Just the fact that we have to start websites like these, and march Capitol Hill to make the government realize its mistake is depressing, infuriating, and is gently, gradually tapping at a hot, steaming teapot of rage within every rational individual's psyche.
What is the root cause? How did this get so incredibly bad? Is it the fault of the public? Is it the public's fault we are in an Orwellian state of Soviet-era Germany? Or does Hanlon's Razor apply here?
In any case, there needs to be more action than just bandage measures like petitions and phoning your Congressman. This level of government negligence deserves an uproar, and sadly we're not getting it because many trust government, and are not skeptical in the slightest about it.
We have those animals called "politicians" to blame for that.
So, if people really want to change, lead a march on Capitol Hill. Be attention-seekers, make a change for the better, not for the worse. Let your life have value, and use that value against the worthless individuals sitting at their desks in Washington.
Just do something worthwhile, not sitting behind that sRGB display of yours. Painless encryption, countermeasures, protests, whatever -- we need to do something.
The reason freedom of speech, freedom of assembly, freedom to petition and host of other freedoms are important is that, from time to time, you need to use them.
Democracy isn't a guarantee that everything will be perfect, quite the opposite, but that we have a reasonable chance of rightening a wrong without erecting guillotines on the national mall.
The challenge IMO isn't petitioning Congress, it's petitioning the public to make sure this issue remains on the radar for the upcoming election (Part of that, though, could well be a noisy march on Washington).
That is one reason I wish this leak had happened two years ago, or two years from now, when it could affect the Patriot Act extension vote. The only thing members of congress can do now is try to defund it, because voting to repeal it might be political suicide.
Democracies have emerged from scandal and abuses of power before, so it not actually insane to believe that it can happen again.
Believing that the outcome will be a perfect fairy-tale land of milk and honey, on the other hand, not so much. It's important to keep in mind that victory in this case probably looks a lot like better constitutional oversight of the FISA courts.
I want to create an integrated, user centered platform, that will provide ( mail, blogging, storage, ftp, feed reader, an openid identity & social networking ) and make it really easy for somebody to install it on a raspberry pi + some external storage and have its own personal micro data center.
For XMPP, I recommend checking out Prosody (http://prosody.im). You can get a working system up with Off-the-record instant messaging and internal file transfers in an afternoon, if you're familiar with UNIX system administration.
If you use a client like Jitsi, you can do ZRTP encrypted calls through the server as well. Use your own SSL certificates for SSL.
Ejabberd is also good, however the debug information was pretty inadequate. Also helps to be familiar with erlang.
Hosting your own email server is sub-optimal for several reasons.
Email is still being sent as plain text. Encryption is possible even if you're using someone else's server.
Your deliverability is reliant upon other people's good will. Those people have no idea who Joe Sixpack in Idaho is, and have no reason to extend goodwill. Your deliverability is also subject to wingnuts using a variety of good and not so good blocklists. You may find your time is better spent doing work rather than working around various weird blocklist delisting policies.
Hosting your own email does nothing to prevent traffic analysis.
The only thing it does is to stop your email being held in a big bunch at an email providers servers, but you can do that by wiping it from their servers and holding a local store. (tl;dr use a commercial email provider but keep your email on your machines not theirs; encrypt everything before sending it; consider using tor if you want anonymity.)
I just want to start by holding my own data. (While you my be right that big providers allow to wipe your mails, they can make copies). I just don't want for a third party to relay my data in the first place.
While your points are right there are solutions, and in the long run it's worth it
More than that. Big companies have big backups. Once a piece of information leaves localhost it is logged somewhere permanently. Even if you go and purge all your email now, Google is not going to spool up tape backups and erase all copies.
Well, I wonder why cant we create too many false positives for them to make the whole data meaningless ?
Instead of hiding all our private communication we can generate fake communication across the whole internet which might raise flags in NSA's system. (I would have given more concrete examples but I am scared that tomorrow some NSA freak might knock on my door.)
I do like the fuzzing idea, but you need some incentives in place. Bandwidth is pretty cheap these days but how would you convince people to install some software that just visited random websites and send randomly generated messages around? But how would actual people filter out the junk messages in a way that the NSA couldn't?
I seems unrealistic. Just run a Tor exit node and encourage a lot of other people to do the same, similar benefits and no downsides.
A more realistic and useful one would be for email clients sending mime email (almost all of them) to always send an encrypted version as well no matter the options in the client. No keys set up? Then just send random data that looks right.
Email providers might hate this because of the bandwidth but if you start sending a lot of encrypted data around right now you are going to match a profile you probably don't want to match. I think step one is to make sending encrypted text around a normal thing.
I want to say a sentence to someone, but in order for an unintended listener not to understand what I'm saying I will say 10 sentences. Five of which will be "I will kill you and everyone you know" and "I will bomb America".
