Skip to main content

First, I mean no insult to another diary posted (and now recommended) regarding concerns with your private data on the internet, the NSA, etc.  However, the root philosophy of this seems to be a bit of a combination of Tin Foil hat and a failure to understand basic internet technologies.

Let's start here:  do you use Windows?  Or an Apple operating system on your computer?  You're hosed.  The NSA owns you.  They own every thought, all your dreams and aspirations.  They own your relatives, your friends, every plan you've ever made and how it turned out, every word you've ever written, every dime you've spent.  If they want to be inside your computer watching what you do in real time... yeah:  they can do that too, if they want to.  But maybe posting with a fake user name on a non-threatening site like DKos... maybe you're flying totally under their radar?  Mmmph.  You are owned.
There are several significant problems with this statement.   First, what operating system you use has almost no impact (at all) on the ability to track and follow a user if so desired.  Your internet traffic, once it leaves your PC, is no longer "in your control".  It now must (MUST) go through your ISP's gateway/proxy and routers.   Many ISPs to provide higher bandwidth use complex data-caching technologies which also log this information.  Second, screen-level monitoring services - software like Spector (http://www.spectorsoft.com/) are bandwidth heavy, and their is simply NO way this can be done over the internet in the massive paranoid volume discussed here.  Other live time software (like TeamViewer, GoToMyPC, LogMeIn, and even thin options like VNC/RDP) also require network initiation, traffic, etc. that simply isn't managable on a massive scale.. and they would require localized installs (not at all viable)

You do not have access to these servers; you cannot go and wipe your traffic off of them, what OS you run is meaningless.   This is the nature of a TCP/IP Network.

First, let me say, I feel it would be somewhat insulting for me to try to explain "what is a gateway".   Or "what is a proxy".   I feel as  though if I really get into those issues - which I can if asked - it might be fairly insulting.

Therefore, I will offer only a basic description, which should be enough for those who don't understand without insulting them.

A gateway:  Is the node or router on a network.   If you use a cable modem router (wifi, etc.) this acts as a gateway for your network, turning your public IP address, provided by your ISP, into a set of private addresses.   These addresses are generally class-B (192.168.x.x, 10.x.x.x, 172.16.x.x as examples) which do not exist elsewhere on the internet.  They may also route IPv6, but would look more like fdfe:dcba:9876:ffff::/64.  

A proxy is an external source which organizes traffic and caches data; operating much like a NAT (the simple translation most routers provide), it is often used to do a combination of: filtering/blocking, anti-virus, anti-malware, caching.   This is used in many private organizations, and transparently, proxies are a heavy portion of the networks as provided by Time Warner, Comcast, Verizon, etc. in order to minimize traffic.  

Before we get too concerned about how the government can intercept and manage your traffic, and whether or not your OS is "owned" we have to get an idea of what the government is doing.

The government is not installing spyware software on your PC.   Not only would this be inefficient - easily disposed of on any re-install, and not reliable, it would also be an infinite amount of work.  Maintaining such practices on multiple platforms would be an outrageous use of man hours... especially considering that it is much easier to access your ISP's proxy/gateway, and simply get retaining logs of your activity anyway... which takes almost nothing and is a low cost affair.

Second, a large group of people use email services beyond their PC:  Yahoo.Com, Gmail.Com, Outlook.Com, etc. or they are emailing someone who is on one of those systems, which breaks this up.   There is no need to hack you or to hack them, if it's all in a central repository.. why would the government even bother?

The philosophy of most network administrators is: work smart, not hard.   Network administrators who work hard - that is, they are constantly working a near 24 hour a day schedule are either drastically overworked because the ratio of users to admins is wrong OR they are working hard.  

The US government is many things, but working hard on IT has never been something the government does well, and they definitely aren't throwing waves of human bodies at cracking every home firewall, gateway device and operating systems.. too intensive.  

So, the question for people who are concerned about their privacy is: "what do I do!?! If they just get access to the ISP's gateway, I can't do anything about that!?!?"

Well, first, you need to remember the needle in a haystack rule: while I, too, am concerned about my online privacy, there is such a mountain of information filtered every day that the amount of it is beyond quick assessment by any current technology, no matter how big your server farm is.  Google couldn't make a dent in global network traffic to assess it, even if they tried.. terabytes of data are transmitted every SECOND.  

If you are amazingly concerned, there are quick messaging technologies out there; but for the most part, you are spending a lot of time with something that has little to no benefit.. if you use one, the moment you trade a message with someone on a public interface like any of the major messaging services, your entire "safety" net is blown apart; the message you sent, plus the one sent back to you are archived on the other end.

If you are truly terrified the government is coming to get you, or afraid your ISP might give you trouble because you are going to all of those live porn shows or online overthrow the government rallies.. if it's http (web) traffic, you can employ an anomizing VPN service of your own - many are hosted outside of the US which use OpenVPN.   VPN is an encryption technology which prevents your ISP from having logs (footprints) of your traffic.   VPN as a technology is VERY difficult to intercept, and as a result, it makes following you much more difficult.

Frankly, most individuals should be far more concerned about virus outbreaks, malware attacks, etc. which pose immediate danger to their finances, data, etc.   They also can act as serious security breaches by providing the wrong people access to your credit information and personal data.    To avoid those issues, the basics are always smart:

A decent home firewall.   The cheapest isn't always the best.  Simple NAT routers are normally in the $39-$69 range.  But your can easily find "good" home firewalls with SPI, and especially those that disallow public use of UPnP, a known exploit.  These router/firewalls are also amongst the better WiFi units on the market, so if you want good wifi, pay for it.. spend the $80-$120+ and get something that has better features.  Update on this:  Make sure you are using WPA/WPA2 as your encryption method.  Do not leave a router "open" or "public" for Wifi.  This allows anyone to easily walk through your open network shares, devices and equipment on your network.  


Rotate your password
- The biggest mistake most users make that get them into trouble is keeping the same password for years.  More than that, they chose a password that can be guessed.  Example:

"Oh, my password is: tomtim1214.   Why tomtim1213? Well, that's my two kids names and the birthday of the last one"

This is simply too easy for someone to put in limited effort to gain access to your account.    Passwords should be complex, and rotate on a 60 day basis.  

If you need, you can use a service like: http://strongpasswordgenerator.com/

The #1 question I get is:  "But then I can't remember my password, and I have SO many!"   I will admit, this is something that can be difficult.  More companies are working to make this easier by working with keychains, but there are also password memory software apps out for your phone, iPad, windows RT, and Android that will store your passwords.   The negative: lose that device and it just takes one password to get into that app to get ALL your passwords.   However, most people have "remote wipe" technology on phones, and phones/etc. are less likely to be lost if you're not careless.. and if you're careless, none of the advice given here will help you regardless.

Maintain Good Antivirus
- More common virus at the moment tends to pop up and PRETEND to be the FBI, etc. and demand your credit card information.  Of course, don't ever give anyone pretending to be the FBI your credit card information ;)  That said, virus, spyware and the like account for a large loss to the US economy every day; people lose time and money - plus their security when virus attacks take over a PC.   Some of the basics of avoiding a virus are simple:

* Use Sandboxing if you are testing software you are unsure of:  http://en.wikipedia.org/...

* Buy your software.   Sorry, but one of the top sources of bad virus attacks comes through pirated software.   If you're busy using lots of pirated software, your risk of a virus is significantly higher then someone who isn't.

* Keep your anti-virus services up to date.   There are several good ones: ESET, Kapersky, Symantec, Avast, etc.   In the past, I had recommended Microsoft Security Essentials, but MS has fallen significantly behind, failing the last two AV-Bulletin tests, so it's hard to recommend them.  Whatever you decide on, make sure it's up to date and current.  Also, try to avoid goofball anti-virus.   "I'm using Tiger Paw antivirus"  "Ok, is there any review, AV Bulletin score etc. to go with Tiger Paw" "It's new".. yeah, I wouldn't trust that.

And, here is the most important, and best way to avoid digital snooping into your life: go out and talk to people one on one, straight to their face more often.  I know, this is pretty shocking, but you'll find in many environments including work and home, that sending an email to your wife could be prevented if you would walk 40 feet across your house and go physically talk to her.   Trouble with your kids?   Maybe go talk to them.   Neighbor?   Nothing wrong with stopping by and shooting the breeze.

