PRISM - What have you changed?

Macumazan

Cliste wrote: »

Considering that tor is funded by the Americans I'm not sure that it is safe from their prying eyes in the slightest..

An excellent Youtube video on Tor vulnerabilities here - messages between Tor nodes are encrypted in such a way that even if the NSA is twenty years ahead of us in terms of their ability to break encryption, it still wouldn't be feasible to do so - of course though this only applies to messages within the network.

If for instance, you were to log in to your internet banking via Tor, it would be fairly trivial for someone to monitor the Tor exit node and see a connection to the bank's website, although of course they wouldn't see your original IP.

As such for truly safe communications you need to keep them within the Tor network, such as using Tormail to exchange messages which are encrypted by GPG - I think at present the NSA is relying on the fact that only a small number of criminals communicate in this way.

Also ironically using Tor in itself can attract more NSA attention, as it's fairly trivial by default to detect someone is using it through traffic analysis (although not the actual sites you're visiting or information you're exchanging). You can mitigate this risk by using the obfsproxy bundle for Tor instead.

Macumazan

Gavin wrote: »

This all seems rather crackers. You should simply assume that you have no privacy on the Internet and act accordingly.

Using a VPN, or Tor, is an even worse idea. You are almost guaranteed that someone is monitoring the endpoint for unencrypted traffic.

Hi Gavin,

Please see my post below, if the video is too long, there's an excellent explanation here explaining how Tor works.

In the first instance, simply tracing the creation of a blog or e-mail account for instance back to a Tor exit node would not enable law enforcement or anyone else to know the original IP of the user connecting through the Tor network through simple traffic analysis alone.

If the user doesn't take certain precautions it may be possible to tell they were using Tor at their home address at the same time that a particular e-mail or message was sent of course. Also if the person gives away any identifiable information while using Tor e.g through using the same exit node to log in to their personal e-mail account while also writing their "hacktivism" blog but of course that's very easy to prevent.

One way to do this would be to avoid the problem altogether by locating your blog or respective e-mail accounts in the deep web itself so you never need to use exit nodes. (Tormail is a great example of this). You can add an additional layer of protection using gpg which provided sufficient key strength is currently uncrackable in any feasible amount of time.

VPN's similarly can be anonymous if used correctly. Naturally you need to make sure your VPN is in a country with no mandatory data retention laws, and also that you can pay using an anonymous methods such as using Bitcoins. I'd also recommend one which uses shared IP addresses making it harder for anyone to identify you. I use one for my day to day browsing but for extra private stuff you really do need to use Tor or I2P.

Let's not be too doom and gloom about this folks, securing your online activities is a practical goal!

Macumazan

Khannie wrote: »

With hindsight I should have assumed it was happening. It seems obvious that it would have been now that I give it proper consideration. I value my privacy simply because I feel people have a right to privacy, so I have changed a few things:

1) I have encouraged friends to PGP encrypt email exchanges. I am using a plugin called "mailvelope" for chrome with my gmail. It's not ideal, but it is slick and easy enough for the average Joe to use (I have tested this with non-technical people and it has worked). A firefox version is hopefully forthcoming.

2) I am using OTR with pidgin. Super little plugin.

3) I have dumped google as my default search engine from all my browsers and am now using startpage.com.

That's all I've managed to change so far. I am seriously considering hosting my own mail server, but actually in a way it's less secure. If I mail someone from my gmail account who has a gmail account (lots of people) the exchange is entirely encrypted. Unless there is a court order to view my gmail (ridiculously unlikely) it is private. If I hosted my own mail server, it would be unencrypted unless both parties were using PGP.

Anyone else changed anything? Nothing at all? Were already doing such things?

Good man, I was scared off mailvelope by an IT guru who said that it wasn't a good idea to let your browser have access to your private key but it sounds brilliant and I do think he was being a tad paranoid.

Startpage is excellent, as is DuckDuckGo, there are plugins for both for Firefox if anyone is interested.

You're right about having your own mail server, it seems too much trouble plus there's the issue of the server itself being more vulnerable to theft and tampering than Google's - of course if you're using GPG it's a bit of a moot point.

Other things I've done:

- Switched from using DropBox and Ubuntu One to Wuala, a cloud service which encrypts your data on your computer before storing on the cloud.

- Downloaded Boxcryptor for my Android phone to use with Dropbox so I can upload pictures and videos I've taken. (There's also a desktop version).

- Signed up with a VPN, which I paid for with Bitcoins. E-mail address I used to register was an I2P mail address. VPN server is in Canada which currentl has no data retention laws. (Although this is changing.)

- Used the wonderful "Keepass" program to generate super strong passwords for all my web services. These are copied and pasted into web forms as and when needed and I don't know them, which protects against key loggers.

