One thing I see people saying on here is that people should care....and I do...but I don't know _what_ to do with it!
Can someone show/tell me what I, an average person, can do? It feels a bit overwhelming and things like this point out how powerless we really are. I hope I'm wrong and there are things we can do...I just don't know what they are.
EDIT -
Asking two more specific questions:
1. What can we do technically to be safe?
2. What can we do to fight this? Petition Government? Support EFF? Other? Very much at a loss on #2
The problem with making yourself 'technically safe' is that it realistically leaves most non-technical people exposed.
then lets make everybody safe technically. it's hard, but doable. if everyone ran tor and 10% of users ran tor relay, that should be a hell to track, no?
I think you missed the point of my comment. Though running tor or other technical solutions are possible, getting penetration into the non-techie world is very difficult.
You're proposing a technical solution to a legislative problem. Working with the law (constitutional or otherwise) creates the environment where you aren't trying to work around the issue or 'hide' from anybody.
Privacy laws are there for your protection. As another commenter mentioned, you wouldn't accept the gov't or private corporations reading your mail, e-mail shouldn't be any different.
Whenever I mention libertarian principles on HN I get a mixed response, but this is one situation where we must demand individual rights. We need to elect politicians like Ron Paul who oppose big government intrusions into our privacy. This country is supposed to be a bastion of liberty and we go to war to "protect freedom" and "democracy" and yet we are less and less free every day. When we see articles about Chinese "human rights abuses" many are quick to condemn them and other countries perceived as less free than ourselves. Yet I have observed that the US has been headed in a very totalitarian direction for at least the past decade while China has been headed the opposite way, towards more and more freedom. Yes, the Chinese have filtered Internet today, but in the last century they've moved from Feudalism to Communism to a mixed economy. We have gone from having the most freedom in the world to having a Department of Homeland Security, TSA, NSA, Patriot Act, full-body X-Rays, and country-tapping.
The flip side of course being that libertarians generally oppose the kind of government regulation that could stop this heinous merger from further destroying an already non-classical market.
Ran Paul has a pretty safe seat in the house. It is not practical to expect Americans to elect him president. I believe the OP asked for practical advice.
It is clear from the context what Paul is saying and I don't think anyone who hears him speak for more than 2 minutes will believe he's a racist:
PAUL: Well, I think what you've done is you bring up something that really is not an issue, nothing I've ever spoken about or have any indication that I`m interested in any legislation concerning. So, what you bring up is sort of a red herring or something that you want to pit. It's a political ploy. I mean, it's brought up as an attack weapon from the other side, and that's the way it will be used.
But, you know, I think a lot of times these attacks fall back on themselves, and I don't think it will have any effect because the thing is, is that every fiber of my being doesn't believe in discrimination, doesn't believe that we should have that in our society. And to imply otherwise is just dishonest.
Now you have an excellent opportunity, AT&T wants to merge with T-Mobile. Start a campaign saying that the merger will expose T-Mobile customers to NSA wiretapping. Buy some facebook ads and start something.
Do you think T-Mobile's spokesperson is going to make a factual correction to that claim, something along the lines of 'don't worry all our customers are already wiretapped?'. Since this will never happen the argument is valid.
Besides using SSH and VPN more, the only thing I can do is avoid ATT.
I was on T-Mobile for years (out of ATT spite) until Verizon got the iPhone and I jumped within the week. I also spent a lot more money on internet using alternatives to ATT DSL (although I doubt my information was more secure from that choice).
I feel the same. What we would need is a telecommunication company that puts the respect of privacy as one of its core goals (think Zappos), and not just in the boilerplate license agreements. Although entering that arena has high entry costs, it seems like a huge demand for such a service exists.
A lot of time has passed, and they have a new CEO. I wonder if they have continued to hold out, or have quietly installed the black-room...
EDIT: I see they were just acquired last year by CenturyLink. I have to doubt that they have now not rolled over (call me a pessimist).
Very sad that corporations are so willing to forsake the privacy of the entire country's citizens (on the level of a constitutional breach) in order to make a dime or curry favor. Beyond sad, it is terrifying that the government then used warrantless wiretapping to specifically target our journalists:
Try doing a trace route to several different sites on the internet, you'll find that -- so long as your traffic is hitting the US at some point -- your information is crossing AT&T's networks.
This applies to a large majority of traffic in and to, and even through, the United States. Because of the way traffic 'finds the quickest (or best) route possible' you're almost guaranteed to pass through one of their points of presence.
