PRISM

silentrust · 03-07-2013 10:36am

Walker34 wrote: »

First Line of defense "ALWAYS Blame the Other guy"...........the whole terrorist "brand" has been so useful to mask all sorts of dissent ever since Ronnie and Maggie got together in the 80s.....no doubt a product of a Think-tank in the belt around the White house.

An interesting fact I've found out last week is that the number of people accidentally shot by Police Officers since 9/11 is actually greater than the number of people who've died in terrorist attacks - so next time you hear the argument that we need more security, not less... :-)

silentrust · 03-07-2013 10:37am

I am experimenting at the moment with a secure VOIP alternative to Skype, think I'd actually like to create a separate thread about this to ask all your thoughts... watch that space...

Khannie · 03-07-2013 10:50am

silentrust wrote: »

I am experimenting at the moment with a secure VOIP alternative to Skype, think I'd actually like to create a separate thread about this to ask all your thoughts... watch that space...

I am interested in secure VOIP. I considered a very technical solution to it (i.e. well beyond the average punter) which was to host a teamspeak server in my house, then use an SSH tunnel to connect to it. It assumes that the person I want to talk to is in my house of course.

The codecs are all there, so it should be easily do-able.

silentrust wrote: »

Interestingly enough most of the authorised wiretaps seem to be for portable devices like Smartphones, perhaps we shouldn't overlook these?

I tried using openvpn by default on my phone. It absolutely raped the battery (approximately 2x normal drain).

There are good apps available though - AGP + K9 mail on android for PGP. Stuff like that. It's mostly closed source though, which is a pity (the aforementioned two are open source).

silentrust · 03-07-2013 11:04am

Khannie wrote: »

I am interested in secure VOIP. I considered a very technical solution to it (i.e. well beyond the average punter) which was to host a teamspeak server in my house, then use an SSH tunnel to connect to it. It assumes that the person I want to talk to is in my house of course.

The codecs are all there, so it should be easily do-able.

I tried using openvpn by default on my phone. It absolutely raped the battery (approximately 2x normal drain).

There are good apps available though - AGP + K9 mail on android for PGP. Stuff like that. It's mostly closed source though, which is a pity (the aforementioned two are open source).

It's funny you mention it Khannie as I just installed on APG on my humble Samsung smartphone yesterday - I couldn't be happier. My only advice to anyone considering doing this would be to make sure you use gpg on your computer to actually generate your keys, as I can't imagine it's too easy to generate entropy on an Android phone which makes for more secure keys.

I really couldn't be happier especially when I saw that you can use SHA512 in your signatures rather than the easily breakable SHA1 which my usual program GPG4USB makes me use...

Also had to reinstall K-9 afterwards to allow full access to APG for some reason, still why quibble, it's only a one off. (Or twice off...) :-D

I have just posted in another thread here in the Tech Security part about a secure VOIP solution I installed yesterday (along with my partner and immediate family) named Jitsi which uses the ZRTP protocol.

On paper at least this seems to be much more secure than Skype and there's certainly no pre-installed backdoor but would very much appreciate your thoughts on this Khannie as you're more au fait with cryptographic protocols than I am! :-)

silentrust · 03-07-2013 11:07am

At the risk of sounding patronising to those in the know, please do bear in mind that encrypting your e-mails with a program like GPG4USB is an excellent idea but will not in itself protect your e-mails from being intercepted. It would also be very trivial for someone who knows what they're doing to tell that an e-mail came from your particular e-mail address.

If you want anonymity as well, suggest you look at Tormail or I2PMail as previously suggested. They are both very easy to set up, so do consider it if you want that extra guarantee.

Speaking for myself I couldn't care less if the government knows I'm swapping encrypted e-mails as there's no chance in hell I'm going to give them the password but some people prefer to stay out of harm's way... :-D

AnCatDubh · 03-07-2013 1:16pm

Directly related, if people have time on their hands they may be interested in;

Vice-President Viviane Reding will participate today in a plenary debate in the European Parliament on the recent revelations about U.S. surveillance activities and surveillance programmes in various EU Member States. Follow live from 16.00 at http://www.europarl.europa.eu/ep-live/en/plenary/

via EU Justice facebook page

AnCatDubh · 03-07-2013 3:51pm

AnCatDubh wrote: »

Directly related, if people have time on their hands they may be interested in;

via EU Justice facebook page

They've started sooner than originally reported;

live now - http://ec.europa.eu/avservices/ebs/live.cfm?page=2

AnCatDubh · 03-07-2013 4:19pm

AnCatDubh wrote: »

blah..., blah.... [/url]

If interested, here's a transcript link of Ms. Reding's speech;

http://europa.eu/rapid/press-release_SPEECH-13-607_en.htm

bcp · 06-07-2013 11:06pm

riclad wrote: »

I wonder will there be eu versions of dropbox ,
gmail, etc and cloud services.
eg we have servers in sweden , our data is not being
acessed by the us government .

silentrust wrote: »

When the scandal broke I first moved my e-mail address from Gmail to a Swedish provider as I saw an article saying Google Apps had been banned from use by a municipality due to legal concerns about how it uses private data.

