Urban75 Home About Offline BrixtonBuzz Contact

US and UK spy agencies defeat privacy and security on the internet (the Snowden files)

Well it is kinda of what their supposed to do? Break codes and shit like that?
We can only hope their pointed at bad guys and not everyone.
 
Basically, it appears that everything you use has a "backdoor" built into it - routers, software, operating systems, the fibre optic cables carrying data... everything, just to make as easy as possible for the The Man to hoover up data, because, y'know, just in case you decide to GO BAD! ;)
 
If they really have arranged for backdoor access to HTTPS and VPNs etc then a huge concern is other people getting access to those backdoors, e.g. the Russian mob.
 
I think if you start encrypting your communications you are likely to be flagged up as someone suspicious.

Better perhaps to not worry, put a lot of ordinary email traffic online and not worry, your mundane normality will probably be lost in the mass of ordinary data out there.

Of course if you really had something to hide, if you were a terrorist or something unfortunately I am sure there are ways to communicate without leaving any electronic trail.
 
seen a report there theres a british firm selling a bug that infects the servers , that then infects anyone whos traffic goes through the servers
 
weltweit said:
I think if you start encrypting your communications you are likely to be flagged up as someone suspicious.
Click to expand...
As has been said before everyone should encrypt. It isn't the states business to be listening in on private conversations.
weltweit said:
Better perhaps to not worry, put a lot of ordinary email traffic online and not worry, your mundane normality will probably be lost in the mass of ordinary data out there.

Of course if you really had something to hide, if you were a terrorist or something unfortunately I am sure there are ways to communicate without leaving any electronic trail.
Click to expand...
Privacy worldwide. They're snooping and prying.
 
yield said:
As has been said before everyone should encrypt. It isn't the states business to be listening in on private conversations.
Click to expand...
Well there would have to be a mass movement, and the encryption would have to work otherwise there would be no point. No one that I know has ever tried to encrypt a communication with me. And I did once do business with a security sensitive client who themselves were happy to use normal email, much to my surprise.
yield said:
Privacy worldwide. They're snooping and prying.
Click to expand...
And yet more and more people are sharing more and more details of their lives in the most public places, like facebook and twitter.
 
pinkychukkles said:
Basically, it appears that everything you use has a "backdoor" built into it - routers, software, operating systems, the fibre optic cables carrying data... everything, just to make as easy as possible for the The Man to hoover up data, because, y'know, just in case you decide to GO BAD! ;)
Click to expand...

No, only commercial software. Use open source and you're good.

weltweit said:
I think if you start encrypting your communications you are likely to be flagged up as someone suspicious.

Better perhaps to not worry, put a lot of ordinary email traffic online and not worry, your mundane normality will probably be lost in the mass of ordinary data out there.

Of course if you really had something to hide, if you were a terrorist or something unfortunately I am sure there are ways to communicate without leaving any electronic trail.
Click to expand...

You cannot be "lost in mundanity". There is not a person sat reading your emails. There are sophisticated sorting algorythms which are looking for codewords and triggers and whatever else. "OK, don't use those codewords and you have nothing to fear", you might say. Except they use a system where if someone you know, knows someone else who is dodgy, you're getting your shit looked at.

This is why you should be using encryption. The myth of "nothing to hide, nothing to fear" has long been known to be bollocks, but now you have proof.
 
weltweit said:
Well there would have to be a mass movement, and the encryption would have to work otherwise there would be no point. No one that I know has ever tried to encrypt a communication with me. And I did once do business with a security sensitive client who themselves were happy to use normal email, much to my surprise.

And yet more and more people are sharing more and more details of their lives in the most public places, like facebook and twitter.
Click to expand...

This isn't just emails. They're talking about banking, and so on. You use HTTPS and SSL all the time. The security agencies can now decrypt that and see what you're doing. Sending money to a friend who has once received a spam email from someone on the NSA watchlist? Welcome to getting your shit spied on.
 
Fez909 said:
... This is why you should be using encryption. The myth of "nothing to hide, nothing to fear" has long been known to be bollocks, but now you have proof.
Click to expand...

But my private and business life is dull, boring, normal and innocent. And as I mentioned above I have not once been asked to encrypt anything, by anyone.

There would have to be a massive change in online habits before people would even encrypt 10% of online activity, let alone a majority.

People just don't care it seems to me.

Sure I would prefer to have privacy. But will it even be possible?
 
Fez909 said:
This isn't just emails. They're talking about banking, and so on. You use HTTPS and SSL all the time. The security agencies can now decrypt that and see what you're doing. Sending money to a friend who has once received a spam email from someone on the NSA watchlist? Welcome to getting your shit spied on.
Click to expand...

I will never do online banking.
I am not that trusting in the internet in general.
 
weltweit said:
But my private and business life is dull, boring, normal and innocent. And as I mentioned above I have not once been asked to encrypt anything, by anyone.

There would have to be a massive change in online habits before people would even encrypt 10% of online activity, let alone a majority.

People just don't care it seems to me.

Sure I would prefer to have privacy. But will it even be possible?
Click to expand...

You have been asked to encrypt stuff. Your bank would not let you use their online banking system unless you used an encrypted connection. People use encryption ALL the time.

edit: just seen you don't use online banking. Fair enough.

Do you use Amazon?
 
Fez909 said:
you know when you log in, there's a padlock, and the address changes to https? that's you using encryption.
Click to expand...
Yes, I know about https, I use it often when buying from ecommerce sites.

And people want to see it when entering credit card details.