There is a surprising benefit, also, to the last step: you generally cover more subjects and spend more rewarding time while doing it, plus unless someone has a parabola mic and is stalking you (if that happens, you're hosed no matter what advice I give you Tony Soprano), then your conversation isn't going to get picked up anywhere.

Good luck, happy computing!

Originally posted to tmservo433 on Sat Jul 13, 2013 at 06:47 AM PDT.

Also republished by SciTech.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Tip Jar (117+ / 0-)

    Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

    by Chris Reeves on Sat Jul 13, 2013 at 06:47:20 AM PDT

  •  Good Advice (19+ / 0-)

    And I agree a regular person can't protect their electronic activity from the government, if the government really wants to get it.  Just like regular people can't make their houses into impregnable compounds that will withstand a government assault, if the government really wants to get in.

    The key is for the law to clearly delineate what the government can and can't do, with adequate protections for privacy, and for the people to hold the government accountable to the law.

    •  The government (7+ / 0-)

      is the least interested in hacking you.

      •  (1) Then why on earth are WE PAYING for this (3+ / 0-)
        Recommended by:
        VeggiElaine, daysey, Shockwave

        over-reach?

        Aside from the apparent unConstitutionality, the largely unchecked, too secretive, for-profit, snoop system is unwarranted (pun here!) when we cannot pay for our Social Security, schools, bridges, roads, etc.

        (2)  If digital info is hijacked at the fiber-cable level then firewalls are meaningless and certainly password protections are ridiculous when even encrypted data is getting surveilled.

        Here's an idea:  Just talk to in person to people and write letters sealed with a wax seal.

        Separation of Church and State AND Corporation

        by Einsteinia on Sat Jul 13, 2013 at 09:54:11 AM PDT

        [ Parent ]

        •  Yeah, let's start there (5+ / 0-)

          (1) From a technical viewpoint, the overreach is necessary.  Assembling the connectivity graph among a not-entirely-stupid collection of terrorists is actually very hard, and really does require extensive data collection.

          That doesn't mean it's right, or that, if right, it was done right; I think it was not.  However, if you are an organization which is legally mandated to perform that task, then you must do it, and that requires an absurdly large net.

          (2) Get a clue.  I don't know any technology which can tap an optical fiber.  More than that, so much of the traffic on those lines is encrypted in provably secure ways that such a sample would be useless.  Your ISP, for instance, can tell where your packets come from, and where they go, but if you're using SSL at any layer, or OpenVPN, then your packets aren't going to be read.

          •  No, let's finish here (4+ / 0-)
            Recommended by:
            PhilW, blueoasis, Shockwave, Joieau

            (1) Over-reach = over-reach.  When you start shredding the Constitution and ramroding over freedoms in the name of preserving freedoms, you've got a problem.  Of course, I am for national security, but as Howard Dean says it must be done with maximum transparency and with a real court oversight--not secret courts, with secret laws, with secret verdicts, with secret prisoners.  Ridiculous, isn't it?

            (2) Snowden has revealed that there is the capacity to capture the information at central plumbing-the cables.  Thank goodness for the Snowdens doing their Patrick Henry for us all.  How else would we know?

            Separation of Church and State AND Corporation

            by Einsteinia on Sat Jul 13, 2013 at 11:03:04 AM PDT

            [ Parent ]

        •  "For profit" is the key. Booz Allen is filling (1+ / 0-)
          Recommended by:
          Shockwave

          their back pockets with trillions of our tax dollars. And IMHO
          chances are that is all they are doing. These private contractors have been scamming us left and right by telling us they are doing a "job" like collecting all this data for the NSA and probably not doing 1/4 of what they say they are cause remember their first and only priority is PROFIT. And of course there is no way to find out cause its all so super secret especially with that revolving door they have between the Pentagon, NSA and the Booz Allen officers and board of directors. Chances are the only thing thats being done to us is we are being conned.

      •  unless, of course, (1+ / 0-)
        Recommended by:
        middleagedhousewife

        you've been email pals with some certain folks in Yemen....

    •  Microsoft has built back doors for the NSA and... (2+ / 0-)
      Recommended by:
      J M F, blueoasis

      ...FBI into Windows, Skype, Outlook, etc.

      So the entire point of this diary is moot, that someone would have to work to install spyware on each computer.

      Windows is spyware.

      •  Yeah, no. (4+ / 0-)
        Recommended by:
        vcmvo2, PhilW, brentut5, artmartin

        While this often gets said - and in the case of like Outlook.Com (what used to be Hotmail, this is accurate) the reality still remains: the backdoor security keys only help if you have a means by which to get to them.   They are not a remote access instant on.  

        Skype goes through MS's servers, so why would they go to you for anything Skype, when they can go to the transaction point (out of your hand).

        Meanwhile, software that accurately logs and details that information in regards to your workings has a tendency to generate significant bandwidth (as I note later), which is moot for a large slice of America that has no such access; more than that, since any Mac and install ID is filtered by even basic firewall services, finding out "who is who" would be a fairly to very time consuming task.

        Just because something -is- possible, doesn't make it "the way it happens all the time"!  :)

        Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

        by Chris Reeves on Sat Jul 13, 2013 at 11:38:37 AM PDT

        [ Parent ]

        •  If the local cops have... (2+ / 0-)
          Recommended by:
          blueoasis, Joieau

          ...keys to every door and lockbox in your house, do you care if they're in your house fishing around every day, or just once in a while, or maybe sometimes while you're not home, so you don't know about it, or you have no idea if or when they've ever been fishing around in your stuff?

          Or is the actual problem that they can get in and collect anything they want, anytime they want because they have all the keys in the first place?

          Your point that the NSA is not simultaneously recording every mouseclick and keystroke you make, plus realtime screenshots, plus continuously cloning all your drives to their servers, and doing this to every computer user in the world is, first, obvious, and second, to be generous, non-productive, and, IMO a silly red herring.

          •  Just so it can be noted (5+ / 0-)
            Your point that the NSA is not simultaneously recording every mouseclick and keystroke you make, plus realtime screenshots, plus continuously cloning all your drives to their servers, and doing this to every computer user in the world is, first, obvious, and second, to be generous, non-productive, and, IMO a silly red herring.
            Please note, there have been two diaries in the last two days which got rec'd which contended exactly this was happening, which is why I pointed out it wasn't, and that theory was invalid.

            Second:

            ...keys to every door and lockbox in your house, do you care if they're in your house fishing around every day, or just once in a while, or maybe sometimes while you're not home, so you don't know about it, or you have no idea if or when they've ever been fishing around in your stuff?

            Or is the actual problem that they can get in and collect anything they want, anytime they want because they have all the keys in the first place?

            Again, no.   They do not have "every key to get in" unless you are using absolutely no security on your end, are broadcasting something like NETBIOS and are just holding up a big flag that says "My name is X!"

            Even basic routers prevent your MAC address from going to the public.   Good routers do more than that, preventing non-valid attempts.   The backdoor that is built in (which many protest even exists) but for it to work you would need: an origin point, a connectable IP address, and then the key.

            So, imagine I have a key that would get me in to a car.   But I have NO idea where the car is, I can't see it, but I see nearly infinite other cars that may accept that key also.  Some are shielded from me getting in because their bandwidth is too low to make the attempt valid.   Some by decent firewalls.  Some computers are turned off.  

            I will then need to keep trying my key repeatedy, over and over and over again until I find where it works.

            In the end, your job is to make your computer more difficult to access, not just to the government but to hackers, virus makers, etc. who on a day to day basis try these same exploits.

            So, making yourself difficult to reach can be done with steps outline.  Are you 100% impenitrable?  No.  As I said, nothing is hack proof.   But do you increase the cost to hack you?  Yes.  Then the question becomes: are you worth it to whoever is trying to try and hack you.

            The rest (about a seeming "Microsoft gives you 100% access") is not really viable because Microsoft, like everyone else, still relies on TCP/IP based traffic to get anything to the physical hardware.   They can't change the rules of TCP/IP traffic that defies all routers and firewalls.  If they did, the network would fall apart (see: Novell's attempt at exactly this years ago).  

            So, if there is no road to follow through proper TCP/IP handling, then having the key is meaningless... you can't find the lock.

            Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

            by Chris Reeves on Sat Jul 13, 2013 at 12:18:27 PM PDT

            [ Parent ]

            •  Error Correction (2+ / 0-)
              Recommended by:
              tmservo433, brentut5

              I had read a summarized version of the story about Microsoft's collaboration with the NSA. I just went to the original Guardian article, and what I thought was occurring is wrong.