Since this article was published it's likely that other providers were pushed into doing the same thing. If I'm not mistaken, there was even an exec. shake-up at Verizon as a result of them not wanting to concede to the NSA's demands.
If any of the major webmail providers, with millions of active users, offered "brain dead" PGP (i.e., PGP signatures by default, and automatic PGP encryption and decryption whenever possible), many of the others would follow suit and a lot could be done to counter this kind of program ...
... and, furthermore, it would take a huge bite out of spammers and phishers while allowing you to, e.g., talk to your doctor and banker over email without needing to sign in to some other closed service.
For a while, I've liked the idea of a client-side PGP plugin for Gmail. Essentially, you have a greasemonkey (or bookmarklet, whatever) script which performs the encode on send and save draft, and the decode on receive.
Of course, it kills Gmail's big feature, which is search. But for that, I figure you could take the wordlist from the email, hash each one individually, and then paste that at the bottom of the message. So your searches would still find matching messages, they'd just be a garbled mess to Google or any interceptor.
This doesn't seem like it'd be terribly complicated, but I don't think anyone's done it.
We could use GPG for normal e-mail correspondence. But I really don't know if this would do anything more than delay any problems.
In a similar vein, I've deleted all the trusted root CA certs from my computer, and am now marking individual certs trusted as I hit them. Not fail-safe, but safer, I think.
I don't understand what you're doing. When you get an individual cert, are you adding another trusted authority to verify that cert? If you're just trusting the individual cert, you're exposed to MITM.
Yes, you're exposed to MITM. But if you permantly mark the cert as trusted, and the MITM goes away, you'll know somethings has changed. You'll be blind as to which way things changed, but at least you'll know to investigate.
Great question! Unfortunately, I don't think you can.
If you use CA certs to trust site certs, the site certs can change on the fly (i.e. be replaced with an NSA interloper) without you knowing.
If you kill your CA certs, and mark individual sites trusted, than at least your browser will notify you if the site's cert has changed since you lasted trusted it. Theoretically. I haven't actually tested this yet. :(
>In a similar vein, I've deleted all the trusted root CA certs from my computer, and am now marking individual certs trusted as I hit them. Not fail-safe, but safer, I think.
Excuse my ignorance, could you tell why it's useful to remove the certs from a PC. I've heard about root certs a couple of times already but don't understand what they really are.
Basically if you see a certificate on the interwebs, it goes through and says:
"This particular website is X". And it can back this up with all sorts of fancy math.
The problem then, is how do you know that the particular certificate is correct? I can go through and make a certificate saying that i'm santa clause. How you get around that is by using another certificate that you already have, and using that to certify the websites certificate. Ie. if you trust godaddy (or the hong kong post office), and I have a certificate saying that i'm me, signed by godaddy, then you can trust that i'm me.
The collection of certificates that you trust are then called the "root ca", and having random certificates there is a problem because if one of them was to produce a forged certificate, you'd never know about it. ie. by adding in untrusted certificates to your root ca, you lose trust in the whole certificate chain of trust process.
Thanks for the explanation. After taking a look at the certificates that come with Windows, I can see that there are dozens of trusted root certificates, issued by some organizations that I've never heard of. Can I really trust those "root ca"? especially that I noticed some differences between the two PCs that I've checked!
Usually the OS or browser vendor chose them, so it is normal that they differ between computers. But the CA trust chain really sucks, as one compromized CA compromizes everything (the security of the system relies on the security of the weakest root CA).
Can someone show/tell me what I, an average person, can do?
Get personally involved with your representatives and senators. Write paper letters, call, and show up in person.
Be friendly and talk with other voters at the events you show up to. Educate them on this issue. Abandon party affiliation, work with both Democrats and Republicans.
Is there anything private on HN? The packet headers will still say that you went to HN, and when. The only thing it's blocking directly is knowing your username. That's pretty straightforward to figure out from correlating POSTs to the comment timestamps.
That could be construed as a denial of service attack and would be illegal (or at least in a very murky legal grey area).
Also you seem to have forgot that most AT&T customers have bandwidth caps in place that would make it difficult for them to run this attack in the first place.
The idea isn't to spew data at AT&T like a DoS, just taint all your boring communication to make them have to sift through more junk. For example, add extra "scary" keywords in your outgoing HTTP headers.
X-Spook: Hamas subversive War on Terrorism Kosovo Delta Force
I am pretty sure it doesn't bother them. They don't actually go through the data, otherwise encryption would defeat the surveillance.
