Ten Steps You Can Take Against Internet Surveillance 234
Hugh Pickens DOT Com writes "Danny O'Brien writes for the EFF that as the NSA's spying has spread, more and more ordinary people want to know how they can defend themselves from surveillance online. 'The bad news is: if you're being personally targeted by a powerful intelligence agency like the NSA, it's very, very difficult to defend yourself,' writes O'Brien. 'The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.' Here's ten steps you can take to make your own devices secure: Use end-to-end encryption; Encrypt as much communications as you can; Encrypt your hard drive; Use Strong passwords; Use Tor; Turn on two-factor (or two-step) authentication; Don't click on attachments; Keep software updated and use anti-virus software; Keep extra secret information extra secure with Truecrypt; and Teach others what you've learned. 'Ask [your friends] to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node; or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.'"
10 Steps You Can Take Against Rapists (Score:2, Interesting)
Wear unattractive clothes, don't wear makeup, stay sober, don't flirt, don't leave drinks unattended, don't be out after dark, don't be out alone, learn to cook, find a good husband, teach others what you learned.
Re:Steps You Can Take Against Internet Surveillanc (Score:5, Interesting)
Considering the number of things the NSA has completely missed (e.g. Boston bomber, Snowden, Bengazi, etc.) I'm beginning to wonder if the NSA really has any decent spying capabilities at all. What if this is much like a Banana Republic, were the government puffs up it's chest and parades around a bunch of military men and equipment to try to scare it's citizens into line. But actually they are totally outnumbered by the citizenry, have very little real power, and they know it.
All these "leaks" about the NSA spying on everyone in the world could just be a desperate attempt by a government that realizes it has very little real control over people to try to keep people in line. Sure, they might be collecting a lot of data, but storage and analysis may be such a monumental task that they can really only figure out things in retrospect, which really doesn't give them much advantage over classic investigation techniques. But hey, some tech companies are probably getting rich over this.
Re:Do you think you are special? (Score:1, Interesting)
Let's assume half of them are looking at foreign traffic and half at domestic traffic.
Bad assumption. The NSA's primary focus is foreign surveillance. It's right there in their mission statement that the tin foil hat brigade apparently has never read. The only reason they have taps on wires domestically is because much of internet travel originates, passes through, or is destined for, an IP address located outside of the US. Even the President of the United States has said as much. The NSA does gather information for domestic surveillance operations, but it's disengenuous to suggest they are providing high level analytics along with the captured data -- their role within the government is to gather intelligence, sort it, package it, and provide a deliverable intelligence product to other organizations. The NSA is basically tech support for the FBI, CIA, DHS, DEA, etc.
What makes you think you are special enough to deserve their attention?
When I was born, my mom thought I'd be President of the United States or some-such. Maybe they're just pre-emptively guarding me for my future ascention to the throne, did you consider that? :P
Personally, I'm much more concerned about the way commercial organizations are spying on us.
As am I. People yell at me on Slashdot all the time: "Why do you use Tor?! It's been compromised by the NSA!" Okay, sure... but who said I care about the NSA? I mean really guys...
Of course, there are those that worry about cops knowing when they are calling their drug supplier to set up a buy, but all indications so far is that the data is not available to regular police organizations.
Let me put the actual risk in perspective. I know someone who is on parole for a previous drug conviction. This individual regularly uses their cell phone, much of it via text messages, to arrange drug deals. So here we have an ex-felon, on parole, who is trading in Schedule I drugs on a daily basis, using what has been widely panned as the single biggest device used by the NSA to track us all... No black helicopters have come for this individual to date, and this person has been doing it for two years so far.
Guys, be glad you aren't getting all the government you're paying for. I mean it; for all this crap about government surveillance on everyone... there's a shockingly low amount of critical thinking going on about how, exactly, the government would go about doing this with its existing labor and financial resources.
Just be more prudent (Score:5, Interesting)
By the way, thanks NSA for forcing us to censor our thoughts in our head, before we even write them down and tell them to someone. I couldn't have imagined that we'd come to live in a totalitarian-like world (at least that how it feels when you apply censorship in your head) just a few decades after the Iron Curtain was torn apart, and that this totalitarian world is being brought forward by a western country that formerly championed free speech and freedom in general.
EFF are losing their edge (Score:5, Interesting)
We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.
If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.
The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, [geti2p.net] which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).
Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.
In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).
Re:Boycott of US & UK products (Score:4, Interesting)
Oppression can be ranked. The UK and USA certainly have their oppressive aspects, the spying on individuals being just one of them, but there are plenty that are far, far worse.