As I already started a "Security Thread" somewhere, I figure I might as well make a "Privacy Thread". So here.
Logging out of Facebook is not enough:
http://nikcub.appspot.com/logging-out-of-facebook-is-not-enough
Pretty fucked up. That's NOT what a "logout" button is supposed to do.
As you (hopefully) are aware, if you have a Facebook account, every website that has a Facebook "like" button (that's most blogs and news sites, etc), this "like" button, the little thumbs-up icon, well, imagine it's a tiny little Facebook-controlled cyber tracking bug. Everywhere you see it and you're logged in to Facebook with the same browser, everywhere you go, this thumbs-up icon tracking bug will send a bleep to Facebook telling them what site you just visited and they'll know what account you have, whether your friends visited the same site, etc etc.
Well, if that's not fucked up enough, I mean, it should be, but you could say people are in control of it cause they're logged in, right? (Even though Facebook doesn't really like to publicize this little fact)
Except that now it turns out, if you "log out" on Facebook, you'd assume it just wipes your FB cookies and severs the link between you, Facebook and your account, right? Wrong!! Instead they have like 10 cookies, they delete few of them, refresh some others, give you two new ones, and leave the rest alone. The end result of this is that the cookie with your Account ID, the one that links you to your FB account is still there. So basically FB marks you as "logged out" so nobody can do anything with your FB account (that's good), but at the same time it keeps the cookie so even though you're logged out, FB can continue to keep on identifying you on pretty much every website you visit on the web, whether you are logged out or not.
The only solution is to actually delete your Facebook cookies.
The other solution is, some browsers (Firefox, Opera, Chrome, not sure about IE) have a "private browsing" feature, you open a tab, and the browser keeps all the cookies from that tab separate from the rest of your browsing and if you close the tab it dumps the cookies alltogether. I would suggest you dump all your Facebook cookies right now, and only log on to Facebook anymore via a "private browsing" feature (I believe Chrome calls it "incognito mode").
addition: if you wanna read the article, don't be put off by the blocks of cookie codes :) just read the rest, he explains what's going on and the cookie code is just provided as a sort of "screenshot" of what's going on inside the browser.
Well fuck.
Thanks for the tip Trip.
Oh, additionally:
http://www.howtogeek.com/63721/how-to-block-all-cookies-except-for-sites-you-use/
Now I haven't tried this, because it only explains this shit for FF, IE and Chrome. And I use Opera. But it looks legit, I just don't know how much of a hassle it is.
I just did somethign similar with Opera:
in Preferences>Advanced>Cookies I set it to "Accept cookies only from the site I visit" and "Delete new cookies when exiting Opera".
The first setting makes some sites that use cookies over multiple domains (for no real good reason except to discourage people from just disabling this "feature" altogether) no longer work properly. These are often "big" sites, such as Google and Facebook and Twitter.
The second setting makes logs me out of everything as soon as I close my browser.
Both of these settings I want for 99% of the sites I visit, except maybe 10-20 of them that I visit regularly and want to stay logged in over multiple browser sessions (PD.com, reddit, hackernews, etc) and/or ones that I notice keep logging me out unexpectedly because they need third-party cookies enabled (Google Mail, I expect).
So what do I do? PRESS F12 for the brilliant site-specific quick preferences menu. F12>Edit Site Preferences>Cookies and I enable or disable the setting to how I want it and Opera will remember it for that domain only. Yay!
If everything goes as planned, I should now receive significantly less cookies (most of them come from third-party domain ad-networks and traffic tracking networks1 that you probably never even heard about) and after I close and open my browser or reboot, only the few of my favourite sites should remain.
1 names that you probably never even heard about, but track as much data about you as Facebook and the like. There's one thing that (IMO) Facebook makes it worse, and that is because they can connect your browsing behaviour to your FB profile and your friends, making the data many times more valuable.
Opitions for phone/iPod users?
Also, thanks Trip!
Quote from: Placid Dingo on September 25, 2011, 02:52:18 PM
Opitions for phone/iPod users?
Also, thanks Trip!
Doesn't matter, as Apple will be storing all your data on a central server in the US, where the authorities will have legal access to it.
IOW, don't buy an iphone if you intend to use it and want some privacy (full disclaimer: I am looking to buy an iphone, simply for ease of use in checking emails, maps etc)
I never owned a Mac/Apple device myself, so I don't know how to secure them, nor have I really paid much attention to anything but the biggest security/privacy scandals (such as the map/location tracking thing).
It's funny how in this day and age the "tinfoil hat" actually begins to make sense. If you wrap your phone in tinfoil, you create a sort of Faraday cage and you can't be tracked. You can check by trying to call it (from another phone), if you did it properly you shouldn't be getting any signal, and therefore it shouldn't be able to send out any, either. I would imagine dropping it inside one of those metal-reflected thermo insulated shopping or lunch bags would also work.
Incidentally, you can prevent your credit cards, public transportation passes and ID cards from having their RFID chip be remotely read (yes this is entirely possible as been demonstrated on the CCC conference over 5 years ago) in a very similar way, just wrap everything in tinfoil. Or line your wallet with tinfoil, I dunno.
No I don't do that, but that's how you'd do it if you'd want to.
I saw an article about the effects of this, the "OpenGraph" and it pissed me off enough that I'm deleting my FB account.
Thanks for giving me an idea of _how_ they're attempting this, Trip.
Since most of you are not on my FB friends list, I thought I should pass along this vital information here:
FACEBOOK JUST RELEASED THEIR PRICE GRID FOR MEMBERSHIP. 13 HUMAN SACRIFICES FOR GOLD MEMBER SERVICES, 1 HUMAN SACRIFICE PER MONTH FOR SILVER MEMBER SERVICES, THE BEATING HEART OF ONE VIRGIN PER MONTH FOR BRONZE MEMBER SERVICES, FREE IF YOU SUMMON CTHULHU BEFORE MIDNIGHT TONIGHT. WHEN YOU SIGN ON TOMORROW MORNING YOU WILL BE PROMPTED FOR A BLOOD SACRIFICE...IT IS OFFICIAL IT WAS EVEN ON FOX NEWS. FACEBOOK WILL START CHARGING DUE TO THE NEW PROFILE CHANGES. IF YOU COPY THIS ON YOUR WALL THE SEAS WILL TURN TO BLOOD AND FACEBOOK WILL BE FREE FOR YOU. PLEASE PASS THIS MESSAGE ON IF NOT YOU WILL BE EATEN BY ELDER GODS IF YOU DO NOT PAY.
I have in-private browsing on my (har!) Sony Saio...I guess I need to start using it.
I don't log on to FB but three times a month, if that...and try not to do so on my damned phone, either.
GAH.
This is what it looks like, in case none of you all has seen it before:
(http://i64.photobucket.com/albums/h183/Jenne73/inprivatescrnsht.png)
I'm not sure if it came with the Saio or came with this version of Windows. But I don't ever use it...and now I think I should. Not sure how my work software supports it, but it could probably get me around whatever nanny shit they may put on my system while I'm working.
WHY DIDN'T I THINK OF THIS BEFORE???
I don't think it'll get you around nanny shit, but you can always try.
Also, Facebook will of course keep tracking you until you manually clear your cookies, even if you only visit FB via a private tab from now on, cause when you close the private tab it'll only throw away cookies created within the private tab.
Telarus, got a link to that OpenGraph thing?
And yes, I'm also thinking of deleting my Facebook account. Not that I ever used it, but it still sits there being a node in that graph connecting all my friends. Not that you can count on them really throwing it away, but it might help. Maybe I should unfriend half my friends randomly and befriend a bunch of random strangers first, to throw some noise in their DB. A drop in the ocean, probably.
http://nrek.co/technology/what-facebook-opengraph-means-for-you/
Yeah, I plan to delete my account. Clear all my cookies in all browsers, and then only use FB in an incognito Chrome window... Do I need to clear my chrome cookies manually after each session as well?
Ya, this is the tipping point for me. Granted I do have 3 FB profiles :lulz: one of which is there just as noise.
Quote from: Telarus on September 25, 2011, 07:59:38 PM
http://nrek.co/technology/what-facebook-opengraph-means-for-you/
Yeah, I plan to delete my account. Clear all my cookies in all browsers, and then only use FB in an incognito Chrome window... Do I need to clear my chrome cookies manually after each session as well?
Huh, how would you "use" FB in an incognito window, when you deleted your acount?
About clearing cookies manually, I dunno, doesn't Chrome allow you to view what cookies you have? Just keep an eye on it? FB can only track you with cookies from a FB domain. You can probably set Chrome to wipe all cookies on exit automatically, if you like. I used to have that setting in Opera years back, it's not as inconvenient as it seems, because you usually have the same browser open all day long anyway. So you just need to log on again fresh when you boot up in the morning.
Heyyyyy European folks, check this out:
http://europe-v-facebook.org/EN/Get_your_Data_/get_your_data_.html
Apparently EU law says you're entitled to request ALL data FB has been tracking about you :lulz:
BTW if you plan on doing the above, you need to scan your ID. You are allowed to obscure the following:
- blur or obscure the photograph
- write "Request to access data from Facebook <date>" over where the photograph was the whole scan, so no one else can use the scan for something else (in case it gets "misplaced")
- obscure your social security number. this is a number for communication between you and the state, in addition to a bunch of organisations the state decided are allowed to use it. Facebook is not one of them. Nor are they your employer (who is also required to have it).
from https://pim.bof.nl/gebruikers/geef-niet-meer-dan-nodig/
edit: correction, misread the article. you should mark the entire scan, like diagonally, so nobody can cut it away and use it for another purpose
Quote from: Triple Zero on September 25, 2011, 09:24:36 PM
Heyyyyy European folks, check this out:
http://europe-v-facebook.org/EN/Get_your_Data_/get_your_data_.html
Apparently EU law says you're entitled to request ALL data FB has been tracking about you :lulz:
Aw yeah. I'm totally going to do this.
Quote from: Triple Zero on September 25, 2011, 08:44:04 PM
Quote from: Telarus on September 25, 2011, 07:59:38 PM
http://nrek.co/technology/what-facebook-opengraph-means-for-you/
Yeah, I plan to delete my account. Clear all my cookies in all browsers, and then only use FB in an incognito Chrome window... Do I need to clear my chrome cookies manually after each session as well?
Huh, how would you "use" FB in an incognito window, when you deleted your acount?
Possibly rebooting to a 'portfolio' account (different email address). Simply for online ID management / personal branding / etc (my friend Nick Pell is also thinking about doing this). Still thinking it over tho.