But I don't think they think .... aha I am using encryption and I could encrypt everything. I honestly don't think they care about run of the mill stuff. That is the issue.
 
the way for ordinary non dodgy people to look at this properly...i reckon anyway...is that right now you live in a western democracy, not an authoritarian police state . But all around you there is an apparatus being built that could turn into one overnight if someone took a decision. That could occur from some political event, a financial crash , a natural disaster or a combination of them . Its then that even knowing someone could be very dangerous. You dont know what things might be like when your kids grow up. So it makes sense to start taking steps to protect your privacy, and encourage your kids to do the same. Think not of it in the atomised sense of just yourself but as an act that will help your society and your future as a whole if everyone does it.
 
weltweit said:
Yes, I know about https, I use it often when buying from ecommerce sites.

And people want to see it when entering credit card details.

But I don't think they think .... aha I am using encryption and I could encrypt everything. I honestly don't think they care about run of the mill stuff. That is the issue.
Click to expand...

Casually Red has it spot on there. Attitudes like yours here make it easier for things like this to occur.

Also, on top of the government, there are 1000s of hackers around the world who would love to be able to crack SSL, HTTPS etc. According to the article there are nearly 1,000,000 in the USA alone with top secret access. What's to say one of them doesn't go 'rogue' and sell the keys to the encryption to the highest bidder? Then you're fucked. They can do whatever they want.
 
OK Fez909 you seem keen on encryption. In theory I am also I like privacy, hence my using a pseudonym on here and elsewhere.

How much of your internet traffic, browsing, trading, emailing etc in the last 12 months has been encrypted? What proportion of your emails for example are encrypted?

I think if you are pushing this line, which is quite acceptable btw, you do have to walk the walk!

:)
 
weltweit said:
OK Fez909 you seem keen on encryption. In theory I am also I like privacy, hence my using a pseudonym on here and elsewhere.

How much of your internet traffic, browsing, trading, emailing etc in the last 12 months has been encrypted? What proportion of your emails for example are encrypted?

I think if you are pushing this line, which is quite acceptable btw, you do have to walk the walk!

:)
Click to expand...

I use a FireFox add-on called HTTPS Everywhere which enables a secure connection if there is a choice for it. I use the Tor browser which is anonymous, but is unsuitable for things where you need to login. I have been looking into I2P as a potential alternative for Tor, and have been investigating mesh networks.

I have been trying to think of ways to avoid communications being intercepted and links being made and I actually thought I had invented a decentralised, anonymous, encrypted messaging service the other day. I even wrote out the spec how it would work and was just about to post it to some tech forums for advice/potential pitfalls, but then I came up with a name for it "BitMessage" and thought I'd best Google to make sure no one had nicked the name. Turns out they had and the thing I'd 'invented' was the same thing they were building.

So yeah, I walk the walk. I think about stuff like this all the time.
 
or just take what happened to Glenn Greenwalds boyfreind as an example . One minute hes an ordinary punter, the next hes in some serious schtuck with some serious people . Journalists and their partners are being accused of terrorism now. Presidents planes are being denied landing and demands made to search them. What would that gay guys experience have been like in a society thats just a few degrees nastier, and maybe you were his mate and they thought you had something.

Its not a huge leap and things are going in that direction..millimetre by millimetre but as their power to do stuff grows so does their audacity . Who would have believed in the mid 90s that if you tossed a fag butt in the street a voice would shout out of a camera at you, in a small town . Its the norm now . Basically the apparatus for a police state is there and all thats mssing is the full political will to utilise the logical applications of it .
 
I may be out of date but my understanding is that banks and other such "secure" encryption is done by multiplying two random large(ish) prime numbers and doing other things with the resulting number, I heard cracking that code is akin to trying to unscramble scrambled eggs (at the moment, but things will change).

The best tool for the old bill nowadays is nicking people with mobile phones and getting hold of peoples computers. The best tool for the security services is to store as much internet traffic as they can and data mine it at there leisure.

That's life for computer users in the 21st century
 
Assume anything connected to the net is compromised permanently.

Don't trust any single source of entropy.

Expect long keys, and change them regularly.

Store private data offline, with decryption and encryption done the other side of an air gap, on a computer with a clean verified install of e.g. Debian.

Never connect that computer to a network again.
 
rich! said:
Assume anything connected to the net is compromised permanently.

Don't trust any single source of entropy.

Expect long keys, and change them regularly.

Store private data offline, with decryption and encryption done the other side of an air gap, on a computer with a clean verified install of e.g. Debian.

Never connect that computer to a network again.
Click to expand...

That's totally impractical, though, isn't it?

We need to increase the use of encryption, but if that's how it looks then no wonder people are turned off the idea.

It has to be easy. Invisible, almost. People have gotten used to convenience. They won't accept that^.

But if we can get more people taking this sort of stuff at least a little bit seriously, then resources will be directed towards it and we will have strong encryption that doesn't require turning back the usability clock 20 years.
 
rich! said:
Hence Schneider's plea for engineers to go fix the net.

http://gu.com/p/3tgph
Click to expand...

It's already happening. But people aren't using it.

I2P is a promising technology but there aren't enough users. BitMessage which I mentioned earlier sounds like a good idea. People are building the tools but we need to educate the users.
 
You must log in or register to reply here.

Similar threads

littlebabyjesus
The internet in China
Replies
15
Views
576
skyscraper101
skyscraper101
Protag
Mearsheimer on why the US is in trouble
2 3 4 5
Replies
129
Views
5K
Leighsw2
Leighsw2
Bingoman
Vehicle explodes on US Canadian border
2
Replies
52
Views
2K
kenny g
kenny g
PTK
  • Poll
Do You Agree that the USA should Reduce its Military Expenditure and Close its Overseas Bases?
2 3
Replies
82
Views
3K
likesfish
likesfish
PTK
Afghanistan: UK special forces 'killed 9 people in their beds'
Replies
24
Views
1K
Silas Loom
Silas Loom
Back
Top Bottom