AVs Spying on People - Conspiracies

Ever download an app for your android phone? Did you ever check to see all the permissions they have? Pretty much impossible to stay anonymous on the internet now, just do what I do, assume everything you do is not and will never be private.

 

Alternatively, avoid all smartphones aka tracking devices

 

When exactly did the Capitol City of Israel become part of Palestine. I was there & as far as I know it has never ever been part of Palestine.

 

Huh?

It was partitioned until the 1967 war, as I recall.

 

Hello,

Speaking as someone who has worked at a couple of anti-malware companies now, dived into the telemetry (data) collected by software, discussed data collected with other anti-malware companies, operating system developers, etc., I have to say that this discussion has everything completely backwards.

Looking at an individual customers' data is almost completely useless. I mean, it might be useful for sending them a renewal note mailing, or when you are helping them remove malware or troubleshoot an install in a 1:1 support situation, but the value is when you aggregate the results from hundreds of thousand, millions or even tens of millions of systems. That's what allows you to build things like "cloud-powered reputation systems" and the like.

Seeing C:\WINDOWS\SYSTEM32\DRIVER.SYS on a computer with a checksum of 0xABCD1234 (just as a silly example) on one computer at one time doesn't tell you much of anything. Looking at that same file, hash, metadata, etc., across millions of computers lets you do things like assign reputations and risk levels.

Regards,

Aryeh Goretsky

 

http://arstechnica.com/security/2013/10/dear-av-provider-do-you-enable-nsa-spying-yours-eff/

It seems the EFF isn't convinced in the light of Lavabit.

 

True enough, but seeing zeus.zip with the proper hash and metadata might be very interesting

 

I see two potential problems with user data collection:
1. Even if now the AV company respects user's privacy, that doesn't mean that in the future an unscrupulous leadership or even some request from a government won't make them change their minds.
2. Data can be stolen, and the new "owner" would not care about privacy at all.

As for seeing a file that has a certain hash, it is a problem if it falls into wrong hands one way or the other. Think about it: an attacker (hacker/malware writter/government/etc.) that is in possession of the AV data might asses if a piece of vulnerable software is installed on a big number of computers (and on what computers, if IP is logged) enabling him to use this information in attacking his targets.

 

And here Lavabit comes to mind. There is a reason why they shut off their email services. There are 3 other companies that did the same.
Once Uncle Sam comes in and requires AV company to collect "extra info" there is nothing that they can do about it. Lavabit is now fighting in court whether gov't can force a private corporation to wiretap its own users.
So for sure, AV's are not exempt from overzelous 3 letter agancies. Im glad I have switched to Linux. No more AV headaches for me.

 

It's just a matter of escalation at this point. If they can't get you by pressuring the developers, then they focus on exploiting vulnerabilities affecting your hardware, system, and software. If that doesn't go well, they escalate to gaining physical access. A recent article detailed the experience of a journalist by the name of Audrey Hudson. She had the department of homeland security and the maryland police department search her home with a warrant for firearms. The ended up taking confidential documents (notes, etc.) that were not covered by the warrant. So it's safe to say that if they wanted physical access, its wouldn't be hard to come in legally and take your computer, hard-drive, etc. Even if you could argue to get it back, its been out of your control for god only knows how many hours, days, weeks, etc. My information security class would relate this to sever security. If someone can stand in the same room or lay a finger on your hardware. It's game over. Check-mate. It doesn't matter what encryption you use, since you can never guarantee absolute security. It simply doesn't matter what operating system you switch too. Though that may be a positive first step in mitigating your risks.

At this point, I do the bare minimum to mitigate tracking by corporations and I try not to make it easy for someone to just walk in and steal my data. Not that I'm important enough for someone to go through all that effort. At this point, its become a game of who can waste who's time the longest. The federal government or me. Probably the best advise here is to avoid storing personal/confidential information where it is easily accessible. I don't store contacts directly on my mobile device. I don't keep tax information or personal photos locally on my computer. Just general modifications to how you use your computer and mobile device can increase your overall security and privacy. I wouldn't expect your going to dodge the federal government or that you could completely be anonymous from companies without making internet usage an effort.