              The collaboration is what you described, communication either in transit, or stored on servers, such as Microsoft's cloud. The problems that the NSA needed Microsoft to solve for them were the encryption of Skype and Outlook messaging, Outlook email aliasing, and other issues that were obstacles to NSA access.

              None of this, as far as I can tell, has anything to do with backdoors allowing direct access to Windows itself, on individual user's systems. It deals, as you stated, with access to communications and data after it leaves the user's computer and personal network and is either in transit on the internet, or stored on Microsoft's servers.

      •  Windows has backdoors for Windows (1+ / 0-)
        Recommended by:
        3rdOption

        The security gaps you mention are not for government agencies: they're for Microsoft. Since WebTV (remember that?), the Microsoft dream has been a movie coming to you in Windows Media player format, authenticated by digital rights management keyed to your Windows registry, which sends you an e-mail telling you when it's on, composes invitations to all your friends by reading your address book and opening Word, and then starts the television on time for you.

        In this dream world, Sony pays Windows for the format to the movie, the access to the Windows Media Player, and the user pays Windows per movie, and all the things fire off in "convergence."

        They don't want to sell you an OS anymore. They have, for more than a decade, wanted you to rent your OS and have them fire off everything at once. Hence: backdoors to your system.

        Everyone's innocent of some crime.

        by The Geogre on Sat Jul 13, 2013 at 12:08:38 PM PDT

        [ Parent ]

        •  That's an outbound token system, also.. (2+ / 0-)
          Recommended by:
          sviscusi, The Geogre

          Which means traffic is auto-initiated by the PC (like Windows Updates, Media Updates, etc.) not the other way around, not a key that comes in from the outside on it's own.

          And you're right.. that format has been something MS has worked on significantly.  (by the same token, so did SuSe, who used the same update based method to roll out micro changes etc. and Apple uses this method frequently)

          Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

          by Chris Reeves on Sat Jul 13, 2013 at 12:22:04 PM PDT

          [ Parent ]

  •  I use Ubuntu. (5+ / 0-)
    Recommended by:
    linkage, roberb7, palantir, doc2, NYFM

    do I have to worry about viruses and junk?  my gut says no but I'd love to hear what a pro thinks.

    •  Linux, in all flavors (23+ / 0-)

      Is much less likely to be susceptible to virus.   That's a fact.   The issues with Linux, in the past have rarely been intentional virus attacks .... it's more that Linux machines get used to spread virus to windows PCs.  

      This normally happens through people who hack Apache/etc. web services.  

      Linux is often seen as "virus free", but this is a bit of a misnomer.   Windows as an example, has an installed base of more than a billion PCs, which means likelihood of an outbreak is higher than those running any particular flavor of any other OS.  

      But Universal exploits - like rootkits, Java exploits, browser hijacks, etc. can (and do) happen on ill protected Linux variants.

      While less common then windows (for sure), they are not as "bullet proof" as many Linux advocates would like them to believe.   If you take any of the Red Hat Security coursework, one of the first things they will tell you is that Security must still be a main concern of anyone operating a RH (or really any linux) server environment.

      The level of virus attacks that can occur on Linux are far less annoying/damaging and troubling then many windows counterparts (save Windows8, which by default moves to a more-linux like sandboxing of most traffic), but it doesn't mean they are non-existent.

      Basic rules still apply: don't trust pirated software stuff (RPMs and tgz's have been 'poisoned' in the past), and there are good rootkit and browser hijack hunters (malware) that still can impact anyone running any browser that utilizes things like Adobe Flash or Java.

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 07:33:33 AM PDT

      [ Parent ]

      •  Can you suggest anti-malware for Linux? (3+ / 0-)
        Recommended by:
        palantir, Onomastic, vcmvo2

        I've recently started using Ubuntu and I haven't seen any mention of anti-malware packages that run on Linux?

        •  ClamAV, Avast, Bitdefender (6+ / 0-)

          Are all reasonable anti-malware for Linux.

          Rootkit Hunter is manual, but should be in most linux distros at this point.

          http://linux.die.net/...

          Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

          by Chris Reeves on Sat Jul 13, 2013 at 08:19:19 AM PDT

          [ Parent ]

        •  Depends ..... (7+ / 0-)

          On your set-up (single, dual boot, VM, etc), your hardware and your use environment.

          I work professionally in a Linux server/workstation environment and our company uses a Kaspersky enterprise level anti-virus package for Linux Servers, Mail Servers and Workstations that's excellent but unneeded and overkill for an individual.

          If you are running a dual boot with Windows, run Windows in a VM or have to administer Windows using your Ubuntu machine, I think you can find some free or low cost general-purpose anti-virus applications at these two pages:

          Ubuntu Anti-virus page
          Linux DOT com Anti-virus page

          Linux and OSX have much lower vulnerability to viruses and some users of both have a pretty complacent attitude about that until they get stung.

          My personal daily use machines are a MacBook Pro running OSX and Windows in a Parallels VM, and an (aging) MacPro used as a workstation and personal VPN server.

          In the MacBook I run a linux scripted (Ice Clean) scan and registry maintenance nightly when I'm sleeping and find this keeps permissions in good order (the usual OSX problem). The VM runs a virus scan on all Windows files incoming.

          My server is scanning all the time and logs at least a couple of thousand intrusion attempts per month, which is kind of interesting considering it's a personal server with very low traffic.

          Our system at work logs something on the order of 10,000 intrusion attempt per month, which any admins can tell you is par for the course. To my knowledge, we have only had one successful intrusion in the past 3 years of so, which means the Kaspersky sw is working pretty good.

          400ppm : what about my daughter's future?

          by koNko on Sat Jul 13, 2013 at 08:53:59 AM PDT

          [ Parent ]

      •  Yes to LINUX (0+ / 0-)

        a friend is a network admin at an Ivy League school and swears by LINUX.

  •  The best defense against intruders (15+ / 0-)

    is to pull the plug. No connection, no intrusion.
    If you put incriminating evidence in an eMail, don't be surprised that it becomes common knowledge. Ditto financial information. Or health or any other private stuff.
    Computers, smartphones and the web are fun and informative, they are not and cannot be made "safe" or "private".
    Think of it like it's the subway: Watch your mouth, keep your hand on your wallet and don't write your number on the wall. A little common courtesy goes a long way toward a safe ride.
    This is gold-standard:

    here is the most important, and best way to avoid digital snooping into your life: go out and talk to people one on one, straight to their face more often
    Step away from the computer.

    If I ran this circus, things would be DIFFERENT!

    by CwV on Sat Jul 13, 2013 at 07:28:40 AM PDT

    •  That will get you out of the (0+ / 0-)

      clutches of the NSA. But the CIA and FBI base much of their intelligence gathering on live agents as opposed to electronic eavesdropping. By taking your business to the street and away from the computer all you may be doing is switching from one spy agency to another (if you believe that American intelligence agencies really are spying on us).

      •  It'd be a lot of job creation! (3+ / 0-)
        Recommended by:
        elmo, brentut5, artmartin

        The hiring level for individuals to carry around zoom mics like "Sneakers" would hire a lot of Americans.  At least then it'd be a jobs program ;) :) :)

        Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

        by Chris Reeves on Sat Jul 13, 2013 at 09:09:25 AM PDT

        [ Parent ]

      •  It's far fetched enough to claim (0+ / 0-)

        as some people have that that the government is listening to everyone's phone conversations.

        So far, I've not seen anyone try to argue that the government is following everyone around!

        Yeah, if that were true, unemployment would be zero.

    •  I agree. (1+ / 0-)
      Recommended by:
      Had Enough Right Wing BS

      But it's not a practical consideration for most people, including you, I guess.
      Still here, right?

      But yeah, "air space".  Defined in my comments starting here, LOL.

      But some people I know (and me in the past) have a PC they use for internet only and another they use off-line only.

      The first one being a cash purchased or self built machine never registered (but obviously traceable by IP address).

      I like the idea of cheap, disposable smartphones with anon value add simcards, very popular in China! Got a couple myself.

      400ppm : what about my daughter's future?

      by koNko on Sat Jul 13, 2013 at 09:04:07 AM PDT

      [ Parent ]

      •  "Still here, right?" (3+ / 0-)

        Yup. But no eCommerce, no threats, even joking, no Fecebook or twits...No cell phone. All my electronic breadcrumbs are boring, I'm not plotting an overthrow and I'm not paranoid or egocentric enough to worry too much about three letter agencies wasting their time on me.
        And you know what? By comparison to people around me who do indulge in all that claptrap, I have far less stress and fewer headaches.

