Opt out of PRISM

Closely related to self-defense, this Board focuses in other aspects such as Communications, and Financial.

Re: Opt out of PRISM

Postby Lexington Bill » Mon Feb 16, 2015 4:38 am

This is my first post, but a topic I've had some personal experience with.

I run a TOR bridge. Since the level of security available there is, in part, dependent on the number of nodes online at any given moment (making it incrementally harder to do timing attacks with each node added), I strongly encourage anyone using TOR to "pay into" the system by allowing their machine to serve as a node of some sort. There are three types of node: exit node (makes actual contact with the destination server), non-exit node (any point in the chain except exit) and bridge (allows people behind, for example, the "Great Firewall of China" to access the web. Some people simply do not have the bandwidth to spare or have a pay-by-the-byte plan and should use TOR in client mode. Everyone else has an ethical decision to make ... whether to be a leach or to be a partner.

TOR is a proxying service with some unique features which make it relatively secure. That said, do not rely on it, alone, for any communications which, if discovered, could result in serious negative consequences -- use strong encryption at every opportunity.

That said, I would counsel you to think long and hard before using some other proxies. Here's why: http://forum.palemoon.org/viewtopic.php?f=26&t=2806

Set your computer to look to the USB ports for boot code ahead of the hard drive. If there is nothing bootable in the USB drive, it will roll-over to the hard drive.

Then keep a copy of DBAN (Darik's Boot and Nuke) on a USB key near (but not IN!) the computer. If you ever need to make the contents of your hard drive "go away", insert the key and reboot.

Even a partial wipe is better than none at all. If the PTB can't find your physical computer for a few minutes, you are a few miles further away from a successful prosecution. If you have a "bait" computer they can sieze, you might be able to get a 100% wipe that would take the NSA to read.

There is also some software called "Secure Erase" whose development was halted a long time ago. However, if your hard drive is of the type it was designed to work on, it is even faster than DBAN and arguably better. Do a Google search (DAGS) for it.

If using Linux, you can write a one line BASH script that will write, over and over, to every byte on the hard drive, including, of course, both used and unused space, surprisingly quickly. After a half-dozen iterations, even the NSA will have trouble reading that disk.

You can skip Gmail or Yahoo or Hotmail or whatever free service you are probably using right now by setting up your own e-mail server on your desktop or laptop computer and using a service such as DynDNS.com or noip.com to have your email sent to the new under-your-control server. For no-ip, the cost ranges from free to $25 a year. Nosing around in your router settings may reveal that signing up for one or the other is only a few clicks away. Setting up the server software on Linux offers more $free$ options (Postfix is my personal favorite), but Windows users will find that Sendmail works just fine, too.

You might further tighten access to your computer from the outside (without actually unplugging it from the wall) with port knocking. http://portknocking.org/ The idea behind port knocking is to have your computer completely closed to the outside world and then, based on the pattern or contents of attempted accesses to it, run a script to perform specific actions without ever actually acknowledging that the sequence or contents had any meaning to it. For instance, it might open a port allowing remote shell (terminal) access or it might just trigger an event, such as wiping the hard drive, remotely. To an eavesdropper, it appears that your computer ignored the knock ... even as it is firing detonation charges around the compound and arming the thermal imaging automatic machine guns and rocket launchers. 8~]

Linux is based on Unix which was, by design, secure from day one.

The NSA agrees ... it helped write Secure Linux, which, while a bit of a "PITA" to set up, is locked down solid by default. That said, the tools for locking down SELinux are present in pretty much ALL versions (distributions) of Linux, differing only in the default configuration file settings. Many extremely agile minds have reviewed the code for SELinux .. you can be confident that it has NO "backdoors".

It will take a new user 45 minutes to an hour or so to install Linux on a computer from a free-to-download *.iso file and give it your entire hard disk or a few minutes more if you want to leave the original operating system intact ... much of which is spent sipping coffee while waiting for the hard disk to do a low level format.

Or you can install it on a USB key of moderate capacity and use it as a "portable computer" (DAGS "Portable Linux") ... Tails is one distro designed for exactly that sort of use, but there are others.
Lexington Bill
 
Posts: 2
Joined: Fri Feb 13, 2015 9:36 am

Re: Opt out of PRISM

Postby editor » Tue Feb 09, 2016 9:04 pm

In another thread, a member said something about having "no idea... about the encryption". This seems like a more helpful thread in which to post an answer.

I'm a far shout from being an expert on encryption, but I've been using it for years. Commonly available free and open source (FOSS) programs make it easy to protect your privacy. Here's a little basic information, just to clear things up for readers.

Secret Codes

Secret codes have been around for a long time. Lots of people have used them. One early and very simple code is substitution. You start with the alphabet, and then you shift the letters like this:

ABCDEFGHIJKLMNOPQRSTUVWXYZ
NOPQRSTUVWXYZABCDEFGHIJKLM

Using this code, "Hello World" would look like this: "Urxxa Jcdxq". Easy to figure out, as long as you have the key. By modern cryptography standards, it's also pretty easy to crack even if you don't have the key, but you probably see what I'm getting at.

