Author Topic: Yes, the NSA is watching you! (Read 3988 times)

Jehanne · « **on:** September 11, 2013, 12:22:00 PM »

Worried about NSA "spying"? Well, you shouldn't be (if, you follow the instructions below)!! It's all "defense in depth"!! Here we go!!!

1) Use the Tor Browser (disable JavaScript in the Firefox Preferences and enable NoScript, so note that you'll be using Squirrel Mail for your private email):

https://www.torproject.org/projects/torbrowser.html.en

2) Using your new (and free!) Tor Browser, visit the following Onion address from one of the many open Wi-Fi connections which are publicly available all around you:

http://bitmailendavkbec.onion/

Create a new account with a strong password (see below.)

3) Run Gentle GPG (new, of course, and recently updated) from a triple-cascading TrueCrypt hidden volume with several keyfiles:

http://sourceforge.net/projects/gentlegpg/
http://www.truecrypt.org/

Keep at least one of your keyring files on a different (hence, networked) computer.

4) Use QuickSilver Lite via Tor to send email to the Bitmessage E- mail Gateway using the smtp snorky.mixmin.net, port 2525 using TLS:

https://www.quicksilvermail.net/qslite/

5) Only READ encrypted email at the Bitmessage E-mail Gateway. Use Mixmaster to SEND encrypted email to the Bitmessage E-mail Gateway (or, to an alternative email service if the Bitmessage E-mail Gateway is down, taken-over, etc.)

6) Verify all digital signatures using GPG.

7) Disable everything that you don't need (Firewire, autoplay, USB ports, etc.) and spoof everything which you can (MAC address, Wi-Fi access points, etc.) Use all security options available to you (such as PGP encryption in QuickSilver Lite.)

8) Maintain the physical security of your hardware at all times. (Use a tablet.)

9) Beware of keyloggers, so use Debian Linux and OpenBIOS with full system encryption. Inspect your system regularly. (Should not be a problem if you are keeping your tablet with you!)

10) Use long passphrases greater than 30 characters whenever possible, easy for you to remember, impossible for others to guess -- Upper & lower case letters, numbers, symbols, punctuation characters, and at least one ALT control character ('Alt' + any 4-digit number).

11) Run Tails whenever possible:

https://tails.boum.org/

12) Stick with open-source programs.

Remember those 3 'Rs' in real estate -- "location, location, location!"; here are the 3 'Rs' in privacy -- "spoof, encrypt, and open source!". It is, of course, one thing to ENCRYPT data, it's also a very important to HIDE that data, as well! The NSA cannot decrypt that which they cannot find!!

Incredulous · « **Reply #1 on:** September 11, 2013, 01:31:25 PM »

Thank you Jehanne!

Hatchc · « **Reply #2 on:** September 11, 2013, 03:53:28 PM »

Lots of useful information there. I wasn't aware of BitMessage and QuickSilverLite.

Matto · « **Reply #3 on:** September 11, 2013, 04:04:49 PM »

I wonder if the NSA is watching us because we are traditional Catholics.

snowball · « **Reply #4 on:** September 13, 2013, 04:08:01 PM »

change your digital phone back to an analog phone.
all digital communications are automatically recorded
with digital snoop, including cell phones.. but land lines
which are non-digital require direct targeting first.

Jehanne · « **Reply #5 on:** September 13, 2013, 05:13:33 PM »

Quote from: snowball

change your digital phone back to an analog phone.
all digital communications are automatically recorded
with digital snoop, including cell phones.. but land lines
which are non-digital require direct targeting first.

You can use TorChat:

https://en.wikipedia.org/wiki/TorChat

poche · « **Reply #6 on:** September 14, 2013, 12:14:34 AM »

So, try to look your best.
:cool: :cool: :cool:

poche · « **Reply #7 on:** September 14, 2013, 03:47:17 AM »

Here is more on the subject;
Both Mayer and Facebook CEO Mark Zuckerberg spoke out against critics who have charged tech companies with not doing enough to fight off NSA surveillance. Mayer said her executives faced jail time if they revealed government secrets.

More tech firms are now pushing to be able to publish the number of requests they receive from the spy agency. Companies are currently forbidden by law to disclose how much data they provide.

Mayer was asked why tech companies had not simply decided to tell the public more about what the US surveillance industry was doing during an interview at the Techcrunch Disrupt conference in San Francisco.

Mayer said she that she was "proud to be part of an organization that from the beginning, in 2007, has been skeptical of - and has been scrutinizing - those requests [from the NSA]."

Yahoo has previously unsuccessfully sued the foreign intelligence surveillance (Fisa) court, which provides the legal framework for NSA surveillance. Yahoo asked to be allowed to publish the details of requests it received from the spy agency back in 2007. "When you lose and you don't comply, it's treason," said Mayer. "We think it make more sense to work within the system," she said.