Isn't that just a meaningless waste of energy?
--
The government spies on you because you make it easy for it to do it. Instead, keep your personal data personal, use encryption and there's not much more that it can do, without becoming physical... ( it has no problem doing that either, but at least its intentions will be more obvious that way, and hopefully will wake up all the ignorants that think that some old guys peeking into everyone's lives is justified).
It is. People suck at being random, so there's a good chance that those "false positives" will actually be trivially filtered out. And even if not immediately, this is an algorithmic problem - they will just throw few dozen kUSD at some math and CS graduates to make it go away.
There are some extensions that generate a lot of extra traffic. They were developed around the time that Phorm[1] was being introduced in the UK.
I agree with you and TemPorAL (apologies for incorrect capitalisation!) that these are probably a waste of time for the user - they don't work.
NSA and GCHQ are very good at math - I'm constantly surprised that people don't appear to get this. Maybe it's because secret government agencies don't publish much?
Well I've just learned that the guys from https://www.cozycloud.cc/ have come a long way implementing a user centered platform ( personal cloud ).
It really looks promising.
I have been messing around with this idea for a while with a few friends. I'd love to talk more if you're interested. You can find my contact details in my profile.
The root cause is power, of which money is a conveniently quantifiable manifestation. Power-seeking has occurred continually over time since human populations became dense enough to extrude persistent hierarchies.
Interesting sentiment, and I can't help but think this is why the government seems to fear the youth the most/ships them off to wars in other countries.
Wait, you think a little march and a couple of websites will change anything? Someone still has a some unwarranted faith in humanity!
What will happen is some politicians will make some noises from their face holes, they might promise a few reviews, or to look into a few things. These will be accompanied by rationalisations that seek to marginalise concerns and make it look like these measures are to protect the children and tall buildings.
In a few weeks most of the public will stop caring, partly because of the noise from politicians flapping their gums, partly because of a low attention span. If a review actually takes place, it will report that there was nothing wrong with what's been going on, it's all within the law. A few people will mutter about changing the laws, but most people won't care by this point and the political classes will have a new hot button talking point by then.
Wait, you think a little march and a couple of websites will change anything? Someone still has a some unwarranted faith in humanity!
Organizing and demonstrations can make a big difference.. for those involved in them :P That is to say, it sometimes just plain feels good to see you're not alone with being fed up -- or even better, that you're not alone with the things you're for, either.
Hanlon's razor is my favorite of all razors, and is the principle that keeps me calm in moments like this:
>Never attribute to malice that which is adequately explained by stupidity.
I don't think that the (mostly lawyers) who represent us and run this country are malicious. They're just incompetent. They're simply not qualified to understand and make decions in the fields that they affect. So they call in 'experts' to help , who end up working for or being otherwise paid by a particular group or corporation. Of course these people are paid to bias their groups preference, so the 'expert' advise they give them is tainted, and the representative has no basis to detect the bullshit.
As I follow what has been going on in greece and turkey, I wonder when/under which circumstances we will reach our tipping point?
Maybe when MQ9's start patrolling the skys regularly state side, someone will intercept and take control the line of sight feed and send a message to the individuals sitting in their desks in Washington that the chickens have come home to roost…
This is going to be about a redefinition of privacy.
It was ok for governments to spy on other countries governments (and so their citizens). In this name we put satellites over us all. The problem with this is the satellites spied on everyone, and governments were supposed to ignore the right bits.
But now if a government wants to spy, it mostly needs to watch what people do or do not do online (I will bet real spies have some really odd online "tells")
So if its ok to spy on another government, it's going to be necessary to spy on everyone everywhere, and then ignore certain bits. Like satellites but much more finer grained. Oh and if you want to catch a spy in the USA, you need to spy on all US citizens to watch for those "tells".
What we want is not for governments to pretend the Internet does not exist, but rather to ensure that they cannot use the information found for anything we do not specifically legislate.
I am pretty sure this is something like an extension of the fourth amendment in US terms.
It's a redefinition of privacy - not that no-one knows, but that no-one is allowed to make use of knowing.
That's the trade-off we face. We get the Internet, we give up what we currently think of as privacy.
1. The machinery being put into place is a dictator's wet dream. By creating the infrastructure, we are putting a gun to our heads, and trusting the person holding it (the government) to not pull the trigger. The government may be benevolent now, but that may not always be the case.
2. Once the machinery is in place, it makes it that much easier to change directions. Just look at how all of the powers granted by the PATRIOT Act are used to non-terrorism related investigations like the War on Drugs, or the War on (Paid) Sex. Look to the censorship programs in Europe / Australia. They were put into place to block supposedly 'only' child pornography. Now they are used to block other things.
3. How are we supposed to make sure that things aren't being abused when everything happens behind closed doors, and the members of Congress cleared to see more specifics aren't allowed to see very much of hte system.
