PRISM

Khannie · 11-06-2013 8:51pm

Prodigious wrote: »

Jabber is an excellent IM client for privacy.

Yep. Think I'm going to set up my own jabber server on a box in my house.

Prodigious wrote: »

I have to look into a different email provider. I've been using gmail in general, and of course tormail, but tormail isn't exactly one to be throwing down on the CV. Can anyone recommend any email provider that values privacy and security?

I'm seriously thinking of ditching gmail after this, so interested as well. This site lists alternatives / stuff to consider. Among them is bitmessage. Not sure if it's suitable or what the craic is with it yet, but I'll be looking into it a bit more. May also host my own email server. Yes we're entering the ridonculous stage. I actually have nothing that the NSA would be interested in. It's not the point though.

Plus - with the breakthrough in upload speeds that the new FTTC offerings are going to bring, hosting your own servers becomes a real possibility once you have the knowledge.

Prodigious · 11-06-2013 8:55pm

Khannie wrote: »

Yep. Think I'm going to set up my own jabber server on a box in my house.

I'm seriously thinking of ditching gmail after this, so interested as well. This site lists alternatives / stuff to consider. Among them is bitmessage. Not sure if it's suitable or what the craic is with it yet, but I'll be looking into it a bit more. May also host my own email server. Yes we're entering the ridonculous stage. I actually have nothing that the NSA would be interested in. It's not the point though.

Plus - with the breakthrough in upload speeds that the new FTTC offerings are going to bring, hosting your own servers becomes a real possibility once you have the knowledge.

Was thinking about that myself. Going to look into the logistics of it after the Leaving Cert. Total control of your own affairs - it would be excellent.

silentrust · 11-06-2013 8:57pm

Prodigious wrote: »

Jabber is an excellent IM client for privacy.
I have to look into a different email provider. I've been using gmail in general, and of course tormail, but tormail isn't exactly one to be throwing down on the CV. Can anyone recommend any email provider that values privacy and security?

There is an excellent jabber client called Psi which I use for privacy purposes. You can use OpenPGP encryption for messages i.e the keys to decode messages are kept on your own computer, you don't have to rely on the goodwill of whoever is running the servers - this will give you privacy. If you want anonymity too I'd suggest running it through Tor or a VPN, details on request! :-)

Prodigious · 11-06-2013 8:59pm

What VPN do ye use?
When I needed it, I used anonine, thought it was excellent, and because they're in Sweden they have no legal obligation to keep any logs.

silentrust · 11-06-2013 9:20pm

Prodigious wrote: »

What VPN do ye use?
When I needed it, I used anonine, thought it was excellent, and because they're in Sweden they have no legal obligation to keep any logs.

Thanks Prodigious, I've heard nothing but good things about the one you used.

The only time I used a VPN instead of Tor was when I used the Psi program I mentioned above, this was because speed was of the essence as a colleague of mine and I were placing VOIP calls too.

In that case I used BTGuard because they accepted Bitcoins - since we're on the subject of cryptoanarchy, I don't mind confessing I used to be a Bitcoin Trader(!) For those who don't know Bitcoins are a decentralised currency which if used correctly can allow you to pay for goods and services anonymously - they're very popular for instance on the deep web website "The Silk Road" where users buy drugs in the mail but they have legal uses too such as paying for VPN services - I don't want to use my credit card, it defeats the point of having a VPN in the first place! :-)

Prodigious · 11-06-2013 9:36pm

Speaking of which, theyre gone down to 80 quid, they were 100 only last week. Might be worth getting a few.

silentrust · 11-06-2013 9:44pm

Prodigious wrote: »

Speaking of which, theyre gone down to 80 quid, they were 100 only last week. Might be worth getting a few.

I was on the Silk Road forums earlier today and there are a lot of doomer and gloomers are predicting a crash. I've looked over the charts for the past few months and it seems to be creeping back upward for now.

Of course, as with the Stock Market* there is an extent to which this can be a self fulfilling prophecy whereby more people hear everyone else is selling en masse and so do the same but I personally think it will rise before falling again.

