Why the NSA Piggybacks On Consumer Tracking

An anonymous reader writes "'Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There's no central system for identifying or locating individuals, so it's hard to keep track of who is online and what they're up to. What's a spy agency to do?' In a Slate op-ed, Ed Felten explains how consumer tracking makes the NSA's job much easier. Felten was the first-ever Chief Technologist at the Federal Trade Commission, serving as the agency's lead technical expert on privacy issues. Now back in academia, he argues that the NSA gets a 'free ride on the private sector,' from distinguishing users, to pinpointing geolocation, to slurping up network traffic."

What else can you do?

[auric_dude]

Requestpolicy, Noscript & Lightbeam are all Mozilla Firefox addons may well give you a hint of commercial snooping but what other measures can you take to keep your browsing habits and data safe from the eyes of others?

Re:What else can you do?

[AndroSyn]

Encrypt everything, make life as difficult as possible for those who would snoop your traffic. You mention Firefox plugins, perhaps you should also be using the HTTPS Everywhere plugin: https://www.eff.org/https-everywhere [eff.org]

Also make sure you are using the SSL Observatory function, this should at least help prevent MITM type attacks against you.

Re:What else can you do?

[erikkemperman]

Or just ignore the whole thing and let them spy on the TERRORISTS that they are actually looking for.

Can't tell if you're being serious, but in case you are: No, the problem here is overreach and feature creep. They are applying their rules for dealing with terrists (essentially none) to the population in general and foreign heads of state in particular.

I don't expect that ignoring the whole thing is a strategy which is likely to limit their ambitions, at all.

Re:

[davester666]

They don't feel bad about it because anybody could be a terrorist, therefore everybody must be monitored.

Re:What else can you do?

[flyingfsck]

Browse with TOR whenever possible and restart the TOR session frequently.

Re:

[AndroSyn]

I'd consider TOR exit nodes to be fully monitored, so obviously you'd want to take all of the steps above as well, when browsing over TOR.

Re:

[mcgrew]

All those techniques are fine for stopping them from spying on me, but their spying on me isn't the problem. They have nothing to gain by spying on me. The problem is that they're spying on everyone, and that's what needs to stop.

Firefox should build in those addons.

[Anonymous Coward]

I'm always amazed at how the Firefox crew manages to fuck up their browser's UI more and more with each release, includes unnecessary crap like a slow-as-fuck PDF reader, remove the easy-to-access preferences option for disabling JavaScript, and wastes time with asm.js, while simultaneously not including by default useful functionality like that offered by those addons.

The functionality offered by those addons you listed, and others like HTTPS Everywhere and Ghostery, should be included by default. Make use

Re:What else can you do?

[mrchaotica]

A post in a thread a few days ago gave a good list. (I'd link back to it, but I can't find it.)

• RequestPolicy
• NoScript
• RefControl
• Ghostery
• HTTPS-Everywhere
• BetterPrivacy
• Cookie Monster

I didn't list Lightbeam because while it is good at visualizing tracking, it doesn't actually stop it.

I also currently use

• AdBlock Plus
• Self-Destructing Cookies
• DuckDuckGo search provider

I'm also looking into running a YaCy [yacy.net] server so that I don't depend on centralized (and therefore inherently trackable, even if some say they don't) search engines at all.

Re:What else can you do?

[Jah-Wren Ryel]

You can also play games with your browser sessions. Both firefox and chrome support multiple browser sessions running simultaneously. I have one just for google searches, another just for youtube, another just for banking, etc. That keeps your cookies and other fingerprinting information like extensions, browser history, etc unique to each task.

If you run firefox with these arguments it starts up with a picker that lets you choose which profile to run:

firefox --ProfileManager --no-remote

I give each profile a different theme and change the titlebar to start with a prefix (like "GOOGLE: xxx" or "BANK: xxx") with the customize_titlebar add-on [mozilla.org] to make it easy to visually distinguish between different sessions.

I also use the user-agent switcher extension to give each browser session a different user-agent. I usually set them to say the OS is Windows (I'm on linux) to blend in better with all the other Windows users and then each one is set to report a slightly different version of firefox (like 25.0 or 25..0.1 or 24.0 etc).

It is not just about hiding yourself it is about polluting their databases. Switching the user-agent isn't 100% -- some javascript can figure out the browser version via other means. But it is low-hanging fruit because the user-agent gets transmitted with every single http request your browser makes, so anyone passively sniffing the wire will get whatever you set it to.

https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ [mozilla.org]

There is a similar add-on for chrome by a different author, haven't used it myself:
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg?hl=en-US [google.com]

For firefox you have to make an additional change in about:config in order to have your user agent stick permanently because java gets confused on startup if it is spoofed. Create a new preference 'useragentswitcher.reset.onclose' and set it to false.

