NSA Spying. NSA Spying. #Snowden. What is TOR? Jacob Appelbaum Interview, Lead Developer on TOR Project. State surveillance privacy Freedom of expression. Through PRISM & Other Ports. NSA surveillance everywhere. Web Privacy. Edward Snowden. NSA | PRISM. Silicon Valley protecting yourPrivacy? ; "the_conspiracy" NSA & Big Brothers, suite. The NSA's next move: silencing university professors? | Jay Rosen. This actually happened yesterday: A professor in the computer science department at Johns Hopkins, a leading American university, had written a post on his blog, hosted on the university's servers, focused on his area of expertise, which is cryptography. The post was highly critical of the government, specifically the National Security Agency, whose reckless behavior in attacking online security astonished him.
Professor Matthew Green wrote on 5 September: I was totally unprepared for today's bombshell revelations describing the NSA's efforts to defeat encryption. The post was widely circulated online because it is about the sense of betrayal within a community of technical people who had often collaborated with the government. On Monday, he gets a note from the acting dean of the engineering school asking him to take the post down and stop using the NSA logo as clip art in his posts. Word gets around, and by late afternoon, the press starts asking questions.
Secret exceptions to reasonable suspicion: Who watches the watchers watching you? Who watches the watchers? Hackers, suggested former NSA technical director-turned-whistleblower William Binney. Otherwise, Binney sees all the government surveillance moving “toward a totalitarian state. I mean you've got the NSA doing all this collection of material on all of its citizens. That's what the SS, the Gestapo, the Stasi, the KGB, and the NKVD did.”
Sure there are supposedly safeguards in place to prevent surveillance abuses, and a Constitution in place that should have protected us from the sort of surveillance that needed safeguards, yet there is constant mission creep and countless abuses. There is talk of metadata being stored by phone companies instead of the government, talk of ending National Security Letters and even talk of reforming FISA [Foreign Intelligence Surveillance Act] courts, but Binney said it’s “like putting lipstick on a pig.” Back in the 1990s, Binney helped create a “ThinThread” program that was capable of “watching” what NSA analysts do with data. Yes, The FBI Used Malware To Try To Reveal Tor Users. While some reports had suggested that it was the NSA involved, it seemed much more likely (as we predicted) that the FBI was behind the attempt to control Freedom Hosting's servers and effectively insert a bit of malware designed to identify users of the Tor Browser, who thought they were anonymous.
And, now the FBI has more or less admitted it as part of its effort to extradite Eric Eoin Marques, the owner of Freedom Hosting from Ireland. The FBI has been known to use malware like this, though it had repeatedly tried to keep it away from investigations involving more technically savvy folks, who might discover it and reveal it to the world. Too late for that now, of course. The NSA Is Breaking Most Encryption on the Internet. The new Snowden revelations are explosive. Basically, the NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics. It's joint reporting between the Guardian, the New York Times, and ProPublica. I have been working with Glenn Greenwald on the Snowden documents, and I have seen a lot of them. Remember this: The math is good, but math has no agency.
EDITED TO ADD (9/6): Someone somewhere commented that the NSA's "groundbreaking cryptanalytic capabilities" could include a practical attack on RC4. EDITED TO ADD (9/6): Relevant Slashdot and Reddit threads. EDITED TO ADD (9/13): An opposing view to my call to action. Tags: cryptography, Edward Snowden, encryption, intelligence, Internet, NSA, privacy, Schneier news, secrecy, surveillance. Apple's Fingerprint ID And How It May Take Away Your 5th Amendment Right To Protect Your Data.
There was plenty of discussion about how Apple's new fingerprint ID biometric system on the new iPhones might help the NSA build a giant database of fingerprints, but others quickly pointed out how unlikely that was. Some have even argued that it could lead to greater privacy protection (though, others are reasonably concerned since you can't "change" your fingerprint if someone figures out a way to hack it -- and fingerprint readers have been hacked many times in the past). However, there are additional concerns, such as how relying on fingerprint scans over passwords might remove your ability to use the 5th Amendment to protect your private data.
