Keeping Your Data Private From the NSA (And Everyone Else) 622
Nerval's Lobster writes "If those newspaper reports are accurate, the NSA's surveillance programs are enormous and sophisticated, and rely on the latest in analytics software. In the face of that, is there any way to keep your communications truly private? Or should you resign yourself to saying or typing, 'Hi, NSA!' every time you make a phone call or send an email? Fortunately there are ways to gain a measure of security: HTTPS, Tor, SCP, SFTP, and the vendors who build software on top of those protocols. But those host-proof solutions offer security in exchange for some measure of inconvenience. If you lose your access credentials, you're likely toast: few highly secure services include a 'Forgot Your Password?' link, which can be easily engineered to reset a password and username without the account owner's knowledge. And while 'big' providers like Google provide some degree of encryption, they may give up user data in response to a court order. Also, all the privacy software in the world also can't prevent the NSA (or other entities) from capturing metadata and other information. What do you think is the best way to keep your data locked down? Or do you think it's all a lost cause?"
Run your own servers and use encryption (Score:5, Informative)
Security through obscurity (Score:5, Informative)
1. Use an email provider nobody's heard about.
2. Keep social network data private, more importantly don't post anything sensitive.
3. Don't engage in terrorism, they really hate that.
4. Somewhere between "get off Windows" and use a live disk, I don't think any OS is truly secure.
5. Don't save anything locally, keep your accounts hidden, no email notifications.
Wave at the black SUV outside your window as not having any traceable data may warrant suspicion in itself.
Move to SA (either one).
Re: Can't have it all. (Score:5, Informative)
Actually, privacy isn't mentioned in the Bill of Rights at all. It has been inferred though not explicitly mentioned.
Re:Can't have it all. (Score:3, Informative)
Or you're a tea party supporter trying to start a nonprofit.
Solutions = encryption + decentralization (Score:4, Informative)
The solution is encrypt everything (OpenPGP for emails, etc.), plus decentralization. If everyone either hosted their own email, or used a minor hosting company, then it would be much more difficult for the NSA to round up all those emails. Then, if even half the population used OpenPGP for emails, we could hide in the mass, and the NSA etc. will have no hope of reading all those emails.
As soon as you have just a few spots (e.g. FarceBook, Google-, Murdoch'sSpace) that host the significant majority of a certain type of communication, then you have a huge weak spot. Solution is decentralization and federation.
Use tools like Diaspora, StatusNet, Jabber, SIP, and email. Don't use tools like Skype, Yahoo Messenger, AIM, Facebook, etc.
See also: http://autonomo.us/ [autonomo.us] and particularly Reducing vulnerability to massive spying with free network services? [autonomo.us]
Re:Can't have it all. (Score:2, Informative)
Hint: It's the part that indicates the list isn't all inclusive and that reserves all rights not enumerated therein to the people. Or is that too far in for you to read?
Re:SSL / TLS ? (Score:4, Informative)
Re:Run your own servers and use encryption (Score:4, Informative)
Yes, which is why i've been using PGP for emails to/from my more nerdy family and friends for a while.
Used to be a free plugin for those of us cursed with using Outlook, now paid.
I should take a closer look at this, I suppose:
http://code.google.com/p/outlook-privacy-plugin/ [google.com]
Of course, other options exist. Enigmail for Thunderbird works OK too, apparantly...
Is it just me, but how hard would it have been for Microsoft, Apple & Lotus/IBM to have rolled this type of functionality into the base product?
(And don't tell me a corp like Exxon or whatever would find it too hard to swap certificates with its major supplier & customers, also presumably mostly big corporations with a vested interest in keeping their emails secure)
Why did they not, eh? Conspiracy theorists, off you go!
Re:Can't have it all. (Score:5, Informative)
Is not their problem if you feel that you don't have anything to hide. You could be committing 3 felonies a day [wsj.com] without being aware of it. Anything that you did in your past could be used against you, even if not a matter of national security, or against some friend to frame you if they think you did something wrong. And could be in your side to prove that you are innocent, something that could be costly if even possible.
And not forget that the **AA are in bed with them, the wrong you did could be having a background music in the video you took in a birthday party or that silly theme that you were singing with your friends when drunk.
Don't think just in the present, and your precarious today's safety, Things will change. And for worse.
