PRISM

Khannie · 19-06-2013 11:35AM

silentrust wrote: »

Home mail server might be a great project for my Raspberry Pi but aren't you worried that it could be seized?

Not in the slightest. I just want to prevent accidental eavesdropping like we're seeing. If I were genuinely concerned about seizure I think there would be something drastically wrong with my life.

Think I will throw mine on a pi too. I have one lying around doing nothing. It's probably perfect for this kind of thing.

Capt'n Midnight · 19-06-2013 12:37PM

Khannie wrote: »

You assume that physical access = compromised. It's not beyond possibility to set up a machine in such a way that this is not the case. I linked one earlier.

For most people it's a safe assumption.

But then again for most people any security at all is enough because they just aren't interesting.

If you aren't in a Faraday cage there is always Van Eck phreaking.
And keyboards can be snooped with microphone and camera, even if there is no other way to tap into it directly. (Which is one of the reasons eVoting is a vary bad idea)

Smartphone apps that can detect vibrations can guess what keys are being pressed.

How paranoid do you want to be ?

There aren't enough humans to filter all this / do the physical stuff unless you draw enough attention to your self. But don't worry it's probably all recorded for posterity so they can trawl through it later when a vulnerability is found at some time in the future. :pac: My gut feeling is that quantum computers won't be able to decrypt stuff anything like the PR campaign for them would have you believe. It's like the funding for AI all over again.

silentrust · 19-06-2013 06:31PM

Khannie wrote: »

Not in the slightest. I just want to prevent accidental eavesdropping like we're seeing. If I were genuinely concerned about seizure I think there would be something drastically wrong with my life.

Think I will throw mine on a pi too. I have one lying around doing nothing. It's probably perfect for this kind of thing.

I'd be very interested to hear about your efforts with this, I am going to try and tweak my Pi too... the trick will be protecting it against seizure IMHO, very exciting times ahead...!

clairefontaine · 19-06-2013 07:34PM

This whole thing is so depressing and making me very angry at the audacity of the government. I am not tech savvy to keep up with what is being discussed here but Im guessing iinternet security wil be the next huge industry because of this. In the meantime I think I'll have to back to snail mail. This is unacceptable.

Thank you very much silent trust for taking time to explain that to me.

zenno · 19-06-2013 09:44PM

If any of you are worried (as you should be) about Prism, you should sign the petition below.

https://optin.stopwatching.us/?r=eff

riclad · 19-06-2013 09:56PM

I wonder will there be eu versions of dropbox ,
gmail, etc and cloud services.
eg we have servers in sweden , our data is not being
acessed by the us government .
IF you are concerned about security ,you should be running linux ,with a login password.

i Think its better to assume any american software on a pc , can be acessed by nsa .
Theres an article here,
http://www.slate.com/blogs/future_tense/2013/06/19/viviane_reding_european_commission_vice_president_on_meeting_with_eric_holder.html

so eu vice president says europeans should have
the same protection as usa citizens under us law ,re data acess, surveillance.

SO does that mean
every one in the eu ,will have all email,phone calls ,webrowsing, facebook, recorded ,
AS in the usa.AS long as its cleared by a secret court in the usa ,whose orders are secret .
That does not inspire confidence.
WE need new eu laws brought in to make sure all data, webrowsing ,phone calls are just not being recorded and shared with private companys.
IF companys like google are being asked for data ,
they should be able to say we got say 10,000 request s for data on customers email,or web searches, in the uk from the intelligence services.
the CIA want a new law brought in,
all im messaging ,programs like skype etc and devices ,
like smartphones must have a back door built in to allow easy interception of messages.
of Course this back door will be used by hackers,
to hack into pcs, and get your bank info,credit card data.
I can see alot more people just buying a pc, and installing linux, to have more privacy and security.

