re "This is what I like about proprietary software. Lots of eyeballs are probing for vulnerabilities, and when such are found, they are fixed quickly by professional paid developers."
The same brands who allowed years of weak crypto for the NSA and GCHQ?
Hard to see what extras a person gets with proprietary software. Or what is nor fixed or fixed later.
The world has seen where trusting big OS, telco and software brands has left crypto security.
If a person wants a CPU, motherboard and OS at some point they are going to have to buy a product.
So people have the option to go out and test and read up on other CPU products. If they like what they find, support and even buy that product.
Real customers do that have option. Ask questions, shop around, test, buy, think, publish.
Buying again and again from the brands that have fooled consumers for years with tame, junk crypto might not be the best idea to go on with again and again.
A big wide world of CPU, motherboards, networking products, brands and real academic experts:)
What was the Communications Assistance for Law Enforcement Act ready should be easy to think about. Product, brand, service or code on phone hardware for voice and video?
Communications Assistance for Law Enforcement Act is clear on the expected support needed. What needs telco products have to meet will be seen under new regulations over the next years. https://en.wikipedia.org/wiki/...
Yes people have the option to talk about the tame brands and their expensive junk crypto:)
People can now think about their computing needs understanding what gov and mil extras they are paying over generations of hardware and software upgrades.
The only plus is in the constant new funding, new missions and expansion.
Why just support other mil and gov needs as requested when the NSA can now plan and run the operation.
NSA 'totalitarian,' ex-staffer tells German parliament http://www.dw.de/nsa-totalitar...
Binney: 'The NSA's main motives: power and money' http://www.dw.de/binney-the-ns...
"Money. It takes a lot of money, you have to build up Bluffdale [the location of the NSA's data storage center, in Utah] to store all the data. If you collect all the data, you've got to store it, you have to hire more people to analyze it, you have to hire more contractors, managers to manage the flow. You have to start a big data initiative. It's an empire. Look at what they've built! Have you ever looked around all the buildings they've built up because of 9/11?"
The world now understands the state of the art junk crypto for free or for sale from trusted brand:)
The problem for that is the NSA staff and friendly nations around the world.
What the NSA holds back from US OS and US tame telcos is shipped as international standards.
The cyber security tools get handed around for international and domestic use. Australia, Canada, the UK, NZ, then down to the third party nations and some other nations. Thats a lot of local staff using tools, methods, systems everyday on and with US telco and computing standards.
At some time the staff enter the private sector and take their skills with them. A bank, security firm, political party or rival telco now has the same deep gov skills and telco methods.
At some time the a staff member gets removed and is less welcome in the the private sector with their skills. No bank, security firm, political party or rival telco job.
So other nations and other groups make great offers. The cash is good and the work is as interesting. Now some random people or nation has the same deep gov skills and telco methods for cash.
That is why telco and computer crypto standards need to be very good. Too many ex or former staff, nations, groups and people can afford the same skills if the keys, codes and tools are just left in the open or are designed as junk standards.
The US and UK govs have guided very weak telco and junk computer standards over decades. Tame OS and telcos have allowed junk crypto to spread under their own brands.
What was crypto junk for an embassy in the 1950's buying communications hardware is now the global standard. Everyone with cash and connections can now track or get plain text too. Are the police in a phone network? Are the police sending a request to watch a list of numbers? Get a real time update and escape before the telco even sets up the tracking and logging.
All thanks to junk telco and OS standards by updated tame global staff. What was great for hunting spies on any telco network can now be used to track police intercept requests by any group with cash.
Want to track political leaders or protesters for any reason? Just have the right codes and a national cell network is for sale by ex or former staff.
What the NSA and GCHQ saw as instant, real time access for their own is now open to all. Thats why good telco standards are so vital. If one group can get in, everyone can.
Any cell phone product would be open to a telco by default for law enforcement as shipped and sold.
Why mess around with user applications when the hardware layer is open?
Just get every message sent, gps, camera, voice, text as entered before an app encrypts.
It can just be a frame from a viral video, movie or political event that becomes the "meme". Recall the art created from the use of pepper spray in the US.
Try http://knowyourmeme.com/
Movies can kept or sent be sent out of an area in realtime with apps like Bambuser, Call Recorder, Fi-Vo Film, GotYa!, Open Watch, Secret Camera Recorder.
Frames extracted and comments or art work added. The classic "meme" is then ready for use.
Gov, mil and local law enforcement officials do like to track people with the ability to create and host the original content that can trend and create discussion or enters local or national media.
A meme to the US gov is anything that could start political issues that spreads over social media, old and new media.