        If I ran this circus, things would be DIFFERENT!

        by CwV on Sat Jul 13, 2013 at 09:16:32 AM PDT

        [ Parent ]

        •  I'm also pretty boring (2+ / 0-)
          Recommended by:
          CwV, Had Enough Right Wing BS

          Except when discussing the present subject or Chinese politics!

          So surely, given the number of time I've typed NSA in the past month here, my boring rating has eroded a bit on Daily Kos, if nowhere else.

          Actually, although I blog a lot, I don't do other social media and don't think whatever I have to say about anything including Three Letter Agencies is going to but me behind bars.

          But if that happens, I plan to annoy my tormentors to the brink of insanity like I do my friends and family.

          400ppm : what about my daughter's future?

          by koNko on Sat Jul 13, 2013 at 10:19:20 AM PDT

          [ Parent ]

  •  Thank You - N/T (9+ / 0-)

    "Upward, not Northward" - Flatland, by EA Abbott

    by linkage on Sat Jul 13, 2013 at 07:33:26 AM PDT

  •  thanks for doing this, so I didn't have to. (15+ / 0-)

    and you did it much better than I could have.

    The CT is getting right through the admins, these days, isn't it.

    People saying our phone calls are being "tapped" when there is zero evidence of this.

    I'm beginning to see the ridiculousness of this site.


    I'm not an athiest. How can you not believe in something that doesn't exist? That's way too convoluted for me. - A. Whitney Brown

    by AlyoshaKaramazov on Sat Jul 13, 2013 at 07:38:28 AM PDT

    •  Wanted to rec this until you threw DailyKos (0+ / 0-)

      under the bus.

      I'm beginning to see the ridiculousness of this site.
       

      I agree that there is some ridiculousness on this site, whether on this topic or others, perhaps more so at some times than others, but I find the good far outweighs the bad.  

      •  yeah, people claiming that the NSA (0+ / 0-)

        is "tapping our phones" and getting away with it?

        That's not CT?

        That's not ridiculous?????


        I'm not an athiest. How can you not believe in something that doesn't exist? That's way too convoluted for me. - A. Whitney Brown

        by AlyoshaKaramazov on Sun Jul 14, 2013 at 08:12:22 PM PDT

        [ Parent ]

  •  And Tor? (3+ / 0-)

    I have considered Tor, but I have also thought that I really lead a very, very boring life, am not seditious, and, other than waving a flag, there isn't much point.

    Everyone's innocent of some crime.

    by The Geogre on Sat Jul 13, 2013 at 07:55:21 AM PDT

    •  Obfuscating VPN through Onion Routing.. (4+ / 0-)
      Recommended by:
      Onomastic, J M F, The Geogre, antirove

      It's a step beyond VPN, which cloaks your traffic, by making multi-switches in virtual, it cloaks how much traffic goes back and forth, timing, etc.

      This is relevant only if you are concerned that someone is monitoring not only your traffic but using a multi-level data inspection tool to determine what you are doing with it.

      Tor is a nice tool... and for those in certain positions, I can see using it.. but the reality is this security method comes with some real caveats..

      Tor has been shown in the past to be susceptible to BOTNET traffic, allowing for over the top SOCKS5 traffic; and Tor due to it's method is takes a significant performance hit.

      In the end, the advantage of Tor is that it can be done with minimal to no cost, while paying for a privatized VPN can run you about $10-$50 a month, depending on the features you seek.  But the benefits of Tor over a private VPN are minimal for 99% of all users.

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 08:24:49 AM PDT

      [ Parent ]

    •  Tor has its uses (3+ / 0-)
      Recommended by:
      Onomastic, Subterranean, The Geogre

      especialli if you are doing something exciting and seditious. I've used it before, not because I was doing exciting, seditious things, but because I wanted to see how the technology works. Also, I contributed bandwidth to Tor during the abortive Iranian uprising a few years ago. I don't know if I helped at all, which is kind of the point – you don't know what is going across your network. Could be kiddie porn, could be Syrian dissident traffic, could be someone who just wants to use one of the hidden services that's only available through Tor or someone from China who wants an unfiltered Google search.

      All the encryption and decryption comes at a performance cost, though. I'll post my take on an alternative downthread.

      Steal a trillion, too big to fail. Steal a thousand, go to jail.

      by Omir the Storyteller on Sat Jul 13, 2013 at 08:36:01 AM PDT

      [ Parent ]

    •  Tor for anonymity, VPN for privacy (5+ / 0-)

      If you just want to browse the web without signing in anywhere, Tor is great because it hides where you are coming from although it can be slow. The danger is that your Tor exit node has been compromised, so if you sign in to dailykos, for example, it's possible the owner of the exit node or another eavesdropper learns your user name and password if they are monitoring the traffic.

      VPN's are easier to track, but more reliable, although again you have to take your chances with the people running that VPN service (for all you know they could be logging the traffic on their serves and selling it to the NSA). In the end you have to trust somebody unless you want to set up some kind of complicated double VPN chain with Tor in the middle, and even then nothing is 100% secure. That said, I don't want to discourage people from using Tor and VPN, just know which to use and when, and just because they aren't 100% secure doesn't mean they aren't secure enough for your purposes or better than nothing.

      •  Given the real governments hunting. . . (0+ / 0-)

        real dissidents that we know of, we have to conclude that the privacy of VPN's is strong enough at present to stifle the Iranian, Syrian, and, for the most part, Chinese governments.

        There is a caveat, of course: the USA is where most of the pipeline ends up going, and what NSA had been doing was putting in caches with filters into Verizon and AT&T nodes. (This according to State of War, where the idea was that "transit packets" were fair game, even though there was no legal authority for it.)

        If NSA or another agency did another such "grab it all, and filter later" cache, but for TCP/IP, the folly of it would make the Tower of Babel look like a model of efficiency.

        Everyone's innocent of some crime.

        by The Geogre on Sat Jul 13, 2013 at 12:00:13 PM PDT

        [ Parent ]

  •  Thank you. (10+ / 0-)

    I've been posting to some of these diaries to challenge some of the advice dispensed with disclaimers about the basic vulnerabilities all share on the internet, which has more to do with how governments tap into Tier 1 servers that any OS per se, although some OS & applications have particular problems.

    I'm afraid some people will take this the work way, that I'm trying to suggest (a) we are helpless or (b) I'm being trollish.

    Neither is the case; I hope it helps people understand the risks better and don't get a false sense of security that if they only change to OS this or mail client that the vulnerabilities are solved.  This is hardly the case.

    So I'm wondering, should we start a group centered on teaching and sharing best practices for OS and net security?  Yes, it's another group and yes, this isn'r really an IT site, but if people are interested may comment to this comment.

    400ppm : what about my daughter's future?

    by koNko on Sat Jul 13, 2013 at 08:20:13 AM PDT

    •  I've debated this too.. (11+ / 0-)

      The reality is that everyone on here uses a PC.   I've worked as a network administrator for a multi-national (twice) and a lead outside administrator for almost 15 years.   Some of the advice I see given in regards to technology is not only paranoid, but it is just as likely to create the problems it seeks to avoid.

      I'm not a big proponent of introducing people to brand new technology they aren't familiar with or have never used/etc. as they are just as likely to muck it up as they are to succeed (see: "everyone, switch to XYZ distro linux!  I know you've never used Linux before, but..")

      We have a monthly best practices meeting with most clients, and there are times on here I wish we could.. discuss technology in a way that would be more helpful for people who want real answers.

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 08:27:46 AM PDT

      [ Parent ]

      •  Agreed you have to make it simple (4+ / 0-)

        In fact, another approach is to link to good articles on other sites that offer sound advise to the general audience but are not overly technical like Ars.

        I'm more inclined to NOT have people change their OS in most cases (unless they are buying a new machine) but just to educate what are the hazards or each, the hazards in general and what you can do to lower risk.

        And, like 75% of it is changing bad habits and acquiring good ones, right?

        We are our own worst enemies. Lazy!

