PRISM

Khannie · 19-06-2013 11:35am

silentrust wrote: »

Home mail server might be a great project for my Raspberry Pi but aren't you worried that it could be seized?

Not in the slightest. I just want to prevent accidental eavesdropping like we're seeing. If I were genuinely concerned about seizure I think there would be something drastically wrong with my life.

Think I will throw mine on a pi too. I have one lying around doing nothing. It's probably perfect for this kind of thing.

Capt'n Midnight · 19-06-2013 12:37pm

Khannie wrote: »

You assume that physical access = compromised. It's not beyond possibility to set up a machine in such a way that this is not the case. I linked one earlier.

For most people it's a safe assumption.

But then again for most people any security at all is enough because they just aren't interesting.

If you aren't in a Faraday cage there is always Van Eck phreaking.
And keyboards can be snooped with microphone and camera, even if there is no other way to tap into it directly. (Which is one of the reasons eVoting is a vary bad idea)

Smartphone apps that can detect vibrations can guess what keys are being pressed.

How paranoid do you want to be ?

There aren't enough humans to filter all this / do the physical stuff unless you draw enough attention to your self. But don't worry it's probably all recorded for posterity so they can trawl through it later when a vulnerability is found at some time in the future. :pac: My gut feeling is that quantum computers won't be able to decrypt stuff anything like the PR campaign for them would have you believe. It's like the funding for AI all over again.

silentrust · 19-06-2013 6:31pm

Khannie wrote: »

Not in the slightest. I just want to prevent accidental eavesdropping like we're seeing. If I were genuinely concerned about seizure I think there would be something drastically wrong with my life.

Think I will throw mine on a pi too. I have one lying around doing nothing. It's probably perfect for this kind of thing.

I'd be very interested to hear about your efforts with this, I am going to try and tweak my Pi too... the trick will be protecting it against seizure IMHO, very exciting times ahead...!

clairefontaine · 19-06-2013 7:34pm

This whole thing is so depressing and making me very angry at the audacity of the government. I am not tech savvy to keep up with what is being discussed here but Im guessing iinternet security wil be the next huge industry because of this. In the meantime I think I'll have to back to snail mail. This is unacceptable.

Thank you very much silent trust for taking time to explain that to me.

zenno · 19-06-2013 9:44pm

If any of you are worried (as you should be) about Prism, you should sign the petition below.

https://optin.stopwatching.us/?r=eff

riclad · 19-06-2013 9:56pm

I wonder will there be eu versions of dropbox ,
gmail, etc and cloud services.
eg we have servers in sweden , our data is not being
acessed by the us government .
IF you are concerned about security ,you should be running linux ,with a login password.

i Think its better to assume any american software on a pc , can be acessed by nsa .
Theres an article here,
http://www.slate.com/blogs/future_tense/2013/06/19/viviane_reding_european_commission_vice_president_on_meeting_with_eric_holder.html

so eu vice president says europeans should have
the same protection as usa citizens under us law ,re data acess, surveillance.

SO does that mean
every one in the eu ,will have all email,phone calls ,webrowsing, facebook, recorded ,
AS in the usa.AS long as its cleared by a secret court in the usa ,whose orders are secret .
That does not inspire confidence.
WE need new eu laws brought in to make sure all data, webrowsing ,phone calls are just not being recorded and shared with private companys.
IF companys like google are being asked for data ,
they should be able to say we got say 10,000 request s for data on customers email,or web searches, in the uk from the intelligence services.
the CIA want a new law brought in,
all im messaging ,programs like skype etc and devices ,
like smartphones must have a back door built in to allow easy interception of messages.
of Course this back door will be used by hackers,
to hack into pcs, and get your bank info,credit card data.
I can see alot more people just buying a pc, and installing linux, to have more privacy and security.

