Poll: Will you be changing how you manage your data after the NSA scandal?
Despite what many have suspected, I think it's fair to say that most people have been shocked at the scale of the NSA's surveillance both of US citizens and abroad. Will you be making any changes to how you store or manage your data after the scandals?
84 comments
[ 6.0 ms ] story [ 63.7 ms ] threadAt least, hopefully, this debacle would cause some realistic assessment of the situation with regards to privacy, legality, and data retention instead of, for example, purposefully routing data through third-world totalitarian regimes just because their TLDs sound cool. (I know how DNS works; and it doesn't matter that your servers are elsewhere.)
We're at the very beginning of the scandal. It largely remains speculation. Until some actual facts come to light, it doesn't make a lot of sense to change.
It is about how one unsophisticated, unvested, powerless person pointed out the fact that everyone up to that point had been ignoring. From then on, nobody could ignore it. That is what we are experiencing now.
That's very different from 'I'm ok with it'.
(If you do in fact want to do something then pick the 'too difficult' option.)
1. Use a client that supports OTR (http://www.cypherpunks.ca/otr/) to get end-to-end encryption.
2. Use your client with Tor (https://www.torproject.org/) to protect anonymity.
3. Use a public (http://xmpp.net/) XMPP server or setup your own server outside of US. Note that the XMPP server operator will have your roster list, so caveat emptor.
Earlier this morning, I moved all my Dropbox and Google Drive data onto a self-hosted server, migrated off Google Reader to a native RSS reader app, and will deal with Email, DNS, etc... over the next few days.
Mind you, the NSA scandal wasn't the prime motivation in all cases... ie. Google Reader being shutdown next month, AWS getting a bit pricey and bureaucratic, etc... but it did give me the kick in the ass.
I'd love to see a comprehensive writeup about how to get off Google services as a startup. I imagine someone has already written it...and my first impulse is to Google it. (facepalm!)
Yeah, I register that fact in the same bag as "Saddam was planning to use WMDs" and "software patents are encouraging innovation".
Note that a .com domain places the company under US laws. There has been an example of a UK teenager with a UK hosted website be trialled in US for piracy, because of his .com domain. Probably same for .net, .org and probably .perso. So criteria: - European company - Ideally with a very minority of US funds - Not .com, preferably .se or .de.
Who's up ;) ?
I'm just waiting for the news to come out in the next few decades that the CIA/NSA have been rigging election results in the US. Given their track record and their machiavellian nature, I would be shocked if they weren't doing this.
Here is the link to his 2012 predictions:
http://fivethirtyeight.blogs.nytimes.com/fivethirtyeights-20...;
Just click on the Senate forecast.
They don't rig elections in the way you think they do. People vote, the votes get counted. They rig elections by gerrymandering the districts. The result is a large number of single party districts whose members therefore serve forever, since there is no primary for an incumbent's party and the district is drawn so that the opposing party has no chance. Then you throw in the seniority rules that give the most important committee assignments to the people who have been in Washington the longest (i.e. the ones with gerrymandered districts), and have the national party throw a few million bucks behind the primary campaign of "their" candidate whenever one of those incumbents retires, and you have the respective major parties' national committees acting as the kingmaker whenever the outcomes in the few remaining swing districts shift the majority their way.
The failure of the whole thing is that people don't care about meta. Lessig said this in one of this talks. It isn't that his issue (i.e. campaign finance) is more important than your issue whatever it may be, it's that fixing Democracy is a prerequisite to fixing anything else. But people want jobs and low taxes and whatever else that directly affects their lives, they don't care about things like Congressional district lines. The trouble is Congressional district lines and committee assignments and campaign finance are the primary determinants of what policies are adopted in Washington, so if you want politicians to do the right thing first you have to fix the way we elect politicians.
Think of the implications:
It's a psychological fact that people tend to develop the strongest loyalties to those that they spend the most time with. If you spend the year in your home district, you develop attachments to your constituents. They are your neighbors, your friends, your kids' playmates' parents. Betraying them for some big corporation becomes much more emotionally difficult.
Lobbying becomes virtually impossible. Lobbying works today because you can hire one lobbyist in Washington who has time to hobnob with dozens of congressional reps. That facetime is what makes the congressman takes the lobbyist seriously. If the congressman was required to reside in his own district, then any company wishing to pass legislation in their interest needs to hire 200+ lobbyists, one for each of the districts that must vote their way. Suddenly it's a lot less economical to buy Congress.