        400ppm : what about my daughter's future?

        by koNko on Sat Jul 13, 2013 at 09:12:48 AM PDT

        [ Parent ]

    •  I would find it fascinating... (1+ / 0-)
      Recommended by:
      sviscusi

      All my internet and email activity is fairly open and I like social media so to one extent I don't care what "they" do.

      But, it pisses me off when I see them backdooring the Constitution and blatantly lying about it.

  •  Knowledgeable advice minus hype equals winner (11+ / 0-)

    Thanks. My IT neighbor introduced me to Avast! It seems to work fine but I am glad to see you mentioned it here.

  •  I can't help but wonder how many (11+ / 0-)

    people who are so apoplectic about the NSA have grocery store discount cards ... credit cards ... cell phones with the tracking turned on ... purchase things online ... use email to communicate when a sealed letter would keep their correspondence private, if arrive a little later ... use facebook ... go on dating sites ... surf porn ... allow cookies because it's so damn inconvenient to keep redoing things on the internet ... and on and on.
    We live in a world that is absolutely headed toward the science fiction scenario of walking into a store and having a voice say "Hello, Joe, I see you haven't bought new underwear in two years, we're having a sale today"
    You don't like it, move to the forest and go off the grid.

    •  Minority Report (10+ / 0-)

      Your reference to going into a store and having it identify you.. reminds me of the scene in Minority Report.. but if you go into home depot, they'll take your email address and line it up with your credit cards.. "the benefit" they tell you is that at any time you can go to the counter and say "I need an email of all my purchases here in the last year.."  which people love that easy access.. but don't think: wait, isn't this also the thing I'm terrified of :)  

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 08:29:40 AM PDT

      [ Parent ]

    •  I simply don't understand why people can't seem to (5+ / 0-)

      see there's a fundamental difference between private corporations, who have strictly limited ability to impact your life having specific information about you that is largely a matter of the services you use or the goods you buy from them, and a government which can imprison you having access to every last scrap of info about you from every one of those corporations, as well as anything else they can get.  Especially when you're frequently critical of that government.

      •  Is there such a big distinction anymore? (2+ / 0-)
        Recommended by:
        highacidity, sviscusi

        I am really not wanting to wade into the battle, but it seems to me that the government will do whatever the government's Corporate Overlords pay them to do...and the corporations will give the government whatever it needs/asks for to do it.  

        The blurring between corporate $$ and government is so insidious.  I am less comfortable with a corporation I have no hope of influencing.  At least I still have the illusion that I might be able to influence the government through elections.

        It all starts to sound very CT and I don't like thinking that way and it's also kinda verboten around here.  I am going to take the advise of the diarist and go outside to engage in real life today. :^)  

        Metaphors be with you.

        by koosah on Sat Jul 13, 2013 at 09:09:18 AM PDT

        [ Parent ]

      •  You're right, but not in the way you intend (4+ / 0-)

        In many ways, a corporation is much less restricted in what it can do to you than the government is.

        Can the government fire you for exercising your free speech rights? Nope. But a private corporation can.

        That's only one example.

  •  Great diary!!! Of course the greatest (7+ / 0-)

    protection that we all have is that it is actually technically impossible for the government to store all of our Internet traffic even if it wanted to do so for the simple reason that the government (and its contractors) simply do not have the storage capacity to do so . . .

    •  Link? (0+ / 0-)
      is that it is actually technically impossible for the government to store all of our Internet traffic even if it wanted to do so for the simple reason that the government (and its contractors) simply do not have the storage capacity to do so . . .
      Or at least some credentials that show you know what you are talking about with this claim? Iow what exactly do you know about what the govt can do in it's huge storage barn in Utah and elsewhere....and how do you know it?

      I am not saying you are wrong, I am just wondering where you get your info.

      •  A low-down on internet traffic (20+ / 0-)

        As of May, this year, internet traffic is estimated at almost 70 exabytes monthly, with a global estimate of almost 1 zetabyte possible by year end, ahead of the projection giving in 2010 of 1 zetabyte by 2015.

        In order to capture and contain that, you would need to triple global bandwidth; that is, one gigantic proxy-filter which could capture and then duplicate bandwidth undetected with no slow downs.

        This dual shunted pipe would then have to have somewhere to store.

        Cisco keeps global calculations on this:

        http://www.cisco.com/...

        Please note: this doesn't include traffic from digital phone calls and SMS, add those in and it's almost a 15% bump.

        So, how would you store this?  Well, let's put it this way: you would need a server farm roughly 320 times the size of Google's entire global data services.  Which means, at highest platter density, you would require a landmass about the size of Rhode Island, which would store basically 1 year of content, assuming you don't delete anything.

        This is the issue.. we as users delete stuff.. ALL THE TIME.  Thus, what comes to us back and forth gets deleted, lost, removed.. but an archival project would have to have full retention.  

        The theory posted in several blogs is that the government would watch every PC in near real time.   The highest compression method for video available (x264 w/add on settings) that could be streamed would result in a number roughly 8 times that, daily, figuring about 1.2 billion PCs monitored.

        Now, using the highest density data services available, you would need a land mass equal to about the size of Kansas, Oklahoma, Missouri and Arkansas combined which would store less then 6 months of video data captured from all PCs.

        The cost of the bandwidth, which at that point would be 8 times greater then all bandwidth on earth, is impossible because network services to all clients wouldn't provide it.

        Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

        by Chris Reeves on Sat Jul 13, 2013 at 09:01:02 AM PDT

        [ Parent ]

        •  Thanks! (4+ / 0-)

          What effect if any would the rumors (?) of a quantum computer have on that? Perhaps some form of compression?

          Despite my other comments (maybe too harsh) I really do appreciate hearing from an expert on this stuff!

          •  Quantum computing (4+ / 0-)

            Would provide faster access to data.. if it had it.  But again, the hook isn't there.. it's that the clients simply don't have universal bandwidth to provide the data.   In other words: if you had the fastest quantum computing device imaginable, think Moore's law in 10 years on today's network, the client level bandwidth and it's connection to it still wouldn't be fast enough to maintain the requirements, not even close.

            Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

            by Chris Reeves on Sat Jul 13, 2013 at 09:07:02 AM PDT

            [ Parent ]

        •  Not sure every drab would need to be stored (1+ / 0-)
          Recommended by:
          mrkvica

          Much duplication of data; how much of that traffic is huffpo pages or google news?  Easier to store an ip & a descriptor.  Utah has or will have yottabyte capability per Wired.  NSA has been in the cryptography biz awhile & I'll bet they have algorithms at work.

          I do not demand tolerance, I demand equal rights. --Anna Grodzka

          by VeggiElaine on Sat Jul 13, 2013 at 12:12:34 PM PDT

          [ Parent ]

          •  real time deduplication (0+ / 0-)

            Of exqbytes of data, which is what you want is beyond the scope of the current technology   full capture is nowhere near as CPU intense

            Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

            by Chris Reeves on Sat Jul 13, 2013 at 12:47:37 PM PDT

            [ Parent ]

  •  Thanks (7+ / 0-)

    I shudder when I read some of the stuff around here nowadays.  

    It's beginning to be difficult to discern the difference between Kos and other sites that are not worth mentioning.

    Streichholzschächtelchen

    by otto on Sat Jul 13, 2013 at 08:40:42 AM PDT

  •  Tinfoil hat? (5+ / 0-)
    Recommended by:
    katiec, bygorry, J M F, VeggiElaine, mrkvica

    We find out the NSA can pull up a huge file of our phone calls, texts, emails, and internet history and you call reacting to that with alarm......paranoid?

    Yeah, no.

    I submit to you that you are wearing the opposite of a tinfoil hat by suggesting that this is some small inconsequential thing.

    It is not.

    That said you DO offer good solid common sense advice to reduce (not eliminate by any means) the ease of acces to our online privacy, and I praise and thank you for it.

    But calling people 'hatters' for reacting strongly to the news that the govt can access so much info from what to many people is a mysterious and misunderstood web of technology is as much an over reaction as some people are having in the opposite direction. Over the top.

    •  The "hatterism" (11+ / 0-)

      Comes from the inferance that people are constantly getting video feeds from your PC, watching what you do.   There simply isn't bandwidth or traffic available for that volume of data.  

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 08:49:44 AM PDT

      [ Parent ]

      •  But they CAN do that, right? (2+ / 0-)
        Recommended by:
        J M F, mrkvica

        And in fact have in the case of the school district that was spying on students through their web cams? (link on request) Obviously that is not the NSA but it shows that the possibility is there in very stark terms.