2 million people in the usa have top security clearance,
there,s must be a few people tempted to use acess to this this data ,for financial reasons,to get intelligence on business takeovers ,share,s ,new products, business intelligence etc
Maybe a european company could bring out a new phone,
this phone, has security,privacy apps,encrypted messaging built in, to the os.
Basically we have to assume now,any american product,phone etc
could be acessed by usa intelligence .

riclad · 19-06-2013 10:25pm

Quote from THE register,uk,

To effect change we are left with a boycott in everything but name. It means that non-US Western businesses need to start using "not subject to US law" as a marketing point. We need cloud providers and software vendors that don't have a US presence, no US data centers, no US employees - no legal attack surface in that nation of any kind. Perhaps most critical of all, we need a non-American credit-card company.

I think this is the best chance of changing the system,

if europeans stop buying american software,
the Americancompanys will start lobbying for a more
targetted system,
that uses proper court orders where survellience is necessary in certain cases.
That does not presume all europeans are potential terrorists or spys.

nmop_apisdn · 20-06-2013 2:08am

Capt'n Midnight wrote: »

My gut feeling is that quantum computers won't be able to decrypt stuff anything like the PR campaign for them would have you believe. It's like the funding for AI all over again.

http://www.scientificamerican.com/article.cfm?id=d-waves-quantum-computer-courts-controversy

Haven't read it yet. Could be sh1t.

[-0-] · 20-06-2013 3:25am

So I am now using PGP for my email, although I rarely email anyone. I downloaded IM+ and paid for the OTR extras so I can encrypt my Facebook chat messages, although I'm sure most of the people I talk to on there won't follow the pidgin link I gave them. I'll refuse to talk to people on there if it isn't encrypted.

I'm also using it to talk on AIM.

I wish I could just get rid of my Facebook account.

[-0-] · 20-06-2013 3:37am

Speaking of which, I'm pretty surprised boards.ie doesn't have SSL yet.

silentrust · 20-06-2013 9:30am

[-0-] wrote: »

So I am now using PGP for my email, although I rarely email anyone. I downloaded IM+ and paid for the OTR extras so I can encrypt my Facebook chat messages, although I'm sure most of the people I talk to on there won't follow the pidgin link I gave them. I'll refuse to talk to people on there if it isn't encrypted.

I'm also using it to talk on AIM.

I wish I could just get rid of my Facebook account.

Hi -0- I'd be interested to know, is this the Android version you're using which is why you paid for the OTR extras or is this the same for the desktop version too? It's just that Pidgin+OTR would be free, so am assuming there's an advantage in using IM+ I don't know about?

silentrust · 20-06-2013 9:46am

Let's hope you're right re: Linux riclad!

I applaud your sentiment about having strong privacy laws in the EU but of course the same is true for the US - the point here is that PRISM is undermining citizens legal guarantees of privacy, they just assumed they'd be able to do it without anyone noticing and if it hadn't been for the integrity of men like Snowden, we wouldn't know the full extent of it.

When the scandal broke I first moved my e-mail address from Gmail to a Swedish provider as I saw an article saying Google Apps had been banned from use by a municipality due to legal concerns about how it uses private data.

GILC also has written an article about privacy legislation in the EU if you're interested.

However aside from the fact that Sweden has tried to use privacy laws as a form of censorship in the past it has also recently passed a Data Retention Directive which will require ISP's to keep information about all their users activities for six months.

This has been done, surprise surprise to keep Sweden in line with EU legislation which permits this kind of surveillance on a scale that makes PRISM seem like a Sunday Picnic.

It's precisely because I live in the EU that I have switched to a mail server based outside it in Norway as that country has much stricter privacy laws and no requirement to share them with other EU countries like ours.

Of course the best guarantee of privacy would be to use a service which can be encrypted end to end like Tormail, I2P etc. in conjunction with GPG but I think this is good enough for everyday purposes.

riclad wrote: »

I wonder will there be eu versions of dropbox ,

so eu vice president says europeans should have
the same protection as usa citizens under us law ,re data acess, surveillance.