Quote from: Cain on September 25, 2011, 09:41:49 PM
Quote from: Triple Zero on September 25, 2011, 09:24:36 PM
Heyyyyy European folks, check this out:
http://europe-v-facebook.org/EN/Get_your_Data_/get_your_data_.html
Apparently EU law says you're entitled to request ALL data FB has been tracking about you :lulz:
Aw yeah. I'm totally going to do this.
Be sure to check the rest of the site, VERY interesting info, an (incomplete but extensive) rundown of all the types of data FB collects about you:
http://europe-v-facebook.org/EN/Data_Pool/data_pool.html
Sure we knew this already, but it's quite an eye opener to see it listed out as a fact right there.
And indeed, whatever you delete, never gets deleted for real, just marked "deleted" and invisible.
I do have an auto-erase-cookies setting for whenever the computer's shut off. So my cache is cleared pretty regularly. I noticed with these inprivacy windows, my passwords are not saved like they are in the "normal" tabs. Very interesting.
A very good and thorough essay on Privacy:
http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
Addressing amongst other things the "if you got nothing to hide" retort, but also the right to know what is being stored about you.
The latter is kind of interesting in my case, because in Dutch society surveillance is rampant (our country of 17M has more phone-taps in absolute numbers than the USA). Basically it's only bearable because our government hasn't turned completely evil ... yet (and if I were Muslim, I might think differently perhaps), but there are lots of laws and regulations that allow one to request what sort of data is stored about you.
This sort of balances the scales a little bit. Especially because you can also request your data to be removed in certain (non-government) circumstances, and there's several types of centralized opt-out lists (for telemarketing etc) that actually work, have real consequences for companies not following them, and are quite effortless to sign up to (less than a minute online).
Hence my bemused surprise that Virgin wouldn't simply stop mailing me right away at my email request. A European corp could have potentially gotten in trouble for not immediately complying.
Of course it just balances the scales a tiny bit. And it hinges on the gov not being actively evil about it (seems their attention is elsewhere right now).
I especially worry, and that's one thing the article doesn't touch upon, the amount of data recorded about me not by the government, but by corporations. Now that's also very regulated in the Netherlands, but there's not quite enough checks to see if they follow the rules.
And then there's US or international corporations, collecting data about me, and the US gov can just subpoena them, and really they should have no business with my data at all. Like how they requested the Twitter data from that Icelandic politician, and the Dutch Wikileaks guy. And we only heard about that because Twitter decided to make a fuss about it. So in reality I must assume they're getting info from Twitter, Google and Facebook all the fucking time.
Unfortunately, sometimes I avoid tracking by using tor, which can be a pain..
http://venturebeat.com/2010/07/02/facial-recognition-camouflage/
The future will try its best to make us look as outlandish as possible. I'm calling it.
http://www.pearltrees.com/#/N-u=1_72898&N-p=11793649&N-s=1_819142&N-f=1_819142&N-fa=818179
Whole bunch of privacy stuff I found on Pearltrees. It's basically a site about socially mind mapping links if you've never been there.
Quote from: Xooxe on October 04, 2011, 10:33:30 AM
http://venturebeat.com/2010/07/02/facial-recognition-camouflage/
The future will try its best to make us look as outlandish as possible. I'm calling it.
Or just make everybody join the KISS Army
Quote from: axod on October 04, 2011, 09:14:28 AM
Unfortunately, sometimes I avoid tracking by using tor, which can be a pain..
Dude, what are you talking about? Tor hides nothing but your IP address ...
badly.
Quote from: Triple Zero on October 04, 2011, 08:55:20 AM
A very good and thorough essay on Privacy:
http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
Addressing amongst other things the "if you got nothing to hide" retort, but also the right to know what is being stored about you.
:mittens: that was a great article
Yet another reason to hate Facebook...
http://www.readwriteweb.com/archives/google_hands_wikileaks_volunteers_gmail_data_to_us.php
"Gmail users got a hefty dose of reality today when it was revealed that Google handed over one user's private data to the U.S. government, who requested it without a search warrant."
Quote from: Triple Zero on October 11, 2011, 04:28:38 PM
http://www.readwriteweb.com/archives/google_hands_wikileaks_volunteers_gmail_data_to_us.php
"Gmail users got a hefty dose of reality today when it was revealed that Google handed over one user's private data to the U.S. government, who requested it without a search warrant."
So much for "don't be evil".
Well they didn't have much choice in it. Both Google and the small ISP Sonic fought for the right to inform mr Appelbaum, and won (which is why we're hearing about this now). The ISP Sonic also fought against having to hand over the data at all, and it is not known whether Google fought this too, but they probably would have lost.
If they didn't fight it, it's probably got something to do with the antitrust thing they have against themselves, not wanting to get in a bad light vs the government.
Either way, whether Google is evil or not (they are), is not the point here, it's that the US Gov can request this data without a search warrant.
In fact, I've read something somewhere about Google and some other big names trying to work out a change in this "Electronic Communications and Privacy Act" because it was made in the 80s or early 90s and back then they didn't envision people would be storing all sorts of private data in the "cloud", so they didn't give it the same protection as, say, snailmail communications. I'll post links when I hear more about this.
More on Facebook
http://www.readersupportednews.org/news-section2/317-65/7854-facebook-can-track-web-browsing-without-cookies
QuoteThe Electronic Frontier Foundation cites a September 25th, 2011 blog post by hacker and writer Nik Cubrilovic that proved Facebook's session cookie was not being deleted upon log-out. Facebook responded with a "fix-it," but it raises serious concerns about whether one can effectively log-out of Facebook and whether or not Facebook can track users without the benefit of cookies.
According to Cubrilovic, he waited for a year to hear from Facebook on this privacy issue that he discovered, emailing them and reaching multiple dead-ends.
Two days later, on September 27th, Cubrilovic noted, "In summary, Facebook has made changes to the logout process and they have explained each part of the process and the cookies that the site uses in detail ... They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc."
EFF, however, is unequivocal in stating, "Facebook can track web browsing history without cookies."
"Facebook is able to collect data about your browser – including your IP address and a range of facts about your browser – without ever installing a cookie. They can use this data to build a record of every time you load a page with embedded Facebook content," added the EFF.
This ability to track users outside of Facebook is particularly troubling.
EFF states, "It's clear that Facebook does extensive cross-domain tracking, with two types of cookies and even without. With this data, Facebook could create a detailed portrait of how you use the Internet: what sites you visit, how frequently you load them, what time of day you like to access them. This could point to more than your shopping habits – it could provide a candid window into health concerns, political interests, reading habits, sexual preferences, religious affiliations, and much more."
That Facebook keeps this data on file for 90 days (before it's discarded or made anonymous) is a legitimate privacy concern and it could certainly be useful in the event U.S. intelligence services desires to build a profile of a particular user's web browsing.
Creepy. :x
IMO, it sounds a little bit FUD-y.
The cookie-less tracking method from EFF is http://panopticlick.eff.org which has been linked before. I'm a liiiiiitlebit suspicious about that thing, because it always tells me my browser is unique. But then, maybe it is, I'm running Opera on Ubuntu Netbook, which is not very common at all, and who knows what settings I've changed that really makes it unique.
Anyway, as you try out Panopticlick (you can trust the EFF), you'll notice it's hardly unobtrusive. At least, it slowed down my computer for a bit while it was profiling me.
So, while Facebook (as well as any other big advertising network, such as, say, Google Ads) technically has the capability to do this, I really strongly doubt they're actually doing it right now. There's no evidence to suggest it. And to be quite frank, there's not really any conclusive evidence that Facebook tracked people via "Like" after they logged out. Just that it would have been really really easy for them to do so, because of the user-ID cookie sticking around. Implementing a sort of Panopticlick-like tracking/ID mechanism is quite a lot more effort.
And one thing that really doesn't make sense is, see the not-quite-logging-out cookie problem really was Facebook's fault. But Panopticlick is EFF's invention, a proof of concept to show that it can technically be done. So in all fairness, it's kind of a stretch to pin this on Facebook, just because they technically *could* use that technique (as could anybody else).
So in reality this is a far bigger problem, namely every ad network, pagecounter network, analytics network or whatever that loads cross-domain javascript or iframes is capable of tracking users via a Panopticlick-like technique.
Well okay, except that with Facebook there is always the added danger that in addition they do always have the ability to link it to your Facebook Profile. That does make it extra bad.
On the other other hand, fuck Facebook. Fuck them right in their Googly ears. Google feces-fuckface book smash their sockets in. So yeah, I do in fact believe they are in the habit of abducting young children to implant chips in their butt-cheeks. And they track your browser, too. Fuck those facefuckers. Spread the message. Tell your friends. Please RT!
http://www.zdnet.com/blog/facebook/facebook-releasing-your-personal-data-reveals-our-trade-secrets/4552
Worth reading, any snip I'd make would leave out a lot.
Quote from: Luna on October 15, 2011, 02:41:37 AM
http://www.zdnet.com/blog/facebook/facebook-releasing-your-personal-data-reveals-our-trade-secrets/4552
Worth reading, any snip I'd make would leave out a lot.
That is VERY interesting, thanks for the link!
Also I just deleted my Facebook profile. I'll just make a new one if needed. Or two. It's not like finding all those friends and acquaintances is made hard for you or anything.
Funny how it "feels" doing that, even if I hardly ever used it or just logged on for the first time in months, today. "Will they think I'm dead?" :lol:
It's ON, FACEBITCHES
http://www.identityblog.com/?p=1201
Quote from: Triple Zero on October 04, 2011, 01:21:16 PM
Dude, what are you talking about? Tor hides nothing but your IP address ... badly.
Granted. But if tor is not sufficient for switching (hiding) IP's, is it that you trace the IP back to origin with statistical analysis? That would be hard to prove beyond a reasonable doubt: to identify a user as being connected to tor is not the same as identifying a particular tor user? Which is good enough for evading sated fb tracking concerns?
Quote from: axod on October 20, 2011, 12:12:03 AM
Quote from: Triple Zero on October 04, 2011, 01:21:16 PM
Dude, what are you talking about? Tor hides nothing but your IP address ... badly.
Granted. But if tor is not sufficient for switching (hiding) IP's, is it that you trace the IP back to origin with statistical analysis?
Amongst other things.
There's also the problem that there are only a rather small number of Tor Exit Nodes, and you can bet that a rather large percentage of them are actually operated by all sorts of secret gov agencies. Why wouldn't they.
People of the general populace don't really like to set up a Tor Exit Node, because those are the unencrypted outlets of the Tor network so there's a good chance you'd be emitting kiddie pron or other ugly stuff.
Now technically, the Tor network is designed to even protect you against statistical analysis by DPI at the border, MITM or just analysis at the exit nodes.