There are many other more useful signals (and the fact that you use encryption is probably one). The goal is to find outliers, not people using scary words
Furthermore it would be probably quite easy for them to filter that kind of "DoS", it is just too simplistic. If you come up with something more clever they probably are interested about knowing more about you anyway.
2. Encrypt everything. Or at least something randomly. Even the NSA will have a hard time cracking AES 256 when large amounts of traffic are encrypted.
So after applying to YC today (worried that I borked my app) I had the following idea - which is an evolutionary idea from the one I applied to YC with, I dont know if this is possible - but I want to throw it out to HN:
I would like to see mobile end-to-end secure communications apps that allow for users to have completely encrypted message passing.
I had the following idea - please tell me if this would work:
You have a distributed truecrypt file system with a client that the users run on their device, and intermediate cloud storage.
Each user device is a "folder" on the file system - messages are effectively truecrypt encrypted files that gave saved out to the remote folder that == the recipient.
The system would notify you that you have a new file that has been pushed to your folder - you can then decrypt and read it.
However - I feel that the weakness would be in the required key/passwd to open the files -- this might not be securable.
It may require that folders between two users have a known password on each eand - and that for every contact/recipient you would have to have a separate key (they could be the same value, but still separate) thus a communication looks like this
I think you're trying too hard. There are existing protocols (S/MIME, PGP, Jabber, etc.) for transferring messages in a secure manner. I'd pick the one that fits your scenario and wrap it up in a shiny app.
AFAIK, there are several IM apps that could support encryption, but I don't think they are actually doing so (and if they are, they aren't advertising it). As it is, end-end secure communications is not (I think) on anyone's feature bullet-list.
eh, there exist plenty of things that are nice and shiny.
I can take pidgin and OTR and with about three minutes worth of "You should click here", have it set up easily enough that even a complete non techy can use it.
The problem is 1) It requires installation and 2) People don't know it exists. (Strangely enough, once it's installed i've never had anybody move back, mostly as pidgin is a fair amount nicer to use then MSN)
You may be right, however one advantage of this method is that any messages and files are seen as exactly the same: a secure truecrypt encrypted file transfer.
Truecrypt is a container for storing a collection of files. Unless you're interested in the deniability aspects of Truecrypt where an alternate passphrase yields decoy data, off-the-shelf SSL with sufficiently large keys is more than adequate to secure the transport layer. I suspect your biggest challenge there would revolve around key authentication to prevent MITM attacks.
In the context of this discussion, you are talking about creating a crypto solution that prevents the NSA from sniffing your customers. Not a casual packet sniffer, the NSA. This is not the time to be running off and implementing your own crypto!
How do you know that the NSA isn't listening to those? It would seem more appropriate to make public-key encryption easier to use. There are already well-defined ways to use it with email, and there's OTR for IM that could be applied to multiple protocols. Granted, only the contents of the communications are hidden in these cases, but that's a big step forwards.
I know of Freenet and Tor, but haven't heard of Phantom. Because the word 'phantom' returns a huge number of irrelevant Google results, I haven't been able to find the project. Care to throw us a pointer?
This phone doesn't exist because there's not a market for it. I definitely wouldn't buy that. I, like a lot of others, don't have anything to hide from the government so even though I oppose the wire-tapping i'm not going to inconvenience myself to keep arbitrary data and idle chat secure.
> do you ever wonder why there is no consumer hardware PGP telephone?
Not on the analogue phone. But you can easily get a TLS-enabled or ZRTP-enabled hardware or software VoIP phone. Many vpbx providers will also provide you with a vpn tunnel endpoint if you ask about it often enough.
Also, since the analogue phone PSTN interface is pretty trivial to handle, there are multitude of analogue encryption boxes which work as an adapter to the line. Plug & play. You could even use a pc to compress the voice on one side, encrypt, send over an established modem connection and decrypt on the other side.
You don't need the analogue phone itself to do that at all.
> But you can easily get a TLS-enabled or ZRTP-enabled hardware or software VoIP phone.
In theory, arbitrarily strong/usable encryption products can be marketed within the USA.
In practice, from this list:
A) Usable by non-experts (requires no software fiddling, hardware mix-and-match, or other wastes of time)
B) Based on uncrackable/de-facto uncrackable cryptosystem (One-time pad, Public Key - respectively)
C) Affordable by / marketed to ordinary people
We are permitted to choose only TWO.