Gerrymandering becomes residentially undesirable. Are you going to add a poor black neighborhood just to gain some Democratic votes if you have to live there? Do you add the fundamentalist Christian neighborhood to pick up Republican votes even though you can't stand the folks there? Add a law that the congressman must meet with his constituents regularly, and the idea of gerrymandering districts becomes even less attractive, as suddenly you have to drive a long distance for dinners & events and stuff.
Direct citizen participation in government becomes possible again, as it becomes possible to meet directly with your congressperson and raise a pressing issue.
Representatives will be much more clued into the "pulse" of their district, and aware of how the choices they make in government affect ordinary citizens of this country.
The House was originally intended to have a very low ratio of population to representation. Had that ratio been maintained, gerrymandering would be almost impossible, and every neighborhood would have a fair shot at electing someone from their social and/or ethnic group. It would also raise the cost of buying Congress.
A) The amount of a data they are getting and able to see.
B) Having to listen to annoying conspiracy theorist and/or stoner friends tell me about "the internet"
[1] http://blog.bittorrent.com/2013/05/23/how-i-created-my-own-p...;
When I was interviewed for a job at the GCSB (NZ equivalent of NSA) they described how each member of the alliance, being hamstrung by the legislation that did not allow them to monitor their own citizens had formed an integrated program (he didnt use the word ECHELON) where they arranged for each ally to monitor the communications of their 'foreign' allies and then to share information. He said this in a job interview so not exactly a secret! I guess after a while the NSA felt they could no longer rely on foreign services to do a good enough job. Since the funding for NSA is so incredibly massive (larger than FBI and CIA combined) what did you think they were spending all that money on?
Perhaps one of the few places your cloud services be free of NSA monitoring would be in China. But then... ;-)
It seems like the only option is to live in a country that's so insignificant that no-one cares about it, and whose government is too incompetent to implement something like this :-)
Personally, I'm going to do what I've been doing. I run my email, RSS reader and other services on EU hosted VPSs, my online data storage service is a Raspberry Pi in my house (with encrypted backups offsite), but I still use Google Search†, Youtube and etc.
I also think the idea that we in the EU are much better is wishful thinking. We're all living in Amerika, and that applies to Internet spying as well. I think the CIA unlawful detentions and plane transfers[1] shows well how the American TLAs can just do whatever they want without any real consequences.
† Yes, even logged in. I think the idea that you're any safer because you clicked the log out button is incompatible with understanding how the web works.
[1] https://en.wikipedia.org/wiki/Black_site
If you don't share an internet connection with anyone else, or have a unique browser fingerprint, then logging out won't do much. If you do share an internet connection with other people, or use a coffee shop wi-fi access point and have a non unique browser fingerprint, then logging out makes it harder to determine who you are.
The biggest worry with such a setup would be losing the key.
There are a couple of options for client side encryption cloud services, but so far I've struggled to find one that I can run headless on a lightweight debian on arm that does full folder syncing (rather than one way) with remote servers efficiently.
I am curios about this. Is there any nation which has a better record that the US?
As far as I know, the US seems to be doing this for preventing cataclysmic events like dirty nukes, but other nations seem to be doing it for almost anything.
The US is middle-of-the-pack compared to other industrialized nations at lots of other things like http://www.economist.com/media/pdf/QUALITY_OF_LIFE.pdf. I would be surprised to find fewer than 10 places with better privacy protections.
In Cloud We Trust, eh?
Oh dear. The fact that this is edging ahead is a worry indeed. This presumes a significant number of people (in a reasonably tech-savvy crowd) decided to build their infrastructure on VMs vs. proper iron (hired or otherwise).
I hate to sound like a broken record, but Stallman was right.
From 2008 :
http://www.guardian.co.uk/technology/2008/sep/29/cloud.compu...
I'm not above absolved though. I use Gmail too.Once upon a time a friend of mine did this for me on his FreeBSD box. My username at his domain.com worked pretty well, but I couldn't send big attachments (this was on his dinky little 400Mhz box with a massive 40Gb WD drive).
It's terribly inconvenient, but if plenty of other people begin to do that already, I'm sure some nifty startup will create tools to automate the tedious bits.
Add a site too, and you have something a bit like a "presence-in-a-box" package, if you will, that you can run over your home cable/DSL/FiOS connection.
[1] https://www.freedomboxfoundation.org/learn
[2] https://en.wikipedia.org/wiki/Eben_Moglen