There are all kinds of ways to make a code like this harder to crack. For example you could randomize the key on the second line, instead of listing them in order. You could include a "blank space" in your alphabet, giving you 27 letters instead of 26. This makes it harder to figure out where the word breaks really are. But there are a few things all codes like this have in common:

  • The same key both encrypts and decrypts the message.
  • Anyone who has the key can easily read the message.
  • To use the code you must put the key securely into another man's hands.
  • You may never know for sure if the key has fallen into enemy hands.

Trapdoor Encryption

There is a type of encryption known as trapdoor encryption, and also known as public key encryption. In a nutshell, here's how it works:

Using a computer program, you generate what is known as a key-pair. This is really just two simple text files containing what appears to be random characters. But they are not random. The two files have something unique in common.

Each file is a key. Using the encryption program, together with either one of these keys, you can encrypt a message so that no one can read it unless they have the other key.

One key file is arbitrarily named Public, and the other is named Private. This makes it easier for you to keep track of them, and not mix them up. Any message encrypted using the Public key can only be decrypted using the Private key. Likewise, any message encrypted using the Private key can only be read using the Public key. It's an exclusively one-way system. There is no way to decrypt a message using the same key it was encrypted with. Also there's no way to figure out the contents of one key, using the other key.

So in actual practice, you may now post your Public key on a public bulletin board, or anywhere you like. No more need to worry about how to put a secret key into anyone else's hands, or worry whether security has been compromised. Keep your Private key private and protected. Now anyone who wants to send you a secret message can easily do so. All they have to do is encrypt the message with your Public key. Since you are the only one who possesses the Private side of that key-pair, you are the only one who can read the message.

Another problem with sending messages from one person to another, is the man in the middle. Let's say Adam sends Barbara a letter with an important question. A few days later Adam receives a response. The response claims to be from Barbara, but can Adam be absolutely sure it was actually Barbara who sent it?

With trapdoor encryption, Adam and Barbara can always be sure. It just takes a second step: Barbara encrypts the message twice. The first time she uses her own Private key, which can only be decrypted with her Public key. This is the equivalent of signing the message with her unique identity. No one else could create a message which could be decrypted with her Public key. Only Barbara. Then she encrypts it with Adam's Public key, for the sake of privacy.

When Adam receives the message, he first decrypts it with his Private key. Then he decrypts it again with Barbara's public key. If he can read the resulting message, then he knows for certain it was sent by Barbara.

The only thing complicated about this is that you may not have used the encryption program before, and so it is in the realm of the unknown. The program is well documented, and easy to use. It's called gnupg (GNU Privacy Guard).

The program works with more than just simple messages. You may use it to encrypt any sort of file, like audio clips, videos, spreadsheets, photographs, you name it. No file is too large or too small.

Modern encryption is much harder to crack than the simple examples I gave above. Of course there's no guarantee your messages can't be cracked, given enough time and effort. But that's the point, it takes a lot of time and effort. This is a good argument for encrypting everything, whether it's important or not. That way a potential enemy has no way of knowing which messages he should expend effort to read. He may eventually get something important, but in the meantime he spends a lot of time and money to get nothing but Aunt Millie's sugar cookie recipe, and a photo of your dog catching a Frisbee.

For example, on my own computer, every personal data file on the entire computer is encrypted. Even the filenames are encrypted. If you're looking for something in particular on my hard drive, even if you have millions of dollars and twenty years to find it, good luck. Doing this was as easy as checking the box on the screen: "Encrypt my Home Folder" while I was installing Kubuntu Linux.
--
Editor
Lawfulpath.com
editor
Site Admin
 
Posts: 618
Joined: Thu Feb 21, 2013 9:24 am

Re: The totalitarian state

Postby Firestarter » Mon Jan 23, 2017 4:47 pm

Most people must have seen movies or series were a police informer spies on some “bad” criminals, by wearing a “wiretap”. You must have realised that a mobile phone contains everything needed to pick up what is said?
Do you have any idea how somebody can call you on your phone, if they don’t know what the nearest GSM-antenna is?
I have never understood that people do not mind being spied upon. If for example the Nazis wouldn’t have known who the Jews were, they couldn’t have deported them to the concentration camps (it was the American IBM that provided the Nazis with computers).
One of the main reasons Big Brother wants to know what’s going on, is to verify that the brainwashing of the slaves is working (and how it needs to be adjusted).

WIRETAPS
When you’re dealing with computers, there’s no such thing as private or secret information. Computers decide based on authorisation if you can view information. The secret police simply needs a profile with sufficient authority to view information stored on computers (this is most easily achieved if everybody uses the same operating systems, like Microsoft and Linux).
In 1997 the FBI started using the Carnivore system, later renamed to DCS1000, to spy the internet, using data mining techniques. Ironically by the time Carnivore was officially stopped the FBI had for 2 years been using other custom built systems: http://usatoday30.usatoday.com/tech/new ... lete_x.htm
Seen from a computer technology point of view the most difficult part is not the getting access to the information, but that’s analysing the data. When you hear for example that Edward Snowden was a hacker, this is not the difficult part in spying on the population.
Whenever you hear about physically bugging a phone: this is nonsense, they tap the central server for information from the phones.