SO does that mean
every one in the eu ,will have all email,phone calls ,webrowsing, facebook, recorded ,
AS in the usa.AS long as its cleared by a secret court in the usa ,whose orders are secret .
That does not inspire confidence.
WE need new eu laws brought in to make sure all data, webrowsing ,phone calls are just not being recorded and shared with private companys.
IF companys like google are being asked for data ,
they should be able to say we got say 10,000 request s for data on customers email,or web searches, in the uk from the intelligence services.
the CIA want a new law brought in,
all im messaging ,programs like skype etc and devices ,
like smartphones must have a back door built in to allow easy interception of messages.
of Course this back door will be used by hackers,
to hack into pcs, and get your bank info,credit card data.
I can see alot more people just buying a pc, and installing linux, to have more privacy and security.

silentrust · 20-06-2013 9:52am

nmop_apisdn wrote: »

http://www.scientificamerican.com/article.cfm?id=d-waves-quantum-computer-courts-controversy

Haven't read it yet. Could be sh1t.

We talked before about the British government hushing up the fact they could crack Enigma so they could give captured encoding machines to their newly independent colonies in Africa and the Pacific - however this was for espionage and diplomatic purposes, had they used the messages as evidence in an open trial then their hand would have been revealed.

However Snowden did say that strong encryption still works, so presumably if the NSA could crack SSL/TLS/PGP by factoring primes at top speed they wouldn't need to have Facebook et. al hand over user data?

Capt'n Midnight · 20-06-2013 10:55am

silentrust wrote: »

However Snowden did say that strong encryption still works, so presumably if the NSA could crack SSL/TLS/PGP by factoring primes at top speed they wouldn't need to have Facebook et. al hand over user data?

Electricity costs money etc.

Why would you waste resources when you can get handed the plain text ?

silentrust · 20-06-2013 11:15am

Capt'n Midnight wrote: »

Electricity costs money etc.

Why would you waste resources when you can get handed the plain text ?

Or perhaps that's THEY want us to think... :-D

[-0-] · 20-06-2013 12:49pm

silentrust wrote: »

Hi -0- I'd be interested to know, is this the Android version you're using which is why you paid for the OTR extras or is this the same for the desktop version too? It's just that Pidgin+OTR would be free, so am assuming there's an advantage in using IM+ I don't know about?

Hi there.

I'm using the iPad version of IM+.

I tried a free implementation of OTR called ChatSecure but it's a PoS. Crashes regularly. The OTR add on for IM+ was only 5 bucks, so like....3 euro. Meh, I don't mind paying for it to be honest! I like stability.

The Pidgin developers refuse to develop applications for iOS. Here's why: https://developer.pidgin.im/wiki/WhyNoiOSVersion

silentrust · 20-06-2013 6:04pm

[-0-] wrote: »

Hi there.

I'm using the iPad version of IM+.

I tried a free implementation of OTR called ChatSecure but it's a PoS. Crashes regularly. The OTR add on for IM+ was only 5 bucks, so like....3 euro. Meh, I don't mind paying for it to be honest! I like stability.

The Pidgin developers refuse to develop applications for iOS. Here's why: https://developer.pidgin.im/wiki/WhyNoiOSVersion

A very interesting link -0- many thanks, I'm embarrassed to say I didn't realise this was a prerequisite for submitting apps to Apple. Have you ever used Cryptocat before? I'm using that as an alternative to Google Talk and Skype at the moment. I imagine it would work with iOS?

[-0-] · 20-06-2013 6:57pm

silentrust wrote: »

A very interesting link -0- many thanks, I'm embarrassed to say I didn't realise this was a prerequisite for submitting apps to Apple. Have you ever used Cryptocat before? I'm using that as an alternative to Google Talk and Skype at the moment. I imagine it would work with iOS?

Yep I've used it before. It's a plugin for Chrome and Chrome is available for iOS. It's not too bad.

silentrust · 20-06-2013 7:25pm

[-0-] wrote: »

Yep I've used it before. It's a plugin for Chrome and Chrome is available for iOS. It's not too bad.