As we've discussed a few times, while not all courts agree, some have ruled that you can't be forced to give up your passwords to unencrypt your data, because it could be seen as a 5th Amendment violation of self-incrimination. However, with a fingerprint, the issue is slightly different than with a password. Silicon Valley protecting yourPrivacy? ; "the_conspiracy" FLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's Servers. Glyn mentioned this in his post yesterday about the NSA leaks showing direct economic espionage, but with so many other important points in that story, it got a little buried.
One of the key revelations was about a GCHQ program called "FLYING PIG" which is the first time I can recall it being clearly stated that the NSA or GCHQ has been running man-in-the-middle attacks on internet services like Google. This slide makes it quite clear that GCHQ or NSA impersonates Google servers: <a href=" Mitm Google (PDF)</a><br /><a href=" Mitm Google (Text)</a> in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. NIST-s Ridiculous Non. Is It the Dawn of the Encryption App? We might live in an age of persistent and pervasive surveillance. The recent revelations about the secret National Security Agency programs aimed at collecting vast amounts of data on Americans and foreigners seemingly confirm what tinfoil-wearing netizens have feared for years: They're watching us; technology has turned against its users.
Amidst prying eyes, a small but growing group of hackers and programmers is working on applications that use cryptography — the science of creating techniques to hide data and render it readable only to intended recipients — to fight surveillance and give regular citizens access to what was once only reserved to computer experts. It's a battle of geek-made encryption apps against their uniformed snooping foes. And the spying agencies of the world are getting more adversaries every day. Both new and old faces are riding this new wave of crytpo. Zimmermann and some of his closest collaborators from the PGP years launched Silent Circle last year. Did the FBI Lean On Microsoft for Access to Its Encryption Software? The NSA is reportedly not the only government agency asking tech companies for help in cracking technology to access user data.
Sources say the FBI has a history of requesting digital backdoors, which are generally understood as a hidden vulnerability in a program that would, in theory, let the agency peek into suspects' computers and communications. In 2005, when Microsoft was about to launch BitLocker, its Windows software to encrypt and lock hard drives, the company approached the NSA, its British counterpart the GCHQ and the FBI, among other government and law-enforcement agencies. Microsoft's goal was twofold: get feedback from the agencies, and sell BitLocker to them.
But the FBI, concerned about its ability to fight crime — specifically, child pornography — apparently repeatedly asked Microsoft to put a backdoor in the software. A backdoor — or trapdoor — is a secret vulnerability that can be exploited to break or circumvent supposedly secure systems. "I was asked multiple times," Introduction to proXPN VPN. ProXPN VPN | Get your FREE proXPN VPN account now!
PRIVATE WiFi - Why you should use a personal VPN. Private WiFi - Protect your Identity and Sensitive Information on any Public WiFi Network. Porn companies adopt facial-recognition technology, encourage Instagram photos. Two porn companies are courting web surfers to upload photos they find online to the companies' free facial-recognition, face-matching database services. With SexFaceFinder.com and Naughty America's "Face" anyone can upload an image and have the services match it with images and faces in image databases.
SexFaceFinder positions its service as a way for users to find a performer that looks like s specific person. Or to find performers that look like the user's favorite type of model, in an effort to engage the user with a service that closes the marketing gap between a user and their fantasy. Another company, Naughty America, openly solicits users to upload images of girls found on Instagram and other internet destinations in an effort to find the photo's subjects in porn - or find celebrity look-alikes, girlfriend and ex-girlfriend look-alikes, or similar/specific porn performers. According to Naughty America's press, it attempts to match user-uploaded images to its own porn database. Feds put heat on Web firms for master encryption keys. Large Internet companies have resisted the government's demands for encryption keys requests on the grounds that they go beyond what the law permits, according to one person who has dealt with these attempts.
(Credit: Declan McCullagh) The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping. These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users. If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Google also declined to disclose whether it had received requests for encryption keys.