INFORMATION AWARNESS OFFICE (IAO)
IAO of the Defense Advanced Research Projects Agency (DARPA) is MUCH more ADVANCED than Carnivore: https://en.wikipedia.org/wiki/Informati ... ess_Office
Because the IAO prevents terrorism and doesn’t know who the (future) terrorists are, - to be on the safe side - they spy on everybody. There have been outcries in the USA, that this is a violation of constitutional rights. The government simply told us, they stopped financing the IAO (and continued the program by a different name) and only spy on other countries (of course Americans wouldn’t mind if other countries are spied upon).
The IAO gathers all information in one giant database, including analysis of friends, family, hobbies and medical history, and uses data mining techniques to classify everybody by a danger level (1 for a good patriot and 10 for a dangerous terrorist that must be eliminated ASAP). There are nice features like: speech to text transcription, translating languages and predicting future events. IAO even helps the people in charge to make decisions and let these be carried out.

PROJECT INDECT
The surveillance system, known as Project Indect of the European Union (EU), collects information by way of “continuous monitoring” of “web sites, discussion forums, usenet groups, file servers, p2p networks [and] individual computer systems”. It will also use CCTV feeds and other surveillance methods to develop models of “suspicious behaviour” by analyzing the pitch of people’s voices as well as “the way their bodies move”.
The following text was found on the official website for Indect: "Our focus is on novel techniques for word sense induction, entity resolution, relationship mining, social network analysis [and] sentiment analysis".
Its main objective will be the “automatic detection of threats and abnormal behavior or violence”: http://www.telegraph.co.uk/news/uknews/ ... viour.html
And what would be considered strange behaviour? Reading a real book, keeping a handwritten agenda (instead of the agenda on your phone) or leaving your mobile phone when you leave your house. Reading this thread will certainly be suspicious.
Indect has started the SSIX platform that acquires language resources for Sentiment Analysis: http://blog.lionbridge.com/suomi/2015/0 ... l-indices/

SITCEN
Project Indect is part of the Joint Situation Centre (SitCen) that was originally established to monitor and assess worldwide events and situations on a 24-hour basis with a focus on potential crisis regions, terrorism and WMD-proliferation. To make it all so very democratic nobody seems to know what SitCen is up to.
SitCen is in turn part of EU Intelligence and Situation Centre (EU INTCEN) that has its roots in the European Security and Defence Policy of 1999.
Since 2007 INTCEN is part of the Single Intelligence Analysis Capacity (SIAC), which combines civilian intelligence (EU INTCEN) and military intelligence (EUMS Intelligence Directorate): https://en.wikipedia.org/wiki/European_ ... ion_Centre

ECHELON
In 1999, the BBC made information from the Australian government public that "As you would expect there are a large amount of radio communications floating around in the atmosphere, and agencies such as DSD collect those communications in the interests of their national security".
The GSM network functions on microwaves that are floating around and if by chance internet traffic is sent wireless, they can record all that information (this cannot be a violation of privacy can it; when it’s just floating in the air?).
This information is then shared with the US National Security Agency (NSA) at Fort Mead in Maryland, and Britain's GCHQ: http://news.bbc.co.uk/2/hi/503224.stm

CCTV CAMERAS
We have been told that security cameras are used to prevent and solve crimes. It has been admitted by the British Metropolitan Police that “For every 1,000 cameras in London, less than one crime is solved per year”: http://www.telegraph.co.uk/news/uknews/ ... dmits.html

GSM = GLOBAL POSITIONING SYSTEM (GPS)
When I search for navigation apps for a mobile phone, they claim that these use the GPS, but in reality nothing else than the Global System for Monitoring (GSM) is needed to locate your mobile phone. I hardly can believe that you don’t even realise that when you use your phone for navigation, they know your location.
In 2001 I talked with a computer programmer working for a telephone company, that told me that he was working on an application that could compute the location of a mobile phone, by analysing the data from the 3 GSM-antennas closest to the mobile phone. I didn’t ask him how, but following is a method that could be used (maybe they’ve invented a more elegant way to do this). If your interested in mathematics maybe you find the following deduction interesting...
The closest GSM-antenna (A) can simply send a signal to the phone, the phone replies “immediately”. It is known how fast microwaves travel (the speed of light is 300,000 km/s in vacuum) and it’s also known how fast the mobile phone replies. From this you can immediately calculate the distance r(A) from the phone to the closest antenna A. When you know the distance r(A), it’s fairly easy to compute the longer distances - r(B) and r(C) - to the 2 antennas (B, C) that are reached at a later time by the reply signal the phone sends (simply add the additional time it takes to reach antennas B and C, multiplied by the speed, to r(A)).
When you know the distances r(A), r(B) and r(C) to the closest 3 GSM-antennas you can visualise this as 3 sphere with radius r(A), r(B), r(C) around antennas A, B, C, which makes a single point.
For an example I’ve calculated it with a Phone (position: x, y, z), I use the notation ^2 for square. I choose for the location of the 3 nearest antennas: A (0, 0, 0), B (500, 0, 50), C (0, 500, 50).
1. r(A)^2 = x^2 + y^2 + z^2
2. r(B)^2 = (500 - x)^2 + y^2 + (50 – z)^2
3. r(C)^2 = x^2 + (500 - y)^2 + (50 – z)^2


Now substitute ((50 - z) ^2 from) 3. in equation 2., to get:
r(B)^2 - r(C)^2 = (500 - x)^2 + y^2 - x^2 - (500 – y)^2
<-> 4. y = x + [r(B)^2 - r(C)^2]/1000


Now substitute (y^2 from) 1. in equation 2., to get:
r(B)^2 - r(A)^2 = (500 - x)^2 - x^2 - z^2 + (50 – z)^2
<-> 5: z = -10 * x + 2525 + [r(A)^2 - r(B)^2]/100