Excellent, it's all falling into place... :-D

Edit: It seems Cryptocat can also be downloaded from the Mac App store. We truly are living in a golden age..

le sigh · 21-06-2013 1:34am

Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It

Skype Provided Backdoor Access to the NSA Before Microsoft Takeover [NYT]

More data storage? Here’s how to fit 1,000 terabytes on a DVD

hooplah · 21-06-2013 7:22pm

Encryption might mean your data is held for longer: http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/

Intersting read, I think though that they've got the cover of the wrong Orwell book ...

silentrust · 21-06-2013 10:23pm

hooplah wrote: »

Encryption might mean your data is held for longer: http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/

Intersting read, I think though that they've got the cover of the wrong Orwell book ...

Agree re. Orwell, goodness knows what he would have made of all this!

I hope Tor users are making a concerted effort to use private bridges which mask their traffic to frustrate this.

Thanks for posting the article, most interesting!

le sigh · 22-06-2013 12:19am

Edward Snowden Charged With Espionage Over NSA Leaks: Report

[-0-] · 22-06-2013 3:08am

Called a spy for outing the spies. Hilarious.

silentrust · 22-06-2013 10:32am

bedlam wrote: »

He's told us to use Tor

Video is ++ungoodthinkful verging crimethink, refs unpersons. Edit and resubmit to prolefeed.

le sigh · 22-06-2013 11:47pm

Protection for Whistleblowers
v
v
v
Adleaks

The current best practice for online submissions is to use an SSL connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this does not protect against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view.

We suggest a novel type of submission system for online whistleblowing platforms that we call AdLeaks. The objective of the AdLeaks system is to make whistleblower submissions unobservable even if the adversary sees the entire network traffic. A crucial aspect of the AdLeaks design is that it eliminates any signal of intent that could be interpreted as the desire to contact an online whistleblowing platform.

Surprising number of exit nodes in Europe.

Introducing the NSA-Proof Font
Potentially a great employment creator.:pac:

Pardon Edward Snowden
It's over a 100,000 (the new threshold) now so they'll have to give an official response. But
Snowden Petition Is Useless

Password Cracking AES-256 DMGs and Epic Self-Pwnage

Capt'n Midnight · 23-06-2013 12:41am

le sigh wrote: »

Introducing the NSA-Proof Font
Potentially a great employment creator.:pac:

Just PR.

It's not even a Caesar cipher.

If you think the NSA are reading hardcopies or are looking at your screen then changing font isn't going to much.

Pardon Edward Snowden
It's over a 100,000 (the new threshold) now so they'll have to give an official response.

Once upon a time there was a petition against Regan handed in to the US embassy here. They typed all the names in the computer and used it to block people getting Visa's to work in the US.

le sigh · 23-06-2013 1:22am

Source Says The Hong Kong Government Has Provided Edward Snowden An Apartment To Stay In

Chat with Duck Creator

Are you still improving the search engine?
We are focusing more on instant answers.

Must try harder!! It can't even find some sites if you don't add in .com.

How Browsers Store Your Passwords (and Why You Shouldn't Let Them)
Not that I'd use them but I'd wondered how good or bad they were.

Free Encryption For Everyone
^^^Canadian

WikiLeaks' Assange urges support for Snowden, slams Obama 'betrayal'
Makes some good points.

Off topic but this is brill. Watch in at least 480p.

le sigh · 23-06-2013 1:41am

Capt'n Midnight wrote: »

Once upon a time there was a petition against Regan handed in to the US embassy here. They typed all the names in the computer and used it to block people getting Visa's to work in the US.

What was petition about?

Capt'n Midnight · 23-06-2013 2:04am

I was telling my mate about how the government plant surveillance devices in street equipment.

"That's absolutely ridiculous," replied the lamppost.

le sigh · 23-06-2013 2:52am

lol

moneymad · 23-06-2013 12:25pm

Snowden on a plane to Moscow

silentrust · 23-06-2013 1:45pm

Capt'n Midnight wrote: »

Just PR.

It's not even a Caesar cipher.

If you think the NSA are reading hardcopies or are looking at your screen then changing font isn't going to much.

