Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ten Steps You Can Take Against Internet Surveillance

Soulskill posted about a year ago | from the encrypt,-encrypt,-encrypt dept.

Electronic Frontier Foundation 234

Hugh Pickens DOT Com writes "Danny O'Brien writes for the EFF that as the NSA's spying has spread, more and more ordinary people want to know how they can defend themselves from surveillance online. 'The bad news is: if you're being personally targeted by a powerful intelligence agency like the NSA, it's very, very difficult to defend yourself,' writes O'Brien. 'The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.' Here's ten steps you can take to make your own devices secure: Use end-to-end encryption; Encrypt as much communications as you can; Encrypt your hard drive; Use Strong passwords; Use Tor; Turn on two-factor (or two-step) authentication; Don't click on attachments; Keep software updated and use anti-virus software; Keep extra secret information extra secure with Truecrypt; and Teach others what you've learned. 'Ask [your friends] to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node; or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.'"

cancel ×

234 comments

Sorry! There are no comments related to the filter you selected.

Use end to end encryption? (4, Insightful)

bazmail (764941) | about a year ago | (#45246079)

Good idea, but can't really see that catching on, unfortunately.

Re:Use end to end encryption? (1)

phantomfive (622387) | about a year ago | (#45246099)

And it doesn't always work, because one end is compromised.

Re:Use end to end encryption? (0)

Anonymous Coward | about a year ago | (#45246329)

You're probably right. People are too lazy. They can't be assed to spend 10 minutes to set it up, thereby having it for the entire future.

But there's no fundamental reason why it can't catch on. It's easy, and free, and good even if not perfect. People COULD chose to use it. They just don't generally give a shit, and won't lift a finger to fight the surveillance state.

Not as good as this: (0)

Anonymous Coward | about a year ago | (#45246747)

Do all encryption on YOUR end ONLY. Never give away unencrypted datastreams or keys, ever!

Technically, it's feasible. Not always convenient, but feasible.

Re:Use end to end encryption? (0)

Anonymous Coward | about a year ago | (#45246843)

Me neither. I wouldn't use Gmail, Twitter or Facebook. Encrypted or not.
I use IPv6 over IPv4 and my own encryption. /64 networks are cool.

Re:Use end to end encryption? (0)

Anonymous Coward | about a year ago | (#45246885)

I use ssh for remote access, surely that is end to end encryption? Same for sshfs . . .

Boycott of US & UK products (1)

Anonymous Coward | about a year ago | (#45246085)

Less money for these countries could mean less money for privacy invasion agencies.

Re:Boycott of US & UK products (4, Insightful)

Anonymous Coward | about a year ago | (#45246113)

They'll just take it from the healthcare and education budget allocations. They don't give a fuck. Its all about protecting their own positions of power against the plebs.

Re:Boycott of US & UK products (0)

Anonymous Coward | about a year ago | (#45246401)

Nevertheless, I will start to boycott these countries. I cannot accept this kind of behavior.

Re:Boycott of US & UK products (0)

Anonymous Coward | about a year ago | (#45247085)

Slashdot is an American company. Bye.

Re:Boycott of US & UK products (1)

shentino (1139071) | about a year ago | (#45246509)

They might do that anyway to keep the plebs dumb and helpless.

It's hard to use your brain to defend yourself if the powers that be have laid siege to its food supply.

Re:Boycott of US & UK products (3, Insightful)

amiga3D (567632) | about a year ago | (#45246171)

Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.

Re:Boycott of US & UK products (1)

Burz (138833) | about a year ago | (#45246495)

Really? It's not like the US and UK export all that many products. Boycotts are almost always a waste of time.

Um, we're not talking about washing machines here. Ever hear of Cisco?

Re:Boycott of US & UK products (0)

Anonymous Coward | about a year ago | (#45246779)

The estimates for revenue lost for US based tech companies already range in the area of tens of billions of dollars. So clearly boycotting has already in such a short time had significant impact on the ICT sector.

Big foreign companies are now taking information security seriously and it shows.

Steps You Can Take Against Internet Surveillance (4, Funny)

MRe_nl (306212) | about a year ago | (#45246093)

Step one: Don't post on forums.

Re:Steps You Can Take Against Internet Surveillanc (0)

Anonymous Coward | about a year ago | (#45246143)

Especially Slashdot.

Re:Steps You Can Take Against Internet Surveillanc (1)

ubrgeek (679399) | about a year ago | (#45246895)

Nah. Posting here is fine. The SNR is so high NSA decided it wasn't worth bothering to filter through everything.

Re:Steps You Can Take Against Internet Surveillanc (5, Insightful)

girlintraining (1395911) | about a year ago | (#45246179)

Step one: Don't post on forums.

Step Two: Terrorists Win.