2 million people in the usa have top security clearance,
there,s must be a few people tempted to use acess to this this data ,for financial reasons,to get intelligence on business takeovers ,share,s ,new products, business intelligence etc
Maybe a european company could bring out a new phone,
this phone, has security,privacy apps,encrypted messaging built in, to the os.
Basically we have to assume now,any american product,phone etc
could be acessed by usa intelligence .

riclad · 19-06-2013 10:25PM

Quote from THE register,uk,

To effect change we are left with a boycott in everything but name. It means that non-US Western businesses need to start using "not subject to US law" as a marketing point. We need cloud providers and software vendors that don't have a US presence, no US data centers, no US employees - no legal attack surface in that nation of any kind. Perhaps most critical of all, we need a non-American credit-card company.

I think this is the best chance of changing the system,

if europeans stop buying american software,
the Americancompanys will start lobbying for a more
targetted system,
that uses proper court orders where survellience is necessary in certain cases.
That does not presume all europeans are potential terrorists or spys.

nmop_apisdn · 20-06-2013 02:08AM

Capt'n Midnight wrote: »

My gut feeling is that quantum computers won't be able to decrypt stuff anything like the PR campaign for them would have you believe. It's like the funding for AI all over again.

http://www.scientificamerican.com/article.cfm?id=d-waves-quantum-computer-courts-controversy

Haven't read it yet. Could be sh1t.

[-0-] · 20-06-2013 03:25AM

So I am now using PGP for my email, although I rarely email anyone. I downloaded IM+ and paid for the OTR extras so I can encrypt my Facebook chat messages, although I'm sure most of the people I talk to on there won't follow the pidgin link I gave them. I'll refuse to talk to people on there if it isn't encrypted.

I'm also using it to talk on AIM.

I wish I could just get rid of my Facebook account.

[-0-] · 20-06-2013 03:37AM

Speaking of which, I'm pretty surprised boards.ie doesn't have SSL yet.

silentrust · 20-06-2013 09:30AM

[-0-] wrote: »

So I am now using PGP for my email, although I rarely email anyone. I downloaded IM+ and paid for the OTR extras so I can encrypt my Facebook chat messages, although I'm sure most of the people I talk to on there won't follow the pidgin link I gave them. I'll refuse to talk to people on there if it isn't encrypted.

I'm also using it to talk on AIM.

I wish I could just get rid of my Facebook account.

Hi -0- I'd be interested to know, is this the Android version you're using which is why you paid for the OTR extras or is this the same for the desktop version too? It's just that Pidgin+OTR would be free, so am assuming there's an advantage in using IM+ I don't know about?

silentrust · 20-06-2013 09:46AM

Let's hope you're right re: Linux riclad!

I applaud your sentiment about having strong privacy laws in the EU but of course the same is true for the US - the point here is that PRISM is undermining citizens legal guarantees of privacy, they just assumed they'd be able to do it without anyone noticing and if it hadn't been for the integrity of men like Snowden, we wouldn't know the full extent of it.

When the scandal broke I first moved my e-mail address from Gmail to a Swedish provider as I saw an article saying Google Apps had been banned from use by a municipality due to legal concerns about how it uses private data.

GILC also has written an article about privacy legislation in the EU if you're interested.

However aside from the fact that Sweden has tried to use privacy laws as a form of censorship in the past it has also recently passed a Data Retention Directive which will require ISP's to keep information about all their users activities for six months.

This has been done, surprise surprise to keep Sweden in line with EU legislation which permits this kind of surveillance on a scale that makes PRISM seem like a Sunday Picnic.

It's precisely because I live in the EU that I have switched to a mail server based outside it in Norway as that country has much stricter privacy laws and no requirement to share them with other EU countries like ours.

Of course the best guarantee of privacy would be to use a service which can be encrypted end to end like Tormail, I2P etc. in conjunction with GPG but I think this is good enough for everyday purposes.

riclad wrote: »

I wonder will there be eu versions of dropbox ,

so eu vice president says europeans should have
the same protection as usa citizens under us law ,re data acess, surveillance.

