Why the NSA Piggybacks On Consumer Tracking

An anonymous reader writes "'Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There's no central system for identifying or locating individuals, so it's hard to keep track of who is online and what they're up to. What's a spy agency to do?' In a Slate op-ed, Ed Felten explains how consumer tracking makes the NSA's job much easier. Felten was the first-ever Chief Technologist at the Federal Trade Commission, serving as the agency's lead technical expert on privacy issues. Now back in academia, he argues that the NSA gets a 'free ride on the private sector,' from distinguishing users, to pinpointing geolocation, to slurping up network traffic."

Empire Strikes Back

NSA's PR strikes back. They could be far less obvious and a little bit more effective if they are not putting their PR here so often.

What else can you do?

[auric_dude]

Requestpolicy, Noscript & Lightbeam are all Mozilla Firefox addons may well give you a hint of commercial snooping but what other measures can you take to keep your browsing habits and data safe from the eyes of others?

Re:What else can you do?

[AndroSyn]

Encrypt everything, make life as difficult as possible for those who would snoop your traffic. You mention Firefox plugins, perhaps you should also be using the HTTPS Everywhere plugin: https://www.eff.org/https-everywhere

Also make sure you are using the SSL Observatory function, this should at least help prevent MITM type attacks against you.

Re:What else can you do?

Or just ignore the whole thing and let them spy on the TERRORISTS that they are actually looking for.

Re:What else can you do?

[mrchaotica]

A post in a thread a few days ago gave a good list. (I'd link back to it, but I can't find it.)

• RequestPolicy
• NoScript
• RefControl
• Ghostery
• HTTPS-Everywhere
• BetterPrivacy
• Cookie Monster

I didn't list Lightbeam because while it is good at visualizing tracking, it doesn't actually stop it.

I also currently use

• AdBlock Plus
• Self-Destructing Cookies
• DuckDuckGo search provider

I'm also looking into running a YaCy server so that I don't depend on centralized (and therefore inherently trackable, even if some say they don't) search engines at all.

Re:What else can you do?

[flyingfsck]

Browse with TOR whenever possible and restart the TOR session frequently.

Re:What else can you do?

[AndroSyn]

I'd consider TOR exit nodes to be fully monitored, so obviously you'd want to take all of the steps above as well, when browsing over TOR.

Re:What else can you do?

[erikkemperman]

Or just ignore the whole thing and let them spy on the TERRORISTS that they are actually looking for.

Can't tell if you're being serious, but in case you are: No, the problem here is overreach and feature creep. They are applying their rules for dealing with terrists (essentially none) to the population in general and foreign heads of state in particular.

I don't expect that ignoring the whole thing is a strategy which is likely to limit their ambitions, at all.

Re:What else can you do?

[mcgrew]

All those techniques are fine for stopping them from spying on me, but their spying on me isn't the problem. They have nothing to gain by spying on me. The problem is that they're spying on everyone, and that's what needs to stop.

Re:What else can you do?

[Jah-Wren+Ryel]

You can also play games with your browser sessions. Both firefox and chrome support multiple browser sessions running simultaneously. I have one just for google searches, another just for youtube, another just for banking, etc. That keeps your cookies and other fingerprinting information like extensions, browser history, etc unique to each task.

If you run firefox with these arguments it starts up with a picker that lets you choose which profile to run:

firefox --ProfileManager --no-remote

I give each profile a different theme and change the titlebar to start with a prefix (like "GOOGLE: xxx" or "BANK: xxx") with the customize_titlebar add-on to make it easy to visually distinguish between different sessions.

I also use the user-agent switcher extension to give each browser session a different user-agent. I usually set them to say the OS is Windows (I'm on linux) to blend in better with all the other Windows users and then each one is set to report a slightly different version of firefox (like 25.0 or 25..0.1 or 24.0 etc).

It is not just about hiding yourself it is about polluting their databases. Switching the user-agent isn't 100% -- some javascript can figure out the browser version via other means. But it is low-hanging fruit because the user-agent gets transmitted with every single http request your browser makes, so anyone passively sniffing the wire will get whatever you set it to.

https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

There is a similar add-on for chrome by a different author, haven't used it myself:
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg?hl=en-US

For firefox you have to make an additional change in about:config in order to have your user agent stick permanently because java gets confused on startup if it is spoofed. Create a new preference 'useragentswitcher.reset.onclose' and set it to false.

Re:What else can you do?

[mrchaotica]

Maybe we need an extension that sets your user-agent to whatever is at the top of a list like this.

Re:What else can you do?

[StripedCow]

That's all great for in the browser.