> dictator's wet dream
I expect the same was said about satellites, telephone tapping, etc
Our defence against dictators does not lie in technology but in the ballot box.
2. Again the ballot box is the defence, but the reason it gets used is people are educated about the technology and the implications of abuse. I doubt that a US to ernment that took away a right to silence would suffer a few outcries from geeks. They would get roasted. (Unlike the UK)
3. Secret courts are banned for that reason. I think I would like to see a definition of national security like "ten thousand dead" or 3 % loss of GDP. Then when. That gets invoked we can make a sensible guess about how often it's likely. Otherwise, you put it in open court
Individuals are not the only ones to lose privacy in the coming years. Go ernment a will lose more
The government has more resources than common citizens have. Sure the government is losing privacy, but citizens can't be invasive of the government's privacy in the same way that the government is being invasive of citizens' privacy.
Can and will invade the government's privacy how? Maybe by forcing them to be more transparent, but I don't view that as "invading the government's privacy."
Here's where I get depressed about this whole thing: how will we know change has occurred? I mean, say in the best case scenario the government admits it was wrong and promises to stop the monitoring programs. How exactly are we supposed to know it has happened? I don't see why they couldn't simply start up a new secret program using the exact same resources and keep it from the public eye.
A good way to do it would be to radically downsize the federal government and return back to limited constitutional government. The less money they have, the less stuff they can do. Return power (and tax revenues) back to the states so that the people of that state can have a more powerful influence in state/local politics instead of everyone pleading, fighting, and begging at the national level in Washington.
And since radical downsizing won't happen voluntarily, as both political parties are corrupt and incompetent, the only way I can see this happening is for the government to continue borrowing and spending money into oblivion, which will ultimately trigger an economic default. At that point, there will be no money for new secret programs.
The less money they have, the less stuff they can do.
Iran-Contra, anybody? And the president that was in charge was a small government hero.
And since radical downsizing won't happen voluntarily, as both political parties are corrupt and incompetent, the only way I can see this happening is for the government to continue borrowing and spending money into oblivion, which will ultimately trigger an economic default. At that point, there will be no money for new secret programs.
Ah yes, starve the beast. That's working out well.
It's almost as if there's a trend that people who go on and on and on about their commitment to "small government" principles suddenly abandon those principles the moment they're in power.
The US national debt is denominated in dollars. The US government decides what a dollar is. There's no way they can default. Just trigger hyperinflation.
Sure, that's the "technically correct, but practically worthless" answer. Trigger hyper-inflation and then what? It surely won't be "business as usual" afterwards.
If everyone started encrypting everything, it would matter less. Simply encrypting your email doesn't obfuscate everything, though, since subjects and recipients are still visible. But it's a start.
Until they put you in prison for not turning over your private keys.
Instead of a "campaign", how about some technical countermeasures? They're the only thing that actually has a chance of working.
You simply can't rely on the political process as it exists when the response of the security establishment is to a) wait for an arbitrary crisis to dust off a naked power-grab, b) secretly "reinterpret" the law beyond recognition, and c) flatly ignore the law as they did with their "Terrorist Surveillance Program".
Frankly, I'm hoping that they can come up with some, and some other people can come up with ways to make such measures socially accepted and encouraged. The examples he gives are specifically the kinds of things that there are social solutions to - eg making it Not Socially Acceptable to wear mobile face recognition systems around in public.
If you're going to devolve into a DDR-style police state, there's very little technically that can prevent that from happening. What can happen is that you force an enormous investment of resources to maintain it, instead of giving the ability to a tiny cabal. If you're forcing the recruitment of a demographically significantly portion of the population (somewhere 2.5% to 7% in the case of the Stasi) in order to maintain the security apparatus, there's much more room for debate over whether to build it or dismantle it than if it just requires a few billion dollars and a fistful of NSLs.
I have thought about it. We can't make use any more of Google, Microsoft, Yahoo Twitter and FaceBook. We need a new system, one built with anonymity and lacking a central point of failure.
Let's say we invent a protocol and write some software clients for it. It should do anonymous search, browsing, messenging, social networking, video calls and video streaming. It would hide the origin of a request and make it uncertain about who does what.
For example, if 1000 people use a common VPN server to access Google, and they all come out as the same IP address, it can become more difficult to know who searched for what. All that is needed then is to browse in Safe Mode without logging in.
This kind of ideas and other (distributed hash table, using bittorrent like systems for moving data around) could make a nice private communication tool.
We just need to make a clear separation between what can be said on FB and what can be said on Anonymous net.
I've been thinking about this, too (I think something built on top of Freenet is the answer, btw). But the trouble I keep running in to is: no one is going to use it. Relatively few people want to hide what they put into the Internet. Everything on Facebook is effectively public, and look how much information gets placed there.