Dennis Chang's VOIP-Pal aims to help law enforcement monitor Skype, other Internet chats. Photo by KIMIHIRO HOSHINO/AFP/Getty Images According to law enforcement agencies, the rising popularity of Internet chat services like Skype has made it difficult to eavesdrop on suspects’ communications. But now a California businessman is weighing in with what he claims is a revolutionary solution—a next-generation surveillance technology designed to covertly intercept online chats and video calls in real time. Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties. Follow Voice over IP chat software allows people to make phone calls over the Internet by converting analog audio signals into digital data packets. Because of the way the packets are sent over the Web, sometimes by a “peer-to-peer” connection, it can be complex and costly for law enforcement agencies to listen in on them.
In response, technology companies have rushed to develop new surveillance solutions. Chang, a former IBM employee, could be setting himself up for a clash with Microsoft. A database of open-source HTTP proxies. Webapps.lsa.umich.edu/lsait/admin/TOR Routing Infomation .pdf. Man Arrested At Airport for Unusual Watch. Every time I start to question whether I should be in politics or not, something like this happens, which is so outrageous that it reaffirms my commitment to change the system… This is Geoffery McGann… (source) Mr.
McGann is an artist. Yesterday, Mr McGann went to the airport to get on a plane. The watch was noticed by the TSA, and who responded with characteristic idiocy. That’s not what happened. Via ABC 7: McGann reportedly took off his watch and put it in the bin along with his carry on. There is a lot here that really bothers me a lot. The statements go further, trying to link sinister intentions to what was almost certainly innocent. Other reports indicate TSA officials have gone even further in trying to paint a picture of a disaster in the making and the heroics and astute observations of their agents. From the Daily Mail: TSA agents said they became suspicious of McGann when he tried to get the object through airport security by putting it in a bin covered by his jacked….
Mr. Sgt. FBI Wants Backdoors in Facebook, Skype and Instant Messaging | Threat Level. The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance, according to CNET. The Bureau has been quietly meeting with representatives of these companies, as well as Microsoft (which owns Hotmail and Skype), Facebook and others to argue for a legislative proposal, drafted by the FBI, that would require social-networking sites and VoIP, instant messaging and e-mail providers to alter their code to make their products wiretap-friendly.
The FBI has previously complained to Congress about the so-called “Going Dark” problem – the difficulty of doing effective wiretap surveillance as more communications have moved from traditional telephone services to internet service companies. Under the Communications Assistance for Law Enforcement Act, or CALEA, passed in 1994, telecommunications providers are required to make their systems wiretap-friendly. Facebook email: pointless endeavor, spammer's dream, or both? Seriously, Facebook? As you may or may not have heard, Facebook made the decision recently to pull the ol' switch-a-roo on many of its users by making their default email address an @facebook.com email address, instead of whatever they had beforehand (see: Fixing the Facebook e-mail foul-up). In this post, I'm going to discuss why Facebook email is a completely pointless endeavor, as well as why it may well be a spammer's dream come true.
Pointless Endeavor First of all, you may be wondering how you send/receive emails from/to your Facebook email address. Currently, you can only receive emails to your Facebook email address. Emails sent to your Facebook email will show up in either your "Messages" folder or your "Other" folder. "What "Other" folder," you might be asking. After a bit of testing comprised of having emails sent to my Facebook email from various email aliases, here are some things I've discovered about which folder an email goes to: A Spammer's Dream Conclusion.
Yes, the FBI and CIA can read your email. Here's how. The U.S. government -- and likely your own government, for that matter -- is either watching your online activity every minute of the day through automated methods and non-human eavesdropping techniques, or has the ability to dip in as and when it deems necessary -- sometimes with a warrant, sometimes without. That tin-foil hat really isn't going to help. Take it off, you look silly. Gen. David Petraeus, the former head of the U.S. Central Intelligence Agency, resigned over the weekend after he was found to have engaged in an extra-marital affair.
What caught Petraeus out was, of all things, his usage of Google's online email service, Gmail. This has not only landed the former CIA chief in hot water but has ignited the debate over how, when, and why governments and law enforcement agencies are able to access ordinary citizens' email accounts, even if they are the head of the most powerful intelligence agency in the world. The 'save as draft' trick Get a warrant, serve it to Google? China tightens 'Great Firewall' internet control with new technology | Technology. The Dirty Secret About Robots.txt and Why They Don't Block Bots. Bot Blocking Features of Distil's Content Protection Network.