EFF Launches Surveillance Self-Defense Site 94
justin.foell writes "The Electronic Frontier Foundation (EFF) has created a Surveillance Self-Defense site. Created with the help of the Open Society Institute, the site intends to serve as a how-to guide for protecting your private data against government spying. From their press release, they 'aim to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government's hands.'"
Re: (Score:1, Offtopic)
Better than frosty friss, I suppose. At least you got the word 'piss' in there.
But come on, mods. Troll for the GP? At the very least, it was funny.
Re: (Score:2)
+1 insightful
Workaround (Score:3, Insightful)
Re:Workaround (Score:4, Insightful)
Hey, actually that's a good point. Maybe they should create a Freenet [freenetproject.org] site for the information... Get some more folk interested in that project too.
Re: (Score:3, Interesting)
There are already quite a few Freenet sites dealing with oppresive governments. Although it would be cool to see one by the EFF.....
Re: (Score:3, Interesting)
Re:Workaround (Score:5, Insightful)
No need to bother with a 3rd party website.
Many governments are setting up online petition sites.
As well as giving the all important "look and feel" of a democracy, These are perfect for collecting IP/email/postcode of people who need to be watched, as well as being able to personalize propaganda to the individual.
In other words, they already have much better tools.
DHS is watching you (Score:2)
Re: (Score:2)
Oblig. XKCD (Score:5, Funny)
Re: (Score:1)
Very suspicious site... (Score:2, Funny)
On a more serious note, will any accesses to the site be logged by ISPs so they know who to watch?
Re:Very suspicious site... (Score:4, Funny)
Either way, they could track it unless you switched DNS server [opendns.com].
Re: (Score:3, Insightful)
Why would you think the only way to monitor traffic is through DNS logs?
Every single packet that goes over their network has a destination IP address header. Just flag and save anything that's destined for 216.187.103.169.
The site uses virtual hosting, so sure it'll end up with lots of false positives, but those will be people who did something else wrong, so we might as well watch them, anyway.
</evil government goon>
Re:Very suspicious site... (Score:4, Interesting)
Avoid Microsoft products where possible. Computers using the Microsoft Windows platform are especially vulnerable as of this writing (although no operating system is immune to all potential attacks). Consider using a non-Microsoft operating system if possible. However, if you have to use Microsoft Windows and you are connecting to the Internet, your best bet is to minimize the number of Microsoft Internet applications you use â" for example, use Firefox [mozilla.com] as a browser or Thunderbird [mozilla.com] as a mail client. Microsoftâ(TM)s Internet Explorer and its email programs Outlook and Outlook Express are very difficult for even professionals to secure. Furthermore, adversaries tend to attack more popular platforms and applications.
Keep your software updated. Use the latest stable version of your operating system. As of this writing, Windows 95, 98, and ME are utterly obsolete. You should be using at least Windows Server 2003 for servers and Windows XP for clients, with all patches and service packs applied. For Macintosh computers, use OS X 10.4 or greater, with all patches applied. For Linux and Unix, get whatever version is the most recent stable release, and follow all updates. It is especially important not to let server software versions lag behind, since servers are always on and always connected.
Maintain your firewalls. Firewalls are software or hardware components that protect your computer or network from the Internet, blocking traffic based on network-related parameters like IP addresses and port numbers. Firewalls can protect against those who want to access your computer without permission. Configuring network firewalls is pretty tough for the layperson and beyond the scope of this guide, but you should learn how to use the personal firewall software thatâ(TM)s included in most recent operating systems.
For more detailed information about malware, check out the Malware [eff.org] article in the Defensive Technology section.
Re: (Score:2)
Re: (Score:2)
No amount of prefacing will ever deter all you whooshers -- and I can admit, "whoosh-spotting" entertains me as well. But in truth, I took this as an opportunity to reiterate the precise quotation that comprised the troll-fodder, and I feel I made my perception of the OP's trollery more than apparent (he was -1 Troll at the time of my post, though the subsequent Funny mod isn't undeserved either). The trolls who blend fact and fiction aren't usually worth responding
Re: (Score:2)
Re: (Score:2)
Very interesting
I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus
for 3 years now and haven't had any problems at all . . .