        And sorry but the thought of our 'puters and or Xboxs watching us is pretty damn creepy and alarming. certainly worth reacting to.

        Sure they will only go that far if you are targeted, but they CAN right? Along with accessing info form any other 'puter or camera within your sphere?

        How is it paranoid to react to the news that they have that capacity?

        I am not trying to bust your chops, but as a pro you have a much different reaction than the 'man on the street' and being so pejorative is pretty offensive, considering how much 'hatters' are reviled here.

        •  On a VERY limited scale (5+ / 0-)

          Could streaming and watching be possible?   On a limited scale, yes, it could.  On a massive, universal scale, no.  The data retention and connection requirements rise exponentially beyond network potential.

          On an individual basis, sure.   But the reality is, you'd have to have specific smaller numbers of individuals to make retention valid.

          In the case of the web-cam situation, there, onboard software was altered locally to provide continuous access.   This means a localized admin used his access to the physical equipment and knowledge of the software to create that situation.

          An administrator without access (physically) to your equipment plus without knowledge of your configuration or network access to that unit has a significantly lower chance.. or even meritable reason to take that chance.. of such an effort.

          Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

          by Chris Reeves on Sat Jul 13, 2013 at 09:04:48 AM PDT

          [ Parent ]

          •  on a limited scale? (2+ / 0-)
            Recommended by:
            J M F, mrkvica

            how limited?
            could 100 senators be monitored?
            435 congresscritters and their staffs?
            50 governors?
            and maybe 10,000 other very important people who make the decisions that affect us all?
            I'm not worried about my being blackmailed
            I'm worried about my so called representatives being blackmailed.

            •  In those cases (1+ / 0-)
              Recommended by:
              vcmvo2

              It would be, frankly, easy.   IT people would just need access to the equipment for a few minutes, and monitoring 100 to a few thousand is not that big.  Remember each jump means exponential more bandwidth, so you start to run amuck when you get into the 10k and up area..

              Is it possible?   Yes, and if the number was 100, I'd say possible.

              If a giant number, then the problem of sifting through data becomes an issue, but not so much with a small number of people.

              This is basic heard protection; the greater the number, the harder the target.   But high-stature targets and individual targets can still be "got"

              Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

              by Chris Reeves on Sat Jul 13, 2013 at 11:41:32 AM PDT

              [ Parent ]

        •  There is a very simple solution to the possibility (1+ / 0-)
          Recommended by:
          antirove

          of having ANYONE highjack your 'puters camera. Put two pieces of tape over it--so the tape's adhesive doesn't get stuck to the lens. I'm serious.

          Since I don't feel compelled to provide surveillance equipment to allow anybody to spy on me, who would be harmed?

          I don't feel paranoid about this either. If some are worried about being branded a hatter, they can always point out that all they're doing is keeping the lens clean.

          It matters not how small the beginning may seem to be: what is once well done is done forever. Henry David Thoreau, in Civil Disobedience

          by Had Enough Right Wing BS on Sat Jul 13, 2013 at 12:04:37 PM PDT

          [ Parent ]

          •  Webcam Tape--good. But that Microphone--hmmm... (1+ / 0-)
            Recommended by:
            Had Enough Right Wing BS

            You may have special function keys to turn the microphone(s) off and on but it's hard to know if they actually are really off and stay off. It would take someone with electronics expertise to determine if 'off' was really off. Having a laptop PC that lacks a built-in webcam and microphone might be a plus for someone with anxiety over being remotely spied upon.

            Apparently the FBI does have the technical means to use cell phone microphones as a remote listening bug, as a number of mobsters were disappointed to learn in 2006.  Oh, and this works even if you you powered off your cell phone--powered off with dark screen is still not really cold off and remains remotely usable.  And the 'warrants' for this FBI access can remain secret for some time. Not sure if this remote microphone listening tech works with every model of cell phones, but I'm guessing most of the newer models since mid-2000's would have the capability to secretly cooperate with this law enforcement 'need'. The only way to be sure this remote listening tech isn't in possible use is by removing the battery from each cell phone in your conversational area and shutting down desktops, laptops, tablets, etc.

            When life gives you wingnuts, make wingnut butter!

            by antirove on Sat Jul 13, 2013 at 03:09:00 PM PDT

            [ Parent ]

      •  They can do such things. They cannot do them (1+ / 0-)
        Recommended by:
        mrkvica

        to everybody at once, but that doesn't mean that they never do them to anybody. How each person reacts to that capability will and should vary..

        That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

        by enhydra lutris on Sat Jul 13, 2013 at 12:48:52 PM PDT

        [ Parent ]

  •  this sounds like (5+ / 0-)

    something from MST 3000 ...


    I kid, I kid.


    Thank for the sober geeky advice, servo.

    One more geeky question though:

    Isn't there a NAT or NIC address on modern CPU  (Pentium and above)

    that identifies your computer traffic as you the computer purchaser?

    I seem to recall here that about 5 or 6 years ago, which is why I hung on XP for so long.  


    Of course, that is probably what your VPN discussion is about

    -- how hard is that to set up (OpenVPN)?

    •  You mean MAC Address (5+ / 0-)

      A MAC address is unique to each lan device; network card, wifi access, etc.   However, your MAC address is obscured by your home firewall (any NAT device) so your MAC address is only relevant within your local network.

      The only MAC address the internet sees is the one which makes the gateway connection.. your wifi router/etc.

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 08:52:25 AM PDT

      [ Parent ]

      •  This is also a great (3+ / 0-)
        Recommended by:
        koNko, jamess, J M F

        reason to use a VPN. There are lots of super easy ones to use now, and should be an absolute must if you're accessing sensitive things outside your home network. For example, checking your bank account at the coffee shop or reviewing stock portfolios on the metro. Even checking email outside your house should be grounds to use a VPN.

        Of course, the VPN also obscures the MAC and IP. Many of them also encrypt your traffic using the same methods that "secret" and "top secret" Federal info uses, meaning for now that traffic is not able to be decrypted surreptitiously.

        This one is probably the easiest I've seen: https://www.privateinternetaccess.com/

        •  I use a personal VPN (2+ / 0-)
          Recommended by:
          jamess, J M F

          And there are some advantages, but public VPNs are mostly crappy and not worth the trouble unless you need a particular functional attribute or service attached.

          Do you trust your public VPN administrator?

          400ppm : what about my daughter's future?

          by koNko on Sat Jul 13, 2013 at 09:16:26 AM PDT

          [ Parent ]

          •  we need more rating efforts like this one (5+ / 0-)

            from EFF:


            Who Has Your Back? in 2013  ... when it comes to 'Providing Service' that attempt to protect our Constitutional Rights at citizens:



            larger image


            Who Has Your Back?  EFF rates the Service Providers
            by jamess -- Jul 11, 2013


            Thanks everyone, for the tips. Much obliged.

            •  I'm a bit surprised (3+ / 0-)
              Recommended by:
              koNko, jamess, J M F

              to see that from EFF.

              "Requires a warrant for content."

              Um, no, definitely not. None of them could have that standard. The government can compel otherwise.

              •  How so? (5+ / 0-)

                When the government needs to compel, it must go to a court. The court is going to want to see the warrant.

                •  We have a wide variety (2+ / 0-)
                  Recommended by:
                  J M F, jamess

                  of warrantless compelled collection programs. It's just, basically, the law. Section 702, National Security Letters, and such.

                  This should be basic knowledge at this point, really.

                  Per usual procedure, a FISA Court ("FISC") issues a "FISA warrant" upon a demonstration of probable cause that the target is a foreign power or agent thereof, but there are numerous exceptions to this procedure. Of particular importance is Section 702 of the FISA Amendments Act of 2008 ("FAA"), codified as 50 U.S.C. 1181a, which allows the Attorney General and the Director of National Intelligence ("DNI") to authorize jointly the targeting of non-United States persons for the purposes of gathering intelligence for a period of up to one year.

                  EPIC

                  50 USC § 1802 - Electronic surveillance authorization without court order...

                  (4) With respect to electronic surveillance authorized by this subsection, the Attorney General may direct a specified communication common carrier to—
                  (A) furnish all information, facilities, or technical assistance necessary...

                  A federal judge has ordered Google Inc. to comply with FBI warrantless demands for customer data.

                  U.S. District Court Judge Susan Illston on Tuesday rejected Google's argument that the so-called National Security Letters the company received from the FBI were unconstitutional and unnecessary.

                  Judge orders Google to turn over data to FBI, Associated Press,  May 31, 2013

            •  Except that is outdated and unjustified (5+ / 0-)
              Recommended by:
              jamess, ovals49, BlueOak, J M F, vcmvo2

              By recent disclosures that would rank Microsoft, Google and Dropbox at the bottom of the barrel.

              Personally, while I'm a $upporter or EFF, I find such star rankings to be pretty useless since they give too much weight to PR and not enough to actual security.

              For example, Apple gets low marks for poor corporate transparency (true) but the actual security of OSX and iOS, while by no means perfect, is actually a lot better than Windows, Android and even (now) Blackberry, and as Apple has noted, has NO government code or backdoors unlike Widows and Android.

              In fact, the DoD gave iOS a pass with no changes of security kits while only one kitted version of Android gets a pass and Blackberry 10 failed. And the FBI has to go back to Apple (with a warrant) to jailbreak iOS device to obtain information.

              This cart is similar to the "Green" charts published by Greenpeace - more about good corporate PR and catering to the rating agency than actual accomplishment.

              Given the recent revelations about Microsoft (as well as some disturbing prior ones) how do they rank 4 or 6 stars?

              These things are well-intentioned, but I don't find them that useful.

              And unfortunately for EFF this year, the report was obsolete 2 days after publication when Microsoft and Google, in particular, got caught with their pants down and are now in damage control mode spinning some lie with "they made us do it".

              That said, I'm a supporter and contributor to EFF because they do a lot more important things than such reports that actually defend net neutrality, freedom of expression and digital rights.

              400ppm : what about my daughter's future?

              by koNko on Sat Jul 13, 2013 at 10:10:02 AM PDT

              [ Parent ]

          •  If by "public" you mean a free VPN (1+ / 0-)
            Recommended by:
            jamess

            then no, that is definitely a junk service.

            I pay for one out of Sweden. To Daily Kos's servers I appear to be located in the Netherlands, Iceland, Sweden or the US depending on the settings I use.

            Many EU countries have specific laws protecting electronic data, so I do feel safe using it. They have a "data retention" law that affects ISPs only, so VPN services are not required to retain any kind of logs, either. Even my email service (Runbox, a company out of Norway) is not required to comply with any data retention laws. The majority EU tech companies simply ignore data requests of any kind from the US, until a court in their own jurisdiction approves it first.

            A personal VPN is good, I was just suggesting something a layperson can do. Private Internet Access is a pretty good one.

  •  If I wanted to avoid the NSA (3+ / 0-)

    . . . well, I couldn't entirely, seeing as how I live inside the borders of the US and have an internet connection through Comcast. However if I wanted to minimize my exposure I would do a combination of a proxy server in another country and a virtual private network. I won't get into the details, but basically I would set up a more-or-less permanent circuit (via a program called secure shell, or ssh, which encrypts everything you do) between my machine here in the Seattle suburbs and a remote end point. I'd probably do this with a Canadian proxy so I could listen to some of the CBC radio channels that are limited to Canadians.

    If I were to do this it would look to the rest of the world like I was somewhere in Canada, even though I'm here at home in Washington. However, for this to work I would have to communicate exclusively with servers outside the US, and make sure my packets were never routed through the US on their way from hither to yon. That's not something you have control of, and considering the nature of the Internet, it's not at all impossible for a packet destined to Japan from Turkey could go through the US. And if you use any US-based service for communication, like Gmail or Facebook . . . well, you're back in NSA-land again.

    Plus, in the tinfoil-hattiest of scenarios, the federales might notice that this one address in Washington only ever seemed to communicate with an address in Canada, and could pressure the RCMP or whatever other Canadian agency is tasked with Internet monitoring to intervene.

    This is all hypothetical and probably hyperbolic. At the moment, other than to listen to the CBC Jazz channel, I don't have any reason why I think it would be more effective to get a Canadian (or French, or British, or wherever) proxy than to just maintain good internet hygiene.

    Steal a trillion, too big to fail. Steal a thousand, go to jail.

    by Omir the Storyteller on Sat Jul 13, 2013 at 08:57:05 AM PDT

    •  Paradoxically (2+ / 0-)
      Recommended by:
      J M F, Had Enough Right Wing BS

      your foreign routing might actually make you more vulnerable if the NSA was interested in you. You might fall under the purview of the FISA court and those secret warrants.

      •  Oh probably (0+ / 0-)

        Actually if I really wanted to opt out of NSA I'd probably just move to Blaine, Washington, and when I wanted to get on the net I'd go across the border to White Rock, BC.

        That's not as far fetched as it sounds. One of the guys working on the OpenSSL project had to commute from the Detroit area across the border into Windsor, Ontario to work on the project so his code wouldn't run afoul of US encryption laws.

        Steal a trillion, too big to fail. Steal a thousand, go to jail.

        by Omir the Storyteller on Sat Jul 13, 2013 at 12:27:45 PM PDT

        [ Parent ]

  •  Good diary (9+ / 0-)

    And while you weren't directly referencing the other one, this one is better. I must also agree that nothing, absolutely nothing is hack proof. An encryption scheme (for example) may be unbreakable today, but who knows about tomorrow or next week?

  •  Thanks for this excellent diary (1+ / 0-)
    Recommended by:
    kacemo

    I haven't read the one you're responding too; the headline alone told me it wouldn't be worth the time to read, and I surely don't have the expertise to wade into the discussions.

    But I appreciate this level headed, excellent summary of the basics. As a long-time technical writer it's great to see such a nice, concise and informative presentation of technical information - great work!

    And I truly appreciate the information too. I remember when we first got a computer and modem and "went online" - it was a new thing and kind of adventurous at the time... but one of the cardinal rules was "do not put anything in email or on the internet that you don't want published in the newspaper" -- in other words, no it is not private, and certainly not "safe" to put your information online. And the idea that the Internet would be watching you back as you looked at it, well that was not something we even considered! But you knew it was not a safe or private place.

    That's why it took me a long time to adapt to online shopping, banking, etc. and I was very slow to trust, I suppose I would say, become willing to accept and assume the risk of participating anyway, because it's just so much easier, faster, and you just need it now. Not having email or the ability to use a website to navigate and take care of business is getting to be almost impossible.

    So we assimilate and adapt. Step by step I have gotten used to giving away my information, for convenience and out of necessity. I could not possibly find any job in my field without email and comfortable with computers and online activity. But maybe I do not take enough precautions. I need to think about what I have setup and see if it needs improvements.  

    Thanks again for this great diary. Sometimes when I wonder why I keep coming back to this site, something like this pops up to remind me.

  •  Correction -- use WPA2 -- WPA *NOT* secure (3+ / 0-)
    Recommended by:
    tmservo433, cybersaur, fou

    Don't have time to track down an article discussing it, but WPA has a flaw that makes it less secure than WPA2. It is still better than WEP, but that's not saying much.

    •  correct (2+ / 0-)
      Recommended by:
      fou, vcmvo2

      But still considerable more secure than WEP. Radius or token based wpa2 is currently the most secure. :)

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 10:04:10 AM PDT

      [ Parent ]

  •  Hint on simple good passwords (2+ / 0-)
    Recommended by:
    elmo, aznavy

    Pick a favorite song and choose the first letter of each word in the chorus. Add numbers either at the beginning or the end (both would be good

    Example: I wish they all could be California girls

    1IwtacbCg1

  •  if we did this (0+ / 0-)
    go out and talk to people one on one, straight to their face more often.
    we might end up building an actual progressive movement instead of a marginalized echochamber.
  •  so it's a conspiracy theory? (1+ / 0-)
    Recommended by:
    MrBigDaddy

    that you can protect your privacy?

    bit of a combination of Tin Foil hat
    •  yeah not crazy about that reference (1+ / 0-)
      Recommended by:
      Heavy Mettle

      its the same ol thing, for years poo-pooers have cried conspiracy about those that said things like NSA/big brother/microsoft backdoors etc, now that it is confirmed, its the age ol... umm yeah we knew it all along.

      some things never change.

  •  There's no profit for the NSA/FBI in my business (1+ / 0-)
    Recommended by:
    middleagedhousewife

    There's nothing to see here, so they have assuredly moved along, if they paused here at all.  The guys who are really watching me closely are the ones who can monetize what they see.