Prodigious wrote: »

What VPN do ye use?
When I needed it, I used anonine, thought it was excellent, and because they're in Sweden they have no legal obligation to keep any logs.

oops, Britain and Sweden block critical talks on espionage and intelligence between EU and US

Mastercard and Visa Start Banning VPN Providers?

Following the introduction of restrictions against file-sharing services, Mastercard and Visa have reportedly started to take action against VPN providers. This week, Swedish payment provider Payson cut access to anonymizing services after being ordered to do so by the credit card companies.

“It means that US companies are forcing non-American companies not to allow people to protest their privacy and be anonymous, and thus the NSA can spy even more. It’s just INSANE,” Sunde says.

Anyone still think Assange wasn't screwed over?

Report: France data gathering program compared to PRISM
How many countries is that now? With such data gathering how they did miss boston bombings? Or did they and it's just another way to get people to not have a problem with what their doing by letting it happen?

The Post-PRISM Society: Totalitarian Clouds
Some good observations in this^

A Guardian guide to Extradition
Venezuela, Nicaragua and Bolivia offer asylum to Edward Snowden

Tell-all telephone

NSA recruitment drive goes horribly wrong

Mining PGP Key Servers

If PRISM Is Good Policy, Why Stop With Terrorism?

In other news, I didn't know that I could understand Korean!

silentrust · 06-07-2013 11:13pm

bcp wrote: »

oops, Britain and Sweden block critical talks on espionage and intelligence between EU and US

Mastercard and Visa Start Banning VPN Providers?

Anyone still think Assange wasn't screwed over?

Report: France data gathering program compared to PRISM
How many countries is that now? With such data gathering how they did miss boston bombings? Or did they and it's just another way to get people to not have a problem with what their doing by letting it happen?

The Post-PRISM Society: Totalitarian Clouds
Some good observations in this^

A Guardian guide to Extradition
Venezuela, Nicaragua and Bolivia offer asylum to Edward Snowden

Tell-all telephone

NSA recruitment drive goes horribly wrong

Mining PGP Key Servers

If PRISM Is Good Policy, Why Stop With Terrorism?

In other news, I didn't know that I could understand Korean!

I read about that too re: VPN's although I've placed a few orders using my VISA card in the past few weeks with no noticeable ill effects - I imagine provided you use a sufficiently solvent VPN provider they could switch servers fast enough for you not to have to worry about this overly.

In a way though this could be a good thing, the more they push, the more likely it is that people will start using cryptocurrencies like the Bitcoin to order everyday stuff, might even cause it to rise in value for all those speculators out there... watch this space! :-)

silentrust · 06-07-2013 11:22pm

riclad wrote: »

MY first pc ,had a 5gigabyte drive, 256meg ram,windows 95.
20 Years ago ,it would not have been practical to do such massive surveillance,of millions of users,
Now its possible to to record all text,s , phone conversations ,webrowsing
of anyone who uses the internet,eg millions of people .
And hold onto to this data indefinitely,
hard drive storage is at least 10 times cheaper.
The only people using the internet were scientists, the miltary,academics , students.
NOW most people use the web, they acess credit cards ,use online banking,email, facebook etc

I'll tell you what's upsetting to me in particular riclad is that we've had (PGP) since 1991 , Tor since 2002 and Truecrypt since 2004, all of which can easily be used to protect our e-mails, anonymise connections and encrypt our hard drive and yet most people still seem to be unaware or unwilling to use the freely available tools to protect themselves - one good thing about the whole PRISM scandal as I said is that people now seem to be taking more of an interest, long may it continue!

riclad · 07-07-2013 10:26am

I think prism is the tip of the iceberg ,
eg the usa is recording all emails, phone calls in brazil .
See todays gaurdian uk.
WE need eu law stopping the mass collection of data in one country being sent to another ,
eg uk ,eu, data from internet cable taps , data is being sent direct to the usa from the uk.
I think theres massive surveillance going on in the uk,france ,germany ,
so is there any chance we will get strong eu laws being passed to stop
this?
IT seems theres a whole network of countrys giving massive amount of data to each other without proper safegaurds or oversight for the ordinary citizen .