When you opt not to speak out against the government out of fear of reprisal, then you effectively have lost your right to free speech. Forums like Slashdot need to embrace the use of proxies like Tor, etc., instead of shutting them down with giant ugly off-red pages saying "Blocked!" Anonymization services like Tor are invaluable for creating a safe haven for free speech; in countries like Iran, North Korea, United States, France, Iraq, and Egypt, people are being harassed, arrested and imprisoned for chastizing the government for being a police state. We need websites to publish information about these governments' activities for the world to see, and sites like Slashdot that block Tor and similar technology are simply enabling those governments to build a digital iron curtain around themselves to lock down political dissent.

Re:Steps You Can Take Against Internet Surveillanc (0)

Anonymous Coward | about a year ago | (#45246311)

Step three: online petitions and celebrity videos count for nothing. Write, call, fax and email (all of them!) your locals that get to play in DC.

Re:Steps You Can Take Against Internet Surveillanc (5, Interesting)

t4ng* (1092951) | about a year ago | (#45246331)

Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if the NSA really has any decent spying capabilities at all. What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.

All these "leaks" about the NSA spying on everyone in the world could just be a desperate attempt by a government that realizes it has very little real control over people to try to keep people in line. Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.

Re:Steps You Can Take Against Internet Surveillanc (4, Insightful)

girlintraining (1395911) | about a year ago | (#45246601)

Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if

Back up the fail train there. The NSA wasn't tasked to find the Boston bomber, the FBI was. And they did. Bengazi is a figment of the tea party's over-active imagination -- there's no evidence that anything other than poor judgement and incompetence at a local level occurred. And Snowden... well, that's the only thing you mentioned that has any weight. The NSA management was warned about him long before "the incident" by Homeland Security. They ignored that warning. The case can be made this was a mistake -- but it seems from the after action reports online they're addressing their structural/organizational deficits that allowed it to happen post-incident. The fact is, there's always a risk of a defector, no matter how good your agency is. Every major intelligence agency from every major government in the world has had it happen. This is not a statement on the overall competence of the NSA as an intelligence organization.

What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.

That's pretty much the working definition of law enforcement everywhere, man. There's only 1 police officer for every, what, 10,000 citizens? It's a practical impossibility for the NSA to do all the things the tin foil hat brigade claims they're doing -- monitoring everyone's cell phones, everyone's e-mail, the entire internet... and just to keep things interesting, doing all that while cracking foreign powers' high level cryptography and military communications systems. To do everything they claim they're doing, even assuming their technology is twenty years more advanced than the civilian sector equivalents, would imply multi-trillion dollar budgets per year to sustain and a workforce vastly higher than the numbers available suggest.

Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.

The data collection is a massive operation because the data being sent only has data retrospectively; When they identify a potential suspect for development, based on those "classic investigation techniques", without that infrastructure they're starting at day zero. But if everything is logged, they can proceed immediately with looking into his/her background and recent communications. In the intelligence world, there are three things that give an asset value; Timeliness, accuracy, and analytical support. It does you no good to find the terrorist after the bomb has gone off, it does you no good to identify the wrong person, and it does you no good to have all the information that could have met the first two criterion if nobody analyzes it and suggests a course of action (arrest, drone strike, whatever).

Once you understand that the analytical side of the intelligence cycle is the real bottleneck here, you quickly realize that the NSA can't possibly care about your marijuana stash, or even the warrant for your arrest. To develop leads and maintain a solid intelligence cycle, they can only focus on a tiny fraction of the data they're pulling in... so unless you're a .01%'er in the world of terrorism, counter-intelligence, spying, or foreign military... forget it. They don't care.

Re:Steps You Can Take Against Internet Surveillanc (5, Insightful)

whoever57 (658626) | about a year ago | (#45246877)

Back up the fail train there. The NSA wasn't tasked to find the Boston bomber, the FBI was.

Back up the strawman train there. The GP was pointing out that the information gathered by the NSA failed to prevent the Boston bomber, and
prevention is what the NSA claims that its massive surveillance program does.

In reality, what it does is undermine democracy. What if the NSA discovered some embarrassing material relating to Dianne Feinsteinn and is using it to blackmail her to support the NSA? How do you know that it hasn't happened? The answer is that you don't and that's why democracy has been undermined. What would Herbert Hoover would have given to have the information that the NSA has?

Re:Steps You Can Take Against Internet Surveillanc (1)

grantspassalan (2531078) | about a year ago | (#45246621)

The government has never shown that spying on millions of people has netted them any real valuable information, such as preventing terrorism. If the NSA wants to know that I am going to visit my grandson on the weekend, who cares? Most things that most people communicate about, whether on the phone or on the Internet are so mundane, that if the NSA would pay attention to all that, they would all die of boredom. There are thousands of websites where hundreds of thousands, if not millions of people have made negative comments about our government.

If the government wanted to arrest everyone that has made in some cases some very nasty comments about Obama and his administration and other politicians, they would need a huge army of goons willing to do the dirty work and would overcrowd our prisons to the bursting point.

Instead of wholesale spying on everybody, the NSA could concentrate its resources on targeted surveillance on people that are already suspect of suspicious behavior or that they may be warned about by other governments. If they had done that, they could have most likely prevented the Boston Marathon bombings.