Re:

[mrchaotica]

Maybe we need an extension that sets your user-agent to whatever is at the top of a list like this [willshouse.com].

Re:

[Jah-Wren Ryel]

I've been looking for a list like that. Too bad its only from that particular blog so the sample size is too small.

Re:

[StripedCow]

That's all great for in the browser.

In real life, I often ask random people on the subway to swap discount, club and rewards cards with me.

How effective are these?

[Toe, The]

Opinions on each of these, slashdotters?

AdBlock (or cat block) with EasyPrivacy
DoNotTrack
The no-tracking bit on web browsers
Denying 3rd party cookies
Denying traffic on ports other than 80/2083
Not using Google services (I mean c'mon people)
Allegedly private search engines like ixquick
Not using or logging out of social media
Proxy servers (but how do you know if a proxy is run by the NSA?)

Oops, meant 443

[Toe, The]

I meant port 443, not 2083.
(Guess I use cPanel a lot.)

In _no_ way am I supporting the NSA

[ubrgeek]

But to say it "gets a 'free ride on the private sector'" ignores the fact that the reverse is (possibly) even more the case. We paid for the Internet and did so with the expectation that we would receive and keep certain rights. Instead, Verizon, Comcast and their ilk do everything in their power to clamp down on Internet access and usage either directly (through their greed) or by worming their way back and forth into and out of lobbyist and politically appointed government positions. Add to that the MPAA

Re:

[mrchaotica]

DARPA built the Internet, and is funded by taxpayers.

Re:

[ganjadude]

santa IS a white guy. He is St Nicholas, he was from turkey, and yes, he is white. Deal with it

Re:

[drinkypoo]

santa IS a white guy. He is St Nicholas, he was from turkey, and yes, he is white. Deal with it

Here are your search terms: siberian. mushroom. shaman. In case your google-fu is weak, which is clearly the case if you're still spouting that bullshit, no. [inhabitat.com]

Re:

[ganjadude]

Why would I go to a "green building and living" website to get my history on st nicholas??

Re:

[drinkypoo]

Why would I go to a "green building and living" website to get my history on st nicholas??

Logical fallacies are the best you can do, huh? Not surprised.

Re:

[CheezburgerBrown .]

That shit website cites 0 sources for the information.

I will assume it came from the imagination of the submitter.

Re:

[ganjadude]

drinky, you cannot argue the fact that st nick was white, santa IS st nick, therefore santa IS white

Re:

[kimvette]

http://en.wikipedia.org/wiki/ARPANET [wikipedia.org]

The Internet "evolved" from ARPANET, which was funded and built by the US - primarily the DoD in partnership with some universities. It forked into separate military and civilian networks, and the remains of ARPANET eventually became transformed into the Internet and become more widely available. The birth of the Internet is really the introduction of TCP/IP into ARPANET, which was in 1982-1983.

http://en.wikipedia.org/wiki/Internet [wikipedia.org]

So the original infrastructure and develo

Re:

[TubeSteak]

Tor is mostly funded by taxpayers as well (through the State Department)
http://en.wikipedia.org/wiki/Tor_(anonymity_network)#History [wikipedia.org]

Article says they retain for a year

[Toe, The]

I never understand claims like that. Do you know how incredibly cheap storage is? Now what if you had government-sized money. How hard would it be to store all data forever?

Even if it is exabytes. Who cares? They don't sound like the kind of people to let stuff go just to save a few bucks. And to them, it really is just a few bucks.

Re:

[mrchaotica]

Not to mention, given the exponential growth rate of the Internet's data, if you have the capacity to store data for year N (this year), then storing the data for year N-1...N-N (all years from the beginning to last year) is trivial.

ISP routers

[gmuslera]

Even ISP routers are being used to get in our private networks, our VPN and even our Tor connections. In NSA/GCHQ sources and methods uncovered [politaia.org] there are some suggestions to improve things a bit.

because it's more data

[Gravis Zero]

it doesnt matter who made it or how much information it gathers. if it provides more information, they are going to use it. it's just like how microsoft copies google search results via Internet Explorer search bar to put into Bing. is it an asshole move, yeah. are they still going to do it even though they have been caught, yeah.

why is this even a question?

Re:

[Trepidity]

Yeah, the concise answer to the question is, "because the data is there, and they can get it".