But if you surf on your Facebook profile, well your IP might be all hidden and stuff, but the profile shows exactly who you are anyway, so that's why Tor is just the wrong tool for such a job. It's like wearing a fake moustache to prevent your voice from being recognized on the phone.
QuoteThat would be hard to prove beyond a reasonable doubt: to identify a user as being connected to tor is not the same as identifying a particular tor user?
I'm not really sure what you mean here?
"Beyond a reasonable doubt" sounds like you expect to be up against a court of law or something? In that case you're dealing with a whole different type of risk scenario. If you want to do something criminal, it's best to build a powerful cantenna from a Pringles tube, boot BackTrack Linux from a USB stick on an otherwise innocent laptop, use the cantenna to hack into a far away wifi network and then make sure that there's no evidence what you did on that laptop when you're done. Also, hide the USB stick and the cantenna.
QuoteWhich is good enough for evading sated fb tracking concerns?
Facebook doesn't really care about your IP, because they got something better, your Facebook profile.
I bet they don't even use your IP for anything except just for logging, in case somebody hacks something.
So Facebook doesn't care whether you use Tor or not, they know exactly where your friends live, regardless.
Clearing out your cookies helps somewhat, as I explained a few pages back.
Security Flaw Links BitTorrent Users to Skype Accounts (http://torrentfreak.com/security-flaw-links-bittorrent-users-to-skype-accounts-111020/)
In short: Skype has a security flaw that allows attackers to sort of "ping" Skype users and obtain their IP address. Cross-correlate this IP with the public data queried from DHTs1 in BitTorrent swarms, and you get a connection of what Skype Accounts share what torrents.
Skype doesn't seem to care very much about this flaw.
I think it's an odd security flaw as well. Because it's neither specific to Skype, nor to BitTorrent. Just data leakage.
Another point is that they fear scammers will start calling Skype accounts and blackmailing them.
1 Distributed Hash Tables (http://en.wikipedia.org/wiki/BitTorrent_(protocol)#Distributed_trackers), a relatively new (2005) BitTorrent feature that allows torrent clients to know what IPs are sharing what data, without the need for a centralized tracker, the upshot is that it gets you more peers. Without DHTs, the attacker would have to query many separate public BitTorrent trackers to get the same data, slightly but not much more effort.
Quote from: Triple Zero on September 25, 2011, 09:24:36 PM
Heyyyyy European folks, check this out:
http://europe-v-facebook.org/EN/Get_your_Data_/get_your_data_.html
Apparently EU law says you're entitled to request ALL data FB has been tracking about you :lulz:
http://www.smh.com.au/technology/technology-news/maxs-privacy-war-brings-facebook-to-heel-20111027-1mksg.html
Apparently this guy asked FB for his information, and he received over 1200 pages :eek:
Ooohh this is
bad ...
http://code.google.com/p/fbpwn/
QuoteUsage
A typical hacking scenario starts with gathering information from a user's FB profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.
Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the cloning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.
After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late!
Quote from: Triple Zero on October 29, 2011, 06:46:49 PM
Ooohh this is bad ...
http://code.google.com/p/fbpwn/
QuoteUsage
A typical hacking scenario starts with gathering information from a user's FB profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.
Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the cloning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.
After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late!
Glad I got rid of my FB and am re-booting it into a professional portfolio. :x
This is actually mighty awesome of Google, publishing data on government requests:
http://news.cnet.com/8301-1009_3-20125483-83/google-governments-seek-more-about-you-than-ever/
And indeed it would be sweet if Facebook and Microsoft followed suit, except for the bit where people would simply be all like "whut, why are you surprised?"
Also, the bit of unspoken cognitive dissonance here is how these companies, including Google, have no trouble collecting all this data for their advertisers, which is the reason why a lot of this data is kept in the first place, nor does any of these companies publish complete info on how much and what sort of data is actually used in this fashion (see also Facebook vs Europe).
"Ireland
Fewer than 10 removal requests
0% of removal requests fully or partially complied with"
BOOYA!
Also I love how china has only 150ish user data requests while the US has nearly 6000
Quote from: Triple Zero on November 07, 2011, 12:18:42 PM
This is actually mighty awesome of Google, publishing data on government requests:
http://news.cnet.com/8301-1009_3-20125483-83/google-governments-seek-more-about-you-than-ever/
And indeed it would be sweet if Facebook and Microsoft followed suit, except for the bit where people would simply be all like "whut, why are you surprised?"
Also, the bit of unspoken cognitive dissonance here is how these companies, including Google, have no trouble collecting all this data for their advertisers, which is the reason why a lot of this data is kept in the first place, nor does any of these companies publish complete info on how much and what sort of data is actually used in this fashion (see also Facebook vs Europe).
BIG BROTHER IS WATCHING YOU.
Also,
QuoteOther countries seeking lots of user data were India (more than 1,700 requests involving more than 2,400 accounts), France, the United Kingdom, and Germany. Google says it complied most of the time in those cases, except in France.
:?
France has a bunch of solid privacy laws, apparently.
Quote from: Triple Zero on November 07, 2011, 08:39:38 PM
France has a bunch of solid privacy laws, apparently.
They pride themselves on the Liberté egality fraternity craic and take it very seriously and the people are vocal about anything that bothers them, the national passtime is striking
Quote from: Faust on November 07, 2011, 08:51:35 PM
Quote from: Triple Zero on November 07, 2011, 08:39:38 PM
France has a bunch of solid privacy laws, apparently.
They pride themselves on the Liberté egality fraternity craic and take it very seriously
Except when it applies to Algerians, Muslims and gypsies.
Also, France is about as heavily surveillanced as any other liberal democracy. However, the proceeds of such surveillance tend to be for political gain, and are mostly mitigated by counter-surveillance (you reveal my mistress, I reveal your mistress etc) and so typically the effects are not felt outside of elite circles and the media, who are complicit in the whole thing.
It's not quite as corrupt as Italy, but, then, few things are.
Ah, OK. Makes sense.
It's funny that the article just dropped that in there with no explanation, as if everyone knows about France. :lulz:
Yeah, I only knew it because some commenter somewhere asked the very same question :)
I just got a letter from Verizon saying that they're going to start selling data collected from my smartphone usage. And that I can opt out of this by going to a website etc etc.... the annoying thing is that the letter came in the exact same junk mail card stock / font / format as the junk mail they send out every so often saying "NEW EVERY 2! GET A NEW PHONE WITH A NEW CONTRACT D00D!"
Just a quick heads up, Facebook is now publishing articles that you read on other sites in your & your friends feeds. I don't know how publicly they're sharing it, but being Facebook, it's probably maximum publicity.
Quote from: Golden Applesauce on November 10, 2011, 12:58:09 AM
Just a quick heads up, Facebook is now publishing articles that you read on other sites in your & your friends feeds. I don't know how publicly they're sharing it, but being Facebook, it's probably maximum publicity.
Yep, and you can't turn it off.
Funny thing is, they've pulled a ton of obnoxious stuff, and this is the first thing that has made me unconsciously, reflexively avoid logging on to Facebook.
I think you have to like the publications page or add it's app for it to show up, as I have read a couple of the articles my friends read (according to fb) and it didn't publicly announce it, but it did ask if I wanted to add the publications fb app.
Quote from: Rumckle on November 10, 2011, 03:43:12 AM
I think you have to like the publications page or add it's app for it to show up, as I have read a couple of the articles my friends read (according to fb) and it didn't publicly announce it, but it did ask if I wanted to add the publications fb app.
Nope. Me and several other afflicted friends have been going through contortions trying to figure out why the fuck the shit is on our feeds.
Ah ok, that's pretty fucking annoying then.
Is that still happening to you while you're logged out of FB?
Quote from: Cramulus on November 10, 2011, 04:14:15 PM
Is that still happening to you while you're logged out of FB?
:?
What I'm talking about shows up in my FB newsfeed... it's a little section at the top of my feed showing what news stories other people have recently read. Fucking pisses me off.
It's times like this that I'm glad I usually only log on to FB on my phone. I'm sure they'll find a way eventually, but for now it's pretty utilitarian.
I think what Cram meant was, were you logged into your facebook profile when you were viewing these news sites webpages, or were you logged out when you read them?
This is worth knowing, because then we know if FB really is tracking people after they log out. We know it's technically possible...
Quote from: Cain on November 10, 2011, 09:18:46 PM
I think what Cram meant was, were you logged into your facebook profile when you were viewing these news sites webpages, or were you logged out when you read them?
This is worth knowing, because then we know if FB really is tracking people after they log out. We know it's technically possible...
It is, I was logged out and I was looking up paradise lost audiobooks and then what do you know, the sponsored adverts on FB were the very same audiobooks I had been looking at previously.
Ah, I see...
There's a banner on the right hand side of the screen that pops up what's going up on the feeds of your friends. Some friends have shit that goes up, like what articles they're reading, what they're listening to on Spotify, that kinda shit.
Quote from: Faust on November 10, 2011, 10:21:54 PM
Quote from: Cain on November 10, 2011, 09:18:46 PM
I think what Cram meant was, were you logged into your facebook profile when you were viewing these news sites webpages, or were you logged out when you read them?
This is worth knowing, because then we know if FB really is tracking people after they log out. We know it's technically possible...
It is, I was logged out and I was looking up paradise lost audiobooks and then what do you know, the sponsored adverts on FB were the very same audiobooks I had been looking at previously.
Fuckers.
Quote from: Cain on November 10, 2011, 09:18:46 PM
I think what Cram meant was, were you logged into your facebook profile when you were viewing these news sites webpages, or were you logged out when you read them?
This is worth knowing, because then we know if FB really is tracking people after they log out. We know it's technically possible...
If it did I wouldn't know, because what I read doesn't show up in my own feed. Only what other people read.
Quote from: Cain on November 10, 2011, 11:16:06 PM
Quote from: Faust on November 10, 2011, 10:21:54 PM
Quote from: Cain on November 10, 2011, 09:18:46 PM
I think what Cram meant was, were you logged into your facebook profile when you were viewing these news sites webpages, or were you logged out when you read them?
This is worth knowing, because then we know if FB really is tracking people after they log out. We know it's technically possible...
It is, I was logged out and I was looking up paradise lost audiobooks and then what do you know, the sponsored adverts on FB were the very same audiobooks I had been looking at previously.
Fuckers.
Chrome Incognito / FF Private Mode
I use this chrome extension too [urlhttps://chrome.google.com/webstore/detail/jeoacafpbcihiomhlakheieifhpjdfeo]DISCONNECT[/url]
I haven't touched FB on this machine for 3 weeks, as I'm going thro the delete process (so I can reboot my irl name as a portfolio and take back a little bit of my identity-control from FB). But back when I was, I'd see this extension count the times FB queried my browser from a totally non-FB page. It was getting ridiculous, which is why I deleted my account.