Re:Steps You Can Take Against Internet Surveillanc (0)

Anonymous Coward | about a year ago | (#45246751)

Using any of the above might raise some flags, but to use all 10? Are you kidding me? You might as well just set up shop at your local NSA office..

use Tor (0)

Anonymous Coward | about a year ago | (#45246105)

I would have thought using Tor would be the last thing you'd want to do, taking into account the fact that most of the .onion sites are now massive honeypots.

Re:use Tor (2)

amiga3D (567632) | about a year ago | (#45246187)

Not only that, I expect Tor users get special targeting. It's most likely considered probable cause for a warrant to bug your house.

Speaking of SSL (0)

Anonymous Coward | about a year ago | (#45246117)

Speaking of SSL, is Slashdot ever going to support it for anything more than the login page?

Re:Speaking of SSL (1)

ravenlord_hun (2715033) | about a year ago | (#45246145)

If you want to post something on ./ that warrants HTTPS, you are probably already doing it wrong.

Re:Speaking of SSL (2)

bmo (77928) | about a year ago | (#45246211)

I use https because I don't feel like broadcasting my slashdot (and others) username and password to all and sundry over unencrypted wifi.

--
BMO

Re:Speaking of SSL (2)

ravenlord_hun (2715033) | about a year ago | (#45246245)

I thought the login was already HTTPS though, and only the rest site isn't. So your password should be safe. People may read your (publicly available) comments over wifi, though!

Re:Speaking of SSL (3, Informative)

maxwell demon (590494) | about a year ago | (#45246787)

The authentication token goes over the net for each access (or how else is Slashdot to know whether you are the logged-in person?)

Re:Speaking of SSL (1)

lgw (121541) | about a year ago | (#45246925)

Just because you don't understand someone's desire for privacy, you argue he has no need for that privacy? Attitudes like that are why TFA had to be written in the first place.

Don't ever argue for less privacy. This is just like security - you take the least privilege you can and offer the best security you can; it's not a question of why. Give the user the most privacy you practically can in every way that you practically can - it's not a question of why, that's a broken mindset.

Better to vote out the scum that runs the country (1)

Anonymous Coward | about a year ago | (#45246159)

Better to vote out the scum that runs the country: All of them.

Re-elect no one.

End perpetual war. Bring the Army back within the borders. Allow Japan, South Korea and Australia to take the lead in their own defense. Disband the obsolete Joint Military Command, NATO.

Re:Better to vote out the scum that runs the count (1)

amiga3D (567632) | about a year ago | (#45246201)

Ah! A fellow isolationist. I with you brother, that makes two of us.

Re:Better to vote out the scum that runs the count (0)

Anonymous Coward | about a year ago | (#45246263)

I favor perpetual war. Other than that, his ideas seem good.

Re:Better to vote out the scum that runs the count (1)

Anonymous Coward | about a year ago | (#45246283)

Careful! I think that other guy is a government informant ...

Re:Better to vote out the scum that runs the count (1)

Maintenance Goof (1487053) | about a year ago | (#45246517)

As a true isolationist, I don't want anything to do with you two!

End to end encryption on /. (2, Funny)

Anonymous Coward | about a year ago | (#45246175)

when i use https://slashdot.org/ [slashdot.org] i feel more secure, even if it redirect me the http:/// [http] because it do that in a secure why...

Do you think you are special? (3, Insightful)

Calibax (151875) | about a year ago | (#45246177)

According to news reports, there are around 1000 analysts at NSA engaged in surveillance. Let's assume half of them are looking at foreign traffic and half at domestic traffic. That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

Personally, I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Re:Do you think you are special? (0)

sI4shd0rk (3402769) | about a year ago | (#45246221)

What makes you think you are special enough to deserve their attention?

What makes you so damn selfish that you only care if the government abuses you? Is it not a problem if they abuse anyone? There are people who are 'special enough' for the government to harass.

You're trivializing the issue, and I strongly suspect it's because you don't truly understand the situation.

Re:Do you think you are special? (1)

amiga3D (567632) | about a year ago | (#45246255)

People who want to blow things up need to be hunted down. They and others with bad intent should be abused. The problem is their idea of "bad" has become so broad as to encompass a lot of people who are no threat to anyone but themselves. You might be just a little paranoid though.

Re:Do you think you are special? (5, Insightful)

sI4shd0rk (3402769) | about a year ago | (#45246531)

What the hell? You think spying on everyone so we can maybe catch a few terrorists is acceptable in a country that's supposed to be the land of the free and the home of the brave? You think it's okay for our government to blatantly violate the constitution and then claim that they didn't actually do so because some secretive court rubberstamped general warrants?

You might be just a little paranoid though.

There has never once been a government that has failed to abuse its powers throughout history. Why do you believe me to be paranoid when I suggest that allowing the government to collect nearly everyone's communications is an awful idea? Do you believe the people in the government to be perfect angels? I do not understand why you would say such a thing otherwise.