In real life, I often ask random people on the subway to swap discount, club and rewards cards with me.

Re:What else can you do?

[davester666]

They don't feel bad about it because anybody could be a terrorist, therefore everybody must be monitored.

Re:What else can you do?

[Jah-Wren+Ryel]

I've been looking for a list like that. Too bad its only from that particular blog so the sample size is too small.

Re:What else can you do?

The downside of TOR is dealing with exit nodes and the fact that all of them are blocked from most services. Even Google searches will pop up a CAPTCHA or a FOAD screen. It isn't as secure, but a VPN service might be a better balance because it is still usable, while providing privacy. It doesn't provide the multi-level routing that TOR does, so it isn't NSA-proof, but it provides decent privacy.

Don't forget to check the EFF's Panopticlick site with your browser. You can have completely anon IPs, but if your browser has a unique signature, it won't matter.

Re:What else can you do?

Here is another good one I usually recommend to friends:
https://prism-break.org/

How effective are these?

[Toe,+The]

Opinions on each of these, slashdotters?

AdBlock (or cat block) with EasyPrivacy
DoNotTrack
The no-tracking bit on web browsers
Denying 3rd party cookies
Denying traffic on ports other than 80/2083
Not using Google services (I mean c'mon people)
Allegedly private search engines like ixquick
Not using or logging out of social media
Proxy servers (but how do you know if a proxy is run by the NSA?)

Oops, meant 443

[Toe,+The]

I meant port 443, not 2083.
(Guess I use cPanel a lot.)

In _no_ way am I supporting the NSA

[ubrgeek]

But to say it "gets a 'free ride on the private sector'" ignores the fact that the reverse is (possibly) even more the case. We paid for the Internet and did so with the expectation that we would receive and keep certain rights. Instead, Verizon, Comcast and their ilk do everything in their power to clamp down on Internet access and usage either directly (through their greed) or by worming their way back and forth into and out of lobbyist and politically appointed government positions. Add to that the MPAA and RIAA with their (what in a sane world would be illegal) demands that people spend more time in prison for "piracy" than for murder and you see everyone but the public getting a "free ride" for something we already bought.

Re:In _no_ way am I supporting the NSA

We paid for the Internet

Um? I'm gonna be modded to oblivion here, so might as well be AC, but some clarification would be useful. I paid some companies for access to some network that other people have already built... I don't recall ever putting down a downpayment for "the Internet".

Re:In _no_ way am I supporting the NSA

[mrchaotica]

DARPA built the Internet, and is funded by taxpayers.

Re:In _no_ way am I supporting the NSA

We paid for the Internet

Um? I'm gonna be modded to oblivion here, so might as well be AC, but some clarification would be useful. I paid some companies for access to some network that other people have already built... I don't recall ever putting down a downpayment for "the Internet".

DARPA built the Internet, and is funded by taxpayers.

For those of us not in the US, try again.

Re:In _no_ way am I supporting the NSA

DARPA built the Internet, and is funded by taxpayers.

DARPA doesn't build anything.

Re:In _no_ way am I supporting the NSA

He means the original funding that created the internet was supplied by US taxpayers. "For those not in the US", you got a free ride on the technology developed by DARPA and funded by US taxpayers. In fact, in the early days of the internet, it was almost entirely US citizens on it for this reason: it hadn't spread overseas yet.

Re:In _no_ way am I supporting the NSA

That's some fascinating revisionist history. Santa is a white guy, too, right?

Re:In _no_ way am I supporting the NSA

[ganjadude]

santa IS a white guy. He is St Nicholas, he was from turkey, and yes, he is white. Deal with it

Re:In _no_ way am I supporting the NSA

[kimvette]

http://en.wikipedia.org/wiki/ARPANET

The Internet "evolved" from ARPANET, which was funded and built by the US - primarily the DoD in partnership with some universities. It forked into separate military and civilian networks, and the remains of ARPANET eventually became transformed into the Internet and become more widely available. The birth of the Internet is really the introduction of TCP/IP into ARPANET, which was in 1982-1983.

http://en.wikipedia.org/wiki/Internet

So the original infrastructure and development did originate in the US but the private sector expanded it substantially as early as the mid-80s so what was ARPANET is only a very tiny portion of the Internet - if those original backbones even exist any more (I'd be very surprised if any of the original lines and routers are still functional let alone in production).

Re:In _no_ way am I supporting the NSA

[TubeSteak]

Tor is mostly funded by taxpayers as well (through the State Department)
http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History

Re:In _no_ way am I supporting the NSA

"For those not in the US", you got a free ride on the technology developed by DARPA and funded by US taxpayers.