We can invent wonderful and secure ideas all day, and have been since the '40s. But what use are they if no one uses them?
We need to break this down like any traditional problem and remove irrationality. What, exactly, is the problem we want to solve? What prevents existing technology from solving that problem?
Edit: I should add, I'm somewhat interested in discussing this seriously, if you wish to take it off HN.
> We need to break this down like any traditional problem and remove irrationality. What, exactly, is the problem we want to solve? What prevents existing technology from solving that problem?
1) We want Ann and Bob to be able to communicate. Both Ann and Bob must know that they are actually talking to each other, and not to Eve pretending to be Ann or Bob. Eve must not be able to understand what Ann or Bob are saying to each other.
2) We want Anonymous_Person to be able to send a document to Bob. We don't want Eve to be able to work out who anonymous_person is. We don't care if Eve can read the document.
These two are already possible, but hard. Subtle flaws can mean totally broken. Huge amounts of money and research and effort goes into making computer OSs and interfaces easier to use, but there is very little happening around making cryptography and anonymity easier to use. Thus, good quality, short, readable, documentation would be very useful. And much better interfaces and workflow for existing software would also be helpful.
3) We want Anonymous_Person to be able to send a message to Bob. We want Anonymous_Person and Bob to be able to know they are talking to each other, and not to Eve pretending to be one of them. We want to make sure that Eve cannot read the message. And we want to make sure that Even cannot tell who anonymous person is.
This is very hard. It requires advanced knowledge, and strict discipline, and very careful use of complicated tools.
Then there are a bunch of expectations. "We cooperate only when given a validly formed legal document; and we resist those if we think they're too broad" is one. Perhaps some kind of Privacy Charter? A bit like the GNKSA[1] (Good Net Keeping Seal of Approval) - and companies can have a checklist of things they do to meet the charter.
There's this project in northeastern Spain https://guifi.net/, which basically advocates for a distributed network set up by the citizens. As long as your infrastructure is run by a superior power, you can only hope encryption/tor/ssl, etc.. will work properly.
Of course if you are sending information to hosts outside the network that information is prone to be subject to surveillance of some kind.
I do agree.
As a Google-talk/Gmail/Dropbox user, the short-term countermesure might be to encrypt all data [1].But ultimately the long-term goal should be to find an alternative to those services (which is/will be quite hard).
To be fair, part of the US government's job is to protect its citizens against outside threats. Given that, I can't imagine anyone inside the US arguing that they should stop spying on other countries' citizens. I'm pretty sure that's the NSA's actual job.
And anyway, there's a huge difference between being spied on by a foreign government versus your own. My own government actually has some amount of authority and influence over me and my community, whereas some place like the UK has little to none, so it's less of a big deal.
The distinction should definitely not be US vs foreign country citizens but unsuspicious vs suspicious people. Spying at unsuspicious foreigners is absolutely no better than spying at your own citizens - it's still a human rights violation.
May I ask to expand this request to all the advertisers, and other consumer trackers? Google, Facebook, 99.9% of all Internet consumer stuff basically? Plus Banks, Credit Card companies, TelCos?
The fact that PRISM is so cheap (20mil) is only possible because the NSA does not need to actually snoop at all - it is just taking data from Google, etc. that they already collected on us (which for some fucking reason is ok if it is a commercial entity).
So if I ever get slammed for using AdBlock, I'll cite this NSA bruhaha and the stopwatching.us initiative.
I wonder how often freedom works (the infamous tea party group supposedly funded by the koch brothers) is listed right next to greenpeace and on the same list of supporters as the PCCC and moveon.org. It can't be often
Privacy is one of those issues that cuts across the spectrum. With Stop REAL ID, we had transgender people and biblical literalists on the same side. A friend of mine was telling me about a coalition meeting a few years ago where the lobbyist for the Quakers was sitting next to -- and agreeing with -- the people from the NRA. Strange bedfellows indeed.
I think it's funny that this was on the front page this morning, and with "Mozilla, EFF, and Reddit" in the title, the TechCrunch article about it blows straight to the top.
What is the root cause? How did this get so incredibly bad? Is it the fault of the public? Is it the public's fault we are in an Orwellian state of Soviet-era Germany? Or does Hanlon's Razor apply here?
In any case, there needs to be more action than just bandage measures like petitions and phoning your Congressman. This level of government negligence deserves an uproar, and sadly we're not getting it because many trust government, and are not skeptical in the slightest about it.
We have those animals called "politicians" to blame for that.
So, if people really want to change, lead a march on Capitol Hill. Be attention-seekers, make a change for the better, not for the worse. Let your life have value, and use that value against the worthless individuals sitting at their desks in Washington.
Just do something worthwhile, not sitting behind that sRGB display of yours. Painless encryption, countermeasures, protests, whatever -- we need to do something.