I hope you were joking; otherwise, you are profoundly ignorant and naive.

Re:Do you think you are special? (2)

PolygamousRanchKid (1290638) | about a year ago | (#45246249)

What makes you think you are special enough to deserve their attention?

Well, if you are the ex-girlfriend of an NSA analyst, you might be special. Although, I guess that doesn't apply to Slashdotters.

Maybe an NSA analyst has a grudge against you, dating back from High School times . . . ?

In Soviet NSA, everyone gets their attention . . .

Re:Do you think you are special? (0)

Anonymous Coward | about a year ago | (#45246251)

This is nonsense. There is always a chance that you could be harassed. There have been people who have been harassed by the government merely for making a bomb joke; why do you have so much faith in these thugs that you believe they won't take things out of context, or abuse the data outright? Has there ever been a government that hasn't abused its powers throughout history? No. So, why are you not worried that government thugs are collecting this much data?

I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

They're both extremely creepy, but I don't see Facebook et al. ruining my life through the use of prison and violence; usually, only governments have that sort of power.

Re:Do you think you are special? (0)

Anonymous Coward | about a year ago | (#45246361)

You should be worried. Just because you believe you are following the law today, doesn't mean you will tomorrow. It doesn't take much to make ordinary activities "illegal".

And your analysis of 1 person for every 70K people is so very flawed. Ever heard of pattern recognition? You don't need to comb through records by hand anymore.

I dare you to start making lots of small transfers between different bank accounts. See what happens next, just for fun.

Re:Do you think you are special? (1, Interesting)

girlintraining (1395911) | about a year ago | (#45246393)

Let's assume half of them are looking at foreign traffic and half at domestic traffic.

Bad assumption. The NSA's primary focus is foreign surveillance. It's right there in their mission statement that the tin foil hat brigade apparently has never read. The only reason they have taps on wires domestically is because much of internet travel originates, passes through, or is destined for, an IP address located outside of the US. Even the President of the United States has said as much. The NSA does gather information for domestic surveillance operations, but it's disengenuous to suggest they are providing high level analytics along with the captured data -- their role within the government is to gather intelligence, sort it, package it, and provide a deliverable intelligence product to other organizations. The NSA is basically tech support for the FBI, CIA, DHS, DEA, etc.

What makes you think you are special enough to deserve their attention?

When I was born, my mom thought I'd be President of the United States or some-such. Maybe they're just pre-emptively guarding me for my future ascention to the throne, did you consider that? :P

Personally, I'm much more concerned about the way commercial organizations are spying on us.

As am I. People yell at me on Slashdot all the time: "Why do you use Tor?! It's been compromised by the NSA!" Okay, sure... but who said I care about the NSA? I mean really guys...

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Let me put the actual risk in perspective. I know someone who is on parole for a previous drug conviction. This individual regularly uses their cell phone, much of it via text messages, to arrange drug deals. So here we have an ex-felon, on parole, who is trading in Schedule I drugs on a daily basis, using what has been widely panned as the single biggest device used by the NSA to track us all... No black helicopters have come for this individual to date, and this person has been doing it for two years so far.

Guys, be glad you aren't getting all the government you're paying for. I mean it; for all this crap about government surveillance on everyone... there's a shockingly low amount of critical thinking going on about how, exactly, the government would go about doing this with its existing labor and financial resources.

Re:Do you think you are special? (0)

Anonymous Coward | about a year ago | (#45246429)

1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

If I were that analyst, I'd set up a program to search for the bad guys. I know, I'll add people to the "no fly" list if they mention buying drugs in their posts.

Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.

Bingo! Add "Calibax" to the list.

Re:Do you think you are special? (1)

CrimsonAvenger (580665) | about a year ago | (#45246461)

Personally, I'm much more concerned about the way commercial organizations are spying on us. I think the loss of privacy to Facebook, Twitter, LinkedIn, Google, and other social media is much more creepy than some secret government bureau knowing that I called my parents 3 times last week.

So, you're "much more concerned" about social media spying on you than the Government, even though the Government gets the take from the social media PLUS their own "special" modes of spying....

Re:Do you think you are special? (0)

Anonymous Coward | about a year ago | (#45246539)

How is garbage like this getting modded up? I didn't think Slashdot was so accepted of the 'Nothing to hide, nothing to fear' crowd.

Re:Do you think you are special? (4, Informative)

auric_dude (610172) | about a year ago | (#45246547)

If using Moilla Firefox then add the lightbeam aka collusion addon https://www.mozilla.org/en-US/lightbeam/ [mozilla.org] then visit a few sites just to get an idea of how special the avertising companies think you are. This will work better if you disable Noscript, Requestpolicy, Httpeverywhere and whatever else you use to keed your surfing safish. Security services may not have the time to monitor your movements across the web but plenty of commercial companies do have the time, the kit and yet pay you nothing for thed ata they collect and I expect sell on to others.

