Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

EFF Launches Surveillance Self-Defense Site 94

justin.foell writes "The Electronic Frontier Foundation (EFF) has created a Surveillance Self-Defense site. Created with the help of the Open Society Institute, the site intends to serve as a how-to guide for protecting your private data against government spying. From their press release, they 'aim to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government's hands.'"
This discussion has been archived. No new comments can be posted.

EFF Launches Surveillance Self-Defense Site

Comments Filter:
  • Workaround (Score:3, Insightful)

    by psergiu ( 67614 ) on Thursday March 05, 2009 @03:21AM (#27074909)
    Then the government will just request the access logs from this site to see who should they spy. :-)
  • Oblig. XKCD (Score:5, Funny)

    by TheCybernator ( 996224 ) on Thursday March 05, 2009 @03:28AM (#27074929) Homepage
  • I'm suspicious of this site. On the front page, they suggest
    • Always run genuine Microsoft operating systems. Microsoft has the experience and market dominance to ensure security.
    • Never install service packs. These could be spyware!!!
    • Never use a firewall. This could alert the spies that you have something worth spying on.
    • ...

    On a more serious note, will any accesses to the site be logged by ISPs so they know who to watch?

    • by L4t3r4lu5 ( 1216702 ) on Thursday March 05, 2009 @03:51AM (#27075019)
      I don't know whether this is -1 Flamebait, -1 Redundant or +1 Insightful. Can we have a "+0 Brain melted" rating?

      Either way, they could track it unless you switched DNS server [opendns.com].
      • Re: (Score:3, Insightful)

        by cbiltcliffe ( 186293 )

        Why would you think the only way to monitor traffic is through DNS logs?

        Every single packet that goes over their network has a destination IP address header. Just flag and save anything that's destined for 216.187.103.169.

        The site uses virtual hosting, so sure it'll end up with lots of false positives, but those will be people who did something else wrong, so we might as well watch them, anyway.

        </evil government goon>

    • by terrahertz ( 911030 ) on Thursday March 05, 2009 @07:33AM (#27075951)
      Though you're already -1 Troll, it's worth pointing out that you are 100% incorrect. From https://ssd.eff.org/book/export/html/14 [eff.org]:

      Avoid Microsoft products where possible. Computers using the Microsoft Windows platform are especially vulnerable as of this writing (although no operating system is immune to all potential attacks). Consider using a non-Microsoft operating system if possible. However, if you have to use Microsoft Windows and you are connecting to the Internet, your best bet is to minimize the number of Microsoft Internet applications you use â" for example, use Firefox [mozilla.com] as a browser or Thunderbird [mozilla.com] as a mail client. Microsoftâ(TM)s Internet Explorer and its email programs Outlook and Outlook Express are very difficult for even professionals to secure. Furthermore, adversaries tend to attack more popular platforms and applications.

      Keep your software updated. Use the latest stable version of your operating system. As of this writing, Windows 95, 98, and ME are utterly obsolete. You should be using at least Windows Server 2003 for servers and Windows XP for clients, with all patches and service packs applied. For Macintosh computers, use OS X 10.4 or greater, with all patches applied. For Linux and Unix, get whatever version is the most recent stable release, and follow all updates. It is especially important not to let server software versions lag behind, since servers are always on and always connected.

      Maintain your firewalls. Firewalls are software or hardware components that protect your computer or network from the Internet, blocking traffic based on network-related parameters like IP addresses and port numbers. Firewalls can protect against those who want to access your computer without permission. Configuring network firewalls is pretty tough for the layperson and beyond the scope of this guide, but you should learn how to use the personal firewall software thatâ(TM)s included in most recent operating systems.

      For more detailed information about malware, check out the Malware [eff.org] article in the Defensive Technology section.