SO does that mean
every one in the eu ,will have all email,phone calls ,webrowsing, facebook, recorded ,
AS in the usa.AS long as its cleared by a secret court in the usa ,whose orders are secret .
That does not inspire confidence.
WE need new eu laws brought in to make sure all data, webrowsing ,phone calls are just not being recorded and shared with private companys.
IF companys like google are being asked for data ,
they should be able to say we got say 10,000 request s for data on customers email,or web searches, in the uk from the intelligence services.
the CIA want a new law brought in,
all im messaging ,programs like skype etc and devices ,
like smartphones must have a back door built in to allow easy interception of messages.
of Course this back door will be used by hackers,
to hack into pcs, and get your bank info,credit card data.
I can see alot more people just buying a pc, and installing linux, to have more privacy and security.

silentrust · 20-06-2013 09:52AM

nmop_apisdn wrote: »

http://www.scientificamerican.com/article.cfm?id=d-waves-quantum-computer-courts-controversy

Haven't read it yet. Could be sh1t.

We talked before about the British government hushing up the fact they could crack Enigma so they could give captured encoding machines to their newly independent colonies in Africa and the Pacific - however this was for espionage and diplomatic purposes, had they used the messages as evidence in an open trial then their hand would have been revealed.

However Snowden did say that strong encryption still works, so presumably if the NSA could crack SSL/TLS/PGP by factoring primes at top speed they wouldn't need to have Facebook et. al hand over user data?

Capt'n Midnight · 20-06-2013 10:55AM

silentrust wrote: »

However Snowden did say that strong encryption still works, so presumably if the NSA could crack SSL/TLS/PGP by factoring primes at top speed they wouldn't need to have Facebook et. al hand over user data?

Electricity costs money etc.

Why would you waste resources when you can get handed the plain text ?

silentrust · 20-06-2013 11:15AM

Capt'n Midnight wrote: »

Electricity costs money etc.

Why would you waste resources when you can get handed the plain text ?

Or perhaps that's THEY want us to think... :-D

[-0-] · 20-06-2013 12:49PM

silentrust wrote: »

Hi -0- I'd be interested to know, is this the Android version you're using which is why you paid for the OTR extras or is this the same for the desktop version too? It's just that Pidgin+OTR would be free, so am assuming there's an advantage in using IM+ I don't know about?

Hi there.

I'm using the iPad version of IM+.

I tried a free implementation of OTR called ChatSecure but it's a PoS. Crashes regularly. The OTR add on for IM+ was only 5 bucks, so like....3 euro. Meh, I don't mind paying for it to be honest! I like stability.

The Pidgin developers refuse to develop applications for iOS. Here's why: https://developer.pidgin.im/wiki/WhyNoiOSVersion

silentrust · 20-06-2013 06:04PM

[-0-] wrote: »

Hi there.

I'm using the iPad version of IM+.

I tried a free implementation of OTR called ChatSecure but it's a PoS. Crashes regularly. The OTR add on for IM+ was only 5 bucks, so like....3 euro. Meh, I don't mind paying for it to be honest! I like stability.

The Pidgin developers refuse to develop applications for iOS. Here's why: https://developer.pidgin.im/wiki/WhyNoiOSVersion

A very interesting link -0- many thanks, I'm embarrassed to say I didn't realise this was a prerequisite for submitting apps to Apple. Have you ever used Cryptocat before? I'm using that as an alternative to Google Talk and Skype at the moment. I imagine it would work with iOS?

[-0-] · 20-06-2013 06:57PM

silentrust wrote: »

A very interesting link -0- many thanks, I'm embarrassed to say I didn't realise this was a prerequisite for submitting apps to Apple. Have you ever used Cryptocat before? I'm using that as an alternative to Google Talk and Skype at the moment. I imagine it would work with iOS?

Yep I've used it before. It's a plugin for Chrome and Chrome is available for iOS. It's not too bad.

silentrust · 20-06-2013 07:25PM

[-0-] wrote: »

Yep I've used it before. It's a plugin for Chrome and Chrome is available for iOS. It's not too bad.