Re:Do you think you are special? (1)

Maintenance Goof (1487053) | about a year ago | (#45246549)

It's not that I am special enough for their attention. It's that I am really boring. Surveillance duty on me is an internal punishment. The nice thing about being watched is that whenever my phone is getting bad reception all I have to do is say the magic phrase, "Jehad Pressure Cooker!" and my phone reception becomes perfect!

Re:Do you think you are special? (2)

Burz (138833) | about a year ago | (#45246563)

Its the threat that they can decide to make you "special" when and if it suits their cronies' prejudices and career prospects.

Do you think you are special?

We heard this kneejerk rejoinder all through the 2000s-- an attempt to stop critical thinking because it causes people like you too much cognitive dissonance. But that's the cop-out BS which landed us in the situation we have now.

Chickenshit apologists, take a backseat.

Sock puppet, begone! (5, Insightful)

Okian Warrior (537106) | about a year ago | (#45246635)

According to news reports, there are around 1000 analysts at NSA engaged in surveillance. Let's assume half of them are looking at foreign traffic and half at domestic traffic. That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

Okay, let's look at those statistics more closely.

500 analysts for 350 million people continuously is 500 analysts for roughly 1 million people per day each year, or roughly 1 analyst is spending an entire day looking at 2,000 people. Each year. So there's a 1-in-2,000 chance that sometime this year, an analyst will be pawing through your online behaviour.

(Of course, if you assume that the analyst spends 1 hour on each person, it drops to 1-in-250 chance that sometime during the year you will be "analyzed" by an NSA agent.)

Now consider the power of computers. Is it reasonable to think that 1 computer could collect and analyze the E-mail and online speech of 2,000 people in a single day of compute time? Assuming you put certain keywords in your online text ("I'm going to kill some time this afternoon by watching the presidential debate"), how likely do you think it will be that you win the 1-in-250 chance?

Let's add in ambiguous laws. The recent trend is not to charge people with doing harm, but conspiracy for doing harm. One recent news report told of a couple of people charged with "conspiracy to join Al-Qaeda". Note that these two people didn't do a terorrist act, they didn't contribute to a terrorist group, and they weren't even a member of a terrorist group. They were talking about joining a terrorist group. People are commonly charged with "conspiracy to grow marijuana" (google has many links).

We've reached the point where you can be arrested when no overt crime has been committed.

There's a recent news story where, for the first time, the DOJ is informing a defendant [usatoday.com] that they used NSA/warrant-less surveillance to gather evidence. They used mass surveillance to get enough probable cause to apply for a real warrant which resulted in evidence of a crime.

The important bit of the previous is that the DOJ was conflicted about revealing this information. The prosecutor felt that it was only a "procedural decision", since no evidence from the mass-surveillance warrant would be introduced at trial. (A couple of lawyers in the DOJ argued for disclosure.)

All evidence indicates that they analyze everyone's online presence all the time, and use that information to pick-and-choose people for prosecution when no overt crime has been committed.

Sock puppet, begone!

Re:Sock puppet, begone! (1)

Anonymous Coward | about a year ago | (#45246837)

You are assuming that analysts are working 24 hours per day. You are also assuming that they have nothing better to do than look at random people. They don't have time for that - they have their hands full with people who have come to their notice either through a pattern of behavior (such as attending a terrorist course in Pakistan or a similar place) or because they associate with people who have done that.

Analysts aren't looking for random law breakers, they are looking for people believed to be planning terrorist acts. If they find someone of interest, for whatever reason, they will be spending days, weeks, months on that person. They aren't looking for you, unless you fall into the category of people that they are tasked to find.

Re:Do you think you are special? (1)

grantspassalan (2531078) | about a year ago | (#45246683)

My wife and I recently searched the Internet for some shoes for her and now I see lots of ads for shoes. What is so bad about that? I would rather see that than random ads for condoms or sex enhancement drugs.

Re:Do you think you are special? (1)

Luke_22 (1296823) | about a year ago | (#45246761)

That's 500 analysts for 350 million population, or 1 analyst for every 700,000 people. What makes you think you are special enough to deserve their attention?

But since you have so many people to check, doesn't that mean that they are going to make a massive use of automation to do the checks?

Remember how good the spamfilters are? And they are designed against something extremely frequent

Now remember how infrequent a terrorist attack is? And what about that False positive paradox [wikipedia.org] ?

It's not about feeling special or not, it's just the the system is broken by design... and the algorithms are surely perfect...

Re:Do you think you are special? (1)

Anonymous Coward | about a year ago | (#45247059)

I will make this more blunt. Here is how the NSA has affected me:

1: NIST records have given me a security baseline. Most is common sense, but other stuff like esoteric Solaris features come in handy.

2: NSA-derived algorithms like DES, even with its tiny keylength have stood the test of time.

3: They did a lot of work fixing Linux (SELinux), and a heap of work locking down OS X. OS X is a lot more secure with even stuff like storing passwords securely than it was in the path.