      • I can hear the whoosh from my basement.
        • Whoosh all you want, I'll make more =)

          No amount of prefacing will ever deter all you whooshers -- and I can admit, "whoosh-spotting" entertains me as well. But in truth, I took this as an opportunity to reiterate the precise quotation that comprised the troll-fodder, and I feel I made my perception of the OP's trollery more than apparent (he was -1 Troll at the time of my post, though the subsequent Funny mod isn't undeserved either). The trolls who blend fact and fiction aren't usually worth responding
          • Sorry for the late response. What's funny is that I never even visited the EFF site; I just made up some anti-Microsoft junk that sounded obviously fake (I never try to mislead), in one of my many neutral to dumb attempts at being funny. I like that you pulled up quotes from the site that directly contradict what I wrote, since the facts can never be repeated often enough. I had no intention of smearing the site, as I'm sure it's a solid resource for information.
    • ""# Always run Microsoft operating systems. # Never install service packs. # Never use a firewall.""

      Very interesting
      I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus
      for 3 years now and haven't had any problems at all . . .
      • > I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus
        > for 3 years now and haven't had any problems at all . . .

        Neither have I. Thanx... :-)

        • I do have a LOT of services disabled
          any service with the word "Remote" in it is OFF
          • How does the system even boot? Last time I checked, windows will fail to boot if you disable the remote procedure call service.

      • Very interesting
        I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus

        I know. Don't change that, please....

      • by whopub ( 1100981 )

        I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus for 3 years now and haven't had any problems at all . . .

        Dude, whatever you're going through, suicide is NOT the solution!

  • by mudshark ( 19714 ) on Thursday March 05, 2009 @03:43AM (#27074981)
    EFF! That's who.

    Nice site, has thorough and accessible explanations of things that the non-geek-yet-somewhat-paranoid digital populace really need to get clued up. The section on FISA, particularly the Beyond FISA page, is a must read. That Fourth Amendment sure was nice while it lasted....
    • Re: (Score:3, Interesting)

      In the section on encryption they note that your lawyer may get you your hardware/data back after seizure. If you do, DON'T use it without taking some precautions that it hasn't been tampered with. Quite what precautions, I'm not sure.
      • by mudshark ( 19714 )
        If you cared about it at all, it's backed up somewhere. Securely, of course. Tell your attorney to deposit the artifacts for safekeeping. Of course, this point dovetails nicely with their advice on retention and secure deletion.
      • by L4t3r4lu5 ( 1216702 ) on Thursday March 05, 2009 @06:53AM (#27075745)
        - Remove the file / drive with the encrypted information from the computer you had it installed in originally and put it in a "sheep dip" station with only a CD drive and no other storage. Boot a linux distro from CD and scan for malware using paranoid settings under heuristics.
        - Put a second drive into the machine, and boot from CD again. If you need Windows, use Bart or WinPE. Use the software you used to encrypt the data to decrypt it to the second drive. Remove old drive and destroy.
        - Re-encrypt decrypted data on new drive and secure-erase space on old drive before destroying it. Carry on as normal.

        If what you had on your drive is still encrypted and unviewed by The Powers That Be, you've probably spent a couple of years in prison for the trouble (at least in the UK). I hope it was worth it for those private pictures of your wife and your CV.
        • I'd just consider the data and the disk to be trash and dispose of accordingly.

          No data's so important that I can't make it disappear. If it is, then it shouldn't be in the same volume as any potentially incriminating data. And if it were really that important, I would've memorized it already, with the encrypted data being only a means of easy transmission to other people, or in case I forget later on.

          BTW, I'd have a clean, newly-created encrypted partition created before putting the dirty drive into the com

      • by AHuxley ( 892839 )
        Yes if your IP is noted, you may get a visit.
        Your computer would be scanned for the file in question.
        If nothing is found, a key logger, backdoor would be installed.
        Might be you upgraded hardware.
        Anything that has been out of your sight, treat as a paper weight or work of art.
        Let it gather dust.
  • by muckracer ( 1204794 ) on Thursday March 05, 2009 @05:17AM (#27075309)

    I commend the EFF's good efforts and their attempts to protect 'We the people' from, well, other men in the middle. However, as valuable as the information is, it will have little to none tangible benefit. The users reading those pages in the first place are already the one's interested in such technologies, probably already use some of them and are generally not the target group. The big mass of people will never read these pages, nevermind implement the solutions laid out there. Thus they force even the privacy-conscious to remain unsecured in their communications with them, as both sides need certain setup's (encryption etc.).