Agreed, you'd probably be better off writing out by hand if this is a worry, though I agree it wouldn't make much of a difference, it's a substitution cipher* at best, which can be cracked in seconds by a cheap desktop PC.

*Monoalphabetic substitution cipher for the anally retentive.

silentrust · 23-06-2013 1:51pm

moneymad wrote: »

Snowden on a plane to Moscow

Well spotted moneymad, according to the BBC a source at the airline says he doesn't want to remain in Moscow (I know from experience that if you stay too long, they make you!), and is likely to go to Venezuela or Cuba, both countries extremely unlikely to hand him over.

Let's hope we see the US Department of Justice begin a criminal investigation into why their own government has breached the Constitution.

Capt'n Midnight · 23-06-2013 2:02pm

silentrust wrote: »

Agreed, you'd probably be better off writing out by hand if this is a worry, though I agree it wouldn't make much of a difference, it's a substitution cipher* at best, which can be cracked in seconds by a cheap desktop PC.

*Monoalphabetic substitution cipher for the anally retentive.

It's a font so the electronic version is plain text.
Only the display has anything resembling obfuscation.

To crack it without a PC would take a few times longer than counting the characters.

At a guess even from a blurred picture you could deduce info from the shading - I wonder what the minimum resolution you'd need to decipher text is if you used word frequency analysis too.

silentrust · 23-06-2013 2:03pm

le sigh wrote: »

v
v
v
Adleaks

Re: Adleaks I've been trying to understand this bit:

"The current best practice for online submissions is to use an SSL/TLS connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this provides limited protection against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view. The research challenge is to design systems that are safe for whistleblowers even if the adversary can see, record and analyze most or all network traffic."

As far as I can see the problem they're envisaging could be solved by operating as a Tor hidden service? i.e having their own .onion address and accepting submissions via Tormail e-mail? Ditto I2P?

It's not that I don't applaud what they're doing it's just they seem to be reinventing the wheel as far as I can see? Forgive me if I have missed something.

silentrust · 23-06-2013 2:04pm

Capt'n Midnight wrote: »

It's a font so the electronic version is plain text.
Only the display has anything resembling obfuscation.

To crack it without a PC would take a few times longer than counting the characters.

At a guess even from a blurred picture you could deduce info from the shading - I wonder what the minimum resolution you'd need to decipher text is if you used word frequency analysis too.

Probably be quicker and easier just to learn how to use GPG...! :-)

Capt'n Midnight · 23-06-2013 2:06pm

If you want to create gibberish for them to try to decode this algorithm will generate some.

http://www.wired.com/wired/archive/12.09/rugg.html?pg=4

How to Create an "Indecipherable" Manuscript
...
1. Stock a grid with randomly generated prefixes, midfixes, and suffixes.

2. Using heavy card stock, cut a three-slot grille that exposes word fragments.

3. Work through the table, placing the grille over three cells to form a new word.

4. Copy the words onto the manuscript page.

5. To vary the pattern, periodically cut a new grille and repeat steps 3 and 4.

silentrust · 23-06-2013 2:09pm

Capt'n Midnight wrote: »

If you want to create gibberish for them to try to decode this algorithm will generate some.

http://www.wired.com/wired/archive/12.09/rugg.html?pg=4

Shades of Voynich? :-)

silentrust · 23-06-2013 2:18pm

silentrust wrote: »

Re: Adleaks I've been trying to understand this bit:

"The current best practice for online submissions is to use an SSL/TLS connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this provides limited protection against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view. The research challenge is to design systems that are safe for whistleblowers even if the adversary can see, record and analyze most or all network traffic."

As far as I can see the problem they're envisaging could be solved by operating as a Tor hidden service? i.e having their own .onion address and accepting submissions via Tormail e-mail? Ditto I2P?

It's not that I don't applaud what they're doing it's just they seem to be reinventing the wheel as far as I can see? Forgive me if I have missed something.