Now substitute the formulas for y and z (4. and 5.) into the above formula 1., to get:
r(A)^2 = x^2 + { x + [r(B)^2 - r(C)^2]/1000**^2 + {-10*x + 2525 + [r(A)^2 - r(B)^2]/100**^2
<-> 6: 0 = 102*x^2 + {[101*r(B)^2 - r(C)^2 – 100* r(A)^2]/500 - 50500** * x + 6375625 + [101* r(B)^4 + r(C)^4 + 100* r(A)^4 – 2* r(C)^2* r(B)^2 – 200* r(B)^2*r(A)^2] / 1000000 + 49.5*r(A)^2 – 50.5* r(B)^2


For an example I will choose a position for the mobile phone: (100, 75, 15).
I would first get the distances to A, B, C: r(A)^2 = 15850; r(B)^2 = 166850; r(C)^2 = 191850

By inserting this in formula 4.: 0 = A*x^2 + B*x + C
A = 102; B = -20350; C = 1015000

Using the ABC-formula
x1, x2 = {-B +/- SQRT[B^2 – 4 * A * C]** / 2 * A
You get: x1, x2 = 100, 99.5
There is probably some elegant way to determine that only 100 is correct, if I insert x = 100 into formulas 4. and 5. I get the right answers: y = 75 and z = 15 (x, y, x = 100, 75, 15).
So this is mathetatical proof that GSM-antennas can be used the determine somebody’s location.

GSM 134 EURO – OLD PHONE 491 EURO
You could look at it financially: as a rule of thumb old technology is cheaper than new.
If I want my (old) house telephone connected I pay at least 12.50 per month. I pay administrative costs of 35 euro to get connected, need to buy a telephone and pay for each conversation (0.13/0.26 euro per minute plus starting costs of 0.06 euro per call).
I can get a cell phone for 3.95 euro per month (the cheapest new one I could get) for 2 years, with 50 minutes and 50 SMS-messages a month included (I can even listen to and make photos). I pay additional for postage and administrative costs of 23.90 euro and had to buy a memory card to make pictures (including cardreader for 15 euro).
If I would call 30 minutes in 8 telephone conversations per month for two years. With my (old) house telephone (0.20 euro per minute): 491 euro. With my (new) cell phone: 134 euro (including new telephone, memory card, camera, music player and games).
George Orwell described that in 1984 everywhere telescreens were hanging both to spy on the population and to spy on them. Hasn’t anybody figured out that this proves that they want you to walk around with your cell phone?

SPYING APPS – ISRAELI SPY RING
There are even commercially available apps for the cell phone, so employers can spy on their slaves and little brothers can spy on their loved ones: http://ziskje197qs2k43u.gq/cell-phone-t ... d-control/
In 2001 the Israeli companies AMDOCS and Comverse Infosys were suspected of spying on the American police. AMDOCS makes the bills for most of the American telephone companies. Comverse Infosys supplies the American government, with automatic tapping equipment. In 2001 it became clear that Comverse Infosys created a backdoor so they could tap in on the telephone information.
The investigation was simply stopped (while the spying has continued): http://whatreallyhappened.com/WRHARTICLES/spyring2.html

COMPARISON TO ORWELL’S 1984
I found an interesting comparison between the 1984 that George Orwell described and how we are watched in the 21th century. The following are some descriptions about reality.
All information accessed through the internet is stored on countless hard drives in large information centres and distributed via broadband, satellite, and cellular connections. Anything done on the internet can never be permanently deleted.
Every time you “Accept to these terms and conditions”, you are allowing that source to any of the information it specified.
The Facebook app uses the devices’ camera and microphone at any time to gather pictures and sounds.
Police can hack into your phone's microphone to listen in on conversations: https://prezi.com/gdzaqhv6px_w/english- ... esent-day/
Firestarter
 
Posts: 446
Joined: Thu Mar 03, 2016 3:02 pm

Re: Opt out of PRISM

Postby editor » Tue Jan 24, 2017 7:41 am

Firestarter,

All these things you've written about are serious concerns. If you've read the earlier posts in this thread you know there are also things we can all do to minimize privacy invasions, and make it harder for tyrants to have their way.

Even if you use Linux, you should be aware that all computers have proprietary blobs of code buried in their BIOS (that's the code that starts up the computer and tells it how to communicate with it's other devices). We don't know what is in that code, and it's safe to presume there may be things in there we don't like.

A few years ago a large maker of laptops, Lenovo, was busted inserting code in their BIOS that would interact with Microsoft Windows to make it call home with private user information. How were they busted? It's easy enough to trace packets running through a network connection, so anyone who looks can see if a computer is calling home.

Take note that Lenovo's malware didn't work if the laptop owner was using Linux, but that doesn't mean code couldn't be inserted which would work with Linux. Of course Linux users are more likely to be looking at their network packets than Windows users.

A few days ago I read about a project called LibreBoot. They are working on an open source BIOS. So far there are only a handful of BIOS chips it will work with. Interestingly, most of them are the same Lenovo chips involved in the malware scandal, whereas most other chips are locked down and can't be flashed with an open BIOS. This makes me wonder whether Lenovo had clandestine plans to be able to flash their BIOS remotely, to update their malware?

