General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsEncrypt your data, people
Hi all,
I just wanted to pop my head up from the nerd cave and take this moment of fear to remind you that there are currently available encryption systems that will protect your privacy from government, corporate, and criminal snooping (and especially the situations where the snooping is all three at once). (Also, telephony remains a weak point, which is one reason I don't discuss confidential matters on the phone -- particularly a cell phone -- if possible; though that's my paranoia about the Russian mob more than about the CIA).
Web traffic: use SSL if possible. Try https rather than http for your web connections, eg
https://google.com
rather than
http://google.com
(While I'm at it, a parenthesis: you don't need to put "www" in your URLs 99% of the time; that's an artifact of network design principles in the mid 1990's)
For sites where SSL is not available (eg, unfortunately, DU), there are still options, one of the best of which is TOR, The Onion Router. It is a peer-to-peer SSL-based relay system that also hides the routing information from any snooping eyes. This is a little more complex to set up, but feel free to PM me if you need help.
Email: use PGP. Seriously. There's no excuse in 2013 for sending unencrypted emails to people you know. There are a ton of products available (your antivirus program may well include one), but the canonical software is called GPG, and a good open source version of it is here.
Instant Messaging: Use OTR (Off-The-Record messaging). You can install it and use it with Pidgin, which also has the advantage of combining all of your google talk, AIM, MSN, Facebook chat, ICQ, and about 20 other protocols into one chat program.
A principle of cryptography is that if it is possible for something to be read, you should assume it's being read. And as I alluded to above, whatever the government is or isn't doing, you can be damn sure criminals are trying to get your information all the time. Take back your data!
bemildred
(90,061 posts)LiberalEsto
(22,845 posts)BainsBane
(53,142 posts)What about uncontroversal things like setting up Father's Day plans or someone's birthday party? Most of my emails are so innocuous I can't imagine anyone other than the recipient, let alone the NSA, being remotely interested in them.
Recursion
(56,582 posts)From a security standpoint it's much better to just encrypt by default
MineralMan
(146,371 posts)On the other hand, if you don't really care if your emails and other stuff is seen by people you don't expect, there's no real reason to use encryption. My email inquiries about my parents' failing health, for example, needs no encryption, and neither do most of the emails we send. Frankly, that stuff just isn't interesting to anyone.
Nimajneb Nilknarf
(319 posts)This is from a couple of Presidents ago, but some of the same players are still in the game.
http://partners.nytimes.com/library/cyber/week/071097encrypt.html
MineralMan
(146,371 posts)encryption tools are free of key extraction back doors. Little confidence at all. But then, I don't really send anything through the Internet that needs encryption, so it's not an issue for me, personally.
Nimajneb Nilknarf
(319 posts)The best you can do is to use keys that are sufficiently large that brute force won't be possible any time during your lifetime.
Or learn to communicate through things like metaphor, private jokes, the Navajo language, etc. Another good method is putting out a lot of noise that looks like information but is meaningless.
MineralMan
(146,371 posts)in our daily affairs, or we use secure internet URLs when disclosing stuff like credit card info or SS#s.
If security is critical, the best answer is to meet in person to exchange information, with nothing written down at all. Frankly, I've never been in any situation where such efforts were necessary. Back in my dope-smoking days, buying some grass was done in person only, of course, but the cops weren't all that interested in minor marijuana transactions in the 70s in California, so we were pretty darned casual about it.
These days, I deal with some business information for the companies whose websites I write, but it's not that serious, and we never bother to encrypt anything. Small businesses...small risks, really.
Recursion
(56,582 posts)I keep toying with making a 1TP TLS system, but the pad management is a nightmare.
oldhippie
(3,249 posts)... when our supply through normal crypto channels was interrupted by an inconvenient little skirmish.
I had a hell of a time trying to figure out how to generate some really random sequences using the computer we had available at the time. (A TRS-80 ) I ended up going old school and pulling tokens out of a basket. It was a royal PITA, but it worked. OTPs are great except for distributing the pads.
