Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Communications Encryption Facebook Google Government Privacy Social Networks

Snowden's Tough Advice For Guarding Privacy 210

While urging policy reform as more important than per-person safeguards, Edward Snowden had a few pieces of advice on maintaining online privacy for attendees at Saturday's New Yorker Festival. As reported by TechCrunch, Snowden's ideas for avoiding online intrusions (delivered via video link) sound simple enough, but may not be easy for anyone who relies on Google, Facebook, or Dropbox, since those are three companies he names as ones to drop. A small slice: He also suggested that while Facebook and Google have improved their security, they remain “dangerous services” that people should avoid. (Somewhat amusingly, anyone watching the interview via Google Hangout or YouTube saw a Google logo above Snowden’s face as he said this.) His final piece of advice on this front: Don’t send unencrypted text messages, but instead use services like RedPhone and Silent Circle. Earlier in the interview, Snowden dismissed claims that increased encryption on iOS will hurt crime-fighting efforts. Even with that encryption, he said law enforcement officials can still ask for warrants that will give them complete access to a suspect’s phone, which will include the key to the encrypted data. Plus, companies like Apple, AT&T, and Verizon can be subpoenaed for their data.
This discussion has been archived. No new comments can be posted.

Snowden's Tough Advice For Guarding Privacy

Comments Filter:
  • Don't avoid them (Score:3, Insightful)

    by Anonymous Coward on Saturday October 11, 2014 @10:17PM (#48122305)

    Google and Facebook make our lives easier in many ways. Just understand that what you say is not truly private and use common sense about what you post there.

    • Re: (Score:3, Interesting)

      by Seumas ( 6865 )

      Wait... what?

      Okay, I get how Google makes our lives easier (as far as searching and maps go). I get how CamelCamelCamel telling us where the cheapest thing to buy is and when makes our lives easier. I get how that little thing that helps you find the cheapest local gas station makes our lives easier. I totally get how email does. But Facebook? In what possible way does it even remotely offer any service that makes people's lives easier?!

      • by scum-e-bag ( 211846 ) on Sunday October 12, 2014 @03:45AM (#48122971) Homepage Journal

        But Facebook? In what possible way does it even remotely offer any service that makes people's lives easier?!

        Facebook is arguably an aggregation of some of the best online/telephonic communication mediums ever developed. For the hoi polloi, it's an effective "one stop shop" to communicate with each other.

        • by tqk ( 413719 )

          Facebook is arguably an aggregation of some of the best online/telephonic communication mediums ever developed.

          When you use the word "arguably", it means both sides of the argument may have validity. Are you really going to try to argue that FB ranks *anywhere* near TCP/IP (and tools like SMTP, NNTP, FTP, ...)?

          Kids these days.

      • You see, there are these things called friends. They are other humans we like to interact with. Some of these "friends" no longer live close to us so we like to see pictures of them, their families, and their activities. Facebook allows us to do these things.

        • Some of these "friends" no longer live close to us so we like to see pictures of them, their families, and their activities. Facebook allows us to do these things.

          There were many solution to that problem before Facebook, and there are still many solutions to solve that same problem today.

  • by iamacat ( 583406 ) on Saturday October 11, 2014 @10:42PM (#48122361)

    Of course government can read my e-mail. All they have to be is waterboard me. Or install enough camera in public places to capture my unlock pattern. The question is what we allow the government to do, and in democracy we deserve what we get. No amount of encryption is going to solve this problem. We should have a direct popular vote for a commission of constitutional enforcement and then if majority of them rule that some secret agency is in violation, they will be able to disclose it legally.

    • by Anonymous Coward

      Of course government can read my e-mail. All they have to be is waterboard me.

      But, but, Obama, he promised change, man!</whiny-hippie-greybeard>

    • Of course government can read my e-mail. All they have to be is waterboard me.

      "All they have to do"? Doing that to everyone would take forever. The point is to make sure they have more trouble automatically gathering everyone's emails.

      Or install enough camera in public places to capture my unlock pattern.

      Nice pseudoscience. And this would still be more difficult than what they're doing now.

      There are indeed technical solutions to some social problems.

      • by iamacat ( 583406 )

        Forever? Just round up people based on nationality, participation in a protest or a house of worship. Then carry out waterboarding in public view, giving each person in line a choice to spill the beans or experience waterboarding and then spill the beans. Should take no time at all. Regimes far less wealthy than US have been doing great job keeping tabs on their citizens with good old secret police work rather then tech. Weather we allow that, or Prism, or consequences of no secret surveillance at all is re

    • by itzly ( 3699663 )

      The question is what we allow the government to do

      Or maybe the question is what the government allows you to do. In the US, they won't allow a 3rd party, for starters. And the two remaining parties have a great deal of overlap regarding surveillance.