Palantir, the War on Terror's Secret Weapon (http://www.businessweek.com/printer/magazine/palantir-the-vanguard-of-cyberterror-security-11222011.html): A Silicon Valley startup that collates threats has quietly become indispensable to the U.S. intelligence community
Palantir has been used to find suspects in a case involving the murder of a U.S. Immigration and Customs Enforcement special agent, and to uncover bombing networks in Syria, Afghanistan, and Pakistan. "It's like plugging into the Matrix," says a Special Forces member stationed in Afghanistan who requested anonymity out of security concerns. "The first time I saw it, I was like, 'Holy crap. Holy crap. Holy crap.' "
Of course it's not just being used for spying outside of the US.
Anyway, it sounds like finally somebody built a proper piece of software to combine computer analysis/AI and human skills (which is the best and only way to properly do it) and make use of the enormous amounts of data available to a surveillance state.
I don't like it. Of course it was just a matter of time, but incompetent analysis also provided a certain amount of privacy, in a similar fashion that obscurity somewhat provides security.
"Palantir" -- hahaha .... that's the name of the crystal ball that Sarumon uses to spy on middle earth. Wow.
Good news for privacy!
Article:
http://www.forbes.com/sites/kashmirhill/2011/11/29/facebooks-mark-zuckerberg-weve-made-a-bunch-of-mistakes/
Excerpts:
Facebook got poked by the Federal Trade Commission today. The agency tasked with investigating companies for "unfair and deceptive business practices" concluded a two-year long investigation into Facebook and slapped the social networking giant on the wrist for its privacy mistakes, sentencing it to twenty years of biennial privacy audits and requiring it to get consent from its users before sharing their information. The settlement is nearly identical to that reached with Google over Buzz earlier this year.
What did facebook do wrong?
-In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
-Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
Facebook promised users that it would not share their personal information with advertisers. It did.
Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.
Liebowitz says: "If they don't follow through with that commitment, they'll be paying $16,000 per privacy violation, per the FTC settlement."
:eek:
here's a quote from Zuckerberg:
QuoteI also understand that many people are just naturally skeptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service. Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It's important for people to think about this, and not one day goes by when I don't think about what it means for us to be the stewards of this community and their trust.
alright Mark, I did think about it.
I share personal information for social reasons. You share personal information for commercial reasons. But the difference is, once I submit a piece of data about myself, it's no longer my property, and may be traded between businesses without my consent. If your goal is to create an "open society", I should have the opportunity to know what's being traded, with whom, and object to it.
Got a HTC/Android, Blackberry or Nokia Smartphone?
Everything you do on it is being logged and sent to a company named Carrier IQ.
http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/
http://www.wired.com/threatlevel/2011/11/secret-software-logging-video/
As far as I understand it's only installed on phones with a US carrier.
This is a pretty big scandal, I expect to hear more about it.
iPhone too:
http://www.theverge.com/2011/11/30/2601875/carrier-iq-references-discovered-apple-ios-iphone
http://blog.chpwn.com/post/13572216737
(edit: second link)
And another link:
http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/
Carrier IQ: What it is, what it isn't, and what you need to know (http://www.engadget.com/2011/12/01/carrier-iq-what-it-is-what-it-isnt-and-what-you-need-to/)
Full-Body Scan Technology Deployed In Street-Roving Vans (http://www.forbes.com/sites/andygreenberg/2010/08/24/full-body-scan-technology-deployed-in-street-roving-vans/2/)
QuoteAS&E's Reiss counters privacy critics by pointing out that the ZBV scans don't capture nearly as much detail of human bodies as their airport counterparts. The company's marketing materials say that its "primary purpose is to image vehicles and their contents," and that "the system cannot be used to identify an individual, or the race, sex or age of the person."
Though Reiss admits that the systems "to a large degree will penetrate clothing," he points to the lack of features in images of humans like the one shown at right, far less detail than is obtained from the airport scans. "From a privacy standpoint, I'm hard-pressed to see what the concern or objection could be," he says.
Quote from: Triple Zero on December 04, 2011, 11:31:28 PM
Full-Body Scan Technology Deployed In Street-Roving Vans (http://www.forbes.com/sites/andygreenberg/2010/08/24/full-body-scan-technology-deployed-in-street-roving-vans/2/)
QuoteAS&E's Reiss counters privacy critics by pointing out that the ZBV scans don't capture nearly as much detail of human bodies as their airport counterparts. The company's marketing materials say that its "primary purpose is to image vehicles and their contents," and that "the system cannot be used to identify an individual, or the race, sex or age of the person."
Though Reiss admits that the systems "to a large degree will penetrate clothing," he points to the lack of features in images of humans like the one shown at right, far less detail than is obtained from the airport scans. "From a privacy standpoint, I'm hard-pressed to see what the concern or objection could be," he says.
WHAT THE FUCK WHY DO WE NEED THIS? WHAT THE FUCK! FUCK.
This is what evil looks like.
Quote from: Nigel on December 05, 2011, 05:47:50 PM
Quote from: Triple Zero on December 04, 2011, 11:31:28 PM
Full-Body Scan Technology Deployed In Street-Roving Vans (http://www.forbes.com/sites/andygreenberg/2010/08/24/full-body-scan-technology-deployed-in-street-roving-vans/2/)
QuoteAS&E's Reiss counters privacy critics by pointing out that the ZBV scans don't capture nearly as much detail of human bodies as their airport counterparts. The company's marketing materials say that its "primary purpose is to image vehicles and their contents," and that "the system cannot be used to identify an individual, or the race, sex or age of the person."
Though Reiss admits that the systems "to a large degree will penetrate clothing," he points to the lack of features in images of humans like the one shown at right, far less detail than is obtained from the airport scans. "From a privacy standpoint, I'm hard-pressed to see what the concern or objection could be," he says.
WHAT THE FUCK WHY DO WE NEED THIS? WHAT THE FUCK! FUCK.
This is what evil looks like.
Well, actually, evil looks like 301,000,000 complacent fatasses that will not only put up with this sort of thing, but
demand it. "Make me SAFE", they say, "and don't worry about who watches the watchmen."
Tyranny doesn't just show up. It's invited.
Quote from: The Good Reverend Roger on December 05, 2011, 06:22:30 PM
Quote from: Nigel on December 05, 2011, 05:47:50 PM
Quote from: Triple Zero on December 04, 2011, 11:31:28 PM
Full-Body Scan Technology Deployed In Street-Roving Vans (http://www.forbes.com/sites/andygreenberg/2010/08/24/full-body-scan-technology-deployed-in-street-roving-vans/2/)
QuoteAS&E's Reiss counters privacy critics by pointing out that the ZBV scans don't capture nearly as much detail of human bodies as their airport counterparts. The company's marketing materials say that its "primary purpose is to image vehicles and their contents," and that "the system cannot be used to identify an individual, or the race, sex or age of the person."
Though Reiss admits that the systems "to a large degree will penetrate clothing," he points to the lack of features in images of humans like the one shown at right, far less detail than is obtained from the airport scans. "From a privacy standpoint, I'm hard-pressed to see what the concern or objection could be," he says.
WHAT THE FUCK WHY DO WE NEED THIS? WHAT THE FUCK! FUCK.
This is what evil looks like.
Well, actually, evil looks like 301,000,000 complacent fatasses that will not only put up with this sort of thing, but demand it. "Make me SAFE", they say, "and don't worry about who watches the watchmen."
Tyranny doesn't just show up. It's invited.
Point. :x
Not to derail the discussion of what the ubiquidous "they" are doing with your data, but what about "grassroots" evildoers? Although I've not read the posted articles detailing the specifics of how facebook's tracking system works, the discussion leads me to the point that they're essentially storing a couple of session cookies which contain (among other things) a unique ID tying that cookie to your account.
Anyway, my point is, assuming I understand this fully, couldn't an attacker hypothetically obtain your account's unique ID (I dunno how itd be done...infosec isn't my specialty afterall) and then essentially modify/spoof one of these cookies and then rampantly impersonate you to make it appear that you're viewing "less than acceptable" materials?
Well...it'd be easier to use it to in order to compromise even more data about yourself and either empty your bank account or sell your identity onto people, but I suppose they could do that as well. If they were really bored.
Lol...good point. I guess I got ahead of myself in that the methods used for stealing the cookie's data would probably be the same techniques used to steal financial account data.
A further point I could have made was that perhaps an attacker could set up a site with illegal content on it (CP, drug trafficing etc) as well as one of those "share it on facebook" things and then use your cookie to essentially frame you for looking at truely unsavory materials; but this too is a moot point...I'm sure if you could get enough access to loot and pillage financial data (and this cookie), you could probably plant illegal data onto the machine too...thanks for putting things into a wider perspective.
Quote from: Von Zwietracht on December 07, 2011, 08:13:49 AM
Anyway, my point is, assuming I understand this fully, couldn't an attacker hypothetically obtain your account's unique ID (I dunno how itd be done...infosec isn't my specialty afterall) and then essentially modify/spoof one of these cookies and then rampantly impersonate you to make it appear that you're viewing "less than acceptable" materials?
No they can't. Because cookies like Javascript are subject to cross-domain restrictions.
The problem is that the FaceBook "Like" button that is so ubiquitous on the web is not just an image, but an IFRAME generated by a piece of JavaScript, which circumvents the cross-domain policy, but only in a one-way manner:
When the IFRAME is loaded, its src attribute points to an URL on a FB domain. The server at this domain receives a request from the user's browser. Because this request happens at a FB domain, the browser sends the FB cookie with this request. This is standard behaviour. The server now knows which FB account this is. But it
also sees in the Referer header of the request the URL of the page where this IFRAME has been embedded. Combining these two pieces of knowledge, it looks up how many FB-friends of the user "Like" that Page/URL, then returns a piece of HTML that shows the "thumbs-up" icon and the text "23 of your friends like this" or whatever.
So that's how Facebook tracks your account to every website you visit (that has a "Like" button) regardless of whether you click it or not.
And then it turns out that even when you click "logout" from Facebook, it just marks your session as "logged out", but there's still a cookie that contains your Facebook user-ID. Facebook
claims they don't use it to track you even if you're "logged out" (but for some other "technical" reason), but they could, and there's no way to tell.
Quote from: Rumckle on October 04, 2011, 12:05:10 PM
Quote from: Xooxe on October 04, 2011, 10:33:30 AM
http://venturebeat.com/2010/07/02/facial-recognition-camouflage/
The future will try its best to make us look as outlandish as possible. I'm calling it.