Excellent, it's all falling into place... :-D

Edit: It seems Cryptocat can also be downloaded from the Mac App store. We truly are living in a golden age..

le sigh · 21-06-2013 01:34AM

Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It

Skype Provided Backdoor Access to the NSA Before Microsoft Takeover [NYT]

More data storage? Here’s how to fit 1,000 terabytes on a DVD

hooplah · 21-06-2013 07:22PM

Encryption might mean your data is held for longer: http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/

Intersting read, I think though that they've got the cover of the wrong Orwell book ...

silentrust · 21-06-2013 10:23PM

hooplah wrote: »

Encryption might mean your data is held for longer: http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/

Intersting read, I think though that they've got the cover of the wrong Orwell book ...

Agree re. Orwell, goodness knows what he would have made of all this!

I hope Tor users are making a concerted effort to use private bridges which mask their traffic to frustrate this.

Thanks for posting the article, most interesting!

le sigh · 22-06-2013 12:19AM

Edward Snowden Charged With Espionage Over NSA Leaks: Report

[-0-] · 22-06-2013 03:08AM

Called a spy for outing the spies. Hilarious.

silentrust · 22-06-2013 10:32AM

bedlam wrote: »

He's told us to use Tor

Video is ++ungoodthinkful verging crimethink, refs unpersons. Edit and resubmit to prolefeed.

le sigh · 22-06-2013 11:47PM

Protection for Whistleblowers
v
v
v
Adleaks

The current best practice for online submissions is to use an SSL connection over an anonymizing network such as Tor. This hides the end points of the connection and it protects against malicious exit nodes and Internet Service Providers (ISPs) who may otherwise eavesdrop on or tamper with the connection. However, this does not protect against an adversary who can see most of the traffic in a network, such as national intelligence agencies with a global reach and view.

We suggest a novel type of submission system for online whistleblowing platforms that we call AdLeaks. The objective of the AdLeaks system is to make whistleblower submissions unobservable even if the adversary sees the entire network traffic. A crucial aspect of the AdLeaks design is that it eliminates any signal of intent that could be interpreted as the desire to contact an online whistleblowing platform.

Surprising number of exit nodes in Europe.

Introducing the NSA-Proof Font
Potentially a great employment creator.:pac:

Pardon Edward Snowden
It's over a 100,000 (the new threshold) now so they'll have to give an official response. But
Snowden Petition Is Useless

Password Cracking AES-256 DMGs and Epic Self-Pwnage

Capt'n Midnight · 23-06-2013 12:41AM

le sigh wrote: »

Introducing the NSA-Proof Font
Potentially a great employment creator.:pac:

Just PR.

It's not even a Caesar cipher.

If you think the NSA are reading hardcopies or are looking at your screen then changing font isn't going to much.

Pardon Edward Snowden
It's over a 100,000 (the new threshold) now so they'll have to give an official response.

Once upon a time there was a petition against Regan handed in to the US embassy here. They typed all the names in the computer and used it to block people getting Visa's to work in the US.

le sigh · 23-06-2013 01:22AM

Source Says The Hong Kong Government Has Provided Edward Snowden An Apartment To Stay In

Chat with Duck Creator

Are you still improving the search engine?
We are focusing more on instant answers.

Must try harder!! It can't even find some sites if you don't add in .com.

How Browsers Store Your Passwords (and Why You Shouldn't Let Them)
Not that I'd use them but I'd wondered how good or bad they were.

Free Encryption For Everyone
^^^Canadian

WikiLeaks' Assange urges support for Snowden, slams Obama 'betrayal'
Makes some good points.

Off topic but this is brill. Watch in at least 480p.

le sigh · 23-06-2013 01:41AM

Capt'n Midnight wrote: »

Once upon a time there was a petition against Regan handed in to the US embassy here. They typed all the names in the computer and used it to block people getting Visa's to work in the US.

What was petition about?

Capt'n Midnight · 23-06-2013 02:04AM

I was telling my mate about how the government plant surveillance devices in street equipment.

"That's absolutely ridiculous," replied the lamppost.

PRISM

Comments