When I was a young man and EEPROMs (flashable, programmable chips) were a relatively new thing, expensive equipment was required to flash those chips. These days, LibreBoot uses a cheap clip which goes over the pins, and interfaces with the GPIO pins on a Raspberry Pi. Ingenious.

You know if you're worried about the webcam in your laptop you can just put a Post-It note over it, right?

Did it occur to you that you can clip the audio plug off an old set of headphones, and plug it into your headphone jack, which will disable the internal microphone?

Most of the things you've pointed out about mobile phones are correct. I protect myself as best I can by installing Cyanogenmod (now LineageOS). Other comments about custom ROMs for phones have been posted earlier in this same thread, so I won't belabour them. But I do want to point out that with many models of phones, the U.S. domestic versions are locked down and will not allow custom ROMs to be installed. For that, you must often buy the international version of the same phone. Costs a little more, but doesn't freedom usually have a cost?

I also read recently there has been a huge increase in Distributed Denial of Service (DDOS) attacks. It turns out the culprit is embedded Linux running mostly on closed circuit tv (CCTV) alarm systems. Chinese alarm systems made on-the-cheap, by companies that don't take the time or trouble to lock the systems down properly. And since these systems are usually connected to the Internet as a feature (the owner wants to be able to look in on his property remotely), hackers find a way in. They don't care about the camera view, they're using the system as a mini-computer to start knocking on the door of some victim's website the hacker wants to attack. If you get thousands of computers knocking on the door all at the same time, it interferes with the website's ability to function, which is the purpose of a DDOS attack.

The point being, if you have one of these cheap alarm systems you may have been hacked and not know it. Someone may be using your Internet bandwidth for nefarious purposes. You can combat this by properly configuring your router, which is beyond the scope of my comments here today.

It's just like the old war between safe-makers and safe-crackers. It will probably go on forever. If you're going to use technology, then it is in your best interest to try and learn enough to protect yourself as much as possible.
--
Editor
Lawfulpath.com
editor
Site Admin
 
Posts: 618
Joined: Thu Feb 21, 2013 9:24 am

Re: Opt out of PRISM

Postby Firestarter » Tue Jan 24, 2017 9:43 am

editor wrote:All these things you've written about are serious concerns. If you've read the earlier posts in this thread you know there are also things we can all do to minimize privacy invasions, and make it harder for tyrants to have their way.
There are certainly things you can do to minimise the invasion of your privacy. I still have to read all of the information in this thread.
The problem is that when you do - you're immediately triggered as a dangerous individual...
You must have heard that the argument for violating our privacy is preventing terrorism.

editor wrote:Most of the things you've pointed out about mobile phones are correct. I protect myself as best I can by installing Cyanogenmod (now LineageOS).
What doesn't work is using technology to protect your privacy; like for example installing an App on your mobile phone. How can installing an App on your phone, protect you from having your mobile phone information tapped at the central server?
Lexington Bill wrote:Linux is based on Unix which was, by design, secure from day one.

The NSA agrees ... it helped write Secure Linux, which, while a bit of a "PITA" to set up, is locked down solid by default.
Internet like Unix was developed by the US army; I hope I don't have to explin that this means it's not "secure".
I don't believe that Linux protects your privacy much better than Microsoft. Basically the secret intelligence agencies have a back door. Just like Microsoft: information is kept secret based on authorisation. If you (can) log in with administrator rights no information is secret.
Of course some people can build encryption to keep information secret. But the secret intelligence agencies are no fools: every code can (and will) be cracked.
editor wrote:Chinese alarm systems made on-the-cheap, by companies that don't take the time or trouble to lock the systems down properly. And since these systems are usually connected to the Internet as a feature (the owner wants to be able to look in on his property remotely), hackers find a way in.
Computer systems are build to spy on the sheeple. In the Netherlands attorneys have been told that they have to tell what their mobile phone number is, so that they won't be speied upon!

Since about 6 months I save my "important" information on USB-stick. They cannot access this information when I keep this in my pocket.
I use the internet in internet cafes. Of course I go to the same internet cafes so this is only a partial solution.

If you want to keep information secret it's best to not use technology. Using one of those old fashioned paper agendas isn't easy to spy upon.
Sending old fashioned "snail mail" is much more difficult to spy upon than internet or phone.
The camera in a computer can easily be blocked, like other cameras. I'm not so sure about microwaves though. Microwaves were first used in WW II for radar (by accident they discovered microwaves can also be used to heat food).
Using old fashioned (anolog) equipment not only makes it more difficult to spy, but also more difficult to manipulate the information.
Firestarter
 
Posts: 446
Joined: Thu Mar 03, 2016 3:02 pm

Re: Opt out of PRISM

Postby editor » Wed Feb 22, 2017 8:02 pm

--
Editor
Lawfulpath.com
editor
Site Admin
 
Posts: 618
Joined: Thu Feb 21, 2013 9:24 am

Re: Opt out of PRISM

Postby editor » Fri Feb 24, 2017 12:14 am

I know I've probably harped enough on this issue, but I recently wrote up the following synopsis for a friend:

There's no good reason to use Windows or Apple software.

