Re: Opt out of PRISM
Posted: Mon Feb 16, 2015 4:38 am
This is my first post, but a topic I've had some personal experience with.
I run a TOR bridge. Since the level of security available there is, in part, dependent on the number of nodes online at any given moment (making it incrementally harder to do timing attacks with each node added), I strongly encourage anyone using TOR to "pay into" the system by allowing their machine to serve as a node of some sort. There are three types of node: exit node (makes actual contact with the destination server), non-exit node (any point in the chain except exit) and bridge (allows people behind, for example, the "Great Firewall of China" to access the web. Some people simply do not have the bandwidth to spare or have a pay-by-the-byte plan and should use TOR in client mode. Everyone else has an ethical decision to make ... whether to be a leach or to be a partner.
TOR is a proxying service with some unique features which make it relatively secure. That said, do not rely on it, alone, for any communications which, if discovered, could result in serious negative consequences -- use strong encryption at every opportunity.
That said, I would counsel you to think long and hard before using some other proxies. Here's why: http://forum.palemoon.org/viewtopic.php?f=26&t=2806
Set your computer to look to the USB ports for boot code ahead of the hard drive. If there is nothing bootable in the USB drive, it will roll-over to the hard drive.
Then keep a copy of DBAN (Darik's Boot and Nuke) on a USB key near (but not IN!) the computer. If you ever need to make the contents of your hard drive "go away", insert the key and reboot.
Even a partial wipe is better than none at all. If the PTB can't find your physical computer for a few minutes, you are a few miles further away from a successful prosecution. If you have a "bait" computer they can sieze, you might be able to get a 100% wipe that would take the NSA to read.
There is also some software called "Secure Erase" whose development was halted a long time ago. However, if your hard drive is of the type it was designed to work on, it is even faster than DBAN and arguably better. Do a Google search (DAGS) for it.
If using Linux, you can write a one line BASH script that will write, over and over, to every byte on the hard drive, including, of course, both used and unused space, surprisingly quickly. After a half-dozen iterations, even the NSA will have trouble reading that disk.
You can skip Gmail or Yahoo or Hotmail or whatever free service you are probably using right now by setting up your own e-mail server on your desktop or laptop computer and using a service such as DynDNS.com or noip.com to have your email sent to the new under-your-control server. For no-ip, the cost ranges from free to $25 a year. Nosing around in your router settings may reveal that signing up for one or the other is only a few clicks away. Setting up the server software on Linux offers more $free$ options (Postfix is my personal favorite), but Windows users will find that Sendmail works just fine, too.
You might further tighten access to your computer from the outside (without actually unplugging it from the wall) with port knocking. http://portknocking.org/ The idea behind port knocking is to have your computer completely closed to the outside world and then, based on the pattern or contents of attempted accesses to it, run a script to perform specific actions without ever actually acknowledging that the sequence or contents had any meaning to it. For instance, it might open a port allowing remote shell (terminal) access or it might just trigger an event, such as wiping the hard drive, remotely. To an eavesdropper, it appears that your computer ignored the knock ... even as it is firing detonation charges around the compound and arming the thermal imaging automatic machine guns and rocket launchers. 8~]
Linux is based on Unix which was, by design, secure from day one.
The NSA agrees ... it helped write Secure Linux, which, while a bit of a "PITA" to set up, is locked down solid by default. That said, the tools for locking down SELinux are present in pretty much ALL versions (distributions) of Linux, differing only in the default configuration file settings. Many extremely agile minds have reviewed the code for SELinux .. you can be confident that it has NO "backdoors".
It will take a new user 45 minutes to an hour or so to install Linux on a computer from a free-to-download *.iso file and give it your entire hard disk or a few minutes more if you want to leave the original operating system intact ... much of which is spent sipping coffee while waiting for the hard disk to do a low level format.
Or you can install it on a USB key of moderate capacity and use it as a "portable computer" (DAGS "Portable Linux") ... Tails is one distro designed for exactly that sort of use, but there are others.
