Slashdot Mirror
EFF Unveils Plan For Ending Mass Surveillance
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
...surveil that plan!!
Time is what keeps everything from happening all at once.
So, Slashdot, should we expect your support?. https, when?
Starting using TOR browser bundle after White House threats in previous Slashdot article
http://yro.slashdot.org/story/15/01/26/1259247/omand-warns-of-ethically-worse-spying-if-unbreakable-encryption-is-allowed
See here:
https://www.torproject.org/projects/torbrowser.html.en
For anyone working against mass surveillance, feel free to use the anti 1984 sign at http://www.anti1984.org/.
Executive Order 12333
https://www.cia.gov/about-cia/...
(forgot to refresh...)
Seriously, to put it simply, these guys are the shit. I figure most Slashdotters are well aware of what the EFF does, but if you aren't, definitely check out their website, blog, etc., look at what they've done, and consider donating to support them. (FWIW, I am in no way affiliated with the EFF. I just think it's a great organization.)
Could we start with /. actually using HTTPS?
Good Luck! You'll Need It!
And what I mean by this --- the average Joe likes to post all his stuff on Facebook. He knows his communications aren't private and he doesn't care.
You aren't going to make him care either.
And is this a worthy cause? Cheap/free services depend on a revenue stream from something and exploiting the user ("You are the product") is not a horrible trade-off for the wide availability of cheap/free services.
How is a company going to support end-to-end encryption for free and still make money selling your information and metadata to third parties?
Keep in mind that means Google too. Or are you going to come up with a plan for Google to not be able to read your emails? Because if Google can read your emails, the government can.
Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
http://www.nationalsheep.org.uk/
The problem is that while trying to survive and maintain some kind of social normalcy most people don't take an active role in shaping their local/regional/national/world topology until men in black are infiltrating their home at night and killing/disappearing them and/or raping their wife while their children watch. Complacency lies in the middle, and we're ("civilized" countries) still in the middle. The middle's that slippery slope between the crest and trough of utopia and North Korea. Hopefully the EFF will have some success before momentum takes us to that dark point where we have no choice but to answer with drastic measures. Ironically, the goal of both sides is peace and order. I suppose the difference in opinion about the road to said peace and order is what puts us at such unenviable odds.
Buy your next Linux PC at eightvirtues.com
Almost no one has a public IP address directly on their workstation at home and it is preventing free open source telephone to be widely adopted.
What is needed is a telephony protocol that and can easily be proxied or tunneled and/or that does not need extra measurements for surviving NAT.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
The central part of the EFF's plan is: encryption, encryption, encryption.
Encryption everywhere is great. But as long as the majority of us remain willing to hand over everything about our personal lives to Facebook, Google, etc., then mass surveillance by either private entities or governments will remain ridiculously easy. To me, that seems like the really hard problem to solve. There is no way those companies will deny themselves access to their users' unencrypted data.
nothing like wasting 20 years of your wasted life on learning complete bullshit and lies, nothing fucking works right , and it won't anymore due to modern motherboards, USB, smart meters, and
Linux fucked everyone over, Windows fucked everyone over.. The end . We all lose.
I will guess :
- certificate errors that people will have to click through ten times a day
- people lock themselves out, accidentally lose their data (lost keys, lost cellphone needed to receive an SMS)
- interoperabiliy problems of old versions and unpatched browsers, libraries, software
- encrypted ads and encrypted malware will infect your encrypted browser and mess with your encrypted data.
after non-root computing and port 80 computing, meet encrypted computing, same crap one more layer down
- bad guys will still mess with it
- in the end, you're still fucked because you used failbook, skype etc. or you posted public content in comment threads, forums, IRC etc.
I assume in general no one buys anything that was advertised in someway through their selling of information (metadata or otherwise).
We buy something because we happen to mostly out of necessity and less often for hobby related motives. Not because we saw an add somewhere that flooded our browsing habits.
This "industry" has annoyed users so much that i don't know anyone who hasn't got advertising and trackers blocking tools (thank you to everyone creating those).
