It would be interesting to see what effect this has had on how people, especially technically included people behave and conduct themselves online. This could include technical solutions you have adopted or might include how you use, or view services which you previously trusted with your data.
Myself, I have switched my email provider away from one of the 'big three'. I have started taking an interest in more 'usable' applications of encryption and have started talking to people about the ramifications of the information brought to light by Snowden and others.
My changes:
- Don't use gmail for private email. Self hosted it instead.
- Switched to Firefox (from Chrome), changed my addons (https everywhere, privacy badger and mublock).
- Deleted my facebook account.
- Tried to get my friends to use a self-hosted irc server + mumble instead of skype - but that didn't last for long sadly.
- Changed from google to duckduckgo, but I'm constantly using the !g command anyway.
Sigh. I don't think any of this matters much anyway.
This is exactly how I feel. I've reached the point where I assume the majority of my online communication is "public" - and use alternatives only when necessary to achieve (as close as possible) to true privacy.
- Use TresorIt/SpiderOak/OwnCloud instead of Dropbox/Google Drive/One Drive.
- Use Tox in place of Skype (definitely hard, nobody is willing to switch away from the comfort of Skype).
- Consider using also Disconnect addon for Firefox.
We know what we can do for better online privacy:
- Use tor for all internet activity
- Pay cash for everything; do not own any credit cards,
or use a service like Blur
- Bank only with banks that don't share our data
- Don't use a modern smartphone
- Use PGP for all email
Have I changed the way I conduct myself online? Absolutely. I do four of the five things I listed above but I could never imagine a small percentage, let alone a vast majority of people implementing them in their day to day lives. That's the core of the problem that we need to solve first.
Spotify in my car, gps/maps when I'm out of town, google results, HN, etc...I'd miss it sorely if I ditched it.
I could spent a lot of time and/or money setting all of that up in "offline mode," essentially. Mp3s, some map software, wikipedia offline...but in the end, we really can't trust pretty much any of the hardware available, so it might check in on every open network or something.
I'd totally splurge for an anonymous plan, with a trusted data provider, and open hardware platform.
Note: I did go 3 months with no phone a couple of years ago while I lived in Costa Rica--but I was either on my PC or at the beach. Never wanted a phone.
Ditto the despair. I feel like I've been contributing to the construction of an oppressive pantheon, and there's nothing that can be done about it.
But then I see things like ipfs, and tor, and so on .. and somehow feel like there might be hope. But regardless of the technological solutions that are being proposed, we still need to reign in - and more importantly, make society more aware of the need to reign in - those who wish to oppress us all with technology. Its a daunting task, but the best thing I can possibly do is raise my sons to understand the need to understand things. Teach them cryptography. Save all the old machines for them, just in case. Impress upon them the importance of recognizing repression and fascism in the world today, and do what they can to stamp it out.
I'm also spending more time outside with them, enjoying the simple beauties of life. Its just as important as waiting for the keys to re-gen ..
If telecoms company A proved to be betraying the trust of its customers, customers might find it reasonable to move their custom to telecoms company B - however the issue is that if both telecoms company A and B are both guilty of surveillance there is no feasible choice for the consumer.
The same can be said about political parties. If all major political parties support mass surveillance there is no viable alternative to support.
I can imagine some will feel censored to a degree. There is some stigma to knowing about privacy and technology. Try talking to a lamen even casually and you might as well be wearing a tin foil hat. Even @moxie's recent thread on HN echoes that.
[0] https://twitter.com/protonmail/status/468759469006942209
It is interesting you mention Telegram, i have started using that with contacts of mine who have also adopted it, i'm not totally convinced it is secure, but does seem a better alternative to WhatsApp.
Further to this i've secured the domains i host content on, not because the content needs securing in terms of handling financial data etc, but because i believe that the wider encryption is used the harder it will be to operate global 'catch-all' surveillance.
ref: http://darkmail.info http://mailbox.org https://telegram.org
I don't bother much with email encryption or pgp, I've written down email as a loss in the privacy department and don't bother with trying/hoping my emails are private. So my gmail/hotmail/yahoo inboxes are for fluffy stuff only that doesn't really matter.
Mostly if I need to securely communicate with someone it will be on a private irc server where everybody has his/her own certificates and I can check to see if the server is untouched etc.
This again leads to the disempowerment issue, each measure seems to have been systematically either compromised or weakened. I look forward to new solutions such as the Dark Mail Alliance. The issue i have is that any solution needs to be very 'consumer friendly' as unless both parties are using a secure system taking extra measures is almost pointless. eg. i take steps to chose an email provider who doesn't share their data, or is outside of the NSA/GCHQ jurisdiction but then i have to send an email to an @gmail address i know that those steps i have taken are compromised by the other party.
Even if you were to completely own your own infrastructure for the first two hops (your computer and router). And manage all those services yourself you'd still be exposed the moment your email needed to be forwarded to a user who hasn't gone through those steps.
As for the death grip. This is pure speculation on my part, but if they can decrypt/de-cloak your traffic it's probably because they hacked/infiltrated/bribed the services as opposed to breaking the crypto. So here's me hoping that my setup is relatively safe even if it's not anonymous.
I'm also very cautious about using non-HTTPS sites these days, or using sites with broken HTTPS. I sent my bank an email about their poor HTTPS configuration as well.
I also intend to use EFF's CA for all my future sites, regardless of what type of site it is and whether it actually "needs" HTTPS or not.
