48 comments

[ 3.1 ms ] story [ 96.1 ms ] thread
Seems like FUD - How is switching from Amazon to OpenStack going to help dilute PRISM? AMZN was not listed as a cooperating entity.
How switching to Ubuntu will help me in this case? This makes no sense. PRISM probably monitors the network traffic that goes through the US. It makes no difference what OS you're using.
I've been thinking about reducing trust in a post-PRISM world a bit today and while switching doesn't help here currently, open source projects are at least theoretically able to prove their trustworthiness by publishing audit tools.

Say for example a distro publishes build scripts which download, verify, patch, compile and package some software using a specific toolchain, anyone could audit this via a simple hash check.

Apple and Microsoft could never prove themselves this way because they need to keep their source code a secret.

Does switching to Ubuntu really help you that much? Unless there are secret NSA backdoors in Windows/OS X. Hell even under Ubuntu they could just backdoor my nvidia drivers.

I would really struggle to recommend using Tor as a "daily driver" for web browsing as well. Unless we want to go back to the 56k web.

Most of the others (bitcoin,social networks) rely on network effects anyway.

I'd recommend VPNs that route out of the US.
Depends how much you trust your VPS provider. I don't think it would be illegal for the NSA to just hand over a bundle of cash to $randomRussianVPSProvider in exchange for access to their logs.

Hell, for all we know half of these companies could be the NSA.

US is not the culprit here. Any government can pass a law that allows them to scan data in their country.
There aren't backdoors in OS X and Windows that are specifically designed by or for the NSA, but since we can't see about half of the source (at least in OS X) then they can exploit any backdoor that may be present without our knowledge.

Ubuntu fares a bit better, but with the proprietary blobs, you never know.

I'd be curious how much work has been done to reverse engineer OS X / Windows. I can't believe that nobody has done it. And how successful these would be at finding potential backdoors?
Only a Donald Knuth-level computer scientist would be able to reverse engineer OS X to assembly, and try to figure out any backdoors from it.
Use nouvaeu! Works better than the nvidia driver for basically everything but performance (I know, a silly statement, but I have an extremely convoluted xorg.conf file because Nvidia's proprietary driver in Linux is nearly worthless without a good EDID. (Even though it works perfectly in Windows/OS X)
One thing to consider: if you use an alternative to the major services...doesn't that make it easier to find you? You've effectively joined a much smaller haystack.

I guess how much of a risk this depends on where you see the vector of attack. If you think the NSA has one decade forward on decryption ability, then what does it matter if Facebook/etc hands over the data or if you've trusted another encryption scheme?

But consider this scenario: the NSA knows that one member of a group may be a person of interest, with the rest being innocent (for example, a leaker within an organization). What draws more attention: the person who is sending all of their traffic through GMail, etc...or the person who, for some reason, is using an obscure service at particular hours of the day? Even the use of Tor might be a flag.

And if your counter-argument is, "Well, so what? They won't be able to break the encryption on [so-and-so-independent service]?". Well, they don't have to. They just have to find someone who is exhibiting a reasonable amount of suspicious behavior and then observe them in other ways or get their associates/family members to flip...Investigations don't succeed or fail based on the unlocking of a key file...it's the work done around the secret that can reveal the secret.

edit: An analogy - You wish to have an affair without your spouse noticing. Since affairs in relationships are not an unheard of occurrence, your spouse isn't going to actively suspect you of it, but he wouldn't ignore signs of an affair either. Having the affair in your own home isn't practical, and you choose not to do it at the Ramada that's just blocks away from your home/workplace because, well, there's so many people there, and there's the possibility that a mutual acquaintance will see you and then tell on you.

So instead, you and your affairee agree to meet each other at a small bed and breakfast that is 1 hour away from your city and so small that no one you know probably even knows about it, and no one at the B&B will care who you are or know who your spouse is.

So are you safe? Well, only until your spouse finds it weird that on occasional days after work, you're driving in a direction that there doesn't seem to be any reason for you to go, and these occasions end up with you being gone for several hours. And in one such occasion, you were noticed carrying what seemed like a bag for a bottle of wine.

By going the obscure route, you've deflected one kind of exposure and opened yourself up to a whole new kind of suspicion.

That's why we need to push for popular services like Skype, Hangouts, Gmail and others to implement these technologies to make them mainstream so most people use them.
Not sure what technologies you're referring to, but in regards to the OP, the OP is arguing that people use replacement services (Diaspora vs Facebook, for example) so that the NSA and such have a harder time finding you...But if you ascribe the kind of capabilities and motivations to the NSA that would make you this concerned (the collection/mirroring of all traffic, legal authority to request what they want, encryption well ahead of the state-of-the-art, and the information architecture to make broad-scale analysis possible)...then you're not really diluting anything and opening yourself up to other attack vectors.
> if you use an alternative to the major services...doesn't that make it easier to find you? You've effectively joined a much smaller haystack.