I suggest a tool that besides encrypting uses some type of stenography in combination with encryption for the communications and searches done on any search engine. If the user was searching for a PC component, not only encrypt it but flood the search with other "background tabs/threads" with search fields from both library based data and randomly selected from a dictionary or a combination of any kind.
Even if it gets decrypted by whatever reason by someone or group peaking for valid (but lets not kid ourselves, that's rarely the case) or invalid reasons they would not know of what the user was actually interested in that search request. It's not a perfect system for all cases, but it sure can throw off the idiocy behind the advertising spam industry.
Average Joe has some stuff on facebook that he knows isn't 'private'. Because facebook is the place you put stuff for your friends to see!
But average Joe has his secrets too. Stuff he doesn't post on facebook. He don't want anyone to know about his mistress, which he met on a dating site. He definitely doesn't want his friends to know about his hemorrhoid problem, which he has had to read up on lately - and for which he ordered some stuff from an online pharmacy. He doesn't want anyone to know about the odd porn he sometimes enjoy, or his bad credit rating, or his uncle who is in prison for life.
Average Joe is hiding stuff! Nothing illegal, nothing the law would care about. But it could be incredibly embarrasing if it got out! The NSA is manned by ordinary people. They probably handle 'state secrets' as they should - but they probably also joke about some of the funnier stuff they catch too. Joe's account at that dating site for married men? The NSA has it of course, pinned to his real name & address. Theoretically, some terrorists might communicate via a dating site while pretending to be a swingers group. Theoretically.
Such stuff is so easily abuseable. Someone working with such data could use it to "lean on" Joe or anyone else to influence them. "Forget that the car crash was my fault" "Don't protest that the fence is 2 feet onto your property." "For we wouldn't want anything to leak out, would we? Any of the information we have on you . . ."
This is very true. However, WhatsApp appears to be a counter-example. They are deploying full end to end encryption and instead of ads, they just ..... charge people money, $1 per year. WhatsApp is not very big in the USA but it's huge everywhere else in the world.
The big problem is not people sharing with Facebook or Google or whoever (as you note: who cares?) but rather the last part - sharing with a foreign corporation is currently equivalent to sharing with its government, and people tend to care about the latter much more than the former. But that's a political problem. It's very hard to solve with cryptography. All the fancy science in the world won't stop a local government just passing a law that makes it illegal to use, and they all will because they all crave the power that comes with total knowledge of what citizens are doing and thinking.
Ultimately the solution must be two-pronged. Political effort to make it socially unacceptable for politicians to try and ban strong crypto. And the deployment of that crypto to create technical resistance against bending or breaking those rules.
They're absolutely right to suggest the first thing we have to do is increase widespread use of encryption technology. But the NSA and others have already said if we do that, they'll step up their game. We need to not just take our technology to the next level, we need to take our governance to the next level.
Politicians have proven themselves to be complete failures in working for the people. Sure, some countries have more luck than others - but there's nothing to suggest that that luck won't run out. Look at even the Scandinavian countries - their agencies are working for the NSA, their politicians are playing the exact same games. We need to reform our political system to reduce the amount of fuckery to a bare minimum. How do we achieve that? Complete and total transparency is vital, but not enough. Politicians are willing to openly defraud citizens in many countries already - it's not enough to know what's going on, we have to be able to hold them to account. And that's where I think elections are a farce. We don't choose who runs. We don't choose who gets to be on the final ballot. All of that is taken care of by big money interests, and even in the off chance we do get a good person into the system, they're outnumbered 100 to 1. And then the system starts to chew them up, convince them that their ideals are worthless and principles be damned, the system needs to continue operating as it has, as it will, with no real changes. Yea, one batch of idiots might do a slightly better job on one thing or the other, but in the end, as long as we continue to feed the system, it's no wonder we get governments abusing their power.