I'd be interested to hear how you get on, naturally don't put in more than you can afford to lose. What I worry about is that after the next big crash people will start hoovering them up in the hopes another Cyprus style event will cause them to shoot up in price - which of course will raise the price artificially for a while and then have everyone selling again so it'll go up and down like a yo yo! :-)

*There actually are several websites which operate a stock-market for Bitcoin and its stunted cousin Litecoin but the lack of accountability and difficult interface means not many people I've spoken to use them.

[-0-] · 11-06-2013 10:33pm

I live in the states. My email is on a server hosted by a friend of mine who runs a hosting company in Co. Clare. I have my own dedicated server running FreeBSD in France, which I host an encrypted IRC server on it. I used to run SILC on it. I use this server for email as well. I download my torrents and crap onto it and scp them to my iPad then.

It is probably not an ideal setup, but it works for me.

Capt'n Midnight · 12-06-2013 11:16am

First off does anyone think that if there was a war on / national emergency that google , facebook etc wouldn't do their best to help out ?

well there's always a war on terror / drugs / axis of evil / current bad guys

Would anyone be surprised to find that there were lots of backdoors in the hardware those companies use, and even in the software ?

if you aren't using two different layers of encryption than going by screw-ups in the past it's possible that you'll have some accessible data, commercial encryption probably has backdoors, and there have been some gaffs on the open source side too. Might be worth throwing in a lot of random noise / digits of pi into the mix too, don't forget to ramp up the traffic at odd times but not when there are international incidents or you will be on everyones watch list.

I keep mentioning echelon because this sort of stuff is old news.

During WWII the US government went data mining The Library of Congress for any useful info. It paid off. Except now they have access (or potential access) to way more information.

If you want to follow the money trail just imagine how much CIA intel has helped big US corporations. The Airbus vs. Boeing saga alone is worth billions so financing is easy. Also it means jobs back home which politicians love.

enigmatical · 12-06-2013 11:23am

I think the biggest issue will be for cloud hosted services that are being sold to corporations and state bodies.

I think it'll have a lot of companies staying with local hosting.

It's not that they've anything to hide, but they have data protection requirements and may be dealing with sensitive intellectual property.

I mean for example should irish universities reconsider using Google Apps for student email? Several of them moved to it.

There are a lot of consequences for the cloud computing sector that will emerge because of this.

Even the fact that there was a leak would make me wonder about what contractors have access to it and how secure it really is.

There's a lot to be said for having your own servers in your own office.

I could imagine it would be a big concern for for R&D facilities, academics, political parties, journalists dealing with investigative stories etc etc etc

Capt'n Midnight · 12-06-2013 11:43am

enigmatical wrote: »

I think the biggest issue will be for cloud hosted services that are being sold to corporations and state bodies.

What happens if you apply EU data laws ?

Does this mean that they can't use Google docs etc. to store any data / email on EU citizens ?

Capt'n Midnight · 12-06-2013 11:44am

science gallery tomorrow luchtime
Rapid Response: The NSA Prism Leak - with Una Mullally
Jun13 13.00 - 14.00

Khannie · 12-06-2013 11:48am

Capt'n Midnight wrote: »

What happens if you apply EU data laws ?

I don't think they apply outside the EU (where the NSA are intercepting the data). It's a sneaky little workaround.

Thanks for the tip on that talk. I'll spin along to that.

silentrust · 12-06-2013 11:50am

enigmatical wrote: »

I think the biggest issue will be for cloud hosted services that are being sold to corporations and state bodies.

I think it'll have a lot of companies staying with local hosting.

It's not that they've anything to hide, but they have data protection requirements and may be dealing with sensitive intellectual property.

I mean for example should irish universities reconsider using Google Apps for student email? Several of them moved to it.

There are a lot of consequences for the cloud computing sector that will emerge because of this.

Even the fact that there was a leak would make me wonder about what contractors have access to it and how secure it really is.

There's a lot to be said for having your own servers in your own office.

I could imagine it would be a big concern for for R&D facilities, academics, political parties, journalists dealing with investigative stories etc etc etc

Yes enigmatical, I think it's an issue which has been around since the inception of cloud computing. There also doesn't seem to be a quick and easy solution.