    • Comment removed based on user account deletion
    • by Livius ( 318358 ) on Sunday October 12, 2014 @07:21AM (#48123251)

      Of course government can read my e-mail. All they have to be is waterboard me.

      Wrong.

      I can't understand why people are so confused about this. It has nothing to do with government needing to resort to extreme measures to get its way.

      All it takes is a warrant. People have been getting warrants for close to a thousand years. Getting a warrant is not hard. Getting a warrant is a routine part of professional law enforcement. Nowadays getting the warrant is actually easier than all the theatrics they're doing instead. All these efforts to circumvent constitution guarantees (in multiple countries) are about making the political statement that the government is above the law. It is intimidation with no constructive purpose. Citizens are worse off not just because it violates their rights, but also because it encourages sloppy police work.

    • Of course government can read my e-mail. All they have to be is waterboard me. Or install enough camera in public places to capture my unlock pattern. The question is what we allow the government to do, and in democracy we deserve what we get. No amount of encryption is going to solve this problem. We should have a direct popular vote for a commission of constitutional enforcement and then if majority of them rule that some secret agency is in violation, they will be able to disclose it legally.

      After a mental debate about the pros and cons of NSA surveillance, I have reached some conclusions.
      With total secured data and transmissions, businesses have the confidence that what is private to them remains so.
      With total secured data and transmissions, criminals have the confidence that what is private to them remains so.
      With total secured data and transmissions, NSA have the confidence that what is private to them remains so.
      With total secured data and transmissions, terrorists have the confidence that

  • by Opportunist ( 166417 ) on Saturday October 11, 2014 @10:46PM (#48122379)

    Simply avoiding Facebook, Google and the rest isn't going to serve much. Because that makes you stand out, too. Use them. Fill them with enough goody-two-shoes garbage that you're uninteresting enough. Invent some innocent hobby or two for you to have so you can fill that page with something. Invite friends (whoever you run across will do, just make sure that they're not in some way "odd").

    The important bit is just to keep your real life apart from your official one. And yes, before you ask, your work belongs on the "official" side. Along with your official family and everything else that can easily be connected to you with existing data. Don't try to hide what can be proven to belong to you.

    And yes, 10 years ago I would have agreed that doing something like this means your tinfoil hat is sitting too tight. Today, I ain't so sure anymore...

    • Comment removed based on user account deletion
      • People have always been suspicious of people who were different. And people have always had to keep some things secret from their neighbors.

        Despite all the beating of chests, I think we are probably better off today than ever before. Many things people used to be able to blackmail you with (homosexuality, extramarital affairs, illegitimate children, bankruptcy, atheism, whatever), people don't give a f*ck about anymore. Furthermore, none of the NSA or CIA bullshit is new, but finally, people are finding out

    • by rtb61 ( 674572 )

      The abandoning privacy argument. If you believe the government already consider you very suspect better that they can find out everything about you, which is nothing and make it easy for them. Rather than protecting your privacy and making it very difficult for them, so they end up wildly overreacting and place you in the life threatening situation of a search warrant swat team.

      The catch with that, is they want to believe. They will believe that all the information they easily find about you is fake and

    • This is an interesting premise, especially for I.T. workers. For everyone else, there's enough computer illiteracy and lack of access, (and apathy) that such a diversion isn't necessary. I think you can also draw a sort of curve, given to the age of people and what is expected of them in terms of computer literacy. That age curve also provides a relative form of plausible deniability. But IT workers are screwed in this way.

      • Especially if you're an IT worker in the area of security. You needn't wonder if there is a file about you. There near certainly is. You're after all potentially dangerous, you know how "it" works.

    • Isn't it incredulously absurd that engaging in this spy-game double life nonsense has actually become a completely rational behavior?

      Fer crissake I just wanna live my life with a reasonable expectation of privacy.

  • gpg (Score:5, Informative)

    by mrflash818 ( 226638 ) on Saturday October 11, 2014 @10:56PM (#48122413) Homepage Journal

    gpg, when you can.

    To encrypt, but have the encrypted output be encoded as text (so can be put copy/paste into an email)
    gpg --symmetric --cipher-algo AES256 --armor example.txt

    (gpg will then ask for a passphrase, make it long, as random as possible, upper and lower case, a punctuation, and a number)

    TO DECRYPT
    gpg example.txt.gpg

    Steve Gibson has a very cool Internet resource for helping people learn about password strength: https://www.grc.com/haystack.h... [grc.com]

    Per the haystack page:

    Example passphrase = search space size

    64characters of hex = 4.13 x 10^99

    63characters of hex, plus adding a punctuation symbol = 4.93 x 10^117

    62characters of hex, plus adding a punctuation symbol, plus adding an upper case letter = 3.79 x 10^126

    • by tqk ( 413719 )

      62characters of hex, plus adding a punctuation symbol, plus adding an upper case letter = 3.79 x 10^126

      Nice. However, the devil's in the details. We're often told that strength of the algo won't out anyone. Social engineering or stuff we haven't considered will, and the latter's complicated. My key mentions an ISP (email addy) I haven't used in a couple of decades. How to fix? Revoke old key then release a new one. Er, how, exactly?