>...the analogue phone PSTN interface is pretty trivial to handle, there are multitude of analogue encryption boxes which work as an adapter to the line.
Analog "scramblers" are a joke. Any seriously-interested party can crack any and all of them without breaking a sweat.
>...use a pc to compress the voice on one side, encrypt, send over an established modem connection...
Sure, you can use a PC. But if you package this up as a pure-hardware solution usable by anyone who already knows how to use a telephone, certain people will take steps to ensure that your product does not stay on the market.
I do not know what the penalty is for violating the "gentleman's agreement" between the NSA and the electronics industry. But I would not care to find out.
Example of a system doing A+B+C -> Skype. You can claim that they have some way to clone the traffic for NSA use - maybe they do, but from the technical point of view - they satisfy the requirements. It also relies on Skype doing proper authentication / identity presentation.
Hardware-only plug & play box will never work here. You actually have to know something about the connection - information provided out of band. And I don't think most people would accept pressing ~150 digits on the pad as an easy solution.
Analog encryption does not end on scramblers and they don't have to be a joke. As mentioned before, put 2 modems together, apply gsm encoding and any digital encryption you want.
There's a lot of FUD here. If you come up with a proper system, black vans will take you away; NSA has gentelman's agreement; your product will disappear from the market; etc. etc. I don't think you can prove any of it and I can't disprove it either, so I'd rather stay with things we can be sure about.
If it doesn't have backdoors now, it will soon. The remote-intercept capability mandate for land line phones is in the process of being extended to all commercial VOIP.
> Hardware-only plug & play box will never work here.
> But the absence of any easy-to-use/uncrackable/provably non-backdoored secure voice phone on the market is proof enough for me.
If you have to worry about being monitored by government, a super secret phone will not help you anyways. If it's worth doing, your room / furniture / clothes / windows are already bugged and all you say will be recorded before it hits the phone. I really think a provably secure phone is a non-issue.
If it's worth doing, you will be caught and tortured. "Extraordinary Rendition."
The worth of the phone is to prevent you from turning into someone who ought to worry in the first place.
Bugging room / furniture / clothes / windows is expensive.
The NSA is known to use voice recognition and keyword search. It is no longer necessary to already be a target in order to be extensively and intelligently eavesdropped on.
How would a phone use an OTP? Would you send the key by carrier pidgeon to the guy every time you wanted to make a phone call?
There's absolutely no way to get security without some sort of verification by the user. At the very least, you need someone to verify that the keys are correct "can you read me your phone's security serial?". It shouldn't be too hard to create affordable, usable phones based on PKC. The problem is that nobody cares who listens to their conversations, because it's all "where are we meeting tonight/that movie was shit/i can't believe X did Y".
Public key cryptography seems like the wrong choice for phones, because it's relatively computationally intensive, and you'd want a phone to use the cheapest hardware imaginable. However, there is an alternative that would work.
You can use a symmetric cipher (AES is the current standard), and exchange keys via Diffie-Hellman key exchange, which is a method of securely generating a shared private cipher key over a public channel.
As I understand it, the primary advantage of public key cryptography is that it makes encryption and decryption asymmetric processes - i.e. everyone can encrypt something using your public key, but only you can decrypt it, because only you know your private key. In the phone case, the asymmetry would actually be annoying, because both parties want to send encrypted messages to each other, so you'd have to deal with two key pairs for each phone conversation.
That's how most encryption protocols work now, by exchanging symmetric encryption keys at the start. There are protocols to do this, PGPfone was written in the 90s.
Not sure what your point is, here. I listened to it, and it was very interesting, but the speaker has actually implemented encrypted communications on Android, so he clearly isn't too worried about it being poisoned.
I confess i wasn't living in the US during the last elections, so i only followed the elections from international news sources.
and i have no idea what those names means (paul i may have heard about while reading slash dot)
That also reminds me of that simpsons episode where the aliens take place of the democrat and republican candidates, and when they discover they are aliens trying to take over earth, someone shouts that he will vote for somebody else. the alien just says "go ahead, waste your vote" and the guy agrees and feels defeated.
Can someone show/tell me what I, an average person, can do? It feels a bit overwhelming and things like this point out how powerless we really are. I hope I'm wrong and there are things we can do...I just don't know what they are.
EDIT -
Asking two more specific questions:
1. What can we do technically to be safe?
2. What can we do to fight this? Petition Government? Support EFF? Other? Very much at a loss on #2