Great for a CIA funded color revolution around the world https://en.wikipedia.org/wiki/...
Historically in the US COINTELPRO https://en.wikipedia.org/wiki/... would like to get in front of any trending domestic issues.
So what is a meme or trend and what would make the US gov spend cash on looking at pics and comments online?
East German news about visa needs to travel out of East Germany one night saw people standing at boarder crossings in ever larger groups.
East German guards had two options. Defend the crossing with force or open the border. Both options where in place and any correct order would have been followed.
A protester in some remote country makes a political statement and the images are seen around the world.
Who funded the protester and helped set up the perfect high definition optics of the event?
A local law enforcement official is caught turning media cameras off or is broadcast screaming at the media with military style equipment pointed up, ready for use.
Local events then go around the world. East Germany could always hope to capture the press and camera crew before a tape was broadcast.
Now a lot of people have their own HD camera equipment and low cost live streaming or remote file saving products. Removing a camera locally does not work so well anymore for local law enforcement officials. The meme gets out and trends up.
The only hope US law enforcement officials have is to fully predict and understand the trending, identify who has the accounts and prevent them from making it to any protest area.
So expect to see the US gov spend a lot in tracking down anyone who can shape social media.
Good luck even moving around in your own city if you have been noted for your social media skills.
Recall the Federal judge rules against NSA news. http://www.freedomwatchusa.org...
It gets interesting when a gov stats watching and study all domestic communications.
It really depends how many times that private sector data is resold, packaged for gov use and how a state or federal gov puts it all back together.
A no fly, no buy, extra tax based on the results of US domestic collected trends?
What is a Church, a non profit or a charity when it starts trending to the left or right of a party in power?
New tax issues and the local volunteers get a talk down? Get nice long audit going? Kind of nice to find the political groups before they trend too much and make gov intervention look more random.
One time pad, number stations work if used correctly.
After all the news from http://cryptome.org/2013-info/... any generation of computer or international standard is allowed to gain traction.
Once a gov has staff or front companies help set international standards, the plain text just flows for years from most users, most of the time.
That was already done and fully accessed by the NSA and GCHQ as shipped and offered over OS, products and software versions.
The US brands where tame, their network and products allowed the flow of voice, images and text back to other nations.
From Communications Assistance for Law Enforcement Act to the Snowden news. Tame cell or tame junk software encryption standards is now more understood..
An OS or software or device maker can talk of their encryption but their efforts always go back to needing to be ready for the next generations of Communications Assistance for Law Enforcement Act.
General availability just means a tame provider has plain text or voice or video access ready for the security services down to a city, state and federal level.
That crypto project for free, import, export, sale.. no questions, you can add code it all day with friends around the world
All the encoded networking use stands out and is a path back to a user.
The special apps after text entry for network use are just the way to find a users who feels they need crypto.
A gov will just send down uniquely crafted malware for that user to grab every aspect of plain text entered.
Quality consumer grade behavioral and heuristic antivirus applications will see another safe, user installed application.
As the text is entered as captured.
Crypto becomes the beacon to find users with the skills to install and use it daily to a good standard.
In the 1950-80's most nations with complex embassy and other communications needs faced the same issues.
Send a lot with of information back standard equipment and the next generation product range was back to plain text for the NSA and GCHQ.
1950's France and Russia understood that over time.
The NSA and GCHQ always got into the supply and design stage. Top staff or as an entire front company. Plain text for the US and UK was easy then.
Security could only be established with number stations and one time pads (use once).
The free tech product or bespoke product sold is the way in.
With more data to send, the only easy way was with a classic machine or now a computer. The NSA and GCHQ hope new projects buy into or code with one of the many tested, safe, existing standards.
This method was used in the 1920's, 30's, Enigma and can be seen from the Snowden press.
Once another nation has the code, box, staff or is working on the project its back to shared plain text all the time as over any decade.
+1 for that. That is what sets some VPN products apart from others.
So many different layers can leak depending on the OS or what links, services. Thanks for that Charliemopps.
Re "Not that I think what you are saying is not possible, more that it will take the Australian government (and associated agencies) more coordination, competence and unity to reach such abilities. And I've never been witness to any such of the three stated capabilities."
Whats the hard part?
The tracking of people who speak out on political, anti war, environmental issues was seen during the anti Vietnam war efforts.
So the police interest in any protesters is expected as it was over decades..
The ip storage for 2 years is open to the police and courts. So the legal data logging side is in place ready for open court use.
The gov malware side and interest in Australian computers?
The Surveillance Devices Bill will widen the use of "data surveillance" warrants. So more legal support to install key logging devices. https://www.efa.org.au/Issues/...