      If this's non-simple for a geek like me, how's my (late) mom going to handle it?

      • Re:gpg (Score:4, Informative)

        by CronoCloud ( 590650 ) <cronocloudauron&gmail,com> on Sunday October 12, 2014 @09:29AM (#48123649)

        My key mentions an ISP (email addy) I haven't used in a couple of decades. How to fix? Revoke old key then release a new one. Er, how, exactly?

        Via some quick googling:

        Generate the revoke certificate (you can keep this stored until you need it)


          gpg --output revoke.asc --gen-revoke KEYID

        Import the revoke certificate when you want to revoke the key.


        gpg --import revoke.asc

        Send the updated pubkey to the keyservers.


        gpg --keyserver KEYSERVER_ADDRESS --send-keys KEYID

    • by antdude ( 79039 )

      Tell that to computer illiterates who don't know command lines. ;)

      • You can use gpg without command lines. In fact I created my key using "GPA" (Gnu Privacy Assistant), because I couldn't get enough entropy on the command line for some reason.

    • To encrypt, but have the encrypted output be encoded as text (so can be put copy/paste into an email)
      gpg --symmetric --cipher-algo AES256 --armor example.txt

      There's no need to go to the command line to encrypt an e-mail. Just use a proper e-mail client that supports GPG/MIME.

  • Um, so what was the encryption for again?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Mainly to make the authorities go through the front door, you know, as the constitution says they should.

      They hate having to follow that old rag's commandments though.

  • by Anonymous Coward

    Keep your communications limited.
    Only talk to people you need to talk to.
    PGP, Encrypt, Key-pass, everything, I mean everything.
    Hide it all from any networked service

    Once a security hack that worked for his former employer, my take away from his recommendations are:
    a. hide your cash in your mattress--then again cash has serial numbers (even bitcoin sort of...). Convert to gold.
    b. put on your tin foil hat.
    c. don't talk to anyone.

    BUT what he's doesn't realize is... if you want to be apart of any society:
    a. Com

  • stupid (Score:4, Insightful)

    by Anonymous Coward on Sunday October 12, 2014 @01:03AM (#48122705)

    His advice is so stupid that I'm really beginning to wonder whether he is still working for the NSA. It's not only inconvenient, it actually puts you at a greater risk.

    Computer security is really not that different from physical security: locking up everything from everybody is a lot of work, inconvenient, and expensive.

    For most things, Google and Facebook are perfectly fine. Hysterical avoidance of them is not only inconvenient, but switching to supposedly more secure services will either make you appear suspicious, or you may simply be running into the open arms of some intelligence service that is using those services as a front.

    Information you don't want to fall into the hands of criminals, you should encrypt; online storage may be fine for some if you are good about encryption and it's not that critical. For really critical information, use local USB drives or paper.

    Is there information you don't want to fall into the hands of government? Yes, even if you are law-abiding. You want to avoid being a false positive on some witch hunt for terrorists or drug offenders, and you don't want to give corrupt prosecutors the ability to blackmail or pressure you into admitting things you didn't do. So, keep your Magic Pony gay porn collection off the Internet and encrypt it, keep your medical information on paper, and purchase your fertilizer and cold medication with cash when you can.

  • Everyone seems to be collecting data even /.. :(

  • by HnT ( 306652 ) on Sunday October 12, 2014 @06:41AM (#48123173)

    Is this where "the man" dangles a puppet in front of your eyes so you forget about everything else? Say I never used facebook, dropbox and google and steer clear. Now "they" only have phones, credit cards, bank statements, anything I get shipped, plane stubs, hotel reservations, car license plates, cell- and/or smartphones and a bazillion other things to know exactly what I ate last Tuesday and to violate my privacy which, judging by the attention wh**ing online, nobody cares all that much about anyway it seems.

    • Spot on. Social apps are the least of the problems.

      Add in databases of criminal records, medical records, etc, etc.

      As people are wont to say about the TSA, dropping out of social media is just security theater.

  • Given that I don't use two of those services, and occasionally use the other, that advice is not that tough.

You know you've landed gear-up when it takes full power to taxi.

Working...