I'm much more careful about what I share through Gmail/Hangouts. I use 2FA for Gmail now, but I know it's useless against the NSA, because Google defaults to SMS-based 2FA (and the wireless networks are completely owned by the NSA), regardless of whether you chose SMS or Authenticator 2FA. It's mainly to protect against other "regular" hackers.
I plan to start using FIDO-ready hardware tokens this year, and I won't change my phone until the new ones have strong support for local fingerprint recognition/FIDO.
I try to use as few Microsoft services as possible: http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-c....
I haven't managed to move off Windows yet, but I might in a few years time. What most people don't realize is that Microsoft gives NSA "back doors" on a daily basis. It's all the zero-day vulnerabilities they share with them months before Microsoft gets around to fixing them. That's time in which the NSA can exploit those vulnerabilities. And now, unfortunately, Apple is going to do the same (technicaly giving them to the DHS...but I think we all know those are going to the NSA, too).
http://bloomberg.com/news/2013-06-14/u-s-agencies-said-to-sw...
It's hard to totally avoid Microsoft/Google etc absolutely, but by not buying into them completely at least it's security through obscurity.
The truth is that the King has always been able to have anything intercepted ever since the first letter was written. Way before 9/11 GCHQ/NSA had things pretty covered and they certainly had capabilities to fully bug anyone of actual interest. You know these people even have your school reports if they want to dig back that far?
What has changed is that one can talk about security matters without sounding like a conspiracy theorist. That is about it for me.
Here is a list of apps/extensions I use:
- Firefox with disconnect.me, HTTPS everywhere, Adblock.
- Never EVER use Google for search. Always use DuckDuckGo.
- Deleted my Facebook account. - Never ever use Skype (I refuse anyone who wants to use skype) There are other alternatives.
- Whenever possible I use a VPN (mine it privateinternetaccess)
- Never use any storage services like Dropbox, OneDrive, GDrive, etc.
Now that being said, I struggle with some "habits" and alternatives. These are:
- Google Apps, especially email. There is a reason why it works and so many people use it. I've tried Thunderbird, Apple Mail, Airmail, Outlook, etc. But somehow always go back to gmail :-(
On another note, I wonder what people use for an operating system?!?
I myself use MacOS X. I run many servers, all of them are Ubuntu Servers. I love Linux. However for a desktop app, I need to be productive and fast. Every time I want to switch to Linux I find some app that is not working and I need to use a VM for that.
Is it even worth considering a switch of operating systems? Too paranoid?
Privacy is a form of Liberty, you loose one and the other will have its final countdown
> because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting
One thing the mass surveillance programme does not do is publish 'interesting' personal data that passes through it. The risk of one's private communications reaching a wider audience than, rarely, the occasional analyst (who is bound by secrecy laws) is close to zero.
The vast majority of people are more at risk of having their laptops stolen, accounts hacked/phished, online presence stalked, and so on by other members of the public rather than the security services. It's much more important to protect against that, than be disproportionately concerned about an invisible omnipresence to which their everyday activities are a trifling insignificance.
Then they came for the Trade Unionists, and I did not speak out—Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out— Because I was not a Jew.
Then they came for me—and there was no one left to speak for me."
—Martin Niemöller
- I did start looking into some ways to communicate more securely/anonymously if I really needed to do that but I am not confident teaching others to do the same (so talk in person with your phones in the fridge!).
- I ordered a couple of Schneier books and the Glenn Greenwald book and I'm going to try the Matasano challenges and start studying secure practices to hopefully become a more security-minded developer.
- I will probably not live in the USA for any longer than I have to, but I need more skills and experience before I can really change countries but frankly I have no idea where I would go that would be safe.
Your rights are more likely to be infringed by the NSA--you're not "protected as an American" to whatever extent that remains or might be reinstated.
If it's for privacy--you'll have less of it.
Do you know anything about the number of users?
I assume that for the last ten years all my online identities are pseudo-anonymous in the very best case and that all my communications meta data and content is logged and has been, is or is going to be scrutinized by TPTB. And that should anyone be interested, my full profile along with all my social network is or can be made available.
It's like saying I won't drive my car on the street because the police are watching you. But the police are looking for bad guys, not me. I'm not a bad guy.
I see so many people trying to block the police from doing their work finding bad guys. They don't want road checks for drunk drivers but then complain when a drunk driver kills someone. They don't want license plate scans for criminals and drug trafficking yet complain when they aren't caught.
They don't want the NSA scanning internet traffic and email yet complain they didn't catch the Boston bombers and others ahead of time while actively protesting the same thing.
I fear people like Snowden more than anything else.
They don't want road checks for drunk drivers but then
complain when a drunk driver kills someone. They don't
want license plate scans for criminals and drug trafficking
yet complain when they aren't caught.
This is the problem with saying you have no need to. You assume you have already thought of every possible case when in fact, that's impossible to do. The most important part in the fight for personal privacy is in protecting the freedoms we have from potential abuse.
Funny. Just a few minutes ago, I was watching NBC News story about the 3 teenage kids who went to Syria on their own. The family lawyer complained that, since the government is watching all the social media they posted on, why didn't they alert the family so this could be stopped?
To which all of HN would reply, "But ... but ..."
Funny but, on NBC News tonight, there was a story about 3 kids who went to Syria on their own. The family lawyer complained that the government, which is watching Facebook and all the social media they posted on, according to him, why didn't they alert the family to prevent this.
"THE conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society consti- tute an invisible government which is the true ruling power of our country. We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smooth- ly functioning society." ~ Edward L. Bernays, Propaganda (1928), Chapter 1 - Organizing the Chaos