- With reference to the above Keepass also makes use of a keyfile so anyone using Van Eck Phreaking to see the Master Password as it's being entered won't have much joy without physical access both to the device and keyfile. Keyfile is stored separately, my lips are sealed! :-)

- Encrypted my HDD but sadly not able to be as clever as you to put bootloader on USB! (The good news is that now all flavours of Ubuntu allow you to encrypt the whole Operating System as part of the regular installation DVD).

- Switched to using Jitsi with OTR for messaging now. My family keep in touch via Google Talk so have asked them to switch to using this so we can stay safe.

- Left Facebook and dabbled with alternative social networks like Diaspora and Nightweb.

Look forward to hearing what everyone else has done.

Nika Bolokov

Seems some U.S. payment companies are no longer working with the VPN ipredator.se

https://torrentfreak.com/paypal-cuts-off-pirate-bay-vpn-ipredator-freezes-assets-130724/

Wonder if it works well........................

Macumazan

Nika Bolokov wrote: »

Seems some U.S. payment companies are no longer working with the VPN ipredator.se

https://torrentfreak.com/paypal-cuts-off-pirate-bay-vpn-ipredator-freezes-assets-130724/

Wonder if it works well........................

Yes, I suppose it's quite a glowing commendation! In any case we shouldn't be using traceable methods of renting VPN's as it defeats the point. Bitcoins all the way. Try to buy them locally for cash if possible, if not then via wire transfer to a provider on localbitcoin.com

Gavin

Macumazan wrote: »

Hi Gavin,

Please see my post below, if the video is too long, there's an excellent explanation here explaining how Tor works.

In the first instance, simply tracing the creation of a blog or e-mail account for instance back to a Tor exit node would not enable law enforcement or anyone else to know the original IP of the user connecting through the Tor network through simple traffic analysis alone.

If the user doesn't take certain precautions it may be possible to tell they were using Tor at their home address at the same time that a particular e-mail or message was sent of course. Also if the person gives away any identifiable information while using Tor e.g through using the same exit node to log in to their personal e-mail account while also writing their "hacktivism" blog but of course that's very easy to prevent.

One way to do this would be to avoid the problem altogether by locating your blog or respective e-mail accounts in the deep web itself so you never need to use exit nodes. (Tormail is a great example of this). You can add an additional layer of protection using gpg which provided sufficient key strength is currently uncrackable in any feasible amount of time.

VPN's similarly can be anonymous if used correctly. Naturally you need to make sure your VPN is in a country with no mandatory data retention laws, and also that you can pay using an anonymous methods such as using Bitcoins. I'd also recommend one which uses shared IP addresses making it harder for anyone to identify you. I use one for my day to day browsing but for extra private stuff you really do need to use Tor or I2P.

Let's not be too doom and gloom about this folks, securing your online activities is a practical goal!

A few points.
1) Seeing as we are talking about the NSA here, it actually is feasible for NSA to perform stream correlation attacks against Tor, provided they can observe the entry and exit nodes. As they appear to be tapping inter-continental trunk lines, they could well do this. The Tor project acknowledge that they cannot defend against this attack, the system was not designed to best a global passive adversary. To do so would require introducing latency and/or dummy packets which would render the network so slow as to be unusable. So if they really wanted, yes I think they could defeat Tor anonymity.
2) The alternative approach is to simply monitor exit nodes for unencrypted traffic, which judging from the number of academic papers describing the type of traffic emerging from Tor nodes, is actually a widespread activity. There is no way I would trust that the operator of a Tor exit node is not monitoring outgoing traffic.
3) When you suggest an alternative is to use a VPN, what guarantee do you have that the operators of the VPN are in anyway legitimate and don't monitor or record your traffic ? None. It's blind trust.

If the NSA want to monitor your traffic, let's face it, there's pretty much nothing you could do to prevent them. Look at what Al Qaeda resorted to, effectively using couriers to move USB keys around, not trusting telecoms at all.

The best approach to take is to assume that nothing you say on the internet is private and act accordingly... Easier said than done of course, but probably something worth bearing in mind !

Macumazan

Gavin wrote: »

A few points.
1) Seeing as we are talking about the NSA here, it actually is feasible for NSA to perform stream correlation attacks against Tor, provided they can observe the entry and exit nodes. As they appear to be tapping inter-continental trunk lines, they could well do this. The Tor project acknowledge that they cannot defend against this attack, the system was not designed to best a global passive adversary. To do so would require introducing latency and/or dummy packets which would render the network so slow as to be unusable. So if they really wanted, yes I think they could defeat Tor anonymity.
2) The alternative approach is to simply monitor exit nodes for unencrypted traffic, which judging from the number of academic papers describing the type of traffic emerging from Tor nodes, is actually a widespread activity. There is no way I would trust that the operator of a Tor exit node is not monitoring outgoing traffic.
3) When you suggest an alternative is to use a VPN, what guarantee do you have that the operators of the VPN are in anyway legitimate and don't monitor or record your traffic ? None. It's blind trust.