    So the real question is this: How do we not just get a nice write-up about what we *could* do, but how do we get these features activated by default?
    For example, AFAIK none of the popular Linux distributions enables IM (OTR) encryption out-of-the-box. Why not?
    Why have we still not come up with a way to enable opportunistic encryption for e-mail (think GPG in the background without user intervention), as well enabled by default?
    etc.pp..

    It is the experience of every geek, that most 'normal' people leave things fairly alone and just try to use them as they come. Since most OS' and program's defaults are insecure, it is, IMHO, one of the primary reasons that everything is so easily monitored, stored and...eventually used against you.
    Here the Linux distributions could make a dramatic impact overall and I would welcome something like an official "privacy-year", where the distros focus less on cramming the latest .0.0.0.1beta version on the disks, but make a true effort to secure their shipped communication-related programs. If usability-issues exist, they should also be addressed. That, and only that, would make any kind of real-life difference: Make security and privacy the default!

    • Re: (Score:3, Insightful)

      by Ihmhi ( 1206036 )

      Wouldn't that NSA Linux distro have this kinda stuff enabled out of the box?

      This would be a great marketing scheme - the "Paranoid PC" with all kinds of anti-snooping and security software good to go.

      • > Wouldn't that NSA Linux distro have this kinda stuff enabled out of the box?

        No, it doesn't (nor do I think they'd be interested :-)):

        "Security-enhanced Linux (SELinux) is a reference implementation of the Flask security architecture for flexible mandatory access control. It was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system."
        [...]
        "The Security-enhanced Linux kernel enforces mandatory access control policies that confine

    • Guess you didn't read the first part of the article, where it talks about making trade offs. Out of the box OTR is pointless, because I personally know of no one who actually uses it. So, why bother. The rare soul who actually wants it can figure out how to set it up without too much trouble.
      • > Out of the box OTR is pointless,
        > because I personally know of no one who actually uses it.

        Your argument is severely flawed. Precisely *because* currently no big installed user-base exists, would it make a lot of sense to activate it by default. Once done, there's your large(r) user-base.
        Besides, the nice thing about OTR is, that it doesn't matter if the other side has it or not. If not available, then the IM goes out plain-text, which it would have done without the plugin anyway. So no loss at all.

        • Intriguing. I had thought it was always on, and you had to disable it yourself. You are correct then, that if it works transparently, there is no reason for it to not be installed out of the box.
          • Yes, it works transparently. You can, however, manually choose to always force encryption via a per-user setting. I guess, if the other person then does not currently have OTR installed (due to recent OS reinstall or whatever) then it might fail. Easily rectified though and also not OTR's default setting.
            Default is: If other side has OTR installed too, then go secure. If not, step aside and go plain-text.

  • Awesome, the second link in the blurb uses a cert issued by Comodo. Perfect lesson.
  • by acongos ( 1356287 ) on Thursday March 05, 2009 @07:37AM (#27075973)
    gah, if you have nothing to hide then you shouldnt have any problem with the government seeing what your doing on the internet. The only people who want to hide what their doing are the ones who have something to hide
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Yes, i hope you enjoy your laptop / hard drive being stolen along with your private information, including your login for here.

      There are legitimate reasons for encryption.

      EVERYONE has something to hide.

    • Re:Stop whining (Score:5, Insightful)

      by cenc ( 1310167 ) on Thursday March 05, 2009 @08:10AM (#27076181) Homepage

      My father was an attorney. People use to call him and say things like, "they can't put me in jail".

      My father would ask, "where you calling from"?

      They would say, "jail".