Ok, in a bid to answer my own question I've visited this Pinterest page which explains how Adleaks works in terms my addled brain can understand:

"In response to the networks — which make anonymized programs like Tor traceable — Professor Volker Roth and his team at Freie Universität Berlin are developing AdLeaks, which aims to bury leaked and secret information among the noise of ads and rush of Internet traffic.

The system uses Internet ads to dispatch small programs that are supported by most websites to encrypt and transfer empty messages to the AdLeaks server whenever a website is visited. The whistleblower simply adds a small piece of code (obtained by scanning a QR code) to modify their browser to encrypt and transfer confidential messages rather than the regular empty ones, which is how the leaks are delivered.

Due to the fact that all visitors to that site are submitting the same type of data, surveillance and filtering programs do not see anything abnormal and clearly different within their data, the AdLeaks website explains."

So in a nutshell, people will be able to submit documents/info via websites and in theory there'll be no way to distinguish between traffic of regular users to sites containing websites with adverts which can be used via Adleaks.

Would this really be more anonymous than using Tor with a private bridge? Does anyone think it'd be easier to detect that someone had accessed a specific Tor hidden service in this way through traffic analysis than it would to see if someone has visited a website using Adleaks?

Khannie · 23-06-2013 2:31pm

silentrust wrote: »

Would this really be more anonymous than using Tor with a private bridge? Does anyone think it'd be easier to detect that someone had accessed a specific Tor hidden service in this way through traffic analysis than it would to see if someone has visited a website using Adleaks?

Yeah, your ISP could easily tell if you'd been using TOR, as could anyone with a sufficient number of exit nodes. This idea, assuming ubiquitous use of those ads, would mean even visiting boards (for example) might bring up one. Pretty clever idea.

silentrust · 23-06-2013 4:31pm

Khannie wrote: »

Yeah, your ISP could easily tell if you'd been using TOR, as could anyone with a sufficient number of exit nodes. This idea, assuming ubiquitous use of those ads, would mean even visiting boards (for example) might bring up one. Pretty clever idea.

I like the idea I just wonder if it wouldn't be better for any whistleblowing website just to run a Tor hidden service whereby people can submit material or just have a Tormail, that would eliminate the problem of poisoned nodes entirely surely?

Wouldn't using a private bridge stop anyone from telling you're running Tor? I thought that made your traffic just look like regular secure http?

Still, more than one way to skin a cat and all that and at least would only need the one browser plugin.

numbnutz · 23-06-2013 11:23pm

Looks Like that film Sneakers has become reality

le sigh · 23-06-2013 11:55pm

Edward Snowden asks for asylum in Ecuador - as it happened

He’s back: Creepy Cameraman pushes the limits in new public surveillance video

Prism is worse, though not as "in your face" yet people can't even be arsed to do the simplest thing of changing browsers. Duck has only barely increased to 60mil searches worldwide a month, Google is rocking 13.3Billion a month in the states alone.

Kinda strange.

WikiLeaks Statement On Edward Snowden’s Exit From Hong Kong

riclad · 24-06-2013 7:32am

Some people just use the NET , for facebook, music,youtube ,
SO they don,t really care about privacy.

DOES the average user even bother to set up the privacy settings on facebook accounts properly.
I wonder will the eu bring in new laws re collecting data on ordinary users ,by isps,
and security services .
OR will they just forget about it,or bring in laws ,with loopholes and exceptions for security surveillance .
20 years ago there was a limited amount phone tapping,
but the technology did not exist to monitor millions of people .
Our laws need to be updated to reflect the fact that nsa etc can record
so much browsing ,phone call info and metadata from mobile calls.
One country can monitor another country by tapping into an internet cable.
There should be an eu law,
any company can say publicy , we go x 1000 requests ,re info on our users,from the intelligence services.
this is the type of requests we get in each country .

