Discussion in 'privacy general' started by Dermot7, Jun 6, 2013.
Because we have a sliver of freedom left and more likely because he hasn't yet become a target.
I thought I made it more clear than I did I guess. The administration is keeping the necessary information from Congress and the Supreme Court. Time and again they have either outright refused by claiming national security, or handed over documents so heavily redacted that they're almost rendered useless. Are you not paying attention to American media enough? They keep renewing every bill and the Patriot Act that allows for all of this to happen. They don't have to change anything, all they need to do is change the language a bit, which they have repeatedly done, and passed it on through. The opposition is outnumbered by the alliances.
Of course it's also the people on the outside. I've already said a lot of people don't "get" it yet. Are you agreeing that they are right to suspect people who use VPNs and such? Do you too think they are future threats and criminals? If you do, I've got nothing else to say to you except wake up. Spying on Putin is okay? So when he does it back, that's okay too? It better be, or else we look like the biggest hypocrites on the planet..which we already do. You can't tell one part of the world they can't do something, but it's okay if you or your friends do it.
You're not too familiar with politics I assume? Did you notice that a good portion of the Congress that was questioned about it consisted of people who supported the administration? Do you really think if they knew they would pop up on CNN and say "Yep, knew all along, our bad"? Again I've already said it, but those committees are composed of mostly administration supporters. How do bad things like the Boston incident happen under that much surveillance? Overload of irrelevant data, not enough flesh and blood agents out in the field, and the usual bureaucracy..the same bureaucracy that brought about 9/11. The NSA has said before that they can't keep up with all the data, and they aren't even the ones doing the sifting through it all. Third parties do that and then hand over the flagged data to the NSA for a further look.
It's more sensible to expect more incidents instead of less the way things are currently done. You ought to know they are doing too much when they have to build an entirely new facility out in Utah to help handle their work.
Edit: I wanted to pop back in here to make sure you understood my comments weren't an attack on you. But it is very very easy to misunderstand all this if you aren't following the situation very closely and some really do have the line of thinking that it's "just metadata" and it doesn't mean anything. You really should also be very much against any censorship in the form of blocking you from seeing or hearing something, or targeting you for investigation any methods of securing yourself against unwanted intrusions from criminals or overzealous governments. If you let it be okay to be suspicious of you for looking for TOR, you end up letting it be okay to suspect you anytime you view, hear or speak any information that doesn't agree with the beliefs or desires of someone else. When you let that happen, you become a slave.
The NSA has been in a feeding frenzy since 9/11. It's a military operation, and war is its lifeblood. It relies on FUD to generate support. And it's not just "the NSA". It's also the massive cloud of consulting firms, with incestuous agency connections, fighting turf and funding wars over often duplicative projects. Although it's not so much in the news these days, the War on Terror is alive and well, sucking resources from other sectors.
He got the job because he had the best connections.
From documents leaked by Snowden, and from former NSA managers, it's clear that the agency's organizational structure is extremely complex. Working groups isolated by "need to know" policy can span areas and levels of the overt management structure. Such situations can then be exploited in turf and funding wars. And then there are the numerous reports, internal websites and blogs. Plus all the reports, internal websites and blogs that summarize, often redacted for general circulation, other reports, internal websites and blogs. And many of them are never read by anyone with authority to do anything.
That's why NSA leadership doesn't really know what the NSA is doing, or what it's learned, except perhaps in retrospect.
It's the FUD of war
Again, it's the War on Terror. Administrations change, but the war continues. And it's a war that can never be won.
I totally agree with you on the War on Terror, it has caused far more damage than it has prevented. We're never getting out of the Middle East now, in fact we're right back in Iraq again. But that's a different discussion. No, it isn't just the NSA, you're right. It is indeed all those entities you mentioned, especially the consulting firms. But the current administration is enabling all of this even more than normal because they view themselves as untouchable. No one should ever be above the law or the Constitution. If the people in charge now did not view themselves as such, we wouldn't be in this big of a mess. The NSA and the CIA will always do as they do, but it's the people watching over it all that are saying "Go further, we have your back". That can't keep happening.
Washington Post Above the Fold Front Page Headline:
Ordinary Web users far outnumber foreign targets in conversations intercepted by the NSA
Non-targets far outnumber targets in NSA collection
Barton Gellman, Julie Tate and Ashkan Soltani 8:46 PM ET
EXCLUSIVE | A huge cache of agency-captured messages provided by Edward Snowden illustrates the extent that untargeted individuals get caught in the net of surveillance – and shows the former NSA contractor had access to FISA content. .................