      Guess they can put you jail.

      • Lolzorz. +1 They could put me to jail for "protecting terrorists" when I don't wanna decrypt my hard drive, but they are just going to get the people mad at them. If they ever try to, I'll just go "5:th amendment" at them and refuse, and a a year later I'll just reveal the passwords and show them that there's nothing but Linux and some personal photos there. Good luck getting the media on their own side then.
    • by JustOK ( 667959 )

      If I have nothing to hide, why do you want to look? Are you a pervert?

    • Re:Stop whining (Score:5, Insightful)

      by Attila Dimedici ( 1036002 ) on Thursday March 05, 2009 @10:24AM (#27077379)

      gah, if you have nothing to hide then you shouldnt have any problem with the government seeing what your doing on the internet. The only people who want to hide what their doing are the ones who have something to hide

      My problem isn't with the government "seeing" what I am doing on the Internet, it is with them looking for no particular reason. Suppose the government starts looking at your online posts and discovers that you said unflattering things about a member of Congress and now you get an IRS audit. You didn't do anything wrong either in your post or in filing your taxes, but a tax audit is still a royal pain.

      • That's the thing. There are soo many ways that the goverment can mess with people that we never realize. Getting a morgage? Good luck. Flying on an airplane? Only if you want to be searched and interrogated for 5 hours. Taxes have already been mentioned. Doing ANYTHING related to beurocracy? You can wait for ages until you get a response. Doing nothing wrong? That doesn't mean that the police can "monitor" you - directly from their van with a big "police" mark from the street while saying that a classified
    • I've heard this argument often: that you have nothing to worry about unless you are committing a crime. The issue isn't so much that I want to hide criminal activities from the government as it is that giving the government the power to, for example, see what library books I have checked out, places a ridiculous amount of power and oversight in the hands of an entity that I do not implicitly trust to be wise with this power.

      Hypothetically, since the government now has this power, they could decide in the f

  • by BenEnglishAtHome ( 449670 ) on Thursday March 05, 2009 @09:06AM (#27076593)

    It's a fine site with lots of good information. But it skips some things that people interested in privacy should probably know about. I see no mention on the site of Freenet or the concept of darknets/opennets. The section on disk encryption doesn't mention hardware-based solutions at all, even though they are about the easiest for a non-geek user to implement.

    Good start. Keep it up, EFF.

    • Hardware encryption may be the easiest to use, but on more than one occasion a hard drive labeling itself as "secure", or even specifically saying that it uses AES, has been found to merely be XOR'ing with a fixed key.

      It's better to leave real encryption to a source that can be trusted: one that lets you audit the code, which manufacturers are loath to do.

  • by joedoc ( 441972 ) on Thursday March 05, 2009 @09:25AM (#27076771) Homepage
    Hey, I thought all the spying on citizens would end once the Bush Administration and their minions of fascism were chucked out of office?

    Did I miss a memo from the new bunch, or what?
    • Re: (Score:2, Insightful)

      See, you had a serious misunderstanding, spying on citizens is only bad when Republicans do it. When Democrats do it it is good. Just like not paying taxes is bad when Republicans do it and is reason to not get confirmed to a Cabinet post, but when a Democrat does it, "No big deal".
      • When Democrats do it it is good.

        Same with enemy lists as well, it seems. I expect Jim Cramer to be disappeared any day now.

      • Re: (Score:3, Informative)

        by lawpoop ( 604919 )

        Just like not paying taxes is bad when Republicans do it and is reason to not get confirmed to a Cabinet post, but when a Democrat does it, "No big deal".

        I seem to recall that when an Obama cabinet nominee has a tax problem, they have to step down. However, in the past decade or so, when, say, DOJ attorneys are illegally fired, or gay male prostitutes are brought into the whitehouse as fake reporters, the media ignores it, and anyone who brings up the subject is said to have "Bush Derrangement Syndrome." Kinda like in the Soviet Union where those who didn't believe in communism were labeled as mentally ill and sent to Siberia...