FarCenter
(19,429 posts)For example, if the computation required 2000 Quads of energy to do, that is 4 times the annual global energy supply. So you would be pretty safe.
Recursion
(56,582 posts)A back door is logically impossible there.
Nimajneb Nilknarf
(319 posts)on routine communications.
Recursion
(56,582 posts)MineralMan
(146,371 posts)Most people don't understand the technology. And most people have no need for it, either.
Recursion
(56,582 posts)Except for SSL, the systems I mentioned are symmetric key based, which means there isn't a backdoor for the government to get in the first place.
Nimajneb Nilknarf
(319 posts)Recursion
(56,582 posts)yodermon
(6,145 posts)e.g. hidden volumes in TrueCrypt
http://www.truecrypt.org/docs/?s=hidden-volume
Of course the tech savvy torturers will just say "ok, what's the *real* password to the *real* volume" *whack whack thud*
MattBaggins
(7,905 posts)won't take 23 trillion years to crack?
riqster
(13,986 posts)But really, most of the rest of the solutions can be worked around with collusion of industry groups, and most of them are in the tank with Big Brother.
randome
(34,845 posts)Installing software other than something from Microsoft is generally frowned upon.
The dichotomy of the Internet is this: we want the world to be accessible to us 24/7 but we also want it to be private.
It just doesn't work that way except with lots of hoops and configurations.
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
Baitball Blogger
(46,852 posts)Then they would have to explain why they tolerate the racketeering that goes on in my City.
cascadiance
(19,537 posts)... whether use an https server to access their site or not. As on the backend your search history will be kept in clear text or other means that can be looked at by the PTB, whether it is just Google, or the government looking over their shoulder.
Ultimately, it won't stop the government looking at your purchase history at Amazon.
You remember the old days when they had the clipper chip that was talked about heavily that was encryption that allowed for a back door for government to be able to break it? If you back up your data online to carbonite servers, and you feel it is being encrypted there and not visible to arbitrary spying, ask yourself is a clipper style encryption mechanism is in place that allows the government to come in and do a thorough scan of what you thought was private on your home computer that is backed up there. And though Al Gore has railed against the latest efforts in this area, back in the day when the clipper chip legislation was being debated, Al Gore supported it and said something to the effect that if we all knew what was going on behind closed doors that we would see the "need for it". That tells me that we're not hearing the complete story of how our data and online life is being monitored, and what that monitoring is being used for.
Also, unless EVERYONE uses pgp to encrypt their data, your using such to protect email, etc. has your data stand out when they are monitoring everyone's search habits. Then they will look more closely at other parts of your online communications that aren't encrypted that much more than others would be monitored.
We really need some ground rules put in place that protect us from unwarranted and blanket surveillance that can be used for other agendas other than just law enforcement trying to protect us from things like terrorism. At least conceptually where the boundaries should be need to be made public, so that if people feel their privacy has been abused, there's a basis they use to challenge in court someone's abusing those rights without warrant.
Recursion
(56,582 posts)But as far as that goes, the government is the least of my concerns...
cascadiance
(19,537 posts)The PGP authors used to get hassled for export laws to make sure they weren't carrying source of the pgp algorithms outside of the country in the older days, as stupid as that might sound.
Recursion
(56,582 posts)I used to have a shirt that had that and the Rijndael algorithm in very short Perl on it.
toddaa
(2,518 posts)My home page https://duckduckgo.com
bhikkhu
(10,730 posts)I kind of feel sorry for any poor NSA schmuck who has to read through it.
randome
(34,845 posts)Kidding! Kidding! Really!
[hr]
[font color="blue"][center]Stop looking for heroes. BE one.[/center][/font]
[hr]
riqster
(13,986 posts)remember that the NSA has teams of people working to hack such solutions, so don't let using such practices lull you into s sense of complete security.