Dude111 · 08-07-2013 12:05pm

syklops wrote:

Am I freaking out? Nope. Im not doing anything that the NSA would be interested in. If I was, I certainly wouldn't have a gmail account.

Indeed... GMAIL is the worst email server to be on to be quite frank!!

riclad · 08-07-2013 2:31pm

There must be a massive anount of corporate ,business data being recorded.
Would it not be realistic to say the usa might use this knowledge to gain
an economic advantage or for industrial spying purposes .
99.99 per cent of the people being monitored have no connection with
extreme political or terrorist groups.

IT seems to me they are gathering up all the data they can process ,and they have contracts with non us telecom companys to do this ,as
well as us companys who have internet cables all over the world.
This is a massive expansion of us intelligence gathering since 2001.
And alot of this data is in the hands of private contractors ,like where
snowden worked.

Capt'n Midnight · 08-07-2013 3:13pm

riclad wrote: »

There must be a massive anount of corporate ,business data being recorded.
Would it not be realistic to say the usa might use this knowledge to gain
an economic advantage or for industrial spying purposes

Oh wow. Are you perhaps suggesting that that US interest in the Latin America banana republics might in some cases be tied to the economic interests of large US corporations ? :eek:

Of course the CIA is supposed to warn and aid in the event of a trade war or if a whole industry is threatened. It's just a matter of how big a company you need to be to directly benefit from this.

I keep posting this link to show people that none of this stuff is new. The only thing that has changed is that it's now newsworthy.
https://en.wikipedia.org/wiki/ECHELON

ECHELON, according to information in the European Parliament document, "On the existence of a global system for the interception of private and commercial communications (ECHELON interception system)" was created to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War in the early 1960s

Or going back further.
Remember the Royal Mail was setup so that the government of the day could intercept letters. This is why they had a monopoly, which they retained for 350 years.

Or to reduce to it's most simplistic level.
The combined budget of the US intelligence agencies is about $75 Billion a year and we've had 2,500 years of people knowing that messages were being intercepted. The only surprise is people not being able to put two and two together.
Histiaeus tattooed a message on a slaves head in 499BC.

silentrust · 08-07-2013 3:23pm

Dude111 wrote: »

Indeed... GMAIL is the worst email server to be on to be quite frank!!

This article debunks the "nothing to hide" myth nicely I think:

http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html

AnCatDubh · 08-07-2013 11:16pm

silentrust wrote: »

This article debunks the "nothing to hide" myth nicely I think:

http://www.computerweekly.com/blogs/the-data-trust-blog/2009/02/debunking-a-myth-if-you-have-n.html

Very interesting and well written article. Rather scarily, I think we aren't a million miles away from some of what is described - perhaps as yet without the retribution. Sure, it won't be happening to everyone and for the vast majority of us will thankfully never have it visit our doors, but it will happen to someone if not today then maybe tomorrow, or the next day, and that is broadly why we should all be concious of privacy and security matters and why your personal data being warehoused (paricularly against your knowledge/will) is a really bad idea.

riclad · 09-07-2013 2:07pm

IF you had said 2 years ago all usa gmail , webrowsing , mobile phone metadata was being recorded AND there,s backdoors in skype, and windows os,
FOR nsa interception ,
you would have been labeled a leftwing paranoid extremeist.
And the uk is sending masses of data direct to the nsa ,
from internet cable taps.
IS THERE loads of muslim terrorists in brazil.
i dont think so.

IT Seems this spying is going on wherever the us government can reach ,
eg against usa allies and other countrys.

IN the last 3 years theres alot of hype about big data,
cloud computing.

YEAH ,put all your data in the cloud,
where it can be accessed by us intelligence service s.

Most of the court orders to fisa are secret ,
many companys that get a court order to monitor a person,or company are not allowed to disclose this to anyone.
IT seems the usa intelligence service is out of control ,
along with the usa military/industrial contractor complex.

it follows pournelles law of bureaucracy ,
the first duty of a state body is to grow and protect itself ,
Regardless of the cost or effects on the taxpayer.
ITS like in ireland we have some quangos which have no purpose but to provide wages and pensions ,
for civil servants eg the senate.

clairefontaine · 10-07-2013 8:38am

Good article from the atlantic own how to hide from the NSA.

http://www.theatlanticwire.com/technology/2013/07/so-you-want-hide-nsa-your-guide-nearly-impossible/66942/

silentrust · 10-07-2013 9:45am

clairefontaine wrote: »

Good article from the atlantic own how to hide from the NSA.

http://www.theatlanticwire.com/technology/2013/07/so-you-want-hide-nsa-your-guide-nearly-impossible/66942/

An excellent article Claire thanks, glad to see that Redphone and Textsecure are recommended for Android Smartphones! :-p

What's pleasing is that the article draws the distinction between the actual content of messages and metadata - it seems PRISM was designed to hoover up the latter e.g a list of e-mails you sent, to whom and when, rather than reading the content of each one but as the article says if the companies listed are able and willing simply to hand over your user data, you're sunk without a trace.