    • Yes. This is why expanded government (in any sense) is bad. Its like The Nothing, once it touches something, its gone forever. Or in this case, forever under the shadow of government power.
    • Obama's looking for internal threats to his administration, Bush was looking for external threats to the country. Same monitoring apparatus, different purpose.

  • why people talk about privacy in relation to anything that happens on the internet

    i'm not talking about government policy, i'm talking philosophical reality

    if you put something on a wire, beyond your control, its no longer private. beginning and ending of discussion

    but since most of what gets put on the net is willingly understood by most people as not private, since it just is detritus of their lives, not vital life-altering information, this is not a big deal

    if you want privacy, take an airplane, and take a walk on a beach with the other person so the crashing surf drowns out the conversation beyond 2 meters

    anything else, especially on the internet, can be spied on, and not just by the government. if you bound the government to draconian privacy laws in 72 bold font written in the blood of a virgin, they would still spy if they thought it important enough, and we aren't even beginning to examine other culprits: IT personnel, hackers, cable/ phone infrastructure employees, competing business interests, random busybodies, etc

    and guess what? this arrangement is perfectly fine for all non paranoid schizophrenics, since most of what is put on the internet can be easily compromised without compromising your life

    that's the real issue with privacy on the internet: give it up when you hit click

    once you put it on a wire, its beyond your control, and beyond the philosphical realm of privacy

    why does the concept of privacy even figure in with that arrangement in some people's minds?

    you are communicating, across the wires of a corporate interest, across international boundaries often, with governments keen to mine data, usually involving destinations who want to sell you advertising via profiling, which you found with a search engine which keeps tabs on you...

    abnd you want to talk about even the possibility of privacy in this realm?

    really?

    why isn't it just understood that privacy is forfeit on the internet?

    and this is FINE. if its really important to you, KEEP IT OFF THE NET. there: a surefire personal privacy policy

    • Um, keeping data private across a wire is a solved problem: public key encryption. And if, further, you don't want someone to see where your packets are going you can use TOR.

      People need to be educated about how the internet works, but there is no reason you can't communicate privately if you want to.

      • there are researchers talking about snooping on and decoding supposedly foolproof communications

        anything that can be made a man, can be broken by a man. don't forget that. your hubris is outstanding

        • by Chabo ( 880571 )

          Any encryption can be broken eventually, but in my mind the primary purpose of encryption is making it so that the cost of snooping is sufficiently high that it's not really worth it in most cases. Even if you're able to pinpoint the communication you want to decrypt, with strong encryption you'll have to brute-force it. By the time you decrypt the information, it's likely not relevant anymore.

          There's nothing you can do to stop 100% of the instances of snooping or data breaches, but if you don't use encrypt

    • by Chabo ( 880571 )

      If you have information that's super secret, then keeping it off computers is all well and good, but what about things that aren't secret per se, but you still want to remain relatively private?

      For these things, modern encryption is perfect. It makes it sufficiently hidden that you can't just "read the text going across the wire". Credit card numbers, remote passwords, the amount of cash you took out from the ATM today, your sexual fetishes... these are all pieces of information that may not be of importanc

      • there is tension between naturally laziness and the exertion required to keep data relatively private. such that people are always screwing up and letting things slip. such that you wind up accepting that you cannot have absolute privacy, because you yourself are not willing to exert oneself enough to have that

        within those realizations, you figure that all external factors on the issue of your privacy and how you manage your privacy are completely beyond the scope of any valid discussion of the topic: the e

        • by Chabo ( 880571 )

          What people want laws for is so that private institutions (banks, especially) can be punished for letting customers' private information out.

          Obviously, there's only so much you can do about lawbreakers being in government, but there's no need for total apathy. Corrupt politicians can be voted out, and bureaucrats can be fired by new politicians if the public makes enough of a stink.