We need to have a government. We need to have a monopoly on violence, otherwise it gets to be dog eat dog very quickly. But a government that isn't held to complete account by the people is just another mad dog. The failures of our political systems have shown themselves clear. Institutional corruption. Control by a tiny minority. Ridiculous squabbling over issues that are settled science. Is this really the best we can do? I don't think so. Why are we still using politicians? Professional ones? We can have representatives, but I think it should be clear to anyone that a random person off the street will demonstrate as much intelligence and thought as an elected official - perhaps even more, as an elected politician has demonstrated the ability to say anything to get to that position. Why not do a sortition? Randomly selected individuals, and give them 1 year to govern. They can propose laws, but nothing passes until there's an approval vote by the citizenry. If the sortition does a good job (as judged by the people), they get a huge bonus. If they don't, they get the median wage, and the next sortition tackles the problems. How is this worse than giving a tremendous amount of power to a group of people who've constantly demonstrated themselves as a bunch of liars, power hungry, war mongering liars at that, and giving them free reign for 2, 4, 6 years?
Absolutely, increase and improve the technology. But don't ignore the technology running our governance. It's tremendously outdated, with countless flaws and bugs that have remained unpatched for millennia. It's time for a new release of Government.
The Electronic Frontier Foundation is an anachronism. There isn't an electronic frontier anymore. The very existence of mass surveillance proves it.
We filter what we hand over to facebook etc. You won't be able to match the profiles on sex/dating sites to facebook accounts, for example. But the NSA can do exactly that. Mass surveillance means they know from what IP address the connections where made. Ok, there are several people in your household - but not so many who are "male of some specific age". And only one of them has also made such connections from your workplace. BAM - you're identified!
Similar for all other anynomous fora. The can likely identify most of the ACs here, for example. Have you ever advocated anything illegal - such as recreational drugs or beating up burglars? Might come back to bite you someday . . .
But your virus scanners have root access to your Windows system and they collect information your personal information and some of them send that information to the U.S. to get around the data protection laws. Your information is then available under U.S. law to the spy agencies. LICENSE AGREEMENT Bitdefender the monitoring and collecting of your personal information e-mail messages scanned for spam may contain private messages. Websites you visit may contain personal private information that you have posted on that website. The collected information as set out above is necessary for the purpose of optimizing the functionality of Bitdefender’s products and may be transferred to the Bitdefender Group in the United States that has less data protection of other countries. (European Union ).To get around of data protection laws they ship your information to the U.S. Bitdefender’s privacy policy guarantees you the right to access, rectify, eliminate and object to the processing of data by notifying Bitdefender via e-mail at: legal@bitdefender.com.
Even in democracies, voting won't change things. E.g. In Sweden, all major parties are for survailance, and the ones who are against are fringe parties who would ruin the country with bad financial policies or kill other fundamental freedoms.
Governments will make encryption illegal (they want to do that now, if they haven't done it already) and will stop giving the companies who support this government contracts. No self-respecting company will support this.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
The problem I see with this scheme is education. Large swathes of the population have already been duped into thinking that encryption is an evil tool that only terrorists would use. How do you go about encouraging encryption without making those people get angry and switch off without even considering what you have to say?
Some bundles donate a percentage to EFF. Go HB! Go EFF!
When you use ROMs, firmware, operating systems and software designed by americans, with backdoors to all the three letters national agencies you can think off.
Donate
Donate
DONATE
If everyone who posted a reply to this story donated to the EFF with their dollars in addition to their words, that would be pretty substantial in aggregate, and they could do some real work with those funds.
Donate to the EFF. They have been fighting this fight for as long as I have been alive and are one of the only groups to has maintained the fight. While I have donated to them on and off over the years, I have been lax for quite awhile. I just donated to them and challenge everyone else to do the same.
PS: And, this comes from someone not in the USA who DOES NOT get a tax break from his donation since they are not registered in my country, but who recognizes the global impact of the EFF.
"If you're not doing anything wrong, then you have no reason to hide"
That's what you say if you're the aggressor. If you're the victim, you say this:
"If I'm not doing anything wrong, then you have no reason to spy on me."
This forces the aggressor to come forward and admit that he doesn't believe in one of the most fundamental concepts of justice: that individuals are innocent before proven guilty.
Or better trying to hide it?
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
the average Joe likes to post all his stuff on Facebook. He knows his communications aren't private and he doesn't care.