This is how private snooping have affected me:

1: I had a picture of me posted onto Facebook when I was wondering in a humidor. A week later my health insurance company demanded I have a physical with bloodwork or else pay higher rates retroactively as a smoker.

2: I had friends of mine turned down for jobs because a private party branded them as "racist." The cause? Asking why we should press 1 for English.

3: I have gotten turned down for a job because some behavioral tracking place had me stated as a "gun nut", and chasing this trail down, this came around because I liked a page about camping equipment, and apparently it flagged me as a survivalist type.

4: A friend of mine got permanently banned from a store chain, not because he was arrested, but he mentioned doing something goofy over 15 years ago, twice the limit on the statute of limitations, and something caught it.

5: The ad companies seem to not be able to keep their servers clean, and in my experience, the #1 vector for malware are ad servers.

6: Some companies I have to use Facebook to authenticate to their services, and they demand their application (with the permissions to slurp anything they so choose) have access. It becomes harder to keep things separate so company "A"'s info isn't accessible and salable by company "B".

So, given the NSA versus greedy companies, I'll take the NSA any day. At least they don't take every click I make on my computer, each E-mail I send to an unsecured endpoint, each TV channel I watch, each IP packet coming out of my computer, and sell of that to anyone that wants.

Lets be real; I fear companies like Facebook more than the NSA because the NSA actually has to keep mum or else they blow their hand. FB can sell anything they want even if I'm not using their service by using data dredged up from other people. FB also has taken over a lot of communication vectors. Think people check E-mail over a FB message? Yeah right. To boot, last time a friend sent me a PGP message, it was refused. If the NSA actively blocked messages in transit that were not easily readable, there would actually be real people putting their foot down.

Finally, the NSA gives a shit about security. Private companies don't give a flying fuck about it because to them, it has no ROI.

Run a Tor node????? (1)

NoNonAlphaCharsHere (2201864) | about a year ago | (#45246181)

More like "Steps to take to get on an NSA watchlist". Maybe use IRC a lot in your spare time.

Re: Run a Tor node????? (0)

Anonymous Coward | about a year ago | (#45246291)

Good. Get thousands of innocent people willing to show the government how useless bulk spying can be. That's the point of the post.

Re:Run a Tor node????? (0)

Anonymous Coward | about a year ago | (#45246827)

That is the main problem. They fucking need to accept that they can't know what ordinary people are talking about.

10 Steps You Can Take Against Rapists (2, Interesting)

Anonymous Coward | about a year ago | (#45246203)

Wear unattractive clothes, don't wear makeup, stay sober, don't flirt, don't leave drinks unattended, don't be out after dark, don't be out alone, learn to cook, find a good husband, teach others what you learned.

Re:10 Steps You Can Take Against Rapists (1)

Anonymous Coward | about a year ago | (#45246259)

Feminazi moderator doesn't get it.

Re:10 Steps You Can Take Against Rapists (1)

gmuslera (3436) | about a year ago | (#45246327)

Forgot to add live locked in your house, and don't talk to anyone. Lets put all the blame on you, not on the rapists. That is what is doing the NSA&US government, becoming liable for try to live in freedom, anything that you in public/internet/wherever do could make turn you into a target.

There is only one way (1)

nurb432 (527695) | about a year ago | (#45246219)

Don't use the network. No matter what you do to prevent it, there are holes if you are well funded ( and have the fear of the 'law' behind you )

Re:There is only one way (1)

cpghost (719344) | about a year ago | (#45246535)

No, not using the network makes you even more suspicious. In fact, it makes you a prime suspect nowadays! Use the network in a "harmless" way, i.e. in a way that doesn't give away information about you. Be as invisible as possible, by blending in with the sheep. Just don't draw attention to you, even if you're not a person of interest.

Re:There is only one way (1)

Tablizer (95088) | about a year ago | (#45246577)

Don't use the network

But carrier pigeons make too much of a mess in the backyard, and their cooing bothers the neighbors.

What about email (1)

mpol (719243) | about a year ago | (#45246225)

Maybe I'm naive or ignorant, but what can a normal user do about e-mail?
Most e-mail from ISP's runs over port 25, and it all gets logged by logboxes and tappers. I don't think the default for an MTA is port 465 or 587, but still 25. If I'm wrong. please correct me.
What should be done here, can someone inform me. Is there something a user, admin or mta-developer should do here?
I read my mail over imaps and pop3s, and store it on my own-hosted imap server. But what to do about smtp-traffic?

Re:What about email (0)

Anonymous Coward | about a year ago | (#45246309)

Maybe I'm naive or ignorant, but what can a normal user do about e-mail?

It's hard to hide WHO you are talking to, which is a big problem. But you can at least hide WHAT you are saying.

Use public key crypto. That makes it hard for your traffic to be intercepted. Sure, if the NSA is after you in particular, you are fucked no matter what you do. But for the vast majority, the threat is "casual interception" where they are logging everybody's traffic "just in case". And that, you can do a lot to combat.

GPG is free, easy to use, and there are plugins or native support for all kinds of mail and IM programs. Use it.