Dropbox for instance suggested customers use third party apps like Truecrypt to encrypt data before uploading, which is what I do but of course that means you can't use it to share documents with friends.

A company named Porticor has developed software using a technique called homomorphic key encryption which in plain English means data is always encrypted in the cloud and you keep the Master Key on your own computer but it seems to me that since this is proprietary you have to trust the fact they're telling the truth!

E-mail is an entirely different kettle of fish though. If you're only concerned with privacy, not anonymity you can use GPG in combination with a service like gmail but of course that means that everyone you talk to has to use it and it's not very common.

enigmatical · 12-06-2013 11:51am

Capt'n Midnight wrote: »

What happens if you apply EU data laws ?

Does this mean that they can't use Google docs etc. to store any data / email on EU citizens ?

That's my concern.

It could be a data protection compliance nightmare for a lot of small business.

It gets even worse when you add things like Adobe CS becoming a cloud based service.
MS is trying to do the same with Office.

Windows is getting very fond of SkyDrive and OS X keeps defaulting to saving to the iCloud.

Dropbox and Google drive would be a bit of an issue too.

Then you've issues with smart phones and tablets, especially Android, being practically embedded in the cloud.

Between this and concerns about Chinese hardware potentially being used gathering data, it's going to make life very complicated for people trying to stay on the right side of European privacy and data protection laws!

silentrust · 12-06-2013 11:52am

Khannie wrote: »

I don't think they apply outside the EU (where the NSA are intercepting the data). It's a sneaky little workaround.

Thanks for the tip on that talk. I'll spin along to that.

I imagine it doesn't come as a surprise to anyone to find out the government can't be trusted with our personal data! :-)

Khannie · 12-06-2013 11:57am

silentrust wrote: »

I imagine it doesn't come as a surprise to anyone to find out the government can't be trusted with our personal data! :-)

Ah I don't think the Irish government are up to much to be honest. Plenty of expertise in the country, but not enough budget.

silentrust · 12-06-2013 12:00pm

enigmatical wrote: »

That's my concern.

It could be a data protection compliance nightmare for a lot of small business.

It gets even worse when you add things like Adobe CS becoming a cloud based service.
MS is trying to do the same with Office.

Windows is getting very fond of SkyDrive and OS X keeps defaulting to saving to the iCloud.

Dropbox and Google drive would be a bit of an issue too.

Then you've issues with smart phones and tablets, especially Android, being practically embedded in the cloud.

Between this and concerns about Chinese hardware potentially being used gathering data, it's going to make life very complicated for people trying to stay on the right side of European privacy and data protection laws!

So, it seems we're all going to have to take responsibility for our privacy for the time being. Dropbox can hand over my encrypted Truecrypt container to the Feds if they want, much good may it do them. :-)

enigmatical · 12-06-2013 12:14pm

The other issue I would be concerned about is that the security services might become over reliant on searching the Internet for leads.

There's a lot to be said for old fashioned detective work too!

They could have all the packet sniffing in the world and still miss the target because it's not online at all.

And what if this massive database itself were hacked by some unscrupulous organisation or individual?

It's a huge treasure trove of information that would be very valuable to all sorts of people.

An insider leaking information, blackmail, political abuse or an external hacker gets in and there would be massive problems.

If you gather the data it's a target for misuse!
If it doesn't exist, it isn't.

No system is 100% secure, even run by the best intelligence agencies in the world, it could be at risk of being accessed inappropriately or illegally.

It's like someone having a master key that opens every door. Criminal elements will want access to that and corrupt individuals in the system will misuse it.

I'd just be concerned, no matter how well intentioned the security agencies involved might be, I think it's a bit nieve to assume that it will never be abused or compromised.

Prodigious · 12-06-2013 12:24pm

enigmatical wrote: »

And what if this massive database itself were hacked by some unscrupulous organisation or individual?

An insider leaking information, blackmail, political abuse or an external hacker gets in and there would be massive problems.

If you gather the data it's a target for misuse!
If it doesn't exist, it isn't.

