which has fuck all to do with anything. The FBI was tasked with hunting the kid down (and it took the shutdown of an entire city and yanking people out of their homes at rifle-point for several days to hunt down the teenager). The NSA and all of its nefarious sister organizations were tasked with preventing attacks. You know, the thing they keep using to justify their disregard for the Constitution. And, yet, they were not aware of this pending "act of terrorism".

But go ahead and reply with "but the NSA wasn't tasked with this case" for the sixth time.

Re:Steps You Can Take Against Internet Surveillanc

[Seumas]

Ding!

What if

[koan]

The NSA ran out of room? What would it take to flood them overwriting data with random media? A day everyone leaves their phones on Youtube kitty videos? Is it even possible to overwhelm their storage with the cell network? With the Internet?
Is this what data caps are really about? Surveillance, anti piracy, and monetization?

As far as encryption goes, it decrypts somewhere.

Re:Anti-virus

[biodata]

this

Benghazi was a real conspiracy.

[Rujiel]

The whole thing was not even a consulate, but rather, the head office for a weapons running operation for rebels in syria, chemical and biological as well. Former Rep. Kucinich(D) is on the record voicing concern. Google it

Shill detected.

[Rujiel]

You call them "leaks" as if to imply their release was intended by the involved agencies. It wasn't. Leaked documents have illustrated how similar tactics were employed to cast doubt on wikileaks, claiming it was a cia plot. You really expect us to buy into this argument you're having with your sockpuppet?

Re: Steps You Can Take Against Internet Surveillan

[Rujiel]

Bullshit, the bill of rights is not about what government can do. More about what it can't

The FSA can and is monitoring virtually everything

[Rujiel]

This isn't even controversial. The idea is to collect information and use it retroactively to target people. This thread is full of shills like yourself, trying to emphasize some concept of the NSA's ineptitude rather than the evil of what it is doing.

Protecting your system

[lsatenstein]

Most anti-virus programs take a signature of a program of file that is suspect. I gave up on them and did the following.
I wrote a program that takes the md5sum of my computer's system. Weekly (at first it was daily), I redo the checksum file, I transfer it to a flash drive, and from there I read it to compare against a previous scan. Any md5sum difference is flagged. Its my way of creating a signature for each of of the files on my computer.
And it is fast in execution (about 10 minutes for a full / scan). If you have more files than I have, your timing may be longer.

Re:Speaking of SSL

[bingoUV]

HTTPS saves the poster's username from being visible to network owner (or anyone capable of sniffing). Could be office IT, ISP whatever.

Re:Speaking of SSL

[lgw]

You really really don't get it. Can you step out of your arrogance for a second there? OK, you, personally don't see the point. We get that. Can you admit that you lack godlike omniscience? Is it mathematically possible there would be some privacy interest served here?

You seem stuck in geek-OCD "it's perfect or it's worthless" mode. Stop that. Sometimes privacy from someone less competent than the NSA is important. Some important whistle-blowers only need to be anonymous to their employer. Some people can benefit from just HTTPS (hiding the content only) to protect from dumb, automatic searches.

Re:Steps You Can Take Against Internet Surveillanc

[intermodal]

There's also the fact that the terrorist threat isn't as significant as they want us to believe it is.