Australia now has the power to find an Australian ip, return the provider details months later and then seek more information from a users computer.
"Data retention will catch pirates" (30/10/2014) http://www.abc.net.au/lateline...
"Illegal downloads, piracy - sorry, cyber crimes, cyber security."
That would be an interesting thought experiment for two local film students.
Film the buyiny the hardware to connect. Set up and log in.
The two film students could then chat about complex movie ideas without been on a traditional ISP.
Then just chat about history in very interesting ways with out mentioning a script and plot every few lines.
An Australian version of COINTELPRO https://en.wikipedia.org/wiki/... would just find every charming, photogenic person speaking in public about logs and an internet tax.
It would be like the Vietnam war protests all over again.
It would be better to cover every packet in and out for daily use, maybe a clean VM with a browser out to a good VPN.
Talking out against logging, an internet tax to pay for it, would see such views been noted by the gov as insights go public.
Australia has a long history of tracking all people who speak out on political, anti war, environmental issues at a state and federal level.
Once you are of interest expect your computer to get gov quality malware crafted just for that user.
No escape, every keystroke is then fair game.
Consumer grade heuristic and behavioural AV protection would just see another safe user installed application running.
Get a good VPN out to a another country.
A good VPN would just show a VPN ip range as logged with your ISP.
Ensure the VPN covers all web use and services not just basic webpage use.
Laws could always change about how a VPN product is understood by the gov.
That VPN could be in a country with bilateral agreements, multilateral treaties or has same banking understandings.
The use of an Australian credit card is an issue. Track Australian credit card use to find VPN users. No local isp paperwork needed. https://en.wikipedia.org/wiki/...
A request for details about VPN use in other countries might just results in CC lists been sent back.
Five eyes, nations friendly with the five eye nations make a VPN selection interesting.
That is shipped, factory sealed as unpacked and installed.
Thats why all the spy rocks keep on getting found.
How many where more than just dead-letter drops?
Russian 'spy rock' was genuine, former chief of staff admits (19 Jan 2012) http://www.telegraph.co.uk/new...
re "This is what I like about proprietary software. Lots of eyeballs are probing for vulnerabilities, and when such are found, they are fixed quickly by professional paid developers."
The same brands who allowed years of weak crypto for the NSA and GCHQ?
Hard to see what extras a person gets with proprietary software. Or what is nor fixed or fixed later.
The world has seen where trusting big OS, telco and software brands has left crypto security. :)
If a person wants a CPU, motherboard and OS at some point they are going to have to buy a product.
So people have the option to go out and test and read up on other CPU products. If they like what they find, support and even buy that product.
Real customers do that have option. Ask questions, shop around, test, buy, think, publish.
Buying again and again from the brands that have fooled consumers for years with tame, junk crypto might not be the best idea to go on with again and again.
A big wide world of CPU, motherboards, networking products, brands and real academic experts
What was the Communications Assistance for Law Enforcement Act ready should be easy to think about.
Product, brand, service or code on phone hardware for voice and video?
Communications Assistance for Law Enforcement Act is clear on the expected support needed. What needs telco products have to meet will be seen under new regulations over the next years.
https://en.wikipedia.org/wiki/...
Find an OS and cpu that can be tested. Work on your own crypto and applications. No need to accept shipped junk crypto and tame software.
Yes people have the option to talk about the tame brands and their expensive junk crypto :)
People can now think about their computing needs understanding what gov and mil extras they are paying over generations of hardware and software upgrades.
A cpu thats been tested and an open OS on top.
"How I do my computing"
https://stallman.org/stallman-... has some ideas on that.
"Third Party Partners Allow NSA to Tap Fiber-Optic Cables" as a list http://leaksource.info/2014/07...
The only plus is in the constant new funding, new missions and expansion. :)
Why just support other mil and gov needs as requested when the NSA can now plan and run the operation.
NSA 'totalitarian,' ex-staffer tells German parliament
http://www.dw.de/nsa-totalitar...
Binney: 'The NSA's main motives: power and money'
http://www.dw.de/binney-the-ns...
"Money. It takes a lot of money, you have to build up Bluffdale [the location of the NSA's data storage center, in Utah] to store all the data. If you collect all the data, you've got to store it, you have to hire more people to analyze it, you have to hire more contractors, managers to manage the flow. You have to start a big data initiative. It's an empire. Look at what they've built! Have you ever looked around all the buildings they've built up because of 9/11?"
The world now understands the state of the art junk crypto for free or for sale from trusted brand
The problem for that is the NSA staff and friendly nations around the world.