Re: (Score:1)
> I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus
> for 3 years now and haven't had any problems at all . . .
Neither have I. Thanx... :-)
Re: (Score:2)
any service with the word "Remote" in it is OFF
Re: (Score:2)
How does the system even boot? Last time I checked, windows will fail to boot if you disable the remote procedure call service.
Re: (Score:2)
Very interesting
I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus
I know. Don't change that, please....
Re: (Score:1)
I'm running: XP Pro, Raw without any Service Packs, No firewall, No antivirus for 3 years now and haven't had any problems at all . . .
Dude, whatever you're going through, suicide is NOT the solution!
Quis custodiet ipsos custodes? (Score:3, Insightful)
Nice site, has thorough and accessible explanations of things that the non-geek-yet-somewhat-paranoid digital populace really need to get clued up. The section on FISA, particularly the Beyond FISA page, is a must read. That Fourth Amendment sure was nice while it lasted....
Re: (Score:3, Interesting)
Re: (Score:2)
Re:Quis custodiet ipsos custodes? (Score:4, Funny)
- Put a second drive into the machine, and boot from CD again. If you need Windows, use Bart or WinPE. Use the software you used to encrypt the data to decrypt it to the second drive. Remove old drive and destroy.
- Re-encrypt decrypted data on new drive and secure-erase space on old drive before destroying it. Carry on as normal.
If what you had on your drive is still encrypted and unviewed by The Powers That Be, you've probably spent a couple of years in prison for the trouble (at least in the UK). I hope it was worth it for those private pictures of your wife and your CV.
Re: (Score:2)
I'd just consider the data and the disk to be trash and dispose of accordingly.
No data's so important that I can't make it disappear. If it is, then it shouldn't be in the same volume as any potentially incriminating data. And if it were really that important, I would've memorized it already, with the encrypted data being only a means of easy transmission to other people, or in case I forget later on.
BTW, I'd have a clean, newly-created encrypted partition created before putting the dirty drive into the com
Re: (Score:2)
Your computer would be scanned for the file in question.
If nothing is found, a key logger, backdoor would be installed.
Might be you upgraded hardware.
Anything that has been out of your sight, treat as a paper weight or work of art.
Let it gather dust.
Biggest problem: Defaults are mostly insecure (Score:5, Interesting)
I commend the EFF's good efforts and their attempts to protect 'We the people' from, well, other men in the middle. However, as valuable as the information is, it will have little to none tangible benefit. The users reading those pages in the first place are already the one's interested in such technologies, probably already use some of them and are generally not the target group. The big mass of people will never read these pages, nevermind implement the solutions laid out there. Thus they force even the privacy-conscious to remain unsecured in their communications with them, as both sides need certain setup's (encryption etc.).
So the real question is this: How do we not just get a nice write-up about what we *could* do, but how do we get these features activated by default?
For example, AFAIK none of the popular Linux distributions enables IM (OTR) encryption out-of-the-box. Why not?
Why have we still not come up with a way to enable opportunistic encryption for e-mail (think GPG in the background without user intervention), as well enabled by default?
etc.pp..
It is the experience of every geek, that most 'normal' people leave things fairly alone and just try to use them as they come. Since most OS' and program's defaults are insecure, it is, IMHO, one of the primary reasons that everything is so easily monitored, stored and...eventually used against you. .0.0.0.1beta version on the disks, but make a true effort to secure their shipped communication-related programs. If usability-issues exist, they should also be addressed. That, and only that, would make any kind of real-life difference: Make security and privacy the default!