I run a TOR bridge. Since the level of security available there is, in part, dependent on the number of nodes online at any given moment (making it incrementally harder to do timing attacks with each node added), I strongly encourage anyone using TOR to "pay into" the system by allowing their machine to serve as a node of some sort. There are three types of node: exit node (makes actual contact with the destination server), non-exit node (any point in the chain except exit) and bridge (allows people behind, for example, the "Great Firewall of China" to access the web. Some people simply do not have the bandwidth to spare or have a pay-by-the-byte plan and should use TOR in client mode. Everyone else has an ethical decision to make ... whether to be a leach or to be a partner.
TOR is a proxying service with some unique features which make it relatively secure. That said, do not rely on it, alone, for any communications which, if discovered, could result in serious negative consequences -- use strong encryption at every opportunity.
That said, I would counsel you to think long and hard before using some other proxies. Here's why: http://forum.palemoon.org/viewtopic.php?f=26&t=2806
Set your computer to look to the USB ports for boot code ahead of the hard drive. If there is nothing bootable in the USB drive, it will roll-over to the hard drive.
Then keep a copy of DBAN (Darik's Boot and Nuke) on a USB key near (but not IN!) the computer. If you ever need to make the contents of your hard drive "go away", insert the key and reboot.
Even a partial wipe is better than none at all. If the PTB can't find your physical computer for a few minutes, you are a few miles further away from a successful prosecution. If you have a "bait" computer they can sieze, you might be able to get a 100% wipe that would take the NSA to read.
There is also some software called "Secure Erase" whose development was halted a long time ago. However, if your hard drive is of the type it was designed to work on, it is even faster than DBAN and arguably better. Do a Google search (DAGS) for it.
If using Linux, you can write a one line BASH script that will write, over and over, to every byte on the hard drive, including, of course, both used and unused space, surprisingly quickly. After a half-dozen iterations, even the NSA will have trouble reading that disk.
You can skip Gmail or Yahoo or Hotmail or whatever free service you are probably using right now by setting up your own e-mail server on your desktop or laptop computer and using a service such as DynDNS.com or noip.com to have your email sent to the new under-your-control server. For no-ip, the cost ranges from free to $25 a year. Nosing around in your router settings may reveal that signing up for one or the other is only a few clicks away. Setting up the server software on Linux offers more $free$ options (Postfix is my personal favorite), but Windows users will find that Sendmail works just fine, too.
You might further tighten access to your computer from the outside (without actually unplugging it from the wall) with port knocking. http://portknocking.org/ The idea behind port knocking is to have your computer completely closed to the outside world and then, based on the pattern or contents of attempted accesses to it, run a script to perform specific actions without ever actually acknowledging that the sequence or contents had any meaning to it. For instance, it might open a port allowing remote shell (terminal) access or it might just trigger an event, such as wiping the hard drive, remotely. To an eavesdropper, it appears that your computer ignored the knock ... even as it is firing detonation charges around the compound and arming the thermal imaging automatic machine guns and rocket launchers. 8~]
Linux is based on Unix which was, by design, secure from day one.
The NSA agrees ... it helped write Secure Linux, which, while a bit of a "PITA" to set up, is locked down solid by default. That said, the tools for locking down SELinux are present in pretty much ALL versions (distributions) of Linux, differing only in the default configuration file settings. Many extremely agile minds have reviewed the code for SELinux .. you can be confident that it has NO "backdoors".
It will take a new user 45 minutes to an hour or so to install Linux on a computer from a free-to-download *.iso file and give it your entire hard disk or a few minutes more if you want to leave the original operating system intact ... much of which is spent sipping coffee while waiting for the hard disk to do a low level format.
Or you can install it on a USB key of moderate capacity and use it as a "portable computer" (DAGS "Portable Linux") ... Tails is one distro designed for exactly that sort of use, but there are others.