Someone thinks pretty highly of themselves.

In fact, in the early days of the internet, it was almost entirely US citizens on it for this reason: it hadn't spread overseas yet.

Why would it? We were doing just fine on Minitel long before you Americans had anything similar.

Re:In _no_ way am I supporting the NSA

[drinkypoo]

santa IS a white guy. He is St Nicholas, he was from turkey, and yes, he is white. Deal with it

Here are your search terms: siberian. mushroom. shaman. In case your google-fu is weak, which is clearly the case if you're still spouting that bullshit, no.

Re:In _no_ way am I supporting the NSA

[ganjadude]

Why would I go to a "green building and living" website to get my history on st nicholas??

Re:In _no_ way am I supporting the NSA

[drinkypoo]

Why would I go to a "green building and living" website to get my history on st nicholas??

Logical fallacies are the best you can do, huh? Not surprised.

Re:In _no_ way am I supporting the NSA

[dale.furno]

That shit website cites 0 sources for the information.

I will assume it came from the imagination of the submitter.

Re:In _no_ way am I supporting the NSA

[ganjadude]

drinky, you cannot argue the fact that st nick was white, santa IS st nick, therefore santa IS white

Article says they retain for a year

[Toe,+The]

I never understand claims like that. Do you know how incredibly cheap storage is? Now what if you had government-sized money. How hard would it be to store all data forever?

Even if it is exabytes. Who cares? They don't sound like the kind of people to let stuff go just to save a few bucks. And to them, it really is just a few bucks.

Re:Article says they retain for a year

What happens when you run out of other people's money?

Re:Article says they retain for a year

[mrchaotica]

Not to mention, given the exponential growth rate of the Internet's data, if you have the capacity to store data for year N (this year), then storing the data for year N-1...N-N (all years from the beginning to last year) is trivial.

ISP routers

[gmuslera]

Even ISP routers are being used to get in our private networks, our VPN and even our Tor connections. In NSA/GCHQ sources and methods uncovered there are some suggestions to improve things a bit.

Firefox should build in those addons.

I'm always amazed at how the Firefox crew manages to fuck up their browser's UI more and more with each release, includes unnecessary crap like a slow-as-fuck PDF reader, remove the easy-to-access preferences option for disabling JavaScript, and wastes time with asm.js, while simultaneously not including by default useful functionality like that offered by those addons.

The functionality offered by those addons you listed, and others like HTTPS Everywhere and Ghostery, should be included by default. Make users forcibly disable them, if they aren't wanted. But no sensible person would do that, and those who don't know better just wouldn't be able to.

I don't expect Google to do the right thing with Chrome, given their other interests. But damn it all, I do expect better from the Mozilla team (even if their past performance indicates that I probably shouldn't).

because it's more data

[Gravis+Zero]

it doesnt matter who made it or how much information it gathers. if it provides more information, they are going to use it. it's just like how microsoft copies google search results via Internet Explorer search bar to put into Bing. is it an asshole move, yeah. are they still going to do it even though they have been caught, yeah.

why is this even a question?

Re:because it's more data

[Trepidity]

Yeah, the concise answer to the question is, "because the data is there, and they can get it".

Intelligence agencies piggy-backing on private-sector tracking is nothing new, either. Some of the earlier U.S. 4th-amendment cases came out of intelligence agencies getting access to people's telephone records. They also get information from banks, credit-card companies, and all sorts of other such compilers of private dossiers. If they want, they can probably get access to what food you eat, too, thanks to supermarkets compiling purchase profiles via scans of the club-card barcodes.

: How I Learned to Stop Worrying and Love Google

[ErikBird]

A recent foia request by propublica for emails between NSA employees and employees of the National Geographic Channel over a time period that the TV station had aired a friendly documentary on the NSA resulted in the following response from the NSA (the supercomputing powerhouse) "There's no central method to search an email at this time with the way our records are set up, unfortunately.... [the system is] a little antiquated and archaic." A former employee of the department of labor statistics said that the department's entire data set fits on a single hard drive. Note that in the 90’s the IRS was still using vacuum tube technology. The National Security Agency in the last couple of years just started building modern data centers in Utah. There is abundant evidence provided by the Thomas Drake prosecution and the 9-11 commission report that information management is a problem in the intelligence community. Does google have better information management technology than the NSA? If corporations do have better data on the U.S. economy and population than the U.S. government doesn't it make sense to be governed by these corporations, ie government sachs? Is it not true that he who has the information has the power? And of course doesn't that create a clear “moral hazard”and “regulatory capture” situation as the corporations are regulated by the gov? Regulatory capture is basically when the cops and judges are owned, the book "13 bankers" goes over the issue for wall street. Isn’t corporate control of government part of what occupy wall street activists protested?

Spying on citizens is illegal

[BringsApples]

Murdering in America is tricky. The streets are packed with concerned citizens, some of which are armed, and there's local police to avoid. There's no central system for murdering or stowing dead individuals, so it's hard to keep track of who been murdered and where their dead body is. What's a murder to do?

There, that puts it into perspective. I wonder how many goddamned NSA stories slashdot is going to pump into today's atmosphere.

Re:Spying on citizens is illegal

I wonder how many goddamned NSA stories slashdot is going to pump into today's atmosphere.

I hope many more and it continues until every secret Snowden stole is made public.

We and the rest of the World NEED to see how our our government and theirs has been lying, cheating, breaking the law (arguable since the PATRIOT has made some of this shit legal thanks to our ignorant asshole corrupt Congress and Senate), and let the World know that you cannot be complacent when it comes to Freedom.

All of us need to hold our politicians' feet to the fire and stop being distracted by false fights for freedom (like invading countries that have nothing to do with our freedom.

If the wars in Iraq and Afghanistan were to protect our freedom, then they have filed miserably and all those fine people who died and were injured over there did so in vain. And we have our leaders and people who were either too scared or caught up in the mindless jingoism (Fighting for Freedom! Freedom isn't Free) to stand up and question these actions.

This isn't so much about whether the NSA knows what porn site you like or what Starbucks you visit; this is about the continual erosion of our true freedoms and this spiral into a authoritarian surveillance society. And when that happens - when folks are concerned about being watched and judged for their thoughts, beliefs and actions, it puts a society in s straight jacket. You may like that - many folks WOULD like all of us to conform to their values and punish those that vary outside of those strict stifling standards (social conservatives in the States are a perfect example).

We need to realize that the NSA WILL be abused even more in the future if it NOT reigned in or even destroyed.

We have taken our freedoms for granted far too long and actually, I don't think most people know what freedoms are.

An example is the NRA. Sure, you can own your guns but the government knows where you are, what you own, and what you're doing. If ANY of them think they can rise up and "fight tyranny", black SUVs will pull up, armed grunts will take them out and the local news will show "local survivalist shot by police after barricading himself and threatening his neighbors".

Re:Spying on citizens is illegal

[BringsApples]

Ok, then release it mother fucker, stop spooling it out. But it's as if our house (America itself), was once great, all the rooms were furnished, the walls were painted, and then one day we went into a room where vandals had spray-painted "Eat shit and die faggot/religious/artist/loner/politician/armed forces/nigger/honkey/old/young Americans!" We were shocked! And we quickly made plans to repaint the wall. So we went out and bought paint, and were all cheering each other on ready. But when we got home, another wall was sprayed. Then repeat that for the whole house? No, I won't fucking take it.

If there's some info that's out there that needs to be known by the American people, then LET. US. FUCKING. KNOW! Don't sit around talking about how carefully you're baby-sitting the information, until the right time comes to let people know. It's all bullshit, all of it. All that spooling it out does is create a platform by which people become complacent, accepting - numb, if you will. So that one day when the last freedom is taken, no one has the energy to go get more paint.

And fuck you for posting AC, bitch-kid.

Re:Spying on citizens is illegal

[ganjadude]

the problem is if he just dumps it all at once, a LOT will be overlooked as the media can only grasp a few things to report on at a time. by trickling it out slowly, we ensure that it stays in the media for a longer period of time, and as such keeps the people interested in it as well. while I would personally love to see it all at once and browse everything he has, I understand that this method is better in the current climate

Re:Spying on citizens is illegal

[BringsApples]

Why? What other news would you like spooled to you, in little bite-sized chunks? You just go to the police and tell them that you saw a crime and you will let them know small details as you see fit, let me know how it goes. bullshit, all of it. I'll spool-feed bait on a hook to the lake for fish, and that's what I feel is being done with (queue the deep movie-trailer voice) 'THE SNOWDEN LEAK'.

And what "current climate" are we talking about here? I demand to know what illegal activity my countrymen are involved in, so that I can take steps necessary to avoid, fight, or accept. What the hell kind of news agency gets to report news as they so wish? As they see fit? Do news agencies now get to decide when crimes are reported? I guess so, because that's exactly what's happening. Hell guys, if evidence is withheld in any other case, the holder of such information is held accountable, and eventually will have charges brought against them. Why not here? Accepting a spool-fed version of the totality of such a problem as this, only proves that everyone is full of shit, and cannot be trusted. Accepting a spool-fed version of anything, leaves that 'anything' wide open to never end, and limitless boundaries. So what, one day in 30 years, we're still getting (queue the deep movie-trailer voice) 'THE SNOWDEN LEAK', describing things that had we heard 30 years earlier, we could have done something about, but now.... nah, we're to far down that rabbit-hole. To accept a spool-fed version of something to this magnitude, to my way of thinking, only proves that you really don't care about what's being leaked at all.

The people that decide laws, have been supposedly busted for doing illegal things (so we're told). If you don't want to know the full scope of that, then you sir, are fucked. Until I hear all of it, I believe none of it.

Re:Spying on citizens is illegal

[khallow]

Ok, then release it mother fucker, stop spooling it out.

You don't get the game. As ganjadude noted, it makes more of an impression dribbled out over time rather than dumped at once. Second, the involved reporters are milking this story for what it's worth. Obviously, you'd rather have it all now, but that's not in their interests to do so.

Third, part of the story is the duplicitous official responses to it. For example, the Obama administration was caught in several lies early on. And they occasionally still get caught telling a humdinger (such as Obama assuring the Chancellor of Germany that the US didn't spy on her and being contradicted in days by another Snowden revelation).

Re:Spying on citizens is illegal

[ganjadude]

Im talking about the fact that most people have the attention span of a gnat these days, If it all came out at once, it would be forgotten as quickly as that other thing that happened a few months ago, you know the one with the guy and and the gun? yeah that one

Re:Spying on citizens is illegal

[robsku]

Indeed - and had the whole thing been released at once it would now be ancient history for most people, who wouldn't even know but a small part of the whole thing.

Sure, people like me for example would know and remember the whole thing and never forget - however as most people would not it would server more as source of frustration seeing people *not* know/care about the whole thing.

Obviously this way it's better.

Re:Spying on citizens is illegal

[BringsApples]

I know what you mean, most people have the attention span of a gnat, and that's due to the reasoning (that they see) behind 'why to store info' in the first place. We could debate this all day, with no good becoming of it. I think that the news itself in all it's totality is better than little pieces that are controlled by few, where you are apparently compiling a list of stuff so that one day you will see the whole story. I just have to ask, once you do see the whole story, what's your plan; what are you going to do? My plan, since I never will be hit with the whole thing at once, is to do nothing, because by then I'll be completely numb to it all.

It is interesting to note how others in authority positions are dealing with it right now. They all appear to be, you know, sorta, piling on their own stuff into the cracks of our crumbling society. The authority seems to be under the impression that despite the news that the authority has been breaking their own laws "in the name of security", no one thinks it bad. Little do they know that people like you are compiling a list of all the naughty and nice, to one day.... shit what is your plan again?

Two words:

[inode_buddha]

Two words: plausible deniability

give us what we want

should make a record of this http://www.youtube.com/watch?v=WbYWwaIhHFM

us piggys back ban on cowfarting

no defense for bad manners http://www.youtube.com/watch?v=MLO3NmGJuHg counting us down from every direction

Why?

Because they can, next question!

commercialization of the internet

When we allowed the commercialization of the internet - and by WE, I mean the hundreds of millions who got here after the Eternal September who tolerated the internet's descent into advertising and data-mining and behavior harvesting, rather than the intolerance with with that had always been met before - the course was set. It was clear what would happen.

Nobody was bothered. Now we get to eat the dish we have carefully prepared. Enjoy!

Tricky?

[MobSwatter]

What could be "Tricky" about forcing security and encryption standards to include back doors? It is a bit disheartening that they cheated, I thought these guys were the best and the brightest when it came to hacking, I never included social engineering to actually part of that.

In fact Google and the NSA are

[Mister+Liberty]

... forming a great partnership. I for one do not doublt one minute that either money, or services, or data (meta or otherwise [there is no 'metadata-as-opposed-to-real' data) has gone from NSA to Google. Truth will out.

Its Called 'Doggy' Style

After reading GitHubs problems with C Free Speech, the DOS made me do it. :-)

Not just opinion: This is facts... apk

Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts ( A tightly integrated PART of the IP stack itself )

APK

P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

** "Less is more" = GOOD engineering!

*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

Bogus unjustifiable downmods?

They can't prove me wrong - if anything they do the opposite...

* You FAIL (to the downmodder) - & you KNOW it!

APK

P.S.=> Since "the best you got" = "hit & run" unjustifiable downmods (instead of disproving my points on custom hosts files value in added speed, security, reliability, & even anonymity for end-users of them).

... apk