Here the Linux distributions could make a dramatic impact overall and I would welcome something like an official "privacy-year", where the distros focus less on cramming the latest
Re: (Score:3, Insightful)
Wouldn't that NSA Linux distro have this kinda stuff enabled out of the box?
This would be a great marketing scheme - the "Paranoid PC" with all kinds of anti-snooping and security software good to go.
Re: (Score:1)
> Wouldn't that NSA Linux distro have this kinda stuff enabled out of the box?
No, it doesn't (nor do I think they'd be interested :-)):
"Security-enhanced Linux (SELinux) is a reference implementation of the Flask security architecture for flexible mandatory access control. It was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system."
[...]
"The Security-enhanced Linux kernel enforces mandatory access control policies that confine
Re: (Score:2)
Re: (Score:1)
> Out of the box OTR is pointless,
> because I personally know of no one who actually uses it.
Your argument is severely flawed. Precisely *because* currently no big installed user-base exists, would it make a lot of sense to activate it by default. Once done, there's your large(r) user-base.
Besides, the nice thing about OTR is, that it doesn't matter if the other side has it or not. If not available, then the IM goes out plain-text, which it would have done without the plugin anyway. So no loss at all.
Re: (Score:2)
Re: (Score:1)
Yes, it works transparently. You can, however, manually choose to always force encryption via a per-user setting. I guess, if the other person then does not currently have OTR installed (due to recent OS reinstall or whatever) then it might fail. Easily rectified though and also not OTR's default setting.
Default is: If other side has OTR installed too, then go secure. If not, step aside and go plain-text.
Cert lessons (Score:1)
Stop whining (Score:3, Funny)
Re: (Score:2, Insightful)
Yes, i hope you enjoy your laptop / hard drive being stolen along with your private information, including your login for here.
There are legitimate reasons for encryption.
EVERYONE has something to hide.
Re: (Score:1)
Re:Stop whining (Score:5, Insightful)
My father was an attorney. People use to call him and say things like, "they can't put me in jail".
My father would ask, "where you calling from"?
They would say, "jail".
Guess they can put you jail.
Re: (Score:1)
Re: (Score:1)
If I have nothing to hide, why do you want to look? Are you a pervert?
Re:Stop whining (Score:5, Insightful)
gah, if you have nothing to hide then you shouldnt have any problem with the government seeing what your doing on the internet. The only people who want to hide what their doing are the ones who have something to hide
My problem isn't with the government "seeing" what I am doing on the Internet, it is with them looking for no particular reason. Suppose the government starts looking at your online posts and discovers that you said unflattering things about a member of Congress and now you get an IRS audit. You didn't do anything wrong either in your post or in filing your taxes, but a tax audit is still a royal pain.
Re: (Score:1)
Re: (Score:1)
I've heard this argument often: that you have nothing to worry about unless you are committing a crime. The issue isn't so much that I want to hide criminal activities from the government as it is that giving the government the power to, for example, see what library books I have checked out, places a ridiculous amount of power and oversight in the hands of an entity that I do not implicitly trust to be wise with this power.
Hypothetically, since the government now has this power, they could decide in the f
No Freenet? No hardware encryption? (Score:3, Interesting)
It's a fine site with lots of good information. But it skips some things that people interested in privacy should probably know about. I see no mention on the site of Freenet or the concept of darknets/opennets. The section on disk encryption doesn't mention hardware-based solutions at all, even though they are about the easiest for a non-geek user to implement.
Good start. Keep it up, EFF.
Re: (Score:1)
Hardware encryption may be the easiest to use, but on more than one occasion a hard drive labeling itself as "secure", or even specifically saying that it uses AES, has been found to merely be XOR'ing with a fixed key.
It's better to leave real encryption to a source that can be trusted: one that lets you audit the code, which manufacturers are loath to do.
Wait a minute...I thought... (Score:4, Funny)
Did I miss a memo from the new bunch, or what?
Re: (Score:2, Insightful)
Re: (Score:2)
When Democrats do it it is good.