Re:What about email (1)

mpol (719243) | about a year ago | (#45246319)

I know GPG. But I do not know anyone who is using it. I haven't seen a gpg-signature in years, except my own :).

Re:What about email (0)

Anonymous Coward | about a year ago | (#45246389)

True, the "network problem", where not enough people use it to achieve critical mass.

But the only way to get there is for people to adopt it, and to help their friends and family adopt it. There has to be enough people using it for it to catch, but that'll never happen if nobody starts.

Re:What about email (1)

CRCulver (715279) | about a year ago | (#45246507)

But the only way to get there is for people to adopt it, and to help their friends and family adopt it.

Friends and family are likely using Windows, which is already compromised, so having them adopt GPG won't offer any resistence against government surveillance. It would just be a false sense of security.

Re:What about email (0)

Anonymous Coward | about a year ago | (#45246639)

Just because something isn't 100% perfect doesn't make it not useful at all. It's known that the NSA is doing widespread surveillance. It's highly doubtful that they have specifically targeted everyone by compromising their machines. Yes, if they are after you in particular because they think you are a terrorist or whatever, you are fucked. But that isn't true of the vast majority.

The perfect is the enemy of the good. It's easy to throw up your hands and say "there's no point". But there IS a point, and it DOES help. A lot. If everyone used it, the society wide dragnet they have in place now wouldn't be working very well, at least for IM and email, and phone if we had decent encryption available for voice comms.

nonsense, that's just cowering (1)

rubycodez (864176) | about a year ago | (#45246293)

Quit voting for mega-corporate bitches like Obama or most Republican candidates. Quit voting for those that support the police-state policies of Bush/Cheney and Obama administrations. Make people aware of what is happening to their freedoms. Raise awareness.

Re:nonsense, that's just cowering (0)

Anonymous Coward | about a year ago | (#45246571)

Who do you recommend to vote, then?

Re:nonsense, that's just cowering (1)

sI4shd0rk (3402769) | about a year ago | (#45246609)

Why can't you do both?

Re:nonsense, that's just cowering (1)

grantspassalan (2531078) | about a year ago | (#45246933)

I don't think it is possible to vote FOR anybody anymore. What we can really do is to vote ALL all the scoundrels out of office by voting out EVERY person now in office. Sure that might mean throwing out a few good eggs with the rotten ones, but most of the eggs in the box that have been in the box for an awful long time are rotten and stink to high heaven.

That does not mean that those who are running against them are all that much better, since the really decent, smart and good people have long ago given up running for public office, especially the higher positions, because of the muddy election campaigns, where complete life history of a candidate is put in the public spotlight. Because nobody is perfect and everybody makes mistakes and those mistakes are most likely information available to the political opposition, these mistakes then end up in the headlines.

The perhaps lesser scoundrels hoping to benefit financially from public office and endure that public election ordeal, would get the message from the voters that they can be thrown out by the electorate and that it will take at least a while for most of these newly elected ones to re-establish the bribery networks the present ones now have with the lobbying establishment.

OFFLINE (0)

Anonymous Coward | about a year ago | (#45246299)

Start by closing your Slashdot tab.

Girls! (0)

Anonymous Coward | about a year ago | (#45246399)

From one of TFA:

Promote CryptoParties to rebellious 13 year old girls. Declare success if rebellious 13 year old girls demand to attend your parties.

Hanlon's razor tells me that is just a bad wording, right?

EFF instructions don't work (1)

mutube (981006) | about a year ago | (#45246403)

The video on the EFF site gives instructions for downloading a Vidalia Bundle for Mac - but this doesn't exist on the Tor website. The only downloads that I can see available are the 'Tor Browser Bundle' which is an auto-launching Tor node and browser combination.

So you can't run a node without a Tor browser window open all the time?

Re:EFF instructions don't work (1)

alostpacket (1972110) | about a year ago | (#45246975)

IIRC the "Vidalia Bundle" is just an older name for the "Browser Bundle"

Re:EFF instructions don't work (1)

alostpacket (1972110) | about a year ago | (#45247021)

Sorry, my above post is not entirely correct. it seems, for Windows at least, it Vidalia control panel is included in the Browser Bundle.

https://blog.torproject.org/blog/plain-vidalia-bundles-be-discontinued-dont-panic [torproject.org]

Not sure about OSX/Linux, but I assume it is similar

Also... (1)

gmuslera (3436) | about a year ago | (#45246405)

... switch to alternatives like the ones proposed in http://prism-break.org/ [prism-break.org] . Won't be fail safe, but will be some steps closer. And will add enough a bit of sand in the NSA machinery. In some point they will have to choose between snooping only on "easier", in the open, targets, focus in very specific people, or try to cope with the amount of people using open and with safe encryption people (and risk meltdowns [slashdot.org] because people sharing lolcats in encrypted channels)

Run a Tor node? (0)

Anonymous Coward | about a year ago | (#45246419)

Why is the EFF suggesting that people run Tor nodes? It has already been leaked that running a Tor node automatically makes you a "terrorist" and a target to the NSA. Seems kind of counter-productive to me.

Re:Run a Tor node? (1)

sI4shd0rk (3402769) | about a year ago | (#45246589)

Why is the EFF suggesting that people run Tor nodes?

Presumably, that's if you want to help other people out.

Re:Run a Tor node? (0)

Anonymous Coward | about a year ago | (#45246631)

Which I support. Except our government seems to be under the assumption that running a Tor node means they have a reason to hack into your system. There was an article on this here a few weeks back.

NSA (0)

Anonymous Coward | about a year ago | (#45246445)

Half of those are paranoia. The other half should be used anyway, if only to defend from the Nigerian Stealing Apparatus.

Add to that list: if you receive a call from Microsoft trying to fix your computer, hang up.

Run a TOR Node? (1)

turgid (580780) | about a year ago | (#45246485)

Are you nuts?

What sort of people run TOR nodes? Have you been following the news [channel4.com] ?

You'll be straight on the authorities' list of very-likely-some-kind-of-crimials. Probably a terrorist, drug addict/dealer, paedophile or pirate of Madonna/Boys-R-Us/One Direction/Lady Gaga music.

Intel Inside (1)

SuperCharlie (1068072) | about a year ago | (#45246487)

I saw a news story yesterday saying that Snowden has dirt on Intel but hasnt released it yet. Chances are good that your processor is probably compromised. Its a no-win deal here.

Re:Intel Inside (0)

Anonymous Coward | about a year ago | (#45246701)

Or maybe Intel was planning to announce the chips with Christina Aguilera in the EEUU [youtube.com] like they did in Asia with Girls Generation [youtube.com] . Man, those nine cores are hot!

Run! (1)

cookYourDog (3030961) | about a year ago | (#45246497)

In instances like these, I find it best to do what my uncle taught me to do: roll up into a defense ball.

No one wants to eavesdrop on a naked, crying, obese man laying in the fetal position. No one.

Just be more prudent (4, Interesting)

cpghost (719344) | about a year ago | (#45246503)

When using the network, always assume that you're being under observation... and act accordingly. Give less private information to the world. In fact, apply the principle of "need to know" in reverse: if the world doesn't need to know that you've taken your dog out 2 hours ago, then don't post it. Don't even mail it to your friend using PGP. It's as simple as this. Really. Be less talkative, be less open, and be more suspicious.

By the way, thanks NSA for forcing us to censor our thoughts in our head, before we even write them down and tell them to someone. I couldn't have imagined that we'd come to live in a totalitarian-like world (at least that how it feels when you apply censorship in your head) just a few decades after the Iron Curtain was torn apart, and that this totalitarian world is being brought forward by a western country that formerly championed free speech and freedom in general.

Ten steps? (0)

Anonymous Coward | about a year ago | (#45246527)

That's a lot, surely they could sum up this complex issue into a neat 3-step article.

Un-standing out is standing out (1)

Tablizer (95088) | about a year ago | (#45246541)

If you use "excessive" methods to hide, then you may be flagged as suspicious, because typically mostly criminals and terrorists take such extra measures. Better to act mostly average and fill up your traffic with BS chatter like "OMG ponies!".

Shortsighted Article (0)

Anonymous Coward | about a year ago | (#45246545)

They forgot the most obvious, Do NOT use PRISM firms, like Facebook Twitter, Skype etc

Heap best way, um (0)

Anonymous Coward | about a year ago | (#45246661)

Use American Indian smoke signals.

The NSA as a distraction (1)

wjcofkc (964165) | about a year ago | (#45246695)

Remember the Occupy movement? We seem to have forgotten everything that stood for in favor of the NSA. Funny thing that. Perhaps only so many battles can be fought at once, but I think that was a better starting point. After all, they are in bed together.

Windows (2, Insightful)

Princeofcups (150855) | about a year ago | (#45246811)

"use anti-virus software"

Just come out and say it. Don't use Windows.

How about running your browser as another user (1)

Marrow (195242) | about a year ago | (#45246869)

I think one of the biggest risks is drive-by infections. I have been thinking that running my browser as a different (underprivileged) user might be a nice added layer of insulation. You could add that user's group to your extended group list and still get all the files. But it could not get at yours.

EFF are losing their edge (4, Interesting)

Burz (138833) | about a year ago | (#45246879)

We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.

If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.

The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, [geti2p.net] which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).

Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.

In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).

Re:EFF are losing their edge (0)

Anonymous Coward | about a year ago | (#45246989)

> If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info.
As far as I know, the exploit executed code on the user's machine which then gathered the external address and local MAC address and sent it off to the NSA & FBI. Of course that specific exploit only worked on one specific version of the bundle and one specific OS (Windows). If, however, there was an equal exploit that could be triggered on a Qubes user (ability to execute code on the local machine), exactly what protections are in place to prevent gathering their real external IP, MAC, and forwarding it off to the attacker?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?