Re:Run your own servers and use encryption (Score:4, Informative)
This. Servers you control, communicating using strong encryption set up by yourself alone.
And even this assumes that the NSA doesn't secretly have any cracks for any strong encryption algorithms. Rumor is they've found a way to efficiently brute-force low-level AES.
Re:Why the hell are people accepting this? (Score:5, Informative)
According to wikipedia, in 2001 in the US 42,196 people died in traffic accidents.
According to Wikipedia in 2001 (A crappy graph) approximately 8000 people were killed with handguns in the US.
Someone tell me why the threat of terrorism gets so much attention.
Would take effort (Score:4, Informative)
You could...
Host your own mail server. Of course, you'd probably have to upgrade your internet service to a tier where incoming mail ports aren't blocked. You'd also need to have SSL/TLS support, ensure everyone whom you email hosts their mail on your server and that you can personally trust them. Not exactly practical.
Instead of Skype, use a decentralized chat system like RetroShare. Takes some doing to trade PGP keys with friends, but works.
Use an encrypted proxy for all of your surfing. Practical and quite easy.
Use encrypted SIP for VoIP communications. No idea how easy or difficult this is, haven't researched it.
Throw away your landline and cell phone. Goodbye 911 service.
The point is that the middlemen have proven themselves unworthy of our trust and we should seek to avoid them. The larger and more daunting point is that this breakdown of trust could ultimately lead to a society's collapse.
Re:Run your own servers and use encryption (Score:4, Informative)
But the NSA says it's just collecting the metadata on communications, not the actual communications. So while encrypting the message in your email may prevent them from (easily) reading your email, they still see that you sent or received an email and who it was coming or going to.
enter torbirdy.
torbirdy is a addon for Thunderbird email client routing all you email through tor. You can also use a tor hidden email service let them try and unravel who is communicating with who then. you can also use tor with pidgen chat client, and pgp encryption all they will get is random noise lost in the tor network. the problem is trying to get the muggles to bother to use/learn these.
as it stands today we have all of the technology needed to make prism virtually useless for anything, the problem is the general populous overwhelming apathy and lack of interest as long as they can play stupid facebook games. As long as most the average joe doesn't care enough to act we all are vulnerable we have to communicate at the lowest common denominator. i would love to move all of my communication to double public key encrypted obfuscated triple proxied tor hidden service hosted secure goodness, but grandma can barely handle facebook. so we are all stuck with cc'ing everything to nsa/cia/fbi/homeland.
Re: Can't have it all. (Score:2, Informative)
Re:HTTPS is not safe either (Score:3, Informative)
You don't understand how PKI / X.509 works.
The CA signs the public key. The private key is not shared with the CA, the CA is not able to decrypt messages. The NSA, potentially having access to the CA's private keys, cannot simply decrypt your messages.
The NSA could very likely have their own "approved" signing key or copies of legitimate signing keys for which they could launch a man-in-the-middle attack and present their own privately generated version of a certificate and proxy requests to the original site as requested by the end-user. This is also something difficult to keep transparent for long.
That said, I'd be surprised if the NSA didn't have copies of the private keys of the larger web services. Sites such as Google and Facebook are too large of targets and getting copies of their private keys should be relatively trivial (compromise the servers and steal the private keys).
4th amendment - general warrants (Score:5, Informative)
The 4th's ban ban on general warrants (that's what it means when it mentions "warrants" in its historical context) strongly implies a privacy right. General warrants were authorization from the crown for its agents to search any person or premises they desired to, blanket authorization. The 4th amendment bans that. The government has to have specific cause, evidence already at hand related to a specific person or premise, to search at all.
That the government in general has no right to search means by very strong implication that you have the right to the privacy which results. What else is it but your privacy that the 4th amendment says the government can't intrude on? It's nonsense not to find a right to privacy as a necessary implication of our constitutional protection from general warrants.
Re:Can't have it all. (Score:4, Informative)
Or anyone targeted by McCarthy's hearings.
Privacy protection methods. (Score:4, Informative)
I've been meaning for a while to write a guide for friends/family about this. I thing that first you really have to have an understanding of why this is happening, what the goals (hidden and obvious) are for those engaging in the spying, and determine where you stand on the subject before you can't make any sort of plan for implementing the level of privacy you desire. From there the entire discussion is about capabilities and methods. I will forgo the first points in the hope that the hacker mentality still thrives at least somewhat on /.