Linux is free. (No cost)

Linux is open source. (Safe and secure)

Most computers come pre-installed with Windows or OS X (MacOS), and I'll admit you can't get easier than "already pre-installed". However, even a novice can install Linux without any help, in less than one hour. (Easy to install)

With Linux you can have a graphical interface which is very similar to that which users of Windows XP and Windows 7 are already accustomed. (Easy to use)

Nearly every kind of software is available for Linux, to do the same things people do under Windows and Mac. There are a few exceptions, sure, but they are rare. In Linux, most software is free, as in "no cost", and also open source, as in "safe and secure". (Huge amount of available software)

When you are working on your computer and you discover you need software you don't have-- under Windows or OS X, you find the software, get out your wallet, order it, and then maybe download it or maybe wait for the publisher to ship a box. Under Linux you simply open a window, search for the type of software you want, and click a button. Three or four minutes later (or less) you are USING the software. (Most software is free and easy to install)

Documentation for most Linux software meets or exceeds what is offered in the Win/Mac world. Even in cases where documentation may be lacking, there is almost always a user forum where questions are answered. (Well documented instructions)

Bugs and security holes can and do happen in all software. When such problems come to light in Win/Mac, users typically wait months for updates. If the user isn't aware of the NEED for an update, he may never get it, leaving him vulnerable.

Security fixes for Linux typically happen within HOURS of finding a vulnerability. Update notices appear for every user immediately upon release. Linux software is updated on an ongoing basis, and users enjoy the benefits of improved software promptly (and free), instead of having to wait months, and pay for upgrades. (Fast and frequent security fixes)

Strangely, most Win/Mac users adopt the following strategy with regard to Linux:

I
Don't
Intend
On
Trying

Known as the IDIOT plan.

However, the percentage of Linux users is growing, and is now thought to be nearly 3% worldwide (2016). According to server logs for lawfulpath.com, we do much better than that. Out of the four million people who visted our site in 2016, 23% of them were smart enough to use Linux.


Maybe this will help you convince someone you know?
--
Editor
Lawfulpath.com
editor
Site Admin
 
Posts: 618
Joined: Thu Feb 21, 2013 9:24 am

Re: Opt out of PRISM

Postby Firestarter » Wed Mar 08, 2017 5:22 pm

Wikileaks dropped a bombshell last March 7 by putting 8761 documents on the internet about systematic CIA infiltration of computers around the world.
The following is interesting (to say the least) - Weeping Angel. It’s designed to hack into Samsung F8000-Series “smart” televisions. Even when the telescreen is switched off, they can use the TV's microphone and webcam to spy: https://wikileaks.org/ciav7p1/cms/page_12353643.html
I don’t plan on reading the thousands of documents, but I’ve found some interesting articles originating from the German “Der Spiegel” about spy technology. Der Spiegel focuses on the National Security Agency (NSA) and CIA, but of course European and Chinese intelligence agencies do the same.
Here’s a story about the recent Wikileaks dump: http://www.spiegel.de/international/wor ... 37740.html


The NSA's broad data collection programs were originally authorized by President Bush Jr. on October 4, 2001. In March 2004 a Justice Department review declared the bulk Internet metadata program was illegal. President Bush signed an order re-authorising it anyway. By 2007, all aspects of the program were re-authorised by court orders from the Foreign Intelligence Surveillance Court (FISC). By definition, the FISC decides what it is legal for the NSA.
The NSA records metadata about almost all calls made in the USA, including telephone numbers and call duration. This was revealed through a leaked secret court order, which instructed Verizon to turn over all such information on a daily basis.
Phone company records reveal where you are at the time a call is made.
The NSA intercepts and stores billions of communication records per day. Including emails, social media posts, visited web sites, addresses typed into Google Maps and files sent.
The NSA records the audio contents of “some” phone calls. I haven’t seen any real restriction on this.
Watching a specific person is called “targeting”; Targeted Individuals are even watched more closely.
Facebook revealed that in the last six months of 2012, they handed over the private data of between 18,000 and 19,000 users to law enforcement of all types - including local and federal police.
According to a leaked report the NSA intercepted content from 37,664 telephone numbers and email addresses from October 2001 to January 2007. Of these, 8% were domestic (2612 US phone numbers and 406 US email addresses).
The NSA has been prohibited from recording domestic communication since the passage of the Foreign Intelligence Surveillance Act (FISA). But because the NSA can’t be expected to distinguish between foreign and domestic communication, that’s an empty restriction. Analysts need only “51% confidence” that someone is a non-US person before tapping (this means they can tap if they don’t know).
There are no restrictions whatsoever on spying abroad. Likewise the British GCHQ can tap US citizens, and then share it with the NSA: https://www.propublica.org/article/nsa- ... ection-faq


http://www.pcmag.com/article2/0,2817,2429502,00.asp
In January 2014 the “The New York Times” reported that the NSA uses radio-wave technology to spy on “computers” not connected to the Internet.
Der Spiegel obtained documents on NSA’s division Advanced Network Technology (ANT) from 2008 (since then great progress has been made). Here are some of the programs.
IRONCHEF is installed on Proliant servers by Hewlett-Packard.
ANGRYNEIGHBOR can track objects in rooms, listen in, and see what's displayed on monitors.
SURLYSPAWN logs keystrokes even when offline; using radio frequency.
TAWDRYYARD intercepts the traffic from a computer video card's VGA output to a monitor.
Candygram can mimic a GSM cell tower network to catch phone data.
NIGHTSTAND can attack Windows computers by an 802.11 wireless exploit.
IRATEMONK is implanted on target PCs, and can send data when a computer is turned on.
HOWLERMONKEY hides within computer hardware, like an Ethernet port to slurp bytes coming through the physical connection, and send the information to base via a radio link.