    For the first time ever, the big daddy of all data brokers is nearly ready to show consumers their intimate personal dossiers, a move aimed at staving off public fears of Big Brother and government regulation.
    What exactly does Acxiom know about you? Their files record where you live and who else lives there, your phone numbers, often including cell, general financial situation and interests. Your file might include race, ethnicity, religious affiliation, education, political affiliation and occupation. They might list what credit cards you use, as well as some health topics of interest to you such as diabetes or arthritis.....  They may know that you are a legal professional who received a vocational or technical education who smokes, has an interest in weight loss plans, owns a cat and enjoys lotteries. They may even know minute details such as whether your house has a gravel or shingle roof. The file does not show that you bought a specific kind of mink coat, but may indicate you have an interest in high-end fashion.
    http://www.forbes.com/...

    “Texas is a so-called red state, but you’ve got 10 million Democrats here in Texas. And …, there are a whole lot of people here in Texas who need us, and who need us to fight for them.” President Obama

    by Catte Nappe on Sat Jul 13, 2013 at 10:00:18 AM PDT

  •  good suggestions (1+ / 0-)
    Recommended by:
    Joy of Fishes

    im not to crazy about this one however.

    but there are also password memory software apps out for your phone, iPad, windows RT, and Android that will store your passwords
     there is no way of assuring those apps wont become compromised and then all you passwords are gone and out there.

    My suggestion, good ol pen and paper in a notebook nearby your computer, plus try to write in that shorthand chickenscratch that basically only you can read.

    heres basically the deal, just dont do anything online that at some point may come back to bit you in the ass, because it just may.

  •  Great diary (1+ / 0-)
    Recommended by:
    J M F

    I only have one disagreement.

    If you use OpenVPN to connect to an overseas server, then your traffic will be tracked -- not the content, as that will be encrypted -- but the TCP and IP headers.

    This is entirely legal.  There is not, and never has been, any reasonable expectation of privacy when crossing an international border; that's why customs inspectors have such power.  The same thing holds true for any communication, electronic or otherwise.

    As a result, the general advice the diarist gives you is in every way the right advice: don't worry about the NSA on the net, but take care of your home computer first.  Use antivirus software, whether you run Windows or iOS or OSX.  (I'll give you a dispensation if you run OpenBSD.  I'll even extend it to cover NetBSD.  Otherwise, yeah...no: Linux, in particular, is popular enough to have had some really nasty malware outbreaks in the last few years.)  Practice safe sectors: don't EVER put a flash drive into your computer if you don't know exactly what it's been in contact with.  If you're really paranoid, use a virtual machine.  Use HTTPS Everywhere.

    But, seriously, the NSA doesn't care about you and your political work.  It's just not that interesting.  So don't waste your time worrying about it -- it's just meaningless self-aggrandizement.

    •  this depends (1+ / 0-)
      Recommended by:
      J M F

      On your vpn configuration   TCP and udp transactions can be fully encapsulated, and your origin isp should only see vpn port traffic, SSL encrypted.

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 10:52:52 AM PDT

      [ Parent ]

      •  Yes..but (1+ / 0-)
        Recommended by:
        J M F

        The outermost packet headers (which are directing your traffic to and from the VPN server itself) are unencrypted.

        •  True. (0+ / 0-)

          But all the say is "traffic to (vpn host)".  Which gives your ISP information about how much data is going back and forth (volume) but not a lot more than that.  

          Though, you are right, if someone wanted, they could then go to your VPN host and demand they turn over logs; which is why you find ones that keep none, I strongly recommend Sweden, Netherlands and Norway for most OpenVPN paid services ;)

          Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

          by Chris Reeves on Sat Jul 13, 2013 at 11:43:49 AM PDT

          [ Parent ]

  •  I'll refer you to Louis Pouzin (1+ / 0-)
    Recommended by:
    fou

    "Another world is not only possible, she is on her way. On a quiet day, I can hear her breathing." Arundhati Roy

    by LaFeminista on Sat Jul 13, 2013 at 10:32:29 AM PDT

    •  Why must you refer us to an internet pioneer (1+ / 0-)
      Recommended by:
      vcmvo2

      when we could have used common sense to come to the conclusion that we should be concerned with government overreach? That is what M. Pouzin concludes.

      To wit:

      Pouzin doesn’t believe there is a global conspiracy orchestrated by the U.S., but he does think the U.S. has too much control over the global network. One example is the Internet Corporation for Assigned Names and Numbers (ICANN), the American company that owns the monopoly of domain names on the Internet.

      "In theory, nothing stops you from creating any kind of domain name such as .lemonde, for instance," he says. But ICANN is reluctant, and about that Pouzin is critical. The idea of submitting new names was approved in 2008, but it is not always implemented.

      We can argue about whether or not the US has too much control over domain names, but M. Pouzin certainly does not share Mr. Snowden's view that "everything is being recorded." Why such a self-evidently grandiose statement passes for legitimate political discourse is beyond me, particularly when only a third of the world's population is on the internet.

      Nevertheless, thanks for the links. M. Pouzin's opinions regarding these matters are certainly relevant.

      •  I'm looking at using his company for mine (0+ / 0-)

        and the link was for info only

        We use sun work stations and Solaris [UNIX derivative] for our designs and modelling, these are never connected to the internet.

        All reports are on paper and SSDs and delivered by hand.

        The internet communications are used only for emails to set up meetings etc, no other information is transmitted.

        These are our codes of practice since I set the business up.

        We regard our clients [and our own] proprietory information as primordial.

        "Another world is not only possible, she is on her way. On a quiet day, I can hear her breathing." Arundhati Roy

        by LaFeminista on Sat Jul 13, 2013 at 11:04:53 AM PDT

        [ Parent ]

    •  It's irrelevant (1+ / 0-)
      Recommended by:
      vcmvo2

      to the diary.  Nothing in the article mentions anything resembling practical security that's applicable to the typical computer user.

  •  I've hotlisted both diaries. I'm not tech savvy, (1+ / 0-)
    Recommended by:
    mrkvica

    and am trying to get my son's school to teach a class on this stuff.

    I do wish people would avoid name calling.  It adds nothing.

  •  I recommended the diary you take issue with (1+ / 0-)
    Recommended by:
    tmservo433

    because the operating system discussed in that diary was written by a woman. Having said that, your diary is spot on.

  •  The fact that you're making reasonable suggestions (2+ / 0-)

    makes me think that you are a paid NSA shill who hates freedom.  /snark

    Sign the petition to demand a law-abiding Supreme Court.

    by Troubadour on Sat Jul 13, 2013 at 10:49:06 AM PDT

  •  Thanks but, (2+ / 0-)

    it's much more fun to believe that "someone" in the government is listening and reading everything you do and say in order to ....... I'm not sure what exactly.  

    It's obvious to anyone who has ever had a class in basic arithmetic that the NSA (even if they hired a million employees or contractors) could never have enough people to monitor 311 million Americans, plus billions of foreigners.  

    •  Makes us feel much more important (1+ / 0-)
      Recommended by:
      Anna M

      When we think they have the time and resources to spy on us.   Damnit, I have to stop my kid from continuously watching that Icona Pop video, what will the government think of my usage?  Build my profile from that..

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 12:19:50 PM PDT

      [ Parent ]

  •  Yes, but ... (0+ / 0-)

    What about the Illuminati Mr. Smarty Pants?

    •  read The Traveler (0+ / 0-)

      We all live in a pan-opticon

      Gandhi's Seven Sins: Wealth without work; Pleasure without conscience; Knowledge without character; Commerce without morality; Science without humanity; Worship without sacrifice; Politics without principle

      by Chris Reeves on Sat Jul 13, 2013 at 12:50:47 PM PDT

      [ Parent ]

  •  thank you we need more like this (1+ / 0-)
    Recommended by:
    tmservo433

    and less paranoid conspiracies that look like they are peddling untested products.

    In the time that I have been given,
    I am what I am
    Shop Kos Katalogue or the Parrot gets it

    by duhban on Sat Jul 13, 2013 at 04:06:42 PM PDT

  •  If you want privacy: (0+ / 0-)

    If you want privacy. Don't do it over the Internet.

    I do  most of my shopping with cash. Nobody traces that. (Of course, I have a card from my grocery store that offers occasional discounts, and purchases with that card are probably recorded. OTOH, I don't care what people know that I buy onions.)

    The government can find out anything about any of us. The trick is to act so that they can't find out aabout you without effort.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site