          As for laziness, this is why encryption should be installed as standard in operating systems and applications. I'd love it if P

          • "What people want laws for is so that private institutions (banks, especially) can be punished for letting customers' private information out."

            if someone else, anyone else, has information about you, it isn't private information anymore, is it?

            you've moved the goalpost, redefined the term

            what you've described above isn't the notion of privacy at all

            not that i think there should be no laws. just that people should understand those laws provide you no real protection, in regard to what you actually consider t

            • by Chabo ( 880571 )

              Ok, well the safekeeping of private information, and the safekeeping of confidential information both fall under the heading of data security.

              Since increased data security can only lead to better protection of information, whether it's private or confidential, I am an advocate of strong data security being included as standard in all operating systems and applications.

              Is that statement specific enough for you? ;)

          • > I'd also love it if Ubuntu offered TrueCrypt's functionality in its installation partitioner.

            Well, not TrueCrypt but dm-crypt/LUKS is already offered in the "alternative" installer. AFAIK it's supposed to move into the mainstream installer as well (with the next Ubuntu version already)?

          • > I'd love it if Pidgin, for example, came with the Off The Record plugin by default.
            > Then my IMs could be encrypted with all Pidgin users, and not just the ones
            > who bothered to install OTR.

            I agree. Unfortunately the Pidgin developers do not:

            http://blog.caseyho.com/2009/01/encryption-and-otr-in-pidgin.html [caseyho.com]

            Not sure, what exact "usability issues" they have in mind that precludes them from including it (I never had a problem with OTR). Perhaps a more code-willing and -minded person can help Ian Gold

            • by Chabo ( 880571 )

              I read the comments on that blog post you linked. The main issue is when someone is logged in at two places at once. The summary-of-the-summary of what happens is that OTR doesn't know how to handle that case, freaks out, and goes into a near-infinite loop.

    • by instarx ( 615765 )

      We lose control of letters when we mail them, so by your reasoning we should have no expectation of privacy when we mail a letter.

      There is a logical disconnect in your position that simply because it is theoretically possible to breach privacy in electronic communications that there is no privacy. You seem to be saying that just because the government CAN do something it means that it is OK for it to be able to do it. It is possible for the government to employ censors to look through walls to see what you

  • It would be a Live CD that would leave no trace on who was using a internet connection at a cyber cafe. It would be similar to a standard Ubuntu live CD except that:
    1. It would leave no trace the hard disk, except possibly on encrypted partitons if desired.
    2. It would wipe all memory on shutdown.
    3. It would change the MAC address of all interface cards (lan or otherwise) before using them to some standard value having no connection to the original MAC address.
    4. It would by default, use generic email addresses
    • by AHuxley ( 892839 )
      Onionos exists and a few other distros use tor for all out going connection.
      But they are older, not supported or very hard to use.
      A gui based torbuntu would be very neat.
  • Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0

    Fatal error: Unknown: Failed opening required '/www/ssd.eff.org/docs/index.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0

    Black helicopters are hovering over the EFF compund even now...

  • -1, Flaimbait by some dumbshit who lacks foresight.

    http://slashdot.org/comments.pl?sid=1149507&cid=27074505 [slashdot.org]

    The point is about RAGE. PURE, UNADULTERATED.... RAGE that illigetimate spying on people.

    Talking about booby-trapping and setting up backdoor detection is about expression of RAGE. Anyone who takes a cursory glance at random samplings of my posts can see that i am reasonably intelligent enough to not ACTUALLY SET an illegal boobytrap of the explosive, burning, dismembering or similar kind.

    Now, we h

  • at first i thought the title said, "EFF Launches Surveillance Self-Defense Satellite", and i said, Cool those little bastards are gonna get whats coming to them. but no, it is a "Self-Defense Site", ok i can deal with that, its nice to know that the contributions that i have made over the years are going for rail gun rights. now i can look froward to a nice Phased-plasma rifle in the forty watt range. hmmm.... nope, nothing like that there.... and i did not find any mention of putting any of the people

No spitting on the Bus! Thank you, The Mgt.

Working...