What the NSA holds back from US OS and US tame telcos is shipped as international standards.
The cyber security tools get handed around for international and domestic use. Australia, Canada, the UK, NZ, then down to the third party nations and some other nations. Thats a lot of local staff using tools, methods, systems everyday on and with US telco and computing standards.
At some time the staff enter the private sector and take their skills with them. A bank, security firm, political party or rival telco now has the same deep gov skills and telco methods.
At some time the a staff member gets removed and is less welcome in the the private sector with their skills. No bank, security firm, political party or rival telco job.
So other nations and other groups make great offers. The cash is good and the work is as interesting. Now some random people or nation has the same deep gov skills and telco methods for cash.
That is why telco and computer crypto standards need to be very good. Too many ex or former staff, nations, groups and people can afford the same skills if the keys, codes and tools are just left in the open or are designed as junk standards.
The US and UK govs have guided very weak telco and junk computer standards over decades. Tame OS and telcos have allowed junk crypto to spread under their own brands.
What was crypto junk for an embassy in the 1950's buying communications hardware is now the global standard. Everyone with cash and connections can now track or get plain text too. Are the police in a phone network? Are the police sending a request to watch a list of numbers? Get a real time update and escape before the telco even sets up the tracking and logging.
All thanks to junk telco and OS standards by updated tame global staff. What was great for hunting spies on any telco network can now be used to track police intercept requests by any group with cash.
Want to track political leaders or protesters for any reason? Just have the right codes and a national cell network is for sale by ex or former staff.
What the NSA and GCHQ saw as instant, real time access for their own is now open to all. Thats why good telco standards are so vital. If one group can get in, everyone can.
Any cell phone product would be open to a telco by default for law enforcement as shipped and sold.
Why mess around with user applications when the hardware layer is open?
Just get every message sent, gps, camera, voice, text as entered before an app encrypts.
It can just be a frame from a viral video, movie or political event that becomes the "meme". Recall the art created from the use of pepper spray in the US.
Try http://knowyourmeme.com/
Movies can kept or sent be sent out of an area in realtime with apps like Bambuser, Call Recorder, Fi-Vo Film, GotYa!, Open Watch, Secret Camera Recorder.
Frames extracted and comments or art work added. The classic "meme" is then ready for use.
Gov, mil and local law enforcement officials do like to track people with the ability to create and host the original content that can trend and create discussion or enters local or national media.
A meme to the US gov is anything that could start political issues that spreads over social media, old and new media.
Great for a CIA funded color revolution around the world https://en.wikipedia.org/wiki/...
Historically in the US COINTELPRO https://en.wikipedia.org/wiki/... would like to get in front of any trending domestic issues.
So what is a meme or trend and what would make the US gov spend cash on looking at pics and comments online?
East German news about visa needs to travel out of East Germany one night saw people standing at boarder crossings in ever larger groups.
East German guards had two options. Defend the crossing with force or open the border. Both options where in place and any correct order would have been followed.
A protester in some remote country makes a political statement and the images are seen around the world.
Who funded the protester and helped set up the perfect high definition optics of the event?
A local law enforcement official is caught turning media cameras off or is broadcast screaming at the media with military style equipment pointed up, ready for use.
Local events then go around the world. East Germany could always hope to capture the press and camera crew before a tape was broadcast.
Now a lot of people have their own HD camera equipment and low cost live streaming or remote file saving products. Removing a camera locally does not work so well anymore for local law enforcement officials. The meme gets out and trends up.
The only hope US law enforcement officials have is to fully predict and understand the trending, identify who has the accounts and prevent them from making it to any protest area.
So expect to see the US gov spend a lot in tracking down anyone who can shape social media.
Good luck even moving around in your own city if you have been noted for your social media skills.
Recall the Federal judge rules against NSA news.
http://www.freedomwatchusa.org...
It gets interesting when a gov stats watching and study all domestic communications.
It really depends how many times that private sector data is resold, packaged for gov use and how a state or federal gov puts it all back together.
A no fly, no buy, extra tax based on the results of US domestic collected trends?
What is a Church, a non profit or a charity when it starts trending to the left or right of a party in power?
New tax issues and the local volunteers get a talk down? Get nice long audit going? Kind of nice to find the political groups before they trend too much and make gov intervention look more random.
One time pad, number stations work if used correctly.
After all the news from http://cryptome.org/2013-info/... any generation of computer or international standard is allowed to gain traction.
Once a gov has staff or front companies help set international standards, the plain text just flows for years from most users, most of the time.
That was already done and fully accessed by the NSA and GCHQ as shipped and offered over OS, products and software versions.