"In NSA-intercepted data, those not targeted far outnumber the foreigners who are
Files provided by Snowden show the extent ordinary Web users are caught in the net
http://www.washingtonpost.com/regional/?reload=true (Requires Registration to Access the Story-Only requires giving email and name I think))
"Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post.
Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.
Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents......
Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless..................
Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge............
No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects — not only from its targets but from people who may cross a target’s path.......""
Full Story Here:
Yes, it's getting worse, from what I hear. But the political stuff is arguably just part of the bread and circus.
But anyway, politics is off topic here. What's relevant is how we can protect our privacy and freedom, and how we can help others do the same. No?
I don't think you can really separate the two in this instance. Given the NSA's capabilities which will continue to expand only a political/legal solution offers a reasonable chance of protecting privacy, and the chances of obtaining that are virtually nil.
Face the facts: We live in a Surveillance State ostensibly created to protect the USA from terrorist attacks, which it does attempt to do, but which also has morphed into a means of protecting the interests of the rich and powerful from individuals who threaten their interests and ultimately to prevent/put down social unrest when America awakes and sees through the charade of democracy in which they live.
Case in point: the coordinated state,Federal,Fusion Center surveillance and needless police brutality used to snuff out the First Amendment Rights of those involved in the 99% movement, the anti globalization movement, and most recently environmentalists and animal rights activists.
""Those who would sacrifice liberty for security deserve neither."
Benjamin Franklin, 1755
Edit: More speculation
Mirimir, I don't want the thread shut down either. But we've discussed the technological aspect of it for months now. Nothing has changed on that front, no new tools have come forth that are better than the ones we've already discussed hundreds of times in thread after thread. It may be off-topic, but the fact is that this is a political battle that can now only be won through political action. That's it, period, end of discussion. No amount of hiding behind proxies and PGP is going to fix this or end it. The mods can close the thread if they wish, as it is their website and not ours, and remind us all again of the 'rules", but it changes nothing. We're past TOR and VPNs now, as the saying goes, the poop has hit the fan.
That's all coming anyway. We're already back in Iraq, we've been back a few weeks.
I am as disgusted as anyone about our surveillance/corporate state, but I think that this thread should be closed. Means of trying to protect privacy can be discussed in other strictly technical threads. Our discussion in this thread, and I am as guilty as anyone, has gone beyond the purposes of this most valuable security Forum.
Electronic Privacy is dead. And absent a revolution it will remain so.
This subject is by necessity political, and there are an abundance of political forums where it can be appropriately be discussed.
If this thread continues in its current direction we may find that anyone visiting Wilder's will be placed on the targeted list, if we haven't been already. Where is there a better source of information about securing electronic privacy? And that's who the NSA has been targeting -- those seeking information on electronic privacy. Pretty scary thought.
Let's maintain the purity of this, the best, security forum.
I visit this site to keep informed on PC security threats, new malware threats, PC security products, and solutions, not to discuss the abuse of political and governmental power.
I think the length of the thread alone and its contents still existing is a bit of a sign that the mods realize the same thing we do, that there's no point in continuing discussion without the political aspects. If we're just going to keep rehashing the same Faraday cage/TOR/VPN crap we have 100 threads for, then there is little point in even going on. We're screwed until we get better tools and the politics change.
While Cryptome may be (yet again) blowing smoke, I suspect that we're about to learn a whole new level of horror in the NSA story. But who knows?
And then there's the bad news about Tor that's coming soon: https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget. But maybe they're blowing smoke, too, and just have tweaks on these:
Johnson et al. (2013) Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
Jansen et al. (2014) The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
Okay, although my opinion still is the same, let's try to reign this back in. I would have a difficult time advising people to trust TOR too much. With everything happening to exit node operators, ease of setting up fake nodes and stuff like you're linking, it seems to be that TOR is weakening as an option. Is it better than nothing? Maybe, I'm not all that certain. I don't know if I would readily say anyone is blowing smoke. Once upon a time the NSA spying report was considered BS too. What may not be happening now isn't guaranteed to not happen at a later date.
According to a report by German publication Der Spiegel, an elite team of NSA hackers
called the Tailored Access Operations unit may be using the NSA's XKeyscore spy tool to
grab Windows crash data from the Internet traffic it captures.
According to Websense Security Labs this data is transmitted in "cleartext" without encrypting
what can be quite sensitive information, such as the make and model of the machine, BIOS
version, ID and installed applications.
Affected versions of Windows include Windows XP, Vista and 7 and Microsoft application crashes
on Apple OS X. Windows 8 enforces the recommended TLS encryption on all stages of telemetry
reports to WER.