Following are some excerpts from an IG report of 2009 that confirm that the NSA has been spying on everything without restrictions: https://www.documentcloud.org/documents ... 10/a107511
Pages 9, 10:
SIGINT Activity Authorized by the President On 4 October 2001, the President delegated authority through the Secretary of Defense to the Director of NSA to conduct specified electronic surveillance on targets related to Afghanistan and international terrorism for 30 days. Because the surveillance included wire and cable communications carried into or out of the United States, it would otherwise have required FISC authority.
F) The Authorization allowed NSA to conduct four types of collection activity:
Telephony content
Intemet content
Telephony metadata
Intemet metadata

F) NSA could collect the content and associated metadata of telephony and Intemet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephony and Intemet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was also allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority.

Page 32
On 11 February 2002, the company’s CEO agreed to cooperate with NSA. On 19 February 2002, COMPANY submitted a written proposal that discussed methods it could use to regularly replicate call record information stored in a COMPANY facility and potentially forward the same information to NSA. Discussions with COMPANY continued in 2003. However, the COMPANY General Counsel ultimately decided not to support NSA.
On 5 September 2002, NSA legal and operational personnel met with intemet provider COMPANY D's General Counsel to discuss the PSP and ask for the company's support. COMPANY provided support, but it was minimal. (For a description of COMPANY D's support, see page "What Providers Furnished.”).
On 29 October 2002, NSA legal and operational personnel met with intemet provider COMPANY F's Legal and Corporate Affairs personnel, and a former NSA OGC employee hired by COMPANY as independent counsel. NSA requested COMPANY F's support under the PSP for email content. At the meeting, COMPANY requested a letter from the Attomey General certifying the legality of the PSP. In December 2002, NSA's Commercial Technologies Group was informed that the company's CEO agreed to support the PSP. According to NSA’s General Counsel, COMPANY did not participate in the PSP because of corporate liability concerns.

Page 40, 41:
“Until March 2004, NSA considered its collection of bulk Internet metadata under the PSP to be legal and appropriate. Specifically, NSA leadership, including OGC lawyers and the IG, interpreted the terms of the Authorization to allow NSA to obtain bulk Internet metadata for analysis because NSA did not actually "acquire" communications until specific Communications were selected. In other words, because the Authorization permitted NSA to conduct metadata analysis on selectors that met certain criteria, it implicitly authorized NSA to obtain the bulk data that was needed to conduct the metadata analysis.
On 11 March 2004, General Hayden had to decide whether NSA would execute the Authorization without the Attorney General's signature General Hayden described a conversation in which David Addington asked, you do it At that time, General Hayden also said that he asked Daniel Levin, Counsel to the Attorney General, in March 2004 if he needed to stop anything he was doing. Mr Levin said that he did not need to stop anything and lV-A/32a- After conferring with NSA operational and Legal personnel, General Hayden stated that he decided to continue the PSP because 1) the members of Congress he briefed the previous day, 10 March, were supportive of continuing the Program, 2) he knew the value of the Program, and 3) NSA lawyers had determined the Program was legal.
Eight days later on 19 March 2004, the President rescinded the authority to collect bulk Intemet metadata and gave NSA one week to stop collection and block access to previously collected bulk Intemet metadata. NSA did so on 26 March 2004. To close the resulting collection gap, Do] and NSA immediately began efforts to recreate this authority in what became the order. By January 2007, the remaining three authorities had also been replicated in FISC orders
: the Business Records (BR) Order, the Foreign Content Order, and the Domestic Content Order. On 1 February 2007, the final Authorization was allowed to expire and was not renewed./[I]”


The greatest amount of information can be collected by smartphones. I guess we could know, but rather pretend we don’t that nice gadgets like the iPhone or BlackBerry are designed to find out everything there is to know about us.
A NSA presentation "Does your target have a smartphone?" shows how extensive the surveillance methods against users of Apple's iPhone are (in 2013). According to the document, some problems with the BlackBerry data were suddenly encountered in May and June 2009, but these problems were totally resolved by March 2010: http://www.spiegel.de/international/wor ... 21161.html


On the following site is a visualisation of how the German politician Malte Spitz was followed by monitoring the data from his cell Phone: http://www.zeit.de/datenschutz/malte-sp ... -retention
Firestarter
 
Posts: 446
Joined: Thu Mar 03, 2016 3:02 pm

Palantir

Postby Firestarter » Sun Mar 19, 2017 4:48 pm

Peter Thiel should be known for financing the presidential campaign of Donald Trump. Thiel has also contributed to campaigns of other politicians (including Ron and Rand Paul).
Peter Thiel is a member of the infamous Bilderberg group, while he also supports research of parabiosis (the modern name for vampirism).
Peter Thiel is relatively intelligent; he won first place in a California-wide mathematics competition while attending middle school.
This post is not about Peter Thiel, however, but about one of “his” companies – Palantir.