Same with enemy lists as well, it seems. I expect Jim Cramer to be disappeared any day now.
Re: (Score:3, Informative)
Just like not paying taxes is bad when Republicans do it and is reason to not get confirmed to a Cabinet post, but when a Democrat does it, "No big deal".
I seem to recall that when an Obama cabinet nominee has a tax problem, they have to step down. However, in the past decade or so, when, say, DOJ attorneys are illegally fired, or gay male prostitutes are brought into the whitehouse as fake reporters, the media ignores it, and anyone who brings up the subject is said to have "Bush Derrangement Syndrome." Kinda like in the Soviet Union where those who didn't believe in communism were labeled as mentally ill and sent to Siberia...
Re: (Score:2)
Re: (Score:1)
Obama's looking for internal threats to his administration, Bush was looking for external threats to the country. Same monitoring apparatus, different purpose.
it still baffles me (Score:4, Insightful)
why people talk about privacy in relation to anything that happens on the internet
i'm not talking about government policy, i'm talking philosophical reality
if you put something on a wire, beyond your control, its no longer private. beginning and ending of discussion
but since most of what gets put on the net is willingly understood by most people as not private, since it just is detritus of their lives, not vital life-altering information, this is not a big deal
if you want privacy, take an airplane, and take a walk on a beach with the other person so the crashing surf drowns out the conversation beyond 2 meters
anything else, especially on the internet, can be spied on, and not just by the government. if you bound the government to draconian privacy laws in 72 bold font written in the blood of a virgin, they would still spy if they thought it important enough, and we aren't even beginning to examine other culprits: IT personnel, hackers, cable/ phone infrastructure employees, competing business interests, random busybodies, etc
and guess what? this arrangement is perfectly fine for all non paranoid schizophrenics, since most of what is put on the internet can be easily compromised without compromising your life
that's the real issue with privacy on the internet: give it up when you hit click
once you put it on a wire, its beyond your control, and beyond the philosphical realm of privacy
why does the concept of privacy even figure in with that arrangement in some people's minds?
you are communicating, across the wires of a corporate interest, across international boundaries often, with governments keen to mine data, usually involving destinations who want to sell you advertising via profiling, which you found with a search engine which keeps tabs on you...
abnd you want to talk about even the possibility of privacy in this realm?
really?
why isn't it just understood that privacy is forfeit on the internet?
and this is FINE. if its really important to you, KEEP IT OFF THE NET. there: a surefire personal privacy policy
Re: (Score:1)
Um, keeping data private across a wire is a solved problem: public key encryption. And if, further, you don't want someone to see where your packets are going you can use TOR.
People need to be educated about how the internet works, but there is no reason you can't communicate privately if you want to.
even in the realm of quantum entanglement (Score:2)
there are researchers talking about snooping on and decoding supposedly foolproof communications
anything that can be made a man, can be broken by a man. don't forget that. your hubris is outstanding
Re: (Score:2)
Any encryption can be broken eventually, but in my mind the primary purpose of encryption is making it so that the cost of snooping is sufficiently high that it's not really worth it in most cases. Even if you're able to pinpoint the communication you want to decrypt, with strong encryption you'll have to brute-force it. By the time you decrypt the information, it's likely not relevant anymore.
There's nothing you can do to stop 100% of the instances of snooping or data breaches, but if you don't use encrypt
Re: (Score:2)
If you have information that's super secret, then keeping it off computers is all well and good, but what about things that aren't secret per se, but you still want to remain relatively private?
For these things, modern encryption is perfect. It makes it sufficiently hidden that you can't just "read the text going across the wire". Credit card numbers, remote passwords, the amount of cash you took out from the ATM today, your sexual fetishes... these are all pieces of information that may not be of importanc
its a moving target (Score:2)
there is tension between naturally laziness and the exertion required to keep data relatively private. such that people are always screwing up and letting things slip. such that you wind up accepting that you cannot have absolute privacy, because you yourself are not willing to exert oneself enough to have that
within those realizations, you figure that all external factors on the issue of your privacy and how you manage your privacy are completely beyond the scope of any valid discussion of the topic: the e
Re: (Score:2)
What people want laws for is so that private institutions (banks, especially) can be punished for letting customers' private information out.