Key, that report has been out for a while now, though it shouldn't be forgotten.
Yep, your right. This particular thread is long and my search terms came up empty on the subject so I posted.
Yes, Tor's design is showing its age. The NSA at least is a global active adversary that Tor was never designed to protect against. And the availability of low-cost multicore servers with fat pipes has made malign relay attacks vastly more effective, even with entry guards. But it's far too early, I think, to lose faith in the Tor Project
From what I've read on tor-talk, conviction of that Austrian exit operator is hardly relevant, even for the Tor community in Austria. It's all just FUD (except for the unfortunate young man, anyway).
Well, but see FUD stops being FUD when human lives are disrupted or ruined. And yeah, you're right, cheaper tech has made it so much easier to break down walls. Especially when you have billions to pour into doing it. His conviction is quite relevant if it scares people away from operating nodes.
True, but we are many, and we have resources too.
That is by far the most important issue.
Your previous posts blame the White House. What I say is that the Congress, the courts, and the people share the blame. The Congress and courts have the autority or can give themselves the autority to demand full accounting and they can force changes. But they do not. They are mostly comfortable with how the current situation is.
I am not saying I do agree. I am saying how the average American probably feel. When I say Tor users are of course suspicious, I mean that sarcasticly.
The members of Congress now are campaing for elections in 3 or 4 months. How many are saying they feel it is very important to change how the intelligence agencies operate? What American political media are discussing this as part of the news about the elections? Is this topic a high priority in the current election season? Is it what the voters say they are concern about? Are the polls of expect voters that the media publish asking questions about changing the surveillance?
I think the answers to these questions is that this is a very low priority for most candidates specially those already in office, and for the American media, and for most of the American public.
Which mean they are mostly comfortable with current situation.
No, the thread should not be closed. It is place where there are posts describing each new revelation about how extensive the surveillance is and about how the surveillance works.
To know how to protect your self on the internet, the reader need to understand the kinds of threats there are, which is what this thread is discussing.
It is only off-topic when start blaming specific political figures or complain about US involvement in Iraq and such like.
Everything so far now indicate too late for that by a few years.
The technological and political aspects are inseparable for one simple reason. In order to mitigate surveillance, tracking, etc, it is necessary to understand who is using these tools against people, who their allies are, and why they're doing it. Without those connections, the discussion is limited to weapon vs weapon, measure vs countermeasure, etc, which is basically useless. It's one thing to say that our phone and internet activities are being monitored. It's an entirely different matter when we understand that it's being done with the collaboration of the telecoms, ISP backbone companies, and the internet giants. Mitigating surveillance on this scale requires a completely different response, like an Open Source meshnet that doesn't rely on their equipment and isn't subverted by them.
Regarding Tor and whether one should trust it, IMO Tor is trustworthy but is becoming increasingly vulnerable to a global adversary. Its biggest weakness is the small number of relays and especially exit nodes. It's not hard for a global adversary to monitor 1000 exits. It would be much harder against 50, 000. Half a million would make it impossible. No matter how big global surveillance gets, the advantage of scale lies with the people. We could create more relays and exits than all the worlds governments combined could ever monitor. Tor does need to evolve with a global adversary in mind. IMO, Tor's biggest weakness in this regard is that all traffic uses a single path. All traffic goes from one relay to the next, then to an exit. A global adversary can monitor timing and traffic volumes for each node. If Tor split the traffic into 3 paths, each using the same type of relay arrangement that's used now, timing and traffic volume attacks would be mitigated. If Tor worked like this, it would be very hard to monitor, even for a global adversary.
Tor, encryption, privacy packages, and secure communications are all effective tools for trying to promote change, but the tool that is needed most is missing. That tool is the means to hold elected officials accountable, not just for their actions in office, but for lying and misrepresenting their intentions when running for that office. The offices of elected officials have been turned into commodities. Most of the time, the candidate with the most money behind them gets the office. Under the existing system, the only effective way to run for office costs big money, money that comes from the same big corporations that have subverted the government. Our "choices" are limited to candidates that big money has already approved of and financed. The equipment that counts the votes and the software that runs on it is intellectual property that has never been publicly verified for accuracy or integrity. The company that builds these voting machines has effectively claimed ownership of the vote counting. Look up Diebold Accuvote for more info, including material posted in this forum several years ago. These are the things that we need to change the most. This level of change will have to be forced because no elected official will truly support it. The only way we can end mass surveillance is by creating the means to hold those we elect accountable and eliminating corporate control of the election process. If you want proof of who the NSA and government really work for, watch what happens to those who organize such an effort.
Separate names with a comma.