The most secure method of exchanging e-mails at least is to use Tormail + GPG, however of course this won't necessarily protect you from "evil maid" attacks and keyloggers. I am going to write a short piece on this in the OPSEC section in the Survivalism thread, would be very interested to hear all your thoughts.

Walker34 · 11-07-2013 2:06pm

I think the damage limitation line on this reads "Ah sure we all do a bit of snooping, who among you cant say you have listened to the guy outside the pub having a row with his girlfriend outloud.......blah blah blah, now lets have a nice little segment of breaking news about the pandas and the queen mum."

Did any of you guys see the Mark Thomas stunt he pulled over Menwith Hill back in the 90s where he got a couple of mates up in a hot air baloon with mobile phones and they all start saying the dreaded trigger words like "Ak47,Sadam Hussein,Gerrey Adams,etc .He was highlighting the spying back then.....he had planned to get a baloon made in the effigy of Sadam and fly it over Menwith at the time, which would have been an act of war at least. Its still on youtube, ye should check it out for a good laugh.

riclad wrote: »

IF you had said 2 years ago all usa gmail , webrowsing , mobile phone metadata was being recorded AND there,s backdoors in skype, and windows os,
FOR nsa interception ,
you would have been labeled a leftwing paranoid extremeist.
And the uk is sending masses of data direct to the nsa ,
from internet cable taps.
IS THERE loads of muslim terrorists in brazil.
i dont think so.

Walker34 · 11-07-2013 2:14pm

Its here....

http://www.youtube.com/watch?v=IBksQsAZ2hQ

Capt'n Midnight · 11-07-2013 9:47pm

Again a reminder that this sort of stuff has been known about for ages the only change is that it's now newsworthy. It's the old days it was eavesdropping and phone tapping only difference now is that there are more message formats these days and more automation.

And if you were wondering about comms companies being loyal to their customers you have to remember that the Government will pay them far more for your info than you do. The old "follow the money" rule applies.

http://www.businessinsider.com/the-business-of-surveillance-requests-2013-7

AT&T, for example, imposes a $325 "activation fee" for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Rep. Edward Markey, D-Mass.
...
Technology companies have been a focus of law enforcement and the intelligence community since 1994, when Congress allotted $500 million to reimburse phone companies to retrofit their equipment to accommodate wiretaps on the new digital networks.
...
AT&T, for example, said it devotes roughly 100 employees to review each request and hand over data. Likewise, Verizon said its team of 70 employees works around the clock, seven days a week to handle the quarter-million requests it gets each year.
...
The ACLU's Soghoian found in 2009 that Sprint had created a website allowing law enforcement to track the location data of its wireless customers for only $30 a month to accommodate the approximately 8 million requests it received in one year.
...
In 2009, then-New York criminal prosecutor John Prather sued several major telecommunications carriers in federal court in Northern California in 2009, including AT&T, Verizon and Sprint, for overcharging federal and state police agencies.

Capt'n Midnight · 11-07-2013 10:32pm

Torqay · 12-07-2013 9:33am

How Microsoft handed the NSA access to encrypted messages

Team sport!

Khannie · 12-07-2013 10:45am

Torqay wrote: »

How Microsoft handed the NSA access to encrypted messages

Team sport!

Wowzers. That is shocking. And depressing.

limnam · 12-07-2013 10:49am

Richard Stallman must be doing cart wheels

Capt'n Midnight · 12-07-2013 11:13am

Khannie wrote: »

Wowzers. That is shocking. And depressing.

Anyone remember NSAkey ?

https://en.wikipedia.org/wiki/NSAKEY

Khannie · 12-07-2013 12:28pm

limnam wrote: »

Richard Stallman must be doing cart wheels

Unfortunately he's too much of a mentaller for anyone to really listen to him without adding several pinches of salt (all IMO etc. etc.).

silentrust · 12-07-2013 12:35pm

My favourite so far, the Kremlin are apparently buying typewriters in light of the PRISM scandal:

http://www.bbc.co.uk/news/world-europe-23282308

Edit : The article has reminded me that typewriters might afford a greater degree of privacy but not anonymity. Apparently it is fairly easy to determine if a written document comes from a particular typewriter if you can examine the machine in question.

PRISM

Comments