I said "fuck it" years ago. Let 'em look. If they don't like what they see, it's their own damned fault.
Recursion
(56,582 posts)I just thought this was a good teachable moment for reminding people of some best practices.
riqster
(13,986 posts)Like any crime-prevention strategy, it can't provide complete safety. But it will increase your safety to a degree.
denverbill
(11,489 posts)Why should I encrypt my emails if all I'm doing is telling my wife I think we should weed the garden this weekend? Why use secure google to search for a Mexican chicken soup recipe? Frankly, if I was a snooper at the NSA, I'd spend my time looking at people who were encrypting everything rather than people doing everything in the open.
Recursion
(56,582 posts)... by picking through people's garbage.
Myrina
(12,296 posts)... they don't publish lists of "this week we're looking for x-type of bad guy", people just knock on your door and want to "talk".
One can't be sure what terms they're flagging, or what an innocuous statement may get you aligned with.
And aside from all that, why the hell should you allow anyone but you or your intended recipient to read the email in the first place?
It's simply none of their damn business.
usGovOwesUs3Trillion
(2,022 posts)by making it much more expensive for them to do their unconstitutional blanket spying on all Americans.
Money seems to be the only thing that get's their attention nowadays.
hunter
(38,384 posts)Lack of transparency is what got us into this mess, transparency will get us out.
Someday I'd like to see a government that keeps no secrets.
Savannahmann
(3,891 posts)The NSA can crack the encryption in fractions of a second.
Recursion
(56,582 posts)And, at any rate, you can always double your key size...
Phillip McCleod
(1,837 posts)*surfing.. the TOR Browser is a standalone executable firefox with TOR built in. it's as easy to use as your regular browser, only slower and a mazillion times more secure. it can be downloaded for Windows, Mac & Linux here..
Tor Browser Bundle.. https://www.torproject.org/projects/torbrowser.html.en
if you aren't feeling that paranoid, but still don't want to be *tracked*.. make sure to have the browser addon/extension (firefox or chrome) 'Adblock Plus' and possibly 'Ghostery'. if you search for them in the addons/extensions page they should pop right up.
*https.. keep forgetting to stick that extra 's' in there? this addon/extension from the Electronic Frontier Foundation will remember for you.. for either Chrome or Firefox..
HTTPS Everywhere.. https://www.eff.org/https-everywhere
*encrypted email.. keep forgetting to encrypt your important emails or maybe too lazy? there's a free webmail service that offers crypto called Hushmail..
Hushmail.. http://www.hushmail.com/
*cell phone.. paranoid or private when talking on the phone over the cell network? gee i wonder why. it's not a complete solution but there are numerous VOIP apps that will allow you to make and receive calls over the internet using either Wifi or 3/4G data. no call log to pass on to the NSA.. just 'data usage statistics'.
i personally use a combo of Google Voice, Google Chat (aka Google Talk), and a pair of Android apps called 'GrooVeIP' and 'GrooVeIP Forwarder' (total cost.. about $7). originally i needed them because i live in the woods with no cell service, but i do have internet. this way i can make/receive calls seamlessly, but it has a nice side effect. there are plenty of other, probably more secure, options, however..
ThoughtCriminal
(14,082 posts)I cannot imagine why anybody would find my dull life worth examining, but just in case, they can spend the next few decades trying to decrypt them.
steve2470
(37,457 posts)usGovOwesUs3Trillion
(2,022 posts)I'm sure Im not the only one, but I suspect the gov would probably frown on any company that tried to make it easy for people to do that with ALL their communications (not just google searches).
But it certainly could be done, if anyone with business savvy, and guts, who wants to put together a solid business plan, and do a proposal on kick starter, and also needs a tech partner, I would be willing to discuss it, just PM me
DCKit
(18,541 posts)I worked both sides of the Federal lawsuit against Microsoft, then it just went away.
Draw you own conclusions.