Obviously, there's only so much you can do about lawbreakers being in government, but there's no need for total apathy. Corrupt politicians can be voted out, and bureaucrats can be fired by new politicians if the public makes enough of a stink.
As for laziness, this is why encryption should be installed as standard in operating systems and applications. I'd love it if P
see this is where i have to disagree (Score:2)
"What people want laws for is so that private institutions (banks, especially) can be punished for letting customers' private information out."
if someone else, anyone else, has information about you, it isn't private information anymore, is it?
you've moved the goalpost, redefined the term
what you've described above isn't the notion of privacy at all
not that i think there should be no laws. just that people should understand those laws provide you no real protection, in regard to what you actually consider t
Re: (Score:2)
Ok, well the safekeeping of private information, and the safekeeping of confidential information both fall under the heading of data security.
Since increased data security can only lead to better protection of information, whether it's private or confidential, I am an advocate of strong data security being included as standard in all operating systems and applications.
Is that statement specific enough for you? ;)
yes ;-) (Score:2)
yes ;-)
Re: (Score:1)
> I'd also love it if Ubuntu offered TrueCrypt's functionality in its installation partitioner.
Well, not TrueCrypt but dm-crypt/LUKS is already offered in the "alternative" installer. AFAIK it's supposed to move into the mainstream installer as well (with the next Ubuntu version already)?
Re: (Score:1)
> I'd love it if Pidgin, for example, came with the Off The Record plugin by default.
> Then my IMs could be encrypted with all Pidgin users, and not just the ones
> who bothered to install OTR.
I agree. Unfortunately the Pidgin developers do not:
http://blog.caseyho.com/2009/01/encryption-and-otr-in-pidgin.html [caseyho.com]
Not sure, what exact "usability issues" they have in mind that precludes them from including it (I never had a problem with OTR). Perhaps a more code-willing and -minded person can help Ian Gold
Re: (Score:2)
I read the comments on that blog post you linked. The main issue is when someone is logged in at two places at once. The summary-of-the-summary of what happens is that OTR doesn't know how to handle that case, freaks out, and goes into a near-infinite loop.
Re: (Score:2)
We lose control of letters when we mail them, so by your reasoning we should have no expectation of privacy when we mail a letter.
There is a logical disconnect in your position that simply because it is theoretically possible to breach privacy in electronic communications that there is no privacy. You seem to be saying that just because the government CAN do something it means that it is OK for it to be able to do it. It is possible for the government to employ censors to look through walls to see what you
Someone needs to create anononimity CD! (Score:2)
Re: (Score:2)
But they are older, not supported or very hard to use.
A gui based torbuntu would be very neat.
Someone got to them.... (Score:2)
Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0
Fatal error: Unknown: Failed opening required '/www/ssd.eff.org/docs/index.php' (include_path='.:/usr/local/share/pear') in Unknown on line 0
Black helicopters are hovering over the EFF compund even now...
And, my yesterday comment got modded (Score:1)
-1, Flaimbait by some dumbshit who lacks foresight.
http://slashdot.org/comments.pl?sid=1149507&cid=27074505 [slashdot.org]
The point is about RAGE. PURE, UNADULTERATED.... RAGE that illigetimate spying on people.
Talking about booby-trapping and setting up backdoor detection is about expression of RAGE. Anyone who takes a cursory glance at random samplings of my posts can see that i am reasonably intelligent enough to not ACTUALLY SET an illegal boobytrap of the explosive, burning, dismembering or similar kind.
Now, we h
EFF Launches Surveillance Self-Defense Satellite (Score:1)