If the NSA want to monitor your traffic, let's face it, there's pretty much nothing you could do to prevent them. Look at what Al Qaeda resorted to, effectively using couriers to move USB keys around, not trusting telecoms at all.

The best approach to take is to assume that nothing you say on the internet is private and act accordingly... Easier said than done of course, but probably something worth bearing in mind !

Hi Gavin,

You've made some interesting points but I think it's important to delineate between monitoring of traffic and actual interception of data.

The kind of attack you mentioned has been known to the Tor project for some time (see a Blog post from 2009 about it here). In practical terms it's not very feasible even for the NSA as you have to be in control of both the entry and exit relay, as well as modify the data which as the blog posts states, will likely cause the connection to drop.

Having said this, there's very little this would achieve in practical terms, even if it were successfully implemented. It would not even tell an attacker which Tor hidden service a particular person was using - indeed despite their best efforts US law enforcement have failed to trace the servers of websites like the Silk Road which receive colossal amounts of traffic in Tor terms.

I2P doesn't suffer from this problem in the same way as tagging attacks can't be implemented although you'll see that there are some threat models for both systems.

As regards Point 2, you're absolutely right in that you must assume that Tor exit nodes are being monitored but I think you're more likely to give yourself away by visiting an encrypted site than an unencrypted one e.g let's say you visit the unencrypted site of the Daily Telegraph in the UK, it would give an adversary a rough idea of at least your nationality. However if you used it to visit your SSL protected Gmail account, and any other malicious activity can be traced to the same exit node, you're in trouble, particularly if Google are handing over their records to the NSA as is rumoured. As I said though, you can avoid this issue altogether by making use of I2P eepsites and Tor hidden services to exchange information.

Regarding VPN's - there is a certain degree of trust involved which you don't need when using a P2P network like Tor. You can mitigate the risk of being caught by taking your time to find a VPN which is based in a country without mandatory data retention laws and subscribe by paying via Bitcoin, and use an anonymous e-mail service - of course it's not either/or, I connect to Tor via my VPN for instance.

What's good though is that we have a clear idea of what is practical in terms of security and you won't find anywhere on the TOR, I2P or Freenet sites any claim that they offer "perfect" anonymity - this is isn't necessary, you just need to make your activities so impractical and difficult to detect, that even the NSA won't get a look in.

Macumazan

Just one point in response to a PM I received last night :

"Out of the box" it is very easy for an ISP/Law Enforcement to detect you are accessing a pseudonymous network like Tor or I2P.

This could end up making you more likely to be singled out for surveillance, although with Tor at least you can eliminate this risk through using Private bridges.

When discussing issues like these, it's also important to bear in mind the difference between privacy and anonymity - P2P networks like these help disguise the IP address of your computer, but naturally if you use them to send an unencrypted e-mail for example, in which you give away personally identifiable information, then you'll no longer have privacy.

Similarly if you use your ISP's regular connection to send a GPG encrypted e-mail for instance to a friend's e-mail address, it would be obvious to any fool snooping on your connection who you are and who your friend is but it won't be possible by cryptanalysis alone to tell what was said between you.

Really looking forward to hearing what others have done to protect themselves.

AnCatDubh

Still doing research and taking small steps.

Most recent is that I've broken the link between allowing gmail to pick up email from a secondary email account (used to be my primary prior to going gmail) - one which is beyond the reach (in theory) of NSA programmes. It feels good to know I have one email account which isn't being scouped up \o/

Next up, settle on a non NSA accessible email service.

Then do the reverse, have the new email pick up anything in gmail (as heaven knows where I may have signed up to something in the past and may need it in the future), and then systematically redirect or eliminate any mailing list, subscription based stuff from having the gmail address to the new one. Reply to anything that comes in via the new email account and update contacts.

All this stuff is hard work eh

Dude111

Khannie wrote:

With hindsight I should have assumed it was happening.

Not to worry my friend,alot of ppl didnt realise it!

I knew it was going on a long time! (I remember when PRISM was started)

Quite scary stuff!!

Nika Bolokov

It is frustrating that so many changes that are being made are probably ineffective due to compromised hardware with which there are not really any suitable alternatives.

The ideal is a device built 100% from scratch with hardware and software that we can trust.

Now that would be an epic Kickstarter.

Heres a list of options (software)

https://prism-break.org/