No. Because the 'haystack' you are (accidentally) referring to is a ginormous indexed/searchable database. All of their data goes to the same place, so it doesn't matter where it comes from.

Your argument through analogy is not applicable but let me clarify for you: They are not watching you. They are watching the Ramada and everyone who enters, exits, and everything they do while there. All of this information goes into organized storage until they need to dig it up.

They can't watch the bed and breakfast because the windows are blacked out (encryption). So you are safer there.

Security through obscurity is an awful policy to start with and only fails harder when applied to a situation like this.

Security through obscurity is never a great mindset, but neither is the mindset that security doesn't come without significant tradeoffs, tradeoffs that may reveal you inadvertently.

And you misunderstand the analogy. They don't need to watch you having an affair (through the windows). They only need to see that you're driving to an out-of-the-way B&B. They don't even have to interrogate you directly, just any one else who comes out of that small venue. Ergo, the "haystack" is smaller.

To use another analogy: what do you think former CIA director David Petraeus was done in by? The fact that he used GMail and that activity on his account triggered an FBI omnisearch? Or that his mistress engaged in illegal activity and did not take the steps to separate her real-life identity from the anonymous GMail account?

I guess the point I'm making is there is no obscurity to be gained by throwing your actions in with a pool of others' because it is all itemized and catalogued.

So what's better? A detailed account of everything you did, or the knowledge that you went to a place, but nobody knows for sure what happened there.

EDIT: To answer your question about Petraeus - "The fact that he used Gmail" is enough. You can stop there.

> EDIT: To answer your question about Petraeus - "The fact that he used Gmail" is enough. You can stop there.

Well, this is where you and I will have to disagree. Assuming there wasn't a more ordered conspiracy (i.e. Petraeus was outed because of world-level politics), then Petraeus's exposure had nothing to do with the email service he used. His mistress drew attention to herself by sending anonymous threats that made reference to him and did not do enough to separate herself (such as using a different IP) from those messages.

The point is, surveillance is not solely something in the digital domain, and so making a service change is not automatically a beneficial tradeoff. People used these popular services for a reason: mostly because of their ease and power. When they switch to a less powerful version, that may introduce behavior changes that cause slip ups.

And I thought this could go without saying, but we all know that social engineering is by far the biggest cause for security breaches. And if the teenage script-kiddies can exploit that with ease, what makes you think the NSA can't? The relevant part to this discussion is that, again, less-used services have less-built in precautions against such identity attacks.

You are arguing about what shows up on the NSA's radar that causes them to go searching, I'm talking about limiting what they can easily find. You're right about Broadwell's actions triggering the investigation, I'm saying his email wouldn't have been part of that investigation if he hadn't used Gmail and instead opted to secure the messages. And let's be honest: The director of the CIA should know better!

It doesn't matter what causes the NSA to go looking, what matters is what they find. Edward Snowden makes this point himself in the original interview. They have collected data on you for years, just sitting there waiting to be scrutinized for whatever reason.

Your second and third paragraphs are irrelevant to the point of condescension. We're talking about warrantless digital surveillance of US citizens not possible maybes and what-ifs.

> It doesn't matter what causes the NSA to go looking, what matters is what they find.

Sorry, but I disagree with that. It is very much about what causes them to go looking, because NSA analyst time is finite. If you remember from Snowden's interview, he said this:

http://www.newyorker.com/online/blogs/closeread/2013/06/edwa...

> “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge or even the President, if I had a personal e-mail,”

Note the qualifier at the end. He's claiming that the NSA can read the emails of anyone once they know the address. The implications are that investigation and surveillance are done when a target is specified. If President Obama doesn't use barack.obama@gmail.com from a known IP address, then his emails are essentially hidden from the NSA.

If you are in a situation where the NSA knows of the identities you are using, no matter what service, and they choose to target you, then you are screwed no matter what.

> Note the qualifier at the end. He's claiming that the NSA can read the emails of anyone once they know the address. The implications are that investigation and surveillance are done when a target is specified.

Those certainly are not the implications. He explicitly explains that all data from all people is always ingested by default. The surveillance is already happening right now. He needs the email address (or other information, note Snowden's reference to a "selector") in order to query the already monumental database of information and possibly to pull in future collections. But this isn't magical. Knowing an email address doesn't mean you can decrypt secured messages. It does mean they can access information gathered from their sources of which Gmail is a known source.

And re: Why They Go Looking - Snowden says this:

  It’s getting to the point, you don’t have to have done
  anything wrong. You simply have to eventually fall under
  suspicion from somebody, even by a wrong call, and then
  they could use this system to go back in time and
  scrutinize every decision you’ve ever made, every friend
  you’ve ever discussed something with, and attack you on
  that basis, to sort of derive suspicion from an innocent
  life and paint anyone in the context of a wrongdoer.