Or just make everybody join the KISS Army
Or become a Juggalo.
http://www.youhavedownloaded.com/
Some Russian developers are monitoring and logging traffic on public torrent trackers, show what you have recently download via the torrents.
You can also enter other people's IP, which is
interesting. It doesn't show all torrents, but they claim to be able to monitor about 20% of all public bittorrent downloads.
http://torrentfreak.com/i-know-what-you-downloaded-on-bittorrent-111210/
QuoteTorrentFreak got in touch with Suren Ter, one of the site's founders, to find out why they decided to create this spying tool.
"We just want to remind people that the Internet is not a place to expect privacy," he says. "Nowadays many people use it without understanding what information they leave behind. Also, even those who understand choose to ignore it quite often.
Very true indeed. Definitely makes me wonder if I should do something for myself about it. Though my downloads are all relatively tame, and Dutch legislation
so far does not target individual citizens, it is only a matter of time, of course.
Their "removal terms" are also interesting, to say the least:
http://www.youhavedownloaded.com/removeme
Requiring to identify by logging into your Facebook account? HA!
It's a fucking brilliant troll.
There's also some evidence (domain registration etc) that they might be an America-based instead of Russian, btw.
Oh and then there's the "don't take it seriously" link/popup at the bottom left:
QuoteDon't take it seriously
The privacy policy, the contact us page — it's all a joke. We came up with the idea of building a crawler like this and keeping the maintenance price under $300 a month. There was only one way to prove our theory worked — to implement it in practice. So we did. Now, we find ourselves with a big crawler. We knew what it did but we didn't know how to use it. So we decided to make a joke out of it. That's the beauty of jokes — you can make them out of anything.
However, if you have a better idea — don't hesitate to contact us.
Still, the
data is real. Though looking back through my old IPs (mine changes every few months or so), it's really hit and miss.
Quote from: Triple Zero on December 11, 2011, 09:42:18 PM
Still, the data is real. Though looking back through my old IPs (mine changes every few months or so), it's really hit and miss.
Is there a way to find out what your old IP addresses were? Or do you just happen to write yours down every month or so?
I ask because the website says isn't showing my downloads, so I think my IP address changed recently.
Quote from: Lord Cataplanga on December 12, 2011, 04:09:47 AM
Quote from: Triple Zero on December 11, 2011, 09:42:18 PM
Still, the data is real. Though looking back through my old IPs (mine changes every few months or so), it's really hit and miss.
Is there a way to find out what your old IP addresses were? Or do you just happen to write yours down every month or so?
I ask because the website says isn't showing my downloads, so I think my IP address changed recently.
Well, not really. It's cause I'm admin on PD and so I used the "Track User" admin feature on my own profile, which shows every IP I ever posted with :)
Looking at your profile, indeed it shows a fuckton of different IPs. I'll PM you the list. Unfortunately they're not sorted by date or anything. Figuring out the most recent few is a bit more clickwork.
Remember: While having a dynamic IP is hyper-useful when trolling and circumventing IP bans, it doesn't offer much protection against eventual lawsuits for downloading torrents, because your ISP is required to keep records of (among other things) which IP was assigned to which client during which time-period.
Are you on Linux or Windows? Cause your idea of writing them down makes me think it would be easy + you-never-know-useful to indeed keep track of my own IP per date/time. I mean, if my ISP keeps those records, I should have them too. So I'm gonna write a bash script to do just that--which is for Linux, it can be done with clever batch-files in Windows as well, but you're going to have to ask some other batch-scripting wizard to do it.
Oh, I never noticed I can see my own IP address underneath my own posts (you don't need to be an admin to see your own IPs, apparently).
I use Linux most of the time, but I keep a virtual machine with Windows XP and a cheap(ish) Nokia phone with an EDGE Internet connection for trolling, because there are already too many trolls in my ISP (I am sometimes IP banned in sites I've never visited :D)
If you could share that bash script I would really appreciate it.
Quote from: Lord Cataplanga on December 12, 2011, 03:34:23 PM
Oh, I never noticed I can see my own IP address underneath my own posts (you don't need to be an admin to see your own IPs, apparently).
I use Linux most of the time, but I keep a virtual machine with Windows XP and a cheap(ish) Nokia phone with an EDGE Internet connection for trolling, because there are already too many trolls in my ISP (I am sometimes IP banned in sites I've never visited :D)
If you could share that bash script I would really appreciate it.
#!/bin/bash
cat ips.txt | awk '
END {
"curl -s http://whatismyip.org/" | getline CUR_IP;
"date +\"%F %R\"" | getline NOW;
if (CUR_IP != $3) print NOW, CUR_IP;
}' >> ips.txtJust needs two things that I haven't completely figured out yet, 1) it needs to be run daily, so it needs to go into the
crontab or something, and 2) currently it appends the date+IP (if it has changed) to the file
ips.txt in the current directory (which must exist) but I'm not sure what the current directory will be for a script that's run from the
crontab so it should be changed to some file with an absolute path (twice), like
/home/triplezero/ips.txt or something.
Quote from: Triple Zero on December 12, 2011, 08:30:30 PM
Quote from: Lord Cataplanga on December 12, 2011, 03:34:23 PM
Oh, I never noticed I can see my own IP address underneath my own posts (you don't need to be an admin to see your own IPs, apparently).
I use Linux most of the time, but I keep a virtual machine with Windows XP and a cheap(ish) Nokia phone with an EDGE Internet connection for trolling, because there are already too many trolls in my ISP (I am sometimes IP banned in sites I've never visited :D)
If you could share that bash script I would really appreciate it.
#!/bin/bash
cat ips.txt | awk '
END {
"curl -s http://whatismyip.org/" | getline CUR_IP;
"date +\"%F %R\"" | getline NOW;
if (CUR_IP != $3) print NOW, CUR_IP;
}' >> ips.txt
Just needs two things that I haven't completely figured out yet, 1) it needs to be run daily, so it needs to go into the crontab or something, and 2) currently it appends the date+IP (if it has changed) to the file ips.txt in the current directory (which must exist) but I'm not sure what the current directory will be for a script that's run from the crontab so it should be changed to some file with an absolute path (twice), like /home/triplezero/ips.txt or something.
Strange. When I visit http://whatismyip.org/ with my web browser, it gives the correct IP (it matches the one at the bottom of my post), but when I do this:
curl "http://whatismyip.org/"on the command line, it says 46.22.211.117 :?
Oh, well, guess I'll just have to lurk less and post more :)
Thaaaaat is really weird.
You should try with several other "what is my IP" sites. Just google for them, there's many. I just picked this one because it returns the IP clean without any HTML around it. Google also will tell you your IP if you search that, or just query "ip", but it blocks the user-agents of wget and curl with a 403, and I didnt want to deal with that.
Any idea if your browser goes through a proxy or is on a different network device or something? Because otherwise I have no idea to explain that behaviour. And now I'm very curious :)
Querying that other IP leaves some very strange results:
http://networktools.nl/whois/46.22.211.117
https://www.google.com/search?q=46.22.211.117
Where are you located anyway? The one in your posts says Uruguay/Paraguay, but the 46.22.211.117 one says Estonia ... what the fuuuuuck. (via http://www.ipaddresslocation.org/ip-address-locator.php )
You, sir, are on some weird motherfucking network.
Quote from: Triple Zero on December 12, 2011, 11:03:29 PM
Any idea if your browser goes through a proxy or is on a different network device or something? Because otherwise I have no idea to explain that behaviour. And now I'm very curious :)
My browser is not the problem, because it gives the correct answer when I actually visit http://whatismyip.org/
It's only when I use curl on the command line that I get weird results, like this:
curl http://whatismyip.org/ > IP.txtOutput:
199.48.147.46Which is not only different from the one I got earlier, but it's apparently the address of a Tor exit router located in San Francisco. (http://www.ip-adress.com/ip_tracer/199.48.147.46) :?
Not giving up easily, I tried using a different website, like you suggested:
curl http://ip.interchile.com/ > IP.htmland after opening IP.html with Firefox, I got the correct IP address (the one from Paraguay, not Estonia).
So in conclusion, the problem was whatismyip.org, which is too bad, because I liked that site's (lack of) format.
http://www.muckrock.com/news/archives/2011/dec/12/fbi-carrier-iq-files-used-law-enforcement-purposes/
FBI says: Carrier IQ files used for "law enforcement purposes"
Quote from: Telarus on December 13, 2011, 08:18:52 AM
http://www.muckrock.com/news/archives/2011/dec/12/fbi-carrier-iq-files-used-law-enforcement-purposes/
FBI says: Carrier IQ files used for "law enforcement purposes"
Quote from: From the articleA recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents - but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.
It's a little too late for that, I think. Any criminal that reads that article is going to be super paranoid around smartphones, even if they don't know what specifically they should feel paranoid about.
Quote from: Lord Cataplanga on December 13, 2011, 12:52:54 AM
Quote from: Triple Zero on December 12, 2011, 11:03:29 PM
Any idea if your browser goes through a proxy or is on a different network device or something? Because otherwise I have no idea to explain that behaviour. And now I'm very curious :)
My browser is not the problem, because it gives the correct answer when I actually visit http://whatismyip.org/
It's only when I use curl on the command line that I get weird results, like this:
curl http://whatismyip.org/ > IP.txt
Output:
199.48.147.46
Which is not only different from the one I got earlier, but it's apparently the address of a Tor exit router located in San Francisco. (http://www.ip-adress.com/ip_tracer/199.48.147.46) :?
Not giving up easily, I tried using a different website, like you suggested:
curl http://ip.interchile.com/ > IP.html
and after opening IP.html with Firefox, I got the correct IP address (the one from Paraguay, not Estonia).
So in conclusion, the problem was whatismyip.org, which is too bad, because I liked that site's (lack of) format.
That is still fucking weird.
Try another couple of IP-telling sites with curl, would you? There's also whatismyip.com which is a different site. But indeed the lack of format was very useful.
btw I updated the script a bit:
#!/bin/bash
IPLOG='/home/triplezero/ips.txt'
cat $IPLOG | awk '
END {
"curl -s http://whatismyip.org/" | getline CUR_IP;
"ddate +\"%{%d%b(%a)%}%Y\"" | getline DATE;
DATE=substr(DATE,length(DATE)-12)
if (CUR_IP && CUR_IP != $4)
printf("%s %s %s\n", strftime("%F %R"), DATE, CUR_IP);
}' >> ips.txt
if [[ $1 == '-v' ]]; then
tail -n1 $IPLOG
fiIs nice because you can give it -v and it'll tell you your current IP plus the time when it was first found.
But for you I should fix it so it can curl any website and then regex out the IP part. I'll get back to that.