Intelligence agencies piggy-backing on private-sector tracking is nothing new, either. Some of the earlier U.S. 4th-amendment cases came out of intelligence agencies getting access to people's telephone records. They also get information from banks, credit-card companies, and all sorts of other such compilers of private dossiers. If they want, they can probably get access to what food you eat, too, thanks to superm

: How I Learned to Stop Worrying and Love Google

[Erik Bird]

A recent foia request by propublica for emails between NSA employees and employees of the National Geographic Channel over a time period that the TV station had aired a friendly documentary on the NSA resulted in the following response from the NSA (the supercomputing powerhouse) "There's no central method to search an email at this time with the way our records are set up, unfortunately.... [the system is] a little antiquated and archaic." A former employee of the department of labor statistics said that t

Spying on citizens is illegal

[BringsApples]

Murdering in America is tricky. The streets are packed with concerned citizens, some of which are armed, and there's local police to avoid. There's no central system for murdering or stowing dead individuals, so it's hard to keep track of who been murdered and where their dead body is. What's a murder to do?

There, that puts it into perspective. I wonder how many goddamned NSA stories slashdot is going to pump into today's atmosphere.

Re:

[Anonymous Coward]

I wonder how many goddamned NSA stories slashdot is going to pump into today's atmosphere.

I hope many more and it continues until every secret Snowden stole is made public.

We and the rest of the World NEED to see how our our government and theirs has been lying, cheating, breaking the law (arguable since the PATRIOT has made some of this shit legal thanks to our ignorant asshole corrupt Congress and Senate), and let the World know that you cannot be complacent when it comes to Freedom.

All of us need to hold our politicians' feet to the fire and stop being distracted by false fights for freedom (

Re:

[BringsApples]

Ok, then release it mother fucker, stop spooling it out. But it's as if our house (America itself), was once great, all the rooms were furnished, the walls were painted, and then one day we went into a room where vandals had spray-painted "Eat shit and die faggot/religious/artist/loner/politician/armed forces/nigger/honkey/old/young Americans!" We were shocked! And we quickly made plans to repaint the wall. So we went out and bought paint, and were all cheering each other on ready. But when we got home

Re:

[ganjadude]

the problem is if he just dumps it all at once, a LOT will be overlooked as the media can only grasp a few things to report on at a time. by trickling it out slowly, we ensure that it stays in the media for a longer period of time, and as such keeps the people interested in it as well. while I would personally love to see it all at once and browse everything he has, I understand that this method is better in the current climate

Re:

[BringsApples]

Why? What other news would you like spooled to you, in little bite-sized chunks? You just go to the police and tell them that you saw a crime and you will let them know small details as you see fit, let me know how it goes. bullshit, all of it. I'll spool-feed bait on a hook to the lake for fish, and that's what I feel is being done with (queue the deep movie-trailer voice) 'THE SNOWDEN LEAK'.

And what "current climate" are we talking about here? I demand to know what illegal activity my countrymen a

Re:

[ganjadude]

Im talking about the fact that most people have the attention span of a gnat these days, If it all came out at once, it would be forgotten as quickly as that other thing that happened a few months ago, you know the one with the guy and and the gun? yeah that one

Re:

[BringsApples]

I know what you mean, most people have the attention span of a gnat, and that's due to the reasoning (that they see) behind 'why to store info' in the first place. We could debate this all day, with no good becoming of it. I think that the news itself in all it's totality is better than little pieces that are controlled by few, where you are apparently compiling a list of stuff so that one day you will see the whole story. I just have to ask, once you do see the whole story, what's your plan; what are yo

Re:

[khallow]

Ok, then release it mother fucker, stop spooling it out.

You don't get the game. As ganjadude noted, it makes more of an impression dribbled out over time rather than dumped at once. Second, the involved reporters are milking this story for what it's worth. Obviously, you'd rather have it all now, but that's not in their interests to do so.

Third, part of the story is the duplicitous official responses to it. For example, the Obama administration was caught in several lies early on. And they occasionally still get caught telling a humdinger (such as Obama assur

Re:

[robsku]

Indeed - and had the whole thing been released at once it would now be ancient history for most people, who wouldn't even know but a small part of the whole thing.

Sure, people like me for example would know and remember the whole thing and never forget - however as most people would not it would server more as source of frustration seeing people *not* know/care about the whole thing.

Obviously this way it's better.

Two words:

[inode_buddha]

Two words: plausible deniability

Tricky?

[MobSwatter]

What could be "Tricky" about forcing security and encryption standards to include back doors? It is a bit disheartening that they cheated, I thought these guys were the best and the brightest when it came to hacking, I never included social engineering to actually part of that.

In fact Google and the NSA are

[Mister Liberty]

... forming a great partnership. I for one do not doublt one minute that either money, or services, or data (meta or otherwise [there is no 'metadata-as-opposed-to-real' data) has gone from NSA to Google. Truth will out.