> If President Obama doesn't use barack.obama@gmail.com from a known IP address, then his emails are essentially hidden from the NSA.

Exactly.

If President Obama doesn't use barack.obama@gmail.com from a known IP address, then his emails are essentially hidden from the NSA.

This example doesn't really work with Obama though. There's no chance that he has any online accounts or connections which aren't thoroughly monitored, I would expect the NSA and CIA to be reading the President's emails, and the emails of congress, senators, generals, and have everyone's social media logins, et cetera.

I don't mean to be a pedant, I just think the analogy breaks down using him as an example. For you or me, maybe.

So use alternative services for mundane things, all the time. Make it less of an anomaly that you're using less-trackable services, and make the haystack bigger for other leakers.

(I'm reminded of a talk about Tor where it was mentioned that Tor only works if the user-base is diverse; if only the FBI used Tor, the FBI would have anonymity from using Tor, etc.)

Yes, but mundane things are mundane because they are easy to do. Like using a cloud service to handle your reminders, navigation, etc.

Once you use an off-beat service, you force changes in your own behavior and the behavior with everyone you interact with. In the worst-case scenario, this may cause you to make a grievous human error, such as forgetting to keep up to tabs with critical updates on your burner laptop. In a less-worst case scenario, this extra work takes attention away from other more obvious attack vectors (such as social engineering). In the more mundane case, your entire life may be disrupted, on a small scale, preparing for a scenario that for you, personally, is probabilistically unlikely, but more importantly, you may be preparing in ways that wouldn't have helped from worst-case scenarios, if they even occurred.

I'm not suggesting apathy or fatalism. I'm suggesting to be even more cautious and introspective than the pat suggestions offered by the OP.

If majority of us are using open sources alternatives, we will not be outliers.
I don't understand how this dilutes anything. Open source services are just as vulnerable to getting a national security letter as anything else.
The problem can't just be solved by simply pointing people to (random?) open source software.

We still need servers as rendezvous points, and we can't expect everybody to run their own services. Properly setting up a mail server is hard.

So, everybody who can should run XMPP and/or SIP servers and hand out accounts to their friends. Both telephony/messaging protocols have inherent capabilities for federating with other people's servers similar to what email does. And with OTR and ZRTP we have real end-to-end encryption without relying on (broken) SSL certificates.

The technology is ready, now it's time to make it usable. Let's help people to move their lives back out of the cloud.

very good points. check out guardianproject.info ... their whole mission is exactly this.
> We still need servers as rendezvous points, and we can't expect everybody to run their own services. Properly setting up a mail server is hard.

What could be done about this? Running a server on someone else's platform makes you more vulnerable and ISP port blocking can be an impediment to running a server at home. So I start thinking about relatively inexpensive dedicated microservers with integrated solid state storage. Power consumption optimized single board solutions that could just be shoved into a rack and that someone could build hosting plans around. I don't know if anyone has tried to do that.

How far could we go in terms of protecting the microserver from the hosting provider and anyone that may try to pressure them for client data? Maybe provide a bare bones executive that allows them to get it up on the network and from there the client can connect and instruct it to install (from the hosting provider's repository or some other repository) pre-built images that are hardened and optimized for the services they want to run and which would include easy to use provisioning tools to help with post install config? Maybe it could run with fully encrypted storage and the executive could provide the hosting provider with an interface to backup that strongly encrypted storage? Thereby allowing for backups which could be restored by the hosting provider (in the case of a hardware failure for example) but without them having access to the OS and data stored on it?

Ubuntu phone, oh really? Where i can buy tomorrow ubuntu phone? Ubuntu? Why this distro, not openSUSE or Debian? Nothing wrong that by default ubuntu uses Amazon ads?
Ubuntu is actually working on a phone OS, and the rest aren't. http://www.ubuntu.com/phone
Working or planning to work? There no devices yet.
Ah, here's the link I was looking for: https://wiki.ubuntu.com/Touch/Install You can install it right now, it supports 4 current devices.
Are we talking about geeks or rest? Most geeks to some extent follow aforementioned advices. Ordinary man can't buy device with ubuntu phone. Moreover, ubuntu phone is not yet ready.
Is there a good WhatsApp alternative? I mean a messenger which is Open Source; secure; available on Android, iOS, Linux, Windows, OS X. At best, even the little features like group chat.

http://www.kontalk.net/ seems on the way, but not immature so far.

The only safe way to social network without eavesdropping is through encrypted private messages. A public post on Diaspora is still public.
You can run, but you can't hide... Especially because they can access most of the internet hubs.
OpenStack isn't an alternative to AWS on it's own. You still need someone to host it for you.......