No system is 100% secure, even run by the best intelligence agencies in the world, it could be at risk of being accessed inappropriately or illegally.

It's like someone having a master key that opens every door. Criminal elements will want access to that and corrupt individuals in the system will misuse it.

Those collecting it are corrupt already, the whole basis for the PRISM system is criminal. The organisations behind it are supposed to be "the good guys."
Why not some transparency? The leak has shown that Obama is nothing but a puppet, not only is he continuing, he is also reinforcing the illegal, unjustifiable and immoral practices put into place by the Bush administration.

In a months time, I will have closed my gmail & hotmail accounts, and moved onto a Linux distribution. (Recommendations?) Seems the smartphones are a no go too, seeing as they track your whereabouts 24/7, can be used as listening devices, and always require sign in. Your options are essentially Google or Apple, neither of which are desireable at this point in time. I for one, will be sticking to my Sony Ericsson W380.

enigmatical · 12-06-2013 12:29pm

It's a pity Maemo was killed off by Nokia and that Symbian wasn't developed into a more competent OS.

It was a very decent OS and a good European alternative too.

There's a Mozilla phone due out soon though.

They'd be very bored reading my email and Facebook but, it's the principle of it.

[-0-] · 12-06-2013 12:38pm

enigmatical wrote: »

It's a pity Maemo was killed off by Nokia and that Symbian wasn't developed into a more competent OS.

It was a very decent OS and a good European alternative too.

There's a Mozilla phone due out soon though.

They'd be very bored reading my email and Facebook but, it's the principle of it.

Isn't a new Ubuntu phone coming out soon too?

enigmatical · 12-06-2013 12:40pm

[-0-] wrote: »

Isn't a new Ubuntu phone coming out soon too?

I think so.
You can also use alternative firmware on your Android phone without as much skyward.

Prodigious · 12-06-2013 12:41pm

You still need to be signed in for apps, if I'm correct?

enigmatical · 12-06-2013 12:44pm

Prodigious wrote: »

You still need to be signed in for apps, if I'm correct?

No. Android isn't actually tied to the Google Play Store. You can install apps from anywhere you like.

Even unmodified android phones will let you do that. There's an option to allow it in the settings menu.

It's a lot less locked down than iOS

syklops · 12-06-2013 12:51pm

Khannie wrote: »

I'm seriously thinking of ditching gmail after this, so interested as well. This site lists alternatives / stuff to consider. Among them is bitmessage. Not sure if it's suitable or what the craic is with it yet, but I'll be looking into it a bit more. May also host my own email server. Yes we're entering the ridonculous stage. I actually have nothing that the NSA would be interested in. It's not the point though.

Plus - with the breakthrough in upload speeds that the new FTTC offerings are going to bring, hosting your own servers becomes a real possibility once you have the knowledge.

You can use GPG with Gmail. It breaks the ability to search your own messages but otherwise works well.

Prodigious · 12-06-2013 12:53pm

Slightly OT, but along the same vein.
All Irish providers have been issued an order from the high court to block thepiratebay.sx

Khannie · 12-06-2013 12:54pm

Prodigious wrote: »

Slightly OT, but along the same vein.
All Irish providers have been issued an order from the high court to block thepiratebay.sx

:eek: Have you a link there?

Prodigious · 12-06-2013 12:56pm

DeVore wrote: »

So, today UPC and 5 other ISPs (UPC, Imagine, Vodafone, Digiweb, Hutchison 3G Ltd and Telefonica O2 Ireland Ltd.) have been ordered to block a website on the internet because of alleged wrong doing through the use of that website.

The road-builders just became responsible for policing the cars that drive on their roads.

http://www.irishtimes.com/news/crime-and-law/music-firms-secure-orders-blocking-access-to-pirate-bay-1.1425810

http://www.independent.ie/business/technology/high-court-orders-six-internet-service-providers-to-block-pirate-bay-access-29339933.html

.

enigmatical · 12-06-2013 1:06pm

I'm not even sure they have the technical ability to do that.
I could see this bring appealed.

PRISM

Comments