In short Palantir is a data-mining tool: a program used to analyse large amounts of information.
Palantir sells 2 main products: Palantir Gotham (formerly Palantir Government) and Palantir Metropolis. Metropolis is used for quantitative analysis for Wall Street banks and hedge funds. Gotham is designed for the needs of intelligence agencies and law enforcement.
Palantir’s relationship with intelligence agencies dates back to at least 2008, when representatives from the British Government Communications Headquarters (GCHQ) and US intelligence agencies were impressed by the achievements of Palantir, at the annual VisWeek conference. Within 2 years at least 3 members of the “Five Eyes” spy alliance between the United States, GB, Australia, New Zealand, and Canada were using Palantir.
The CIA was an early investor in the Palantir start-up through In-Q-Tel. Computer scientists from Palantir collaborated with analysts from various intelligence agencies to develop its products.
Palantir refuses to name its government clientele, despite landing “at least $1.2 billion” in federal contracts since 2009. It is obvious that the CIA, NSA and GCHQ use Palantir.
Palantir Gotham is used to make spying on all of us possible. You can see this as an internet search engine that actually finds what you’re looking for and uses graphics to visualise what has been found. This is a very powerful tool when used by intelligence agencies that have access to “confidential” information, including password protected contents, emails, documents saved on iCloud, etc.
Palantir connects separate databases, pulling big buckets of information (call records, IP addresses, financial transactions, names, conversations, travel records) into one centralised heap and visualising them coherently: https://theintercept.com/2017/02/22/how ... ole-world/

Most of us agree that fighting terrorism is more important than privacy. Unfortunately in our world that’s upside down the most common kind of terrorism is state terrorism.
Sometimes information on the internet is actually changed by the powers that be, in which case it is necessary to have a tool like Palantir.
It’s obvious that the people working for intelligence agencies are even more closely watched than the average person. Palantir is also used to spy on the spies. Palantir advertises that one of the “unexpected benefits” is that it “interacts with anything”, including iphone or laptop...

I have no information about Palantir Metropolis (for analysis for banks). It is clear that when having access to the tricks of the best traders, the elite can become even better at using the financial markets to take everything we have.
Firestarter
 
Posts: 446
Joined: Thu Mar 03, 2016 3:02 pm

Re: Opt out of PRISM

Postby Firestarter » Thu Apr 06, 2017 4:11 pm

I found the following interesting article from 2013: http://www.washingtonsblog.com/2013/09/ ... -ways.html

The PRISM leaks show that the NSA has pre-encryption stage access to Microsoft’s email products, which makes encryption useless, if you want to keep things secret from the government.

Cell towers track where your phone is at any moment; so the government can track your location.
Starting in 2014, all new cars will include “black boxes” that can track your location. A 2003 lawsuit showed that the FBI can turn on the built-in microphones in cars by General Motors’ OnStar.

Not so long ago there was some controversy in the Netherlands that a new law showed that the government can spy on us using “smart” home appliances. This type of technology is also used in the rest of the world.

Google – or the NSA – can remotely turn on your phone’s camera and recorder at any time.
In 2013 there was some controversy when it became known that Facebook can use the video and microphone at any time of an Android with the Facebook app installed.
Facebook confirmed that they can use the app to spy on the gullible people, but won’t do that: http://www.businessinsider.com/facebook ... &r=US&IR=T

A 2006 court ruling revealed that the FBI has the ability to turn a cell phone into a listening device that transmits to an FBI listening post (a "roving bug"). The only way to stop the FBI from listening in on what’s said around the phone is to remove the cell phone battery.
The legal procedure was not if the FBI is allowed to spy (without a warrant), but only about if they can use this data in a court case: http://blogs.abcnews.com/theblotter/200 ... ar_me.html
I guess that smashing a phone up with a hammer or - less drastically - drop your phone in a “Faraday cage” can also stop it being used to spy on you.

The best from this article are “smart” street lights to spy on us...
In Britain Middlesbrough in 2006, streetlights with speakers were introduced to give warnings to people.
In 2011, Illuminating Concepts began installing the system “Intellistreets” in Farmington Hills, Michigan. These “smart” streetlights got microphones to monitor conversations.
Intellistreets is also equipped with proximity sensors to record pedestrian and road traffic: http://www.dailymail.co.uk/news/article ... lerts.html

According to the following story from 2013 the Intellistreets that was installed in Las Vegas can also shoot video.
The advertisement that ended with the phrase “Intellistreets also enables a myriad of homeland security features” on Youtube became a little controversial: https://www.cnet.com/news/street-lights ... -in-vegas/

Here’s another story from 2014 about the use of “smart” LED streetlights with motion sensors.
The “smart” light network can spot an unattended bag at an airport and alert security, show drivers to empty parking spaces and alert shoppers of sales: http://www.cbsnews.com/news/technology- ... -concerns/

I guess that secret intelligence agencies can also install this kind of technology in our home to keep us safe!

I end this post with some recent information on privacy concerns.
Last April 3 Donald Trump signed into law a controversial measure repealing online privacy protections established by the FCC under Obama. This will allow internet providers to sell information about their customers' browsing habits. Including information on emails.
White House press secretary Sean Spicer explained that the objectives for the bill are "to fight Washington red tape that stifles American innovation, job creation and economic growth".
We can expect that internet providers will become the target for hackers (for example the NSA, CIA and GCHQ): http://www.nydailynews.com/news/politic ... -1.3018231
Firestarter
 
Posts: 446
Joined: Thu Mar 03, 2016 3:02 pm

PreviousNext

Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest