News:

this is a news item (test)

Main Menu

HOW TO DEFEAT THE PRYING OF GOOGLE, NSA, SKYPE, WINDOWS, APPLE & GOVT.

Started by M O'D, July 11, 2013, 03:10:12 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

M O'D

An excellent interview from the Corbett report on how to put heavy spanners in the snooping machinery of the surveillance state.


Tim Kilkenny on the Free Software Solution


QuoteWe all know the problem: Big Tech has partnered with Big Government to form the 'perfect' panopticon spying grid. But every time we purchase software from the Big Tech giants, we are helping to feed the beast that is enslaving us. Today, Tim Kilkenny of Revelations Radio News joins us to discuss the free software movement and how it can help us to boycott the Microsofts of the world and remove our complicity from the spy grid.

http://www.corbettreport.com/interview-703-tim-kilkenny-on-the-free-software-solution/

SHOW NOTES

QuoteUbuntu - http://www.ubuntu.com/

   •   You can opt out of third party software on installation
   •   Has a dock interface like OSX
   •   Amazon App
   •   Opt out of sharing info in dashboard


Linux Mint - http://www.linuxmint.com/

   •   You can opt out of third party software on installation
   •   A very familiar "Start Button" setup
   •   minimal and sleek


Libre Office - https://www.libreoffice.org/
Inkscape - http://inkscape.org/
Gimp - http://www.gimp.org/
Blender - http://www.blender.org/
Audacity - http://audacity.sourceforge.net/



   1.   The freedom to run the program, for any purpose (freedom 0).
   2.   The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
   3.   The freedom to redistribute copies so you can help your neighbor (freedom 2).
   4.   The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

M O'D

A Skype alternative worth its salt: Jitsi

Posted on July 5, 2012

QuoteI've been using Skype, Google Talk and Facebook chat for years to communicate with friends and family. They're all convenient, reliable and easy to use. But there is a big problem: They are all very easy to record and monitor by 3rd parties. We now know that:

Microsoft (owner of Skype) keeps records of who talked to whom and for how long. We also have very good reason to believe that there are tools out there (built by private companies and sold to governments) that can eavesdrop on Skype voice calls. Skype executives have been unable to deny that they comply with local law enforcement requests to eavesdrop on Skype calls.
Google definitely record all of your text chats. They don't deny they do that, even when you use the "Go off the record" option in Google Talk. We're not sure what recording they do with voice calls but can be certain that they comply with the law – therefore building "legal intercept" capabilities into their products.
Facebook record and analyze all of your text chats and will report you to the police if they see anything "suspicious" (source: Reuters). We don't know what they do with voice/video calls, but again can be certain that they comply with the law – therefore building "legal intercept" capabilities into their products.
So if you happen to live in a surveillance state (think countries of the Arab Spring, think UK with their repeated attempts to introduce surveillance of their citizens, think USA with their record-breaking demands for your personal data from all of the above service providers (Microsoft, Google and Facebook)) then you can expect that all your online communications with your loved ones (voice calls, video calls, text chats) are recorded and stored, or at least eavesdropped upon. They're all great free services that allow you to keep in touch with people, with one caveat: the government is listening in.

If you have no problem with that, perhaps because you subscribe to the flawed "I have nothing to hide" school of thought, read no further.

If you feel that being spied upon constantly, and having no reasonable expectation of privacy for your online life is not cool, read on.

The work of thousands of visionaries (starting with people like Richard Stallman in the 70?s) has today given us the free tools to protect our online communications to a reasonable degree. These are not tools to stop a police investigation against you from succeeding – these are tools that empower you to opt-out from the surveillance-by-default communications channels most of us use, and instead keep your private thoughts and words only between yourself and your loved ones.


The easiest one to get us started is Jitsi.

Jitsi gives you voice calls, video calls, instant text messages and group chats. It therefore covers 100% of the communication capabilities of Microsoft's Skype, Google Talk, Facebook Chat, IRC channels and the like. Use Jitsi, and you don't need to use any of these again.

Why switch to Jitsi?

Because it protects your privacy as much as possible. If you and your loved ones use Jitsi, you can:

Have end-to-end encryption of your voice and video calls – guaranteeing that nobody is listening in or recording.
Have end-to-end encryption of your text (instant messaging) chats with Off The Record (OTR) technology – the world's finest in preserving your privacy with unique features like Perfect Forward Secrecy and Deniability.
As an additional benefit, it's great to have all of your instant messaging contacts in one window, and Jitsi gives you that. It also runs on Windows, MacOSX and GNU/Linux.



Start using Jitsi instead of Skype, Google Talk and Facebook Chat and stop corporations and governments collecting, storing and analyzing the thoughts you share with your loved ones.

PS: You can only have private communications if both ends of the chat/voice/video call support this. If both you and your loved ones use Jitsi, voice & video calls are private by default. For text chats, you will have to click the lock icon in your chat window (as shown below) until it displays a closed "lock" state.


PPS: No "lock" icon? That probably means that the person you are chatting with is not using Jitsi or a similar program that can protect your chats with OTR. You can only have a private conversation if both ends support OTR.

PPPS: Looking for something like Jitsi for your smartphone? For private text messaging (using the Off The Record protocol) look at ChatSecure for iPhones or GibberBot for Android phones. For private voice calls on the Android, look into csipsimple and Moxie Marlinspike's RedPhone. Remember, both ends of the conversation need the same technology to create a private channel.

http://apapadop.wordpress.com/2012/07/05/a-skype-alternative-worth-its-salt-jitsi/
All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

M O'D

Quote
Home
SIP Service

"This is the home of the well-known free iptel.org IP Telephony service. Many people use our services for software/hardware interoperability testing or just as a way to call other people. The service allows incoming and outgoing calls from/to any other IP Telephony services (note: some commercial services stop calls to other Internet-based services).

The service is based on SIP Express Router, SERWeb and SEMS.

It also uses third-party equipment, currently FRAFOS' ABC Session Border Controller.



Generic phone settings

The SerWeb login is the name you picked when registering. The same name and password is used for SIP authentication. It is sent with the confirmation email as 'Username' and 'Password'. With this account you can login above at 'SerWeb login' or 'Go to my account'.

You can download Jitsi at http://download.jitsi.org and use it on Windows, Mac OS X, and Linux.

To configure your iptel.org account click on the "File" menu and select "New Account". In the "New Account" dialogi select the "iptel.org" option and then enter your SerWeb login as shown in this screenshot. The new account would then appear in your account list (screenshot) and you can start using it immediately.


... continued at link below

http://www.iptel.org/realer
All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

gerbil

All Rights Reserved - Without Prejudice<br />Without Recourse - Non-Assumpsit<br />Errors & Omissions Excepted <br />http://www.voidmortgage.net

M O'D

Encrypt Android phone conversations with RedPhone


Quoteby Martin Brinkmann on August 12, 2013 in Google Android
The Prism surveillance scandal has shown that the NSA and other agencies can tap into most communication channels. One of the proposed solutions is encryption and here especially open solutions that anyone with expertise can analyze.

RedPhone is an application for Android devices that can encrypt phone conversations on the device. It is open source, with the source code readily available on GitHub so that you can audit and compile it at anytime.

The app uses voice over IP technology (voip) to encrypt phone calls, which means that the calls made using it are handled by a data plan.

The first thing you are asked to to after you install RedPhone on your mobile phone is to register your phone number with the service. This is a semi-automated process, with the number filled out automatically. All you have to do is make sure it is correct before you hit the register button to continue.

The phone number that you have selected will then be verified with a SMS that is automatically detected by the application.

You are then taken to the address book displaying all your contacts. While you can call contacts from here right away, you need to be aware that the contact too needs to run RedPhone on the device. This is definitely a limitation as the app is limited to Android right now. If the recipient uses an iPhone, Windows Phone or a landline, it is not working at all.

Anyway, when RedPhone notices that a phone number is not using the application as well, it is offering to send a RedPhone install link to that phone number via SMS, or to call it regularly.



RedPhone is using SRTP to encrypt calls and ZRTP to negotiate the keys. If both parties use RedPhone, the app uses the keys from both users to generate a simple passphrase that is displayed on both screens. Users need to exchange the passphrase to make sure it matches and that no one tapped the line or intercepts it with a man-in-the-middle attack.

You can access additional information about the encryption used here on GitHub.

The core benefits of RedPhone are that it uses regular phone numbers to make encrypted calls, so that you can get started right away, that it is open source, and that it is using a wireless or data connection and not your plan's minutes.

The downsides are that it is currently only available for Android, that both parties need to have it installed, and that both parties need to verify the created passphrase to make sure that the connection is save.

Verdict

The Android limitation is probably the factor that is keeping the application from reaching a larger audience. It offers several benefits that make it attractive though, like the easy installation.

If you have a couple of contacts that use Android, and that you want to talk to using encryption, then you may want to give this application a try.
All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

M O'D

#5
Like privacy? Secure your calls for free with RedPhone. It's that simple.

RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.

QuoteDescription

? RedPhone uses your normal phone number to make and receive calls, so you don't need yet another identifier.
? Use the default system dialer and contacts apps to make calls as you normally would.
? RedPhone will give you the opportunity to upgrade to encrypted calls whenever the person you're calling also has RedPhone installed.
? RedPhone calls are encrypted end-to-end, but function just like you're used to.
? Free and Open Source, enabling anyone to verify its security by auditing the code.
? Uses wifi or data, not your plan's voice minutes.
More information:
http://www.whispersystems.org
Please file any bugs, issues, or feature requests at:
https://github.com/whispersystems/redphone/issues
Secure Calls, Private Calls, Secure VoIP, Private VoIP, Encrypted VoIP, Private Conversations, Free Calls[/size][/font]

http://www.ghacks.net/2013/08/12/encrypt-android-phone-conversations-with-redphone/


All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

M O'D

Quote

If you want a good list of tools to protect your privacy, google (or better yet, startpage) the NSA black-paper pdf by "sovereign man" for FREE. It's a great read and will get you well on your way to privacy and protection from snooping. http://www.sovereignman.com/nsa-black-paper/


All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

M O'D

"Dark Web Rising: McAfee Founder To Launch New "NSA Killer" Privacy Device"
Quote


Thursday, October 3, 2013

Their tentacles are everywhere.

If it's plugged into the Internet there is a near 100% chance that the National Security Agency is monitoring it.

So how does the average American get off the control grid?

According to well known anti-virus software founder John McAfee the answer is simple.

Decentralization.

Rather than connecting to the telecom sponsored (and government integrated) Internet, we bypass it completely and connect directly to each other's devices in a peer-to-peer environment using what is essentially a distributed network architecture.

He's been working on the new device, dubbed D-Central, for several years but has recently sped up its development in light of revelations that the NSA is tapping the digital interactions and personal correspondence of virtually every American citizen.

The new "NSA Killer" will, according to McAfee, make it difficult if not impossible for the NSA to tap into personal communications like they do today because the device would operate in what is known as a "dark web" and allow an individual to completely obscure their identity.

McAfee says with D-Central there will be no way for the government to tell, "who you are or where you are."

The gadget, which McAfee wants to sell for less than $100, would communicate with smartphones, tablets and notebooks to create a decentralized network that couldn't be accessed by government agencies. Specifically, it would create a small private network that would act as a "dark web" where users could communicate and share files privately.

The device would have a wireless range of about three blocks and those in range would be able to communicate with each other. McAfee has reportedly been working on the gadget for a few years but has accelerated development in recent months given the NSA leaks.

At present, he said the design is in place and they are looking for partners to help with hardware. A public prototype is expected to be ready within six months with the current device said to take a round shape with no display. This of course is assuming the project isn't shot down by regulators before it's ever released.

Source: Tech Spot via The Daily Crux



If true, the promise of a $100 NSA-Killer device that crushes the trillion dollar surveillance state is quite appealing and one that Americans will likely respond to with open arms should it become available on the free market. We say "should," because there's already talk that the D-Central privacy device may be banned in the United States because it could potentially be used for nefarious purposes.

Of course with that logic we should also ban telephones, computers, credit cards, and pretty much everything else, because criminal elements will always adopt emerging technologies for their enterprises.

The obvious, but unspoken, reason for such a ban would, of course, be that the government would lose the ability to monitor, and thus control, the American public.

According to the Future Tense Central web site McAfee's new device will be available March 22, 2014.

Decentralize. It's the only way to go.

http://www.activistpost.com/
All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted

M O'D

"NSA and GCHQ target Tor network that protects anonymity of web users"

Quote• Top-secret documents detail repeated efforts to crack Tor
• US-funded tool relied upon by dissidents and activists
• Core security of network remains intact but NSA has some success attacking users' computers
• Bruce Schneier: the NSA's attacks must be made public
• Attacking Tor: the technical details
• 'Peeling back the layers with Egotistical Giraffe' – document
• 'Tor Stinks' presentation – full document
• Tor: 'The king of high-secure, low-latency anonymity'

Quote

James Ball, Bruce Schneier and Glenn Greenwald
The Guardian, Friday 4 October 2013 15.50 BST


One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers. Photograph: Felix Clay
The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," and says the agency has had "no success de-anonymizing a user in response" to a specific request.

Another top-secret presentation calls Tor "the king of high-secure, low-latency internet anonymity".

Tor – which stands for The Onion Router – is an open-source public project that bounces its users' internet traffic through several other computers, which it calls "relays" or "nodes", to keep it anonymous and avoid online censorship tools.

It is relied upon by journalists, activists and campaigners in the US and Europe as well as in China, Iran and Syria, to maintain the privacy of their communications and avoid reprisals from government. To this end, it receives around 60% of its funding from the US government, primarily the State Department and the Department of Defense – which houses the NSA.

Despite Tor's importance to dissidents and human rights organizations, however, the NSA and its UK counterpart GCHQ have devoted considerable efforts to attacking the service, which law enforcement agencies say is also used by people engaged in terrorism, the trade of child abuse images, and online drug dealing.

Privacy and human rights groups have been concerned about the security of Tor following revelations in the Guardian, New York Times and ProPublica about widespread NSA efforts to undermine privacy and security software. A report by Brazilian newspaper Globo also contained hints that the agencies had capabilities against the network.

While it seems that the NSA has not compromised the core security of the Tor software or network, the documents detail proof-of-concept attacks, including several relying on the large-scale online surveillance systems maintained by the NSA and GCHQ through internet cable taps.

One such technique is based on trying to spot patterns in the signals entering and leaving the Tor network, to try to de-anonymise its users. The effort was based on a long-discussed theoretical weakness of the network: that if one agency controlled a large number of the "exits" from the Tor network, they could identify a large amount of the traffic passing through it.

The proof-of-concept attack demonstrated in the documents would rely on the NSA's cable-tapping operation, and the agency secretly operating computers, or 'nodes', in the Tor system. However, one presentation stated that the success of this technique was "negligible" because the NSA has "access to very few nodes" and that it is "difficult to combine meaningfully with passive Sigint".

While the documents confirm the NSA does indeed operate and collect traffic from some nodes in the Tor network, they contain no detail as to how many, and there are no indications that the proposed de-anonymization technique was ever implemented.

Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.

Another effort involves measuring the timings of messages going in and out of the network to try to identify users. A third attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.

Such efforts to target or undermine Tor are likely to raise legal and policy concerns for the intelligence agencies.

Foremost among those concerns is whether the NSA has acted, deliberately or inadvertently, against internet users in the US when attacking Tor. One of the functions of the anonymity service is to hide the country of all of its users, meaning any attack could be hitting members of Tor's substantial US user base.

Several attacks result in implanting malicious code on the computer of Tor users who visit particular websites. The agencies say they are targeting terrorists or organized criminals visiting particular discussion boards, but these attacks could also hit journalists, researchers, or those who accidentally stumble upon a targeted site.

The efforts could also raise concerns in the State Department and other US government agencies that provide funding to increase Tor's security – as part of the Obama administration's internet freedom agenda to help citizens of repressive regimes – circumvent online restrictions.

Material published online for a discussion event held by the State Department, for example, described the importance of tools such as Tor.

"[T]he technologies of internet repression, monitoring and control continue to advance and spread as the tools that oppressive governments use to restrict internet access and to track citizen online activities grow more sophisticated. Sophisticated, secure, and scalable technologies are needed to continue to advance internet freedom."

The Broadcasting Board of Governors, a federal agency whose mission is to "inform, engage, and connect people around the world in support of freedom and democracy" through networks such as Voice of America, also supported Tor's development until October 2012 to ensure that people in countries such as Iran and China could access BBG content. Tor continues to receive federal funds through Radio Free Asia, which is funded by a federal grant from BBG.

The governments of both these countries have attempted to curtail Tor's use: China has tried on multiple occasions to block Tor entirely, while one of the motives behind Iranian efforts to create a "national internet" entirely under government control was to prevent circumvention of those controls.

The NSA's own documents acknowledge the service's wide use in countries where the internet is routinely surveilled or censored. One presentation notes that among uses of Tor for "general privacy" and "non-attribution", it can be used for "circumvention of nation state internet policies" – and is used by "dissidents" in "Iran, China, etc".

Yet GCHQ documents show a disparaging attitude towards Tor users. One presentation acknowledges Tor was "created by the US government" and is "now maintained by the Electronic Frontier Foundation (EFF)", a US freedom of expression group. In reality, Tor is maintained by an independent foundation, though has in the past received funding from the EFF.

The presentation continues by noting that "EFF will tell you there are many pseudo-legitimate uses for Tor", but says "we're interested as bad people use Tor". Another presentation remarks: "Very naughty people use Tor".

The technique developed by the NSA to attack Tor users through vulnerable software on their computers has the codename EgotisticalGiraffe, the documents show. It involves exploiting the Tor browser bundle, a collection of programs, designed to make it easy for people to install and use the software. Among these is a version of the Firefox web browser.

The trick, detailed in a top-secret presentation titled 'Peeling back the layers of Tor with EgotisticalGiraffe', identified website visitors who were using the protective software and only executed its attack – which took advantage of vulnerabilities in an older version of Firefox – against those people. Under this approach, the NSA does not attack the Tor system directly. Rather, targets are identified as Tor users and then the NSA attacks their browsers.

According to the documents provided by Snowden, the particular vulnerabilities used in this type of attack were inadvertently fixed by Mozilla Corporation in Firefox 17, released in November 2012 – a fix the NSA had not circumvented by January 2013 when the documents were written.

The older exploits would, however, still be usable against many Tor users who had not kept their software up to date.

A similar but less complex exploit against the Tor network was revealed by security researchers in July this year. Details of the exploit, including its purpose and which servers it passed on victims' details to, led to speculation it had been built by the FBI or another US agency.

At the time, the FBI refused to comment on whether it was behind the attack, but subsequently admitted in a hearing in an Irish court that it had operated the malware to target an alleged host of images of child abuse – though the attack did also hit numerous unconnected services on the Tor network.

Roger Dingledine, the president of the Tor project, said the NSA's efforts serve as a reminder that using Tor on its own is not sufficient to guarantee anonymity against intelligence agencies – but showed it was also a great aid in combating mass surveillance.

"The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network," Dingledine said. "Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

"Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on."

But he added: "Just using Tor isn't enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications."

The Guardian asked the NSA how it justified attacking a service funded by the US government, how it ensured that its attacks did not interfere with the secure browsing of law-abiding US users such as activists and journalists, and whether the agency was involved in the decision to fund Tor or efforts to "shape" its development.

The agency did not directly address those questions, instead providing a statement.

It read: "In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission.

"As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets' use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that."

• This article was amended on 4 October after the Broadcasting Board of Governors pointed out that its support of Tor ended in October 2012.

• Bruce Schneier is an unpaid member of the Electronic Frontier Foundation's board of directors. He has not been involved in any discussions on funding.
All Rights Reserved - Without Prejudice
Without Recourse - Non-Assumpsit
Errors & Omissions Excepted