First, there was metadata,
Metadata combined with modern algorithms and big data can give it's owner just about everything on you. Here is what I consider metadata
(this assumes every point compromised except local, imagine NSL's etc)
IP - Your ISP will always know this. Circumvention includes tor, i2p, other anonymizing technologies. VPN does not secure your metadata. Wardriving. Rooted boxes.
MAC - Much less of an issue, can be spoofed easily. Usually not know outside of edge network devices or ISP.
Time - Heavily used but not well understood. Correlation of login times to compromised activity elsewhere holds up pretty good in court. The longer they've been watching you, the more dangerous to security this is.
Other machine identifiers (agent strings, cookies, DNS, etc) - mostly a software (and knowledge) issue. Have to be able to prevent DNS leakage, spoof agent strings, keep machine clean of cookies (including harder to find/remove cookie types like flash) If you are on windows... this is your most likely failure point.
Then, there was low hanging fruit.
Low hanging fruit: cloud services (webmail providers, social networking, cloud apps, cloud storage/computing, voip/txt chat protocols, etc) If you use these services you must expect them to be compromised and not private. You can choose to not use these services, or compartmentalize use of them (which is my preferred method). Data poisoning becomes more relevant here. Now, you can attempt to be anonymous while using them (say tails(tor) for facebook), but the data is still compromised. But if they can't tie my identity to X, why does it matter. Two reasons: one, because if you are using a service like that, all it takes is one slip up to tie everything to you, and two, because there are other ways beyond even time-data correlation to do so (writing analysis for example)
So, assuming you have figured out how to be relatively anonymous and encrypt your data (ssh, tcplay, dm-crypt, gpg) You self host as many services as possible, and directly connect to people/sites you "trust". You have in intelligence terms "gone dark" or "dropped off". I'm going to ignore the issue of DPI for the moment.
This is where the majority of people who care about privacy want to be. They want to be just enough of a hard target that it's not easy to grab up their info. This is what the 90's cryptowars were about. The ability to go dark.
The problem with this state is twofold: First, your data can still be retroactively inspected. So that AES-256 you think is nice and secure is finally cracked by the NSA (if it isn't already). Then they run it on gobbled up data from the past, and suddenly your encryption is worth jack. (save discussion of storage feasibility for another time, some of the math has already been done over on Schneiers blog)
Second, once you become a target for other reasons, they will resort to other methods. First with off-site but close compromise. Usually ISP. Then escalated to remote compromise (trojans, keyloggers, etc through 0-days or backdoors) If for some reason you are still safe at this point, commence black bag operation. While you are at work, they break into your house and plant a physical keylogger, audio bug, copy HDD, install trojan (MBR not encrypted? evil maid!) or any other number of growing possibilities. This boils down to your physical security. Think your ADT alarm system works? Think again (well, this depends on who you pissed off, normal
Re:seriously (Score:5, Informative)
Most people aren't concerned about the NSA looking at them right now. They're concerned about how this data may be used in the future should they suddenly find themselves with an administration which has a problem with their views on issue X and now has the means to identify all the people who have those particular views on issue X.
Re:Run your own servers and use encryption (Score:4, Informative)
And never used for any purpose but converting electricity to heat... because once you hook them up to the wider world (even just to a monitor), you're compromised. (Traffic analysis, emissions analysis, etc... which most 'geeks' seem blithely unaware of, being at least as useful as actually reading the data.*) Seriously, it's a trade off - protecting data that nobody but you gives a fuck about anyhow, or actually using that data to accomplish something useful.
* Cryptography is fashionable among geeks, it's a cheap way to tighten the tinfoil, but it's only one small corner of information security. Go ahead and feel protected because your head is under the bed - but you should be aware that your ass is hanging out.
Re:Run your own servers and use encryption (Score:5, Informative)
No, that would be NIST, the same folks who standardized SHA, SHA2, etc.
AES (aka Rijndael) was developed by Daeman and Rijman. NSA offered some tweaks to it, which were later determined to have significantly strengthened the cipher.
The "folks who evaluated it" include Bruce Schneier, who aside from being a well respected cryptoanalyst (having developed several NIST standard candidates), is nothing if not paranoid.