Hey, Lord Cataplanga, I just found that www.whatismyip.com (which is a different site than .org) has a special "automation" page, which also returns just the IP and no HTML, try this URL:
http://automation.whatismyip.com/n09230945.asp
does it tell you the right IP?
This is the new script then: (it also fixes another dumb mistake in line 10 btw)
!/bin/bash
IPLOG='/home/triplezero/ips.txt'
cat $IPLOG | awk '
END {
"curl -s http://automation.whatismyip.com/n09230945.asp" | getline CUR_IP;
"ddate +\"%{%d%b(%a)%}%Y\"" | getline DATE;
DATE=substr(DATE,length(DATE)-12)
if (CUR_IP && CUR_IP != $4)
printf("%s %s %s\n", strftime("%F %R"), DATE, CUR_IP);
}' >> $IPLOG
if [[ $1 == '-v' ]]; then
tail -n1 $IPLOG
fi
And I'm still intrigued why whatismyip.org gives you a different IP from curl than from your webbrowser, and especially why it does that for you but not for me. Can you try a couple of things?
curl --trace-ascii - http://whatismyip.org shows a complete trace of all connections, request and response data
curl -iA 'Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0' --trace-ascii - http://whatismyip.org same thing except it sends your Firefox User-Agent instead of curl's default one.
wget http://whatismyip.org to see if wget gives you a different IP as well (find out whether it's curl's user agent causing the behaviour or the fact that you're making a connection from the terminal instead of browser)
links http://whatismyip.org or lynx or elinks, whichever textbased browser you have installed. for same reason as wget.
except trying some of these curl variations, sometimes whatismyip.org closed the connection right away, depending on whether I specified -i (include header in output) or not. suggesting some subtle timing issue or weirdness, so yeah it's probably the whatismyip.org server, I just wonder why you get it and I don't.
BTW, I just saw that Paraguay has the top-level domain .py :) That's pretty cool if you want to register a Python related website :D
Your script worked perfectly on my netbook (after I installed gawk, because my netbook had mawk instead). But in my desktop pc, every website gives a weird address from the command line, except this one (http://ip.interchile.com/), for some reason Not anymore!? :x
But it returns an html file, with the ip address like this:
<html>
...yada yada yada...
<font size=7>MY (SOMETIMES) CORRECT IP ADDRESS</font>
...yada yada yada...
</html>
If you could make a regex that matches only the text between <font> tags, that would solve the problem.
ETA: Actually, it wouldn't, because now it says my address is 93.114.44.37 :cry:
Here's the output of the command curl -iA 'Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0' --trace-ascii trace.txt http://whatismyip.org
== Info: About to connect() to proxy 127.0.0.1 port 8118 (#0)
== Info: Trying 127.0.0.1... == Info: connected
== Info: Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
=> Send header, 205 bytes (0xcd)
0000: GET http://whatismyip.org HTTP/1.1
0024: User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 Ope
0064: nSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
008a: Host: whatismyip.org
00a0: Accept: */*
00ad: Proxy-Connection: Keep-Alive
00cb:
<= Recv header, 17 bytes (0x11)
0000: HTTP/1.1 200 OK
<= Recv header, 20 bytes (0x14)
0000: Content-Length: 14
<= Recv header, 37 bytes (0x25)
0000: Date: Sat, 17 Dec 2011 22:47:20 GMT
<= Recv header, 26 bytes (0x1a)
0000: Content-Type: text/plain
<= Recv header, 10 bytes (0xa)
0000: Age: 153
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 14 bytes (0xe)
0000: 146.185.23.179
== Info: Connection #0 to host 127.0.0.1 left intact
== Info: Closing connection #0
Does this tell anything to you?
I've tried with wget and elinks, and they also give the wrong answer: now it's 146.185.23.179 in both .org and .com. Also, I got myself banned from .com because I hit their site too many times (once for every program (wget, curl, and elinks) on my two computers).
I'll have to ponder this some more because I've had some beers. But if every website (except interchile for some reason) gives the wrong address from the commandline on your desktop PC, but not on your netbook, while they are using the same network connection, then it seems like there's something strange going on with the desktop PC?
Since you said one of the IPs you got was marked as a Tor exit node, could it perhaps be that you have set up your desktop PC to route traffic via a (Tor) proxy or something, at one point?
Because I think on Linux, browsers and terminal programs use separate proxy settings. Afaik, the terminal programs use some "system wide" proxy settings, while a browser uses its own (in your case, none). But I'm not too familiar with exactly how this works, and it also depends on what flavour Linux you're running.
Can you try using elinks to log on to PD and make a post here? Because I would bet it would get logged under the "wrong" IP as well. If that is the case you should really try to get to the bottom of this, because that would mean that all your internet-accessing terminal programs (and who knows what else) get routed through a proxy, and that is not a good thing because whoever is at the end of that proxy gets to read your traffic (even if it is "just" a Tor exit node--Tor makes you anonymous but at the exit node the traffic is unencrypted).
I could still be wrong after all, but when you first mentioned the "wrong" IP, that was my suspicion right away, and is the reason why I kind of pushed the matter, because if you're routing (part of) your traffic through a proxy, it is important to know that this happens and what/who this proxy exactly is.
Posting from lynx...
SUCCESS!
I changed the http_proxy environment variable to "" and reinstalled elinks, tor and polipo, and now it works!
Everything except elinks (my last post was made with lynx, and this one with firefox), but whatever, who needs another text browser anyway?
Now I'll put the file ips.txt on my Ubuntu One folder, and if everything goes as planned your script will allow me lo login to my desktop from my netbook from anywhere without having to bother with setting up a static IP :magick:
It's 2012 and your kids have an iPhone - Do you know where they are? I do. (http://www.hanselman.com/blog/Its2012AndYourKidsHaveAnIPhoneDoYouKnowWhereTheyAreIDo.aspx)
Quote from: Triple Zero on February 11, 2012, 04:54:58 PM
It's 2012 and your kids have an iPhone - Do you know where they are? I do. (http://www.hanselman.com/blog/Its2012AndYourKidsHaveAnIPhoneDoYouKnowWhereTheyAreIDo.aspx)
That was good to know. My kids don't have iPhones yet, but they probably will eventually.
Quote from: Nigel on February 11, 2012, 09:21:28 PM
Quote from: Triple Zero on February 11, 2012, 04:54:58 PM
It's 2012 and your kids have an iPhone - Do you know where they are? I do. (http://www.hanselman.com/blog/Its2012AndYourKidsHaveAnIPhoneDoYouKnowWhereTheyAreIDo.aspx)
That was good to know. My kids don't have iPhones yet, but they probably will eventually.
Yes. Some people in the related HN discussion were all like "Whaaa this is way overprotective helicopter parenting!"--but others actually got the point. And they had a really good take on it, which I'm sure you'd appreciate. The importance of this "family protocol" (or however you address it) on location sharing, is not so much about exerting control over them, rather about making them
aware of the ways their personal information is shared. Because often they simply don't know. And by the age they start playing a lot with these gadgets and social connections become more important (say, 12 or so), they'll be smart enough to understand the consequences and if you explain it right, they won't like it one bit.
Quote from: Scott HanselmanI talked to the Dad earlier this evening and the kid had NO IDEA that this info was leaking out. This issue isn't about being a helicopter parent or about being paranoid. It's simply about being aware. You tell a teen to put their wallet in their front pocket and you should tell them to click off on location services. This is just one of a thousand life lessons.
Quote from: the Dad from the storyI'm the Dad from the story and I'm really grateful to Scott for pointing this out to me. It's less about being alarmist and more about having a chance to educate young people about the realities of modern technology. (and re-educate myself from a parent's perspective) I don't read my kid's emails or check cell phone logs and don't plan on starting. I believe giving kids freedom, and the opportunity to wield it, is what turns them into responsible adults. However, it's easy to take things like location services for granted. Conversation had. Lesson learned.
Related, a kid at The Young Researchers last week (11 years, really bright, builds his own speakers and amps, wants to be a DJ) told me about a classmate of his that continuously tweeted about, um, some rather personal activities of his. The kid's opinion wasn't so much amusement or annoyance, but mostly about how stupid he thought it was, given that the classmate's Twitter feed is public and even had a photo of his in the profile, and (!!) how that might come back to haunt him years later. I told him his friend might want to think about deleting that account and starting a new one. Since the classmate doesn't attend The Young Researchers (as far as I'm aware) it's not really my place, I'm just glad this one kid
does understand the ramifications of Internet privacy (a lot of them at TYR seem to do, in fact).
OTOH I guess that shows that actually not
all kids are smart enough to understand these consequences, though it's quite an oversight on behalf of the kid's classmate's parents as well, IMO.
http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights
uhhhh I'm skeptical :lulz:
anybody that knows more about this, tell me:
- is this a plan? is this going to happen? or is this a re-election promise with the same odds of Obama closing up Guantanamo?
- it only seems to mention protection of consumers' privacy from companies, which would be a step forward, but it's pretty half-assed if there's nothing in it to protect citizens' privacy from the government.
Quote from: Triple Zero on February 23, 2012, 05:36:37 PM
http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights
uhhhh I'm skeptical :lulz:
anybody that knows more about this, tell me:
- is this a plan? is this going to happen? or is this a re-election promise with the same odds of Obama closing up Guantanamo?
- it only seems to mention protection of consumers' privacy from companies, which would be a step forward, but it's pretty half-assed if there's nothing in it to protect citizens' privacy from the government.
We already have that. It's called "Amendment IV", on some scrap of hemp in the Smithsonian. Hardly anyone knows it's there, and the people who DO know are offended by it.
location services is probably the one privacy thing on my iphone that doesn't sit right with me. it turns itself on by default like, everywhere! as much as i think it makes sense when you're posting a tweet, or a status, Facebook's Messenger app sends your location with EVERY message, by default. to be fair, though, it is super easy in Settings to enable/disable location on an app-by-app basis, and you do have to clickthrough a popup when an app requests that permission
Quote from: Doktor Howl on February 23, 2012, 07:59:44 PM
Quote from: Triple Zero on February 23, 2012, 05:36:37 PM
http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights
uhhhh I'm skeptical :lulz:
anybody that knows more about this, tell me:
- is this a plan? is this going to happen? or is this a re-election promise with the same odds of Obama closing up Guantanamo?
- it only seems to mention protection of consumers' privacy from companies, which would be a step forward, but it's pretty half-assed if there's nothing in it to protect citizens' privacy from the government.
We already have that. It's called "Amendment IV", on some scrap of hemp in the Smithsonian. Hardly anyone knows it's there, and the people who DO know are offended by it.
That makes me want to start "The IV Project".
Very interesting, especially the part where Target "knows" a girl is pregnant before her dad does:
http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=1
Quote from: Triple Zero on February 25, 2012, 10:07:08 PM
Very interesting, especially the part where Target "knows" a girl is pregnant before her dad does:
http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=1
Had an interesting experience with google: checking my mail at work I get a specific advertisement that I was not expecting, it continues for several days. The phone rings. Colleague A tells me Colleague B has been e-mailing them about moving Asset X. I have no emails or chatter regarding X. The advertisement was for liquidating X. Google inferred that I would soon be interested in selling an asset by referencing emails between third parties that were about me, not by me. That does not seem safe...
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
So they're basically recording everything. Just so you know. Well, it's everything in the US and quite a lot of stuff abroad, to be exact.
They're also building gigantic supercomputers, 2.6+ petaflops, to try and crack things like AES encryption.
Personally, I don't believe they can crack AES256. Not until they build workable Quantum computers. And if they do, there's alternatives (http://pqcrypto.org/). Problem is, they're recording everything, so any data that might still be considered sensitive when Quantum Computing arrives (say, 5-10 years from now), better be encrypted with those alternatives. Afaik they're not much more processor-intensive than other current crypto strategies. Just that there's less software to support them. Thing appears to be they just mix up the bits in a way that not even a quantum computer can decorrelate them non-deterministically, or whatever it is they do (srsly, quantum computing is fucking hard, I don't understand one qubit of it).
The start of the article is kind of boring Wired-type reporting, romantic painting writing, you know the style. But at about one third or half of the article, they start to spill interesting stuff. Actually the first part is mostly about how much they record, tap and store. IMO that's not very interesting (if you can't use the data) but then they start talking about enormous crypto-specialized supercomputers. And that's where the meat is. You're probably best to assume they record everything anyway--we've passed that threshold. But so far I've always assumed that if you really need to communicate something sensitive, using strong encryption is still something in the hands of any consumer-citizen.
Actually that might still be the case. They just speak about AES, which is a symmetric cipher. Not a word about any of the asymmetric ones (those are the public/private key type of ciphers, the GPG and PGP type of things--GPG is the open source one btw). Also even if they can crack AES (or even GPG), it's still going to require a lot of time on such a petaflop supercomputer (which is like a gigantic warehouse full of computer hardware eating incredible amounts of electricity and needing crazy cooling to not simply melt the silicon). Like, days or a week for a single message would be considered an enormous ground-breaking achievement. And they just have one of those. Well, let's be pessimistic and say they got five. Still you got to be a number one enemy of the state type of threat before they dedicate those resources to your communications.
All the more reason for everybody to start using GPG encryption for their email communications. Because most likely they won't be able to tell which are the juicy bits.
Quote from: Triple Zero on April 10, 2012, 08:26:50 PM
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
...
All the more reason for everybody to start using GPG encryption for their email communications. Because most likely they won't be able to tell which are the juicy bits.
...
The problem with this is again a double edged sword: although a greater "volume" of cypher text may be harder to sort and bruteforce, it also provides fodder to aid statistical/numerical analysis for decryption by inference. My understanding of the maths is sketchy at best, however, if one were to use PGP frequently, I would advise also using a new set of keys every fortnight (maybe not that often?)
Not at all. Any serious crypto algorithm accounts for that:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Basically they make sure that any encrypted block is completely different from another, even if it contains the exact same data. I can't recall which mode of operation GPG uses, but I can say it's none of the "weak" ones mentioned in the wiki article. My guess would be CTR but I'm not sure (afaik CTR is secure and has a bunch of nice random-access properties).
These modes of operation are independent of what specific encryption algorithm you use, btw. That's the really tricky part with crypto, and why nobody, even if they're a pretty good coder, should think to implement their own crypto library: There's way more to it than just the "integer logarithm modulo some huge prime one-way trapdoor function" mathematical concept. That bit is just the building block that makes the whole thing possible. On top of that there are all sorts of incredibly clever ways of meshing together the data, making sure there's no code branchings that allow timing attacks, HMAC integrity checks, and many other very subtle tricks that they discovered over the years while continuously trying to break these systems, even if it would only reduce the keyspace search by a few bits.
*If* it happens to be broken regardless, in the way that you mention, I wouldn't worry about it if you just send email. Only if you plan on sending several gigabytes of very repetitive data. But you should just zip that, and then it's fine. I can't imagine how they intend to break zipped data in the first place since it's practically white noise, so there's no statistics to get an edge in.
Additionally, it's a bad idea to use a new set of keys every fortnight. Part of the beauty of public/private key asymmetric cryptography is that it allows for authentication and signing. That means, if you follow the protocol (aka "key-signing parties"), if someone sends you a message signed with their private key and encrypted with your public key, you can be certain that:
- only you can read it
- it was intended for you
- you can be certain of the identity of the person that sent it to you (if you signed each others keys)
- it could not have been modified along the wire
(Given that your and the sender's private keys are not compromised, of course. But that's a requirement of crypto that will never go away :) )
If you change your private key every so often, you'll lose most of those advantages. And those advantages will give you more security than periodically switching keys will.
On a more upbeat note, kids these days aren't completely clueless about privacy!
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1925128 <-- danah boyd, writer of intelligent things about social networking
Stuff about teenagers, privacy, Facebook, and annoying moms who friend their kids on FB. And social stenography, which is kind of cool.
Quote from: Triple Zero on April 11, 2012, 01:09:59 AM
Not at all. Any serious crypto algorithm accounts for that:
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Basically they make sure that any encrypted block is completely different from another, even if it contains the exact same data. I can't recall which mode of operation GPG uses, but I can say it's none of the "weak" ones mentioned in the wiki article. My guess would be CTR but I'm not sure (afaik CTR is secure and has a bunch of nice random-access properties).
These modes of operation are independent of what specific encryption algorithm you use, btw. That's the really tricky part with crypto, and why nobody, even if they're a pretty good coder, should think to implement their own crypto library: There's way more to it than just the "integer logarithm modulo some huge prime one-way trapdoor function" mathematical concept. That bit is just the building block that makes the whole thing possible. On top of that there are all sorts of incredibly clever ways of meshing together the data, making sure there's no code branchings that allow timing attacks, HMAC integrity checks, and many other very subtle tricks that they discovered over the years while continuously trying to break these systems, even if it would only reduce the keyspace search by a few bits.
*If* it happens to be broken regardless, in the way that you mention, I wouldn't worry about it if you just send email. Only if you plan on sending several gigabytes of very repetitive data. But you should just zip that, and then it's fine. I can't imagine how they intend to break zipped data in the first place since it's practically white noise, so there's no statistics to get an edge in.
Additionally, it's a bad idea to use a new set of keys every fortnight. Part of the beauty of public/private key asymmetric cryptography is that it allows for authentication and signing. That means, if you follow the protocol (aka "key-signing parties"), if someone sends you a message signed with their private key and encrypted with your public key, you can be certain that:
- only you can read it
- it was intended for you
- you can be certain of the identity of the person that sent it to you (if you signed each others keys)
- it could not have been modified along the wire
(Given that your and the sender's private keys are not compromised, of course. But that's a requirement of crypto that will never go away :) )
If you change your private key every so often, you'll lose most of those advantages. And those advantages will give you more security than periodically switching keys will.
I'll read-up on this, thank you. On first pass the initial concern I had for the block-cypher, if plaintext (even zip) does not equal length of cypher, then the extra bytes used will always only be pseudo-random... I do not know if the intuition is just another expression of misplaced modulo concerns?
pretty shocking:
QuoteWhile you're thinking about the security of your email in the cloud, remember this: ANY of your email older than six months can be legally obtained by any U.S. law enforcement agency without any warrant or judicial oversight of any sort, even if you enable Google's new 46-factor authentication and use passwords that take minutes to type in.
http://www.wired.com/threatlevel/2011/10/ecpa-turns-twenty-five/
Do you have any passwords in your email older than six months? Any account numbers? Anything... incriminating or embarrassing?
I REALLY need to get the fuck away from GMail (or any other US based email service) (or that I don't control myself).
I shall set forth to go shopping around for servers this month.
I believe that a few weeks back I linked about the NSA's plans for some gigantic Total Information Awareness data-centre in Utah? Well if I didn't, it was a Wired article and this one following article sums it up nicely (the rest of the Wired piece was their usual page filler snackwrit).
Leave your cellphone at home (http://nplusonemag.com/leave-your-cellphone-at-home)
You should really read this article. It's not optional if: You might consider some form of mindfuckery that could potentially be construed as more than a harmless pranking of unimportant people, or brainstorming about/discussing such ideas with people that would, or might.
The first few paragraphs are a bit of summary about the Utah data-centre, the extent of surveillance by NSA and other agencies, how the PATRIOT Act made it worse, and how these systems are particularly effective in keeping tabs on modern social-media/smartphone organised movements such as Occupy.
Which everybody here already knows of course, but it's a nice refresher.
Then comes the non-optional part of the article: An interview with Jacob Appelbaum, a core member of the Tor Project, security researcher, hacker, and privacy advocate "who knows a thing or two about the surveillance state"--which is quite the understatement. In the interview he describes crucial steps in operational security (opsec), things that you never would consider. It's quite chilling, he describes a lot of advanced technologies that I knew were available but I didn't expect to be actually used yet because of how incredibly intrusive they are (naive, I know). For example:
"The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It's a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody's cell phones will automatically jump onto the tower, and if the phone's unique identifier is exposed, all the police have to do is go to the phone company and ask for their information."
And I don't expect it to look like a typical communications "tower", either. Probably just a van, or somebody with a briefcase on the fifth floor of a nearby office, or just passing through the crowd.
Another important argument he makes is against people getting lazy with opsec "because they're really not that interesting, anyway". The Total Information Awareness project is not so much about slurping up all the data they can possibly get their hands on. That's the easy part. The hard part is doing something useful with that data and detecting patterns in it. That sort of stuff, including automated reasoning about these patterns, is almost completely done by computers now. They're pretty good at it already, and will only get better. Sure there will always be false positives but that's not really their problem. The result of this is that even if you think you are really not that interesting, the system will still gladly track all of your data and run pattern-recognition algos on it. It used to be that if you "were not that interesting" you could argue they have better things to spend their manpower on than to keep such a close eye on little me, but that is no longer the case. Everybody gets to have very special attention. And even if your patterns are harmless on you, they will be correlated with those around you in your (IRL, online, phone- and proximity based) social networks, so by not practising proper privacy hygiene you could unwittingly be endangering people around you, such as the ones you maybe respect quite a lot, because they do have the guts to stick their neck out, and they can practice opsec until their fingerprints fall off, but it won't help much if their friends' social slime trails all point in the direction of a big blank spot.