Not true. You should have heard the reactions when Snowden broke in the UK. There was a woman on a national TV debate programme who was upset that GCHQ had access to her Facebook profile which she had set to "private".
It's not that people don't care, it's that they don't understand. How many people still using Skype or Yahoo webcam chat with their girl/boyfriend do you think realize that that they they flashed something was recorded and reviewed by a GCHQ officer? When people realize this, when they realize that their "private" profile isn't really private and that it isn't just machines looking at their nude selfies, they care.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Absolute anonymity is a weapon of mass destruction which governments will never allow.
At what point does privacy become paranoia? Previously, if someone wanted a conversation to be private, they would only say things away from other people. The best kind of encryption for your privacy is to not say things over the internet.
Actually, the constitution not only forbids spying against citizens of the USA, but against everyone:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Notice, it says "people" there. It's speaking of "citizen" in the context of elections, so clearly the intention was that the 4th amendment applies to everyone.
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
No company that wishes to have any business over the internet *can* support encryption being illegal. I roll my eyes at Mr Camrons latest tirade as it'll be 100% unenforceable.
You know what "cover" is, don't you? A "cover" catches bullets. You may think there is safety in numbers but what will happen is that they'll randomly target a number of naive idealists and make an example of them. The rest will fall in line.
Then we need more people willing to stand up for their principles, not less. If you give up, your privacy definitely won't be protected.
Its all well and good to talk about "encryption, encryption and more encryption" and to invent new protocols to help keep stuff from the eyes of those who would try to access private information (whether they be criminals, law enforcement, intelligence agencies or otherwise) but unless you can get vendors to adopt your new technology its not going to see widespread enough use to make a difference.
Take SSL/TLS for example. Right now when you visit a https site, your browser retrieves a certificate and checks that the certificate has been signed by a root certificate in your browser's local root trust store. There are a number of proposals out there to change this so that the public keys used for https connections are obtained in a way that doesn't rely on the broken CA model but as of yet none of those proposals have been implemented into any of the mainstream web browsers.
Why isn't more being done to get these new security ideas into the mainstream browsers? (especially the open source ones like Chrome/Webkit/Blink/Firefox). DANE (an RFC for storing https certificates in a DNSSEC secured DNS record) has a patch for Firefox posted in 2011 that has gone nowhere and vague mentions of work for Chrome but nothing else.
Indeed, the Bill of Rights is an enumeration of basic human rights that are to be protected for everyone, not just US Citizens. This nuance seems to be lost in the halls of government, though.
If you are on American soil, regardless of your Nation of Citizenship, you are entitled to have your basic human rights protected.
I've pondered sortition government, but I wonder how you would reign in the power of the bureaucracy.
As an AC said, the random citizenry isn't going to have the depth to really write good laws, so it'll probably largely fall to a bureaucracy, which might end up with all the real power. I can scarcely see that as an improvement.
However, the sortition has the big benefits you mention:
1) Actually representative of the people, because they ARE the people
2) Don't arrive in office corrupt, aren't beholden to donors
Maybe have the lower house of Government chosen by sortition?
--PM
Fuck You Faggot
Go die in your OWN crypto-anarchist paradise.
Privacy is dead. Finished. Over. Nothing is going to change that. That's why we're living in the "surveillance age" and not in the "privacy age". The war is over: we lost. You're not fighting a battle, you're administering CPR to a decomposing corpse. Hanging on to the delusion that you can still do something is only painting a big, fat target on yourself and on anyone associated with you. Grow up. Accept the new reality and learn to function in it, instead of pretending we're still living in the Nineties.
Privacy is dead. Finished. Over. Nothing is going to change that.
Freedom is dead. Finished. Over. Nothing is going to change that.
Nice self-fulfilling prophecy. While you whine and cry about how we're done for, there are people actually doing something. I'm sure many people felt the same as you during the civil rights movement, but thanks to people not giving up, it had many successes.
Grow up.
I'm not going to tell you to grow up, because your age/height has nothing to do with the conversation, but I will tell you to grow a brain.
Basically, anyplace that a search warrant by a US government agency will work, the Fourth Amendment applies. Anywhere else, not so much.
"I do not agree with what you say, but I will defend to the death your right to say it"
I'm guessing Bitlocker is not useful for encrypting my data sufficiently to keep the government(s) out of it.
And the Truecrypt substitutes are all marginally trustworthy, as well as not quite so fully functional.
Not many good alternatives here.
deleting the extra space after periods so i can stay relevant, yeah.
When the Bill Clinton administration pushed the idea of banning encryption, his Attorney General Janet Reno made a statement that it needs to be banned because of paedophiles. History doesn't repeat itself, but it does rhyme!
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
It's time for real honesty in this discussion.
This is not hyperbole: Mass surveillance is equivalent in its threat to free civilization to weapons of mass destruction, including the entire global nuclear arsenal.
The latter can destroy free civilization physically, in a flash. While we have no true prior example to draw from in illustrating the consequences of an atomic holocaust, it logically follows that society would promptly collapse in such an event, if it is not outright obliterated. Simple, intuitive, easy to understand: The mushroom cloud itself has become a symbol of what could be mankind's final demise. We know what it means.
The former, on the other hand, destroys free civilization from inside-out, transforming it into something that it should not be; Something that is not free, something that can't be called civilization. Another course of events entirely, and one which leaves most people alive, though they may not wish it in time. We have a broad selection of prior examples to draw from scattered throughout history, including at least one present day regime, which illustrate the enormous dangers of mass surveillance. Why then is it so difficult to understand what the consequences will be if we allow this problem to continue to grow unchecked?
Enlightened society, civilization as we know it, is facing a threat the likes of which cannot be overstated. Not since the invention of the atomic bomb has any one category of man-made technologies so threatened our way of life and the liberty of the world. Combating mass surveillance is paramount to our survival as a civilization, just as combating weapons of mass destruction is paramount to our survival as a species. The two are absolutely equivalent.
Man, this'll toe-- toe-- TOTALLY work! All the people programming all the appz will Get Right On It. Watch, I bet you, even the NSA will butt out of the RSA and basically everything else. The world is our oyster and it's in the palm of our hand, and we only have to close our hand, thus shutting the oyster, to keep our pearls locked away safe where nobody can kick them.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
I agree with the last two paragraphs, but the first one needs some (counter?) counter-examples:
1. WhatsApp cannot guarantee end-to-end encryption when they host all of the public keys on a private server that cannot be audited (MITM anyone?). Sure, end users can compare each other's public key hashes via some out-of-band means, but who actually does that? And by the time you notice the keys have been compromised...
2. WhatsApp has never made money, and now that they're suckling from the Facebook teat, they never will. They can afford to provide encrypted communications because daddy pays the bills. From what I've heard, the $1/year fee is rarely levied, and it probably wouldn't cover the coffee bill anyway.
Remember kids, don't trust anyone with your keys!
Perhaps one day you will evolve to love males.
Male circumcision is mutilation and abuse. Especially when done to infants.
Religious people are delusional.
Most people are actually bisexual, and sexuality and gender are fluid. Because of this social pressure and reparation therapy works, in that it convinces bisexual people to repress part of themselves and go into the closet.
Torture works. Historically proven.
The needs and desires of the poor will always outstrip the resources of society. Or put another way - there is always scarcity because the overwhelming majority of people always want more.
Healthcare is not and cannot be a right because the demand for it is infinite.
There continue to be many factual opinions that cannot be freely held and expressed without being persecuted. Thus the need for privacy and anonymity, even if it is only partial.
Slashdot uses HTTPS for subscribers.
As for non-subscribers: Using HTTP advertisements in an HTTPS page won't work due to browsers' mixed content policy. This means Slashdot's HTTPS support is unlikely to be extended to non-subscribers until more major ad networks support HTTPS.
Here is a story about this very concept. The characters use encryption, get a local ISP with indie music sharing bundle to switch to encrypted traffic only in order to conceal their own encryption in the noise, thus inspiring google to make the switch to HTTPs. http://www.craphound.com/littlebrother/download/
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.