NSA has direct access to tech giants' systems for user data, secret files reveal

For the most part, I agree. What people need to see and understand is how all these separate issues connect into one very ugly picture. When the sum of the pieces equals world domination and control of the masses, politics is little more than red tape and distraction from the problem. That said, I don't believe that we can draw a line between the technology, concepts, language, etc of the 20th and 21st century. Such a line is very artificial, based on nothing more than a calendar date. IMO, doing so would also perpetuate another problem that people have been "programmed" to believe, namely that newer is better. Too often, newer is not better for the average person. Too often, newer means more convenient in some respects but more complicated in others. It often means dependence on other technologies or services over which we have no control. It often translates into unrepairable or maintainable by the average person.

As good as a forum can be for discussing issues, I question if a topic this broad could be confined to one forum. I sure wouldn't want to be the one maintaining that forum or cleaning up the spam once big money's sock puppets get there. Where and how are big questions for topics like this.

 

Reading the crash reports as a way of spying is interesting. What about Windows Updates? It seems to take forever for MS to check my system for updates. Most 3rd party programs can check to see if an update is needed in a matter of seconds. I realize MS must check to make sure the OS license is valid but that should not take long either. Is the monthly MS update done over an encrypted network? Or is it possible MS is gathering every bit of system and user info possible and sending all that to the NSA? Maybe that explains why updates take so long?

 

I honestly think it takes a while simply because the servers are just slow. I've never known the update process on Windows to be quick and painless. Like I said before though, there is very little left that can be ruled out when it comes to this NSA stuff. I never send crash reports, so I'm not sure if that method still works. Sending vs not sending doesn't seem to make much of a difference.

 

It wouldn't surprise me if Windows Update was also a user data collector. It's been a long time since I've used Windows Update. I've often wondered if their online activation is part of a fingerprinting process. Unless you're working with a virtual system or connecting through another computer that uses Tor, it's very difficult to keep that PC from being tied to your IP address the moment it's put online. On the older systems, one could stop the OS from calling MS with the right hosts file entrie. If I understand it correctly, the newer operating systems disregard the hosts file for system level processes. IMO, if the user doesn't take steps to prevent an OS from calling home from the first day, it's nearly futile to implement it afterwards. That's one of many things I like about a PC using this OS. It doesn't see the internet at all until it's completely equipped and configured.

Regarding crash reports, I'm not sure that MS is the only one we need to worry about, especially when you consider their ability to intercept traffic before it reaches its destination. How much unique info would a crash report from a browser contain?

Between the material Snowden leaked and discoveries made by others regarding modems, routers, and the PCs themselves, I have to wonder how effectively we can resist or fight surveillance without some major changes in the way we approach the problem. Thanks to corporate complicity, the new hardware can't be trusted.
Example: How do you deal with a potentially backdoored modem? Unless one knows how to code firmware, I'm not sure that there is a real solution, but there may be options that are adequate. Although it's basically on-topic, a discussion of the details would get lost in this thread. Should we have a separate thread for discussing ideas for mitigating the threat of potentially compromised hardware? I'm completely convinced that there's more than enough skill, imagination, and "out of the box" thinking in this group to address problems like this, once the specific issues are identified.

 

I think it is reasonable to assume crash reports contain more than just crash report data. I doubt the NSA would waste their time intercepting crash reports unless there was more to be gained than just crash reports. I also think it is highly likely MS can target specific Windows PC's or all Windows PC's and install whatever they want disguised as a part of Windows Update.

 

Well sure, it's all closed source anyway. I don't believe MS would intentionally and without a lot of pressure install anything insidious. But my belief proves precisely squat. The long old and tinfoil hat discussion about backdoors built into Windows is a fairly reasonable assumption at this point. No one from MS is going to tell you there is, and the whole thing is closed to outside eyes so who really knows anymore. I will say this however, mobile operating systems worry me more in that regard than Windows. Yes, Android is "open", but mobile makes things awful easy on eavesdroppers and sneaky installs without a very effective way of shutting them out, unless you're willing to not have most of the abilities that give mobile a point to exist.

 

If a backdoor does exist in Windows, chances are that very few of the people there know about it. Development there is very compartmentalized.

Regarding "smart phones", I seem to recall a thread here mentioning that they have 2 operating systems, only one of which is accessible to the user. I have no use for a smart phone or any other portable phone so I haven't kept up with the subject. People need to take a closer look at why they need or want these things, starting with identifying what they really need and separating those from things that they just want, and whether they really need all these things integrated into a single package that isn't really under their control. On my home PC for instance, there are times I use a webcam or a microphone. That definitely doesn't mean that I want them hooked up all the time or for them to be available to someone else. On my PC, I can guarantee that they're not exploitable by unplugging them. It's not so easy on a smart phone.

 

Correct, the Baseband, or "Cell Radio", runs it's own, antiquated, OS. Hopefully someone will take a look at these in the near future.

 

anyone have this link or more info on this issue? no luck for me on a google search...

 

A few, which may overlap:
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
http://www.androidauthority.com/smartphones-have-a-second-os-317800/
http://dwaterson.com/2013/11/18/vulnerabilities-of-the-second-operating-system-of-your-smartphone/

 

thanks for the info

 

@ acr1965

If you havn't already, these are Very good too as they include mobile info as well

http://leaksource.wordpress.com/201...nearly-every-major-software-hardware-firmware

http://www.cryptome.org/2013/12/Full-Disclosure.pdf

 

ok will take a look, thanks

 

NSA statement does not deny 'spying' on members of Congress.
http://www.theguardian.com/world/2014/jan/04/nsa-spying-bernie-sanders-members-congress

 

Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

Posted by MrBrian; Dr. Joseph Bonneau Wins NSA Award, Criticizes NSA link

Bonneau, software engineer at Google;

 

Agree to a point. They definitely have a role in creating stronger encryption methods, user apps that employ them, methods of defeating tracking users can implement, protocols that don't reveal anything that they don't need to, etc. I see all kinds of new apps for encrypting and anonymizing chat, cell phones, etc, many of which use the Tor network. Tor Browser and Tails have become quite good. IMO, the developers, engineers, researchers, testers, etc have done and are doing their part. Tor is an effective anti-surveillance tool that's legal in most of the world. The NSA, by their own admission is frustrated by Tor. This leads to one question. Why is it that we still don't have 1000 exit nodes? All of the anti-surveillance measures, tools, networks, etc won't mean a thing if we don't use and deploy them in quantities that will make a difference.

 

Running a Tor exit relay is nontrivial. You don't want to do it from home, or from a small business, because your gear may be impounded during investigations of abuse. But there aren't many hosting providers that permit exit relays. NGOs with substantial resources are probably the best option.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

Fighting global surveillance is non-trivial. There's nothing trivial about resisting big money, period. We're not going to affect global surveillance by taking trivial, risk free steps. The engineers and developers who are making the tools we need will take a lot more harrassment than those running exit nodes. It isn't that hard to set up an exit with a reduced exit policy. Such a policy will eliminate most of the abuse issues. My exit is low bandwidth and has a reduced exit policy. The bandwidth makes it less desirable for videos and torrents but is more than enough for web browsing, chat, and smaller downloads. I have yet to see complaints or harrassment. Anyone who effectively fights corporate/government surveillance is going to experience some harrassment. If the threat of harrassment is all it takes to keep people from resisting global surveillance, then we might as well give up now.

 

@noone_particular

It's great that you're going that. But you are attracting attention.

It's quite a paradox. Generally, few of those who need the anonymity that Tor can provide will want to risk running exit relays. So it's left to those who strongly support privacy, but don't need anonymity.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

That's fine. I'm sure that every one of the 900+ exit nodes get their attention. If I can convince even a few to run relays and exits, there's that many more that they have to pay attention to. Besides, a decision I made at a previous job already got their attention, and came with consequences.

That does seem to be the case. My online activities don't require Tor, but many others do. For some, their lives depend on it.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer.

-- Tom

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

NSA Refuses to Answer to Congress.

-- Tom

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

The NSA has a point. Without the Patriot Act and FISC, the NSA would be easier to reign in. Congress kind of did it to themselves and then got the public stuck in the mess. If they actually are above everyone, then that means that even the Supreme Court is inferior..and that's a huge problem. FISC should not be the one renewing programs, and it is FISC that is the real problem, not the NSA. After all, the NSA is just the hand doing the work of FISC. Kill the Patriot Act, dismantle FISC and your absolute power problem begins to be controllable again. But if Congress won't at least do one of those things then they might as well just throw in the towel because it's a runaway train.

 

Re: Dr. Joseph Bonneau (Google engineer) Wins NSA Award, Criticizes NSA

The bold 'willingly' is not correct. It should read 'wittingly'.
The first would imply perhaps any reluctance on the part of the NSA. (lol)
James Clapper testified 'not wittingly'/civilians, you can all go you-know-what yourselves. link or link

As stated, an innocent error.