The US brands where tame, their network and products allowed the flow of voice, images and text back to other nations.
From Communications Assistance for Law Enforcement Act to the Snowden news. Tame cell or tame junk software encryption standards is now more understood..
An OS or software or device maker can talk of their encryption but their efforts always go back to needing to be ready for the next generations of Communications Assistance for Law Enforcement Act.
General availability just means a tame provider has plain text or voice or video access ready for the security services down to a city, state and federal level.
That crypto project for free, import, export, sale.. no questions, you can add code it all day with friends around the world
All the encoded networking use stands out and is a path back to a user.
The special apps after text entry for network use are just the way to find a users who feels they need crypto.
A gov will just send down uniquely crafted malware for that user to grab every aspect of plain text entered.
Quality consumer grade behavioral and heuristic antivirus applications will see another safe, user installed application.
As the text is entered as captured.
Crypto becomes the beacon to find users with the skills to install and use it daily to a good standard.
In the 1950-80's most nations with complex embassy and other communications needs faced the same issues.
Send a lot with of information back standard equipment and the next generation product range was back to plain text for the NSA and GCHQ.
1950's France and Russia understood that over time.
The NSA and GCHQ always got into the supply and design stage. Top staff or as an entire front company. Plain text for the US and UK was easy then.
Security could only be established with number stations and one time pads (use once).
The free tech product or bespoke product sold is the way in.
With more data to send, the only easy way was with a classic machine or now a computer. The NSA and GCHQ hope new projects buy into or code with one of the many tested, safe, existing standards.
This method was used in the 1920's, 30's, Enigma and can be seen from the Snowden press.
Once another nation has the code, box, staff or is working on the project its back to shared plain text all the time as over any decade.
+1 for that. That is what sets some VPN products apart from others. So many different layers can leak depending on the OS or what links, services. Thanks for that Charliemopps.
Re "Not that I think what you are saying is not possible, more that it will take the Australian government (and associated agencies) more coordination, competence and unity to reach such abilities. And I've never been witness to any such of the three stated capabilities."
Whats the hard part?
The tracking of people who speak out on political, anti war, environmental issues was seen during the anti Vietnam war efforts.
So the police interest in any protesters is expected as it was over decades..
The ip storage for 2 years is open to the police and courts. So the legal data logging side is in place ready for open court use.
The gov malware side and interest in Australian computers?
The Surveillance Devices Bill will widen the use of "data surveillance" warrants. So more legal support to install key logging devices.
https://www.efa.org.au/Issues/...
Australia now has the power to find an Australian ip, return the provider details months later and then seek more information from a users computer.
"Data retention will catch pirates" (30/10/2014)
http://www.abc.net.au/lateline...
"Illegal downloads, piracy - sorry, cyber crimes, cyber security."
That would be an interesting thought experiment for two local film students.
Film the buyiny the hardware to connect. Set up and log in.
The two film students could then chat about complex movie ideas without been on a traditional ISP.
Then just chat about history in very interesting ways with out mentioning a script and plot every few lines.
An Australian version of COINTELPRO https://en.wikipedia.org/wiki/... would just find every charming, photogenic person speaking in public about logs and an internet tax.
It would be like the Vietnam war protests all over again.
It would be better to cover every packet in and out for daily use, maybe a clean VM with a browser out to a good VPN.
Talking out against logging, an internet tax to pay for it, would see such views been noted by the gov as insights go public.
Australia has a long history of tracking all people who speak out on political, anti war, environmental issues at a state and federal level.
Once you are of interest expect your computer to get gov quality malware crafted just for that user.
No escape, every keystroke is then fair game.
Consumer grade heuristic and behavioural AV protection would just see another safe user installed application running.
Your link and request would be seen as a ip range to the search engine. The startpage.com search engine has settings.
Get a good VPN out to a another country.
A good VPN would just show a VPN ip range as logged with your ISP.
Ensure the VPN covers all web use and services not just basic webpage use.
Laws could always change about how a VPN product is understood by the gov.
That VPN could be in a country with bilateral agreements, multilateral treaties or has same banking understandings.
The use of an Australian credit card is an issue. Track Australian credit card use to find VPN users. No local isp paperwork needed.
https://en.wikipedia.org/wiki/...
A request for details about VPN use in other countries might just results in CC lists been sent back.
Five eyes, nations friendly with the five eye nations make a VPN selection interesting.
That is shipped, factory sealed as unpacked and installed.
Thats why all the spy rocks keep on getting found.
How many where more than just dead-letter drops?
Russian 'spy rock' was genuine, former chief of staff admits (19 Jan 2012)
http://www.telegraph.co.uk/new...