Zuckerberg said the government had done a "bad job" of balancing people's privacy and its duty to protect. "Frankly I think the government blew it," he said.

"The government response was, 'Oh don't worry, we're not spying on any Americans.' Oh, wonderful: that's really helpful to companies trying to serve people around the world, and that's really going to inspire confidence in American internet companies," Zuckerberg added.

"I thought that was really bad," he said. Zuckerberg said Facebook and others were pushing successfully for more transparency. "We are not at the end of this. I wish that the government would be more proactive about communicating. We are not psyched that we had to sue in order to get this and we take it very seriously," he said.

Both Yahoo and Facebook have filed suits once more to force the Fisa court to allow them to disclose more information.

"Yahoo has been unable to engage fully in the debate about whether the government has properly used its powers, because the government has placed a prior restraint on Yahoo's speech," Yahoo said in its motion.

"Yahoo's inability to respond to news reports has harmed its reputation and has undermined its business not only in the United States but worldwide. Yahoo cannot respond to such reports with mere generalities," the company said.

http://catholic.org/technology/story.php?id=52373

Jehanne · « **Reply #8 on:** September 14, 2013, 06:10:02 PM »

Don't use those services for your private communication, unless you are okay with the NSA reading your emails. In short, there is far, far too much data for them to "sort through" in order to find your email. Besides, if you are using Gentle GPG with its 4096-bit RSA encryption, it's a sure bet that the NSA will not be reading your emails anytime soon! In addition, if you "pipe" that email through Tor, then you'll get "layer upon layer" of strong encryption, which means that if the NSA spends thousands and thousands of hours of very expensive supercomputer time to hack into Tor (which is pushing around 3 Gigabytes per second), all the NSA will get is another layer of encryption, which means spending tens of thousands upon tens of thousands of hours of very expensive supercomputer time to get at your email, assuming, that the NSA has secretly hacked the RSA algorithm!! (And, if they had done that, I doubt very much that even they could keep that a secret!)

In short, "your safe," so "trust the math." The NSA can't read your emails; angels, however, can, so keep that in mind for the Last Judgment.

Gaudium in Space · « **Reply #9 on:** September 14, 2013, 09:47:51 PM »

As long as we're talking about privacy and security, I have found the site Cryptome to be a good source of news for what's going on in the world of espionage and information security

http://cryptome.org/

They're sort of an aggregator except they don't directly link to other sites. They create PDFs or HTML files of the information and post it directly on their site. It eliminates problems with censoring, DoS attacks on other sites or any other reason for information going away on the internet.

Iuvenalis · « **Reply #10 on:** September 14, 2013, 11:43:43 PM »

You might not ought to encourage TOR usage as a panacea for anonymity.

It is important to *understand* it. If you don't understand TOR, it is unlikely to give you the protection you are looking for:

http://www.google.com/search?q=tor+compromised

Jehanne · « **Reply #11 on:** September 15, 2013, 12:05:48 PM »

Quote from: Iuvenalis

You might not ought to encourage TOR usage as a panacea for anonymity.

It is important to *understand* it. If you don't understand TOR, it is unlikely to give you the protection you are looking for:

http://www.google.com/search?q=tor+compromised

Only if you had Java Script enabled and NoScript disabled:

https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable

Besides, the FBI exploit was for an older edition of the Firefox 17 Tor Browser. Users who had upgraded after June 26, 2013 were completely safe, even if they had Java Script enabled and NoScript disabled. And, the FBI exploit was only running for a very brief time (a few hours) "in the wild" before it was discovered and taken down. Now, if you were using an older version of the Tor Browser early that Sunday morning and visiting hidden services hosted at the now-defunct Freedom Hosting, then you were "at risk," if you had Java Script enabled and NoScript disabled. If you had disabled Java Script with or without NoScript, then you were still safe, even if you were using an older Tor browser. (Of course, most users had long since upgraded after June 26, as the Tor Browser has "nagware" which will bug you into upgrading!)

Iuvenalis · « **Reply #12 on:** September 15, 2013, 01:50:01 PM »

Notice I did not post a link to the browser exploit, but to a search for TOR compromises. I am starting to think more and more you don't actually understand TOR, but worse, *think* you understand TOR.

If you had actually searched you'd see that traffic analysis can yield a 95% certainty as to who a TOR client actually is.

Jehanne · « **Reply #13 on:** September 15, 2013, 01:50:36 PM »

As I posted in my OP, you can also use Tails which was not affected at all by the FBI exploit:

https://tails.boum.org/

Tails forces everything through Tor and any direct connections to the Internet are automatically blocked.

Iuvenalis · « **Reply #14 on:** September 15, 2013, 02:00:52 PM »

Yep, you definitely don't understand TOR. It's just a magical fairy dust you sprinkle on things and you're anonymous!

Like magic!

Carry on. Nevermind.