Capt'n Midnight · 24-06-2013 9:00am

riclad wrote: »

20 years ago there was a limited amount phone tapping,
but the technology did not exist to monitor millions of people

LOL

The reality of the situation is that 25 years ago the GCHQ were listening in on the microwave trunk for all the phones between here and the UK.

http://www.publicintegrity.org/1999/07/16/3342/how-britain-eavesdropped-dublin

The tower was craftily erected between two BT microwave radio towers carrying telephone traffic. The ETF was the ideal place to discreetly intercept international telephone calls of the Irish government, businessmen and those of suspected of involvement with IRA terrorism.
...
During 1988, a temporary interception system was built on the roof of the BNFL factory. When tests of the Irish interception system proved successful, intelligence chiefs decided to go ahead with a full-scale system.

riclad · 24-06-2013 9:33am

MY first pc ,had a 5gigabyte drive, 256meg ram,windows 95.
20 Years ago ,it would not have been practical to do such massive surveillance,of millions of users,
Now its possible to to record all text,s , phone conversations ,webrowsing
of anyone who uses the internet,eg millions of people .
And hold onto to this data indefinitely,
hard drive storage is at least 10 times cheaper.
The only people using the internet were scientists, the miltary,academics , students.
NOW most people use the web, they acess credit cards ,use online banking,email, facebook etc

Capt'n Midnight · 24-06-2013 11:54am

riclad wrote: »

MY first pc ,had a 5gigabyte drive, 256meg ram,windows 95.
20 Years ago ,it would not have been practical to do such massive surveillance,of millions of users,
Now its possible to to record all text,s , phone conversations ,webrowsing
of anyone who uses the internet,eg millions of people .
And hold onto to this data indefinitely,
hard drive storage is at least 10 times cheaper.
The only people using the internet were scientists, the miltary,academics , students.
NOW most people use the web, they acess credit cards ,use online banking,email, facebook etc

Tape is cheap.

Telephone audio is about 3KHz
Ordinary VHS tape can store about 3MHz of analogue bandwidth. People even "stored" several GB on them so you can imagine what the professional grade kit could do. ( Later Russian clone )

NASA has warehouses full of tapes to reprocess, so same is probably true of the spooks.

And they were tapping into the microwave link, not individual lines. The rumours were that voice recognition was used at start of call to decide whether to record it or not. Other stories about that floor in the BT exchange in Belfast that the lift doesn't go to.

Today you can use codecs that take as little as 2.4Kb/s = 18KB/ minute.

ALL of the phone calls made in Ireland last year would just about fit on seventy seven $190 drives. Voice minutes for Q4 2012 totalled almost 4.14 billion minutes and there were
16.9 billion minutes in the twelve months to the end of December 2012. Of course if you dropped silences it would be less.

So six 2U high 16 drive external drive arrays. Something that could be done by an individual.

riclad · 24-06-2013 1:26pm

THE point is i remember when, there was no web, no facebook,no internet acess ,no mobile phones ,no text messages.
IF the nsa wanted personal info on millions of irish people they could not get it from a internet cable.
NOT everyone had a personal phone .
IF i wanted to phone someone i went to a phone box and put 10p in the slot.

NOW Thru facebook,google, gmail etc in theory they have detailed info on millions of irish people.
When data is on servers it can be searched ,indexed
easily ,by time,date,location etc

even if you are not on facebook,
Your friends ,family will probably be on it.

Capt'n Midnight · 26-06-2013 10:51pm

Short version use Diffie-Hellman

http://www.theregister.co.uk/2013/06/26/ssl_forward_secrecy/

Several key exchange mechanisms exist but the most widely used mechanism is based on the well-known RSA algorithm, explains Ivan Ristic, director of engineering at Qualys. This approach relies on the server's private key to protect session keys.

"This is an efficient key exchange approach, but it has an important side-effect: anyone with access to a copy of the server's private key can also uncover the session keys and thus decrypt everything," Ristic warns.
...
SSL supports Forward Secrecy using two algorithms: Diffie-Hellman (DHE) and the adapted version for use with Elliptic Curve cryptography (ECDHE). The main obstacle to using Forward Secrecy has been that Diffie-Hellman is significantly slower, leading to a decision by many website operators to disable the feature in order to get better performance.

PRISM

Comments