Anyway, best to read it for yourself, as it contains much more:
Leave your cellphone at home (http://nplusonemag.com/leave-your-cellphone-at-home)
I mean for fuck's sake. Take what the title refers to: "Be very careful about using cell phones, but consider especially the patterns you make. If you pull the battery, you've generated an anomaly in your behavior, and perhaps that's when they trigger people to go physically surveil you. Instead, maybe don't turn it off, just leave it at home." -- I'm not on FaceBook. How long do you suppose it'll be before that's considered an "anomaly" thanks to all the people that think it's "fun" and "a great way to stay in contact with friends" (really? I preferred the days of IM so much more) and "they got nothing to hide" ... (this is the reason why I might have gone off a bit at Telarus when he said hey this G+ thing is pretty cool too!)
Is deleting your FB profile an "anomaly" yet? Maybe you should slowly "fade out", log in less and less often, just to be sure. Then after a month of silence issue the account deletion request. Goddamnit.
Sshhhhhh!!
Or participate, and generate a very high noise ratio.
Quote from: Nigel on April 29, 2012, 07:30:55 PM
Or participate, and generate a very high noise ratio.
So that's what some of those groups I've been added to are.
Quote from: Guru Coyote on April 29, 2012, 07:41:14 PM
Quote from: Nigel on April 29, 2012, 07:30:55 PM
Or participate, and generate a very high noise ratio.
So that's what some of those groups I've been added to are.
:p
Well that's what the article says about this, taking the battery out of your phone is an anomaly, and it's probably too late to do anything about that, so instead leave it at home and send a false signal (noise).
If it had NOT yet been too late, well in this case it's kind of silly, because you can't very well urge people to take their battery from their phone more often because that would make no sense. But something CAN be done, look for example at the difference between postcards (open) and letters in envelopes (private). Envelopes are the status quo.
Is it too late to not have a FB profile? If it is, then yes I should get one and start making noise.
But I sometimes run into unexpected people that do not have one. And kids I work with often seem to have a very keen sense on privacy matters (probably thanks to smart parents protecting them). So if it's not yet too late, I'm going to argue that you should all get rid of your profile! ;-)
I can say that taking the battery out of my old phone would not have been an anomaly, because the battery would fly off every time I dropped it, which was frequently.
It is a good reminder to leave cell phones at home, though. I always feel so free when I leave my phone at home!
Also, a really important point was brought up in that article, which is contact points. Organizing is problematic; it's better to throw out ideas indirectly so you have NO contact points with other key people.
Quote from: Triple Zero on April 29, 2012, 10:42:05 PM
Well that's what the article says about this, taking the battery out of your phone is an anomaly, and it's probably too late to do anything about that, so instead leave it at home and send a false signal (noise).
The way my phone/service is, when there's some kind of problem like the web not working right, you take the battery out for a minute. Then if it's still buggy you call *228 and it downloads a bunch of stuff and restarts.
We ALL take our batteries out a couple of times a week. :|
Somebody sent me this yesterday, it's weird as FUCK. It starts off talking about the same issues as this thread, but then it turns into a big pro life evangelical troll.
http://www.youtube.com/watch?v=zDWUw9I6bfY
Quote from: Anna Mae Bollocks on April 30, 2012, 05:05:19 PM
Somebody sent me this yesterday, it's weird as FUCK. It starts off talking about the same issues as this thread, but then it turns into a big pro life evangelical troll.
http://www.youtube.com/watch?v=zDWUw9I6bfY
Oh fuck, KNOWLEDGE IS BAD, MMKAY? :lulz:
Oh, oh, "Everything is pointing towards the US not being the world's only superpower which is exactly what the bible said!" WOW. :lulz:
I like how they're all OHNOES! CDC COLLABORATING WIF GOOGLE IS BADDDDDD!
But also, government surveillance that links you to your ID is actually horrible. This is a weird "common threads" area where liberals and wingers have really similar concerns, and are kept from being a constructive force by the two-man con.
The explosion of the abortion and birth control issues are actually an effort to keep us apart, because when a majority with similar concerns connect on an issue we have a possibility to make actual change, which would be a threat to the corporatocracy.
It's really important to consciously recognize divisive issues. They are emotional triggers that separate people who have generally similar values, and they are typically employed to split populations which are otherwise potentially powerful.
FBI: We need wiretap-ready Web sites - now (http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/)
CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and that the bureau is asking Internet companies not to oppose a law making those backdoors mandatory.
http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/
I always assumed they were already doing that. :x
http://www.weknowwhatyouredoing.com/
BLAM BLAM BLAM
Facebook Monitors Your Chats for Criminal Activity (http://mashable.com/2012/07/12/facebook-scanning-chats/)
Quote from: one commenter on HNThis actually tripped up a friend of mine a couple of years ago. She left a comment on a photo of someone holding a toy gun saying "You look like <insert-name-of-well-known-terrorist>" followed by a smiley. Within hours, she got a message and a phone call from someone claiming to be working for FB's security who asked her some basic questions on why she left that comment. The whole experience scared her from using FB for a long time.
I thought the whole thing was adhoc and confusing. Anyone who saw the comment could easily see that it was a joke. Also, if it wasn't a joke, why is FB calling her and not someone from law enforcement?
Would love it if someone from FB here on HN could comment.
Quote from: another commenterI'm not a criminal, I am a a pretty mundane guy actually, but of course we live in a society that every single one of us breaks some small law every day.
Which is why I stopped using Facebook.
I also stopped using Twitter to tweet. I still use it to follow news sources, I just don't actively tweet. I did that after the NYPD won a court case to see all the private messages you send on Twitter.
I also don't comment much at all on blogs, and social sites like this one or Reddit anymore. (I use to be a top 10 contributor over at Reddit. At least that is what some metric said a few years ago when someone listed the top ten most popular usernames. That account is deleted now)
I am slowly pulling out. I have a deep distrust of the current surveillance state in the United States. I remember reading a story about a guy who posted a quote from fight club on his Facebook status and a few hours later in the middle of the night the NYPD was busting in his door and he spent 3 years in legal limbo over it. (Might have been NJ police anyways, red flags)
You start piecing together these things, and you start to realize that your thoughts and ruminations about life, the universe, and the mundane, can be used against you at any moment and can completely strip you of your liberty and freedom, and any happiness you may have had.
I am gonna be completely honest, I am scared to express myself any longer on the Internet in any fashion. I don't trust it any longer. I don't trust the police, I don't trust the FBI, I don't trust the federal government, and I also don't trust, nor have faith, in the justice system in the United States.
How much of this shit do you need to see before you decide to quit facebook entirely??
I remember a while back I got an acct for whatever reason, then after the 3rd or 4th privacy scandal within a few months I was again like FUCK THAT SHIT and deleted all the things.
One reason why that pisses me off in fact is because I joined a meditation group a while back (just some random people that explore all sorts of different schools and style of meditation, really fun) and their main channel of communication is a FB group. There is one other girl in the group that also does not have FB out of principle, and another that used to not have it but got an acct mostly for this particular group. I'm kind of tempted to go that way myself as well, and then just not add my friends, not use my name, not use my face and whatnot. Exactly like Fravia+ taught me: When filling out Internet signup forms, LIE YOU BALLS OFF. Except that I can imagine it would seem weird, right? Because everybody else on FB is there with their pants down exposing all their private identity parts, and then suddenly walks in a guy whose face is upside-down and he has a crazy robotic smile, you know him from IRL so why is he wearing a disguise?
AND THAT IS WHAT
YOU DID. Didn't some crazy Goddess once tell us not to take shit so fucking seriously? Well now you have it, Facebook is fucking serious business and everybody takes it seriously and if you even dare to go in wearing pants, they all look at you weirdly.
Surveillance is retarded. They're watching everything everyone does or says. They're drowning in inverse signal to noise ratio. Thing is, they know this. I'm sure of it. The purpose of the surveillance state is not to watch everything everyone says and does - that would be completely retarded. The purpose of the surveillance state is to arrest the odd innocent victim and get the story in the papers - make us paranoid, keep us frozen in fear. Seems to be working quite nicely :lulz:
I have it down as part of the Rise of the Algorithms.
(http://www.youtube.com/watch?v=TDaFwnOiKVE <--- One of my favourite TED talks.)
The system flags something based on a heuristic (of which we're inventing more all the time.) The receiver finds bypassing their better judgement ever easier. Before you know it Stephen Fry is paying for your legal fees over something absurd.
I use FB, but I don't post anything of interest. I use it for what I believed it's original intent was: to augment my social network. I get pictures and memes, coordinate IRL social activities with friends, and laugh at people who have different ideologies than mine.
I don't post any location information, nor anything that is currently subversive or illegal. In short, apart from some Team Vodka moments, my FB is fairly boring. On purpose.
(Note: only read the last two pages, my apologies.)
I use FB for a lot of Israeli political networking (not that I'm very active in a meaningful way, on account of me being on a different continent) but have also been scaling down the kind of information I post there. Right now anything the government does to any well-networked activist there quickly goes viral and ends up in the papers, as far as I can tell, so maybe it's a different situation than Occupy in the US, possibly because Israel is so tiny.
Anyway, that interview with the Tor guy, which I read just now, is pretty terrifying. Ungh.
On the other hand, I kind of like the post-privacy approach. If I understand it correctly, the idea is that since keeping anything private is a losing battle, we just have to start adjusting to nothing really being private anymore. The real struggle then becomes to make sure that information can't be used against anyone in the first place. A good example is that instead of making sure a gay person in the Ukraine can keep their orientation private, efforts should go towards making sure people just deal with the fact that some people are gay and that the government doesn't oppress gays.
Obviously, it's a very different situation when someone is actively involved in working against the establishment... Not sure what the post-privacy people have to say about that. But I did hear about this one guy whom the FBI (or smthn) asked to keep them posted about where he is (on account of him having an Arabic name), so he set up a public website that automatically tracks where he is and lets the whole world know. Not sure if that would make any sense for an Occupy activist, but it might – it would be much more costly to arrest/abduct them.
Quote from: Triple Zero on July 13, 2012, 01:21:37 AM
One reason why that pisses me off in fact is because I joined a meditation group a while back (just some random people that explore all sorts of different schools and style of meditation, really fun) and their main channel of communication is a FB group. There is one other girl in the group that also does not have FB out of principle, and another that used to not have it but got an acct mostly for this particular group. I'm kind of tempted to go that way myself as well, and then just not add my friends, not use my name, not use my face and whatnot. Exactly like Fravia+ taught me: When filling out Internet signup forms, LIE YOU BALLS OFF. Except that I can imagine it would seem weird, right? Because everybody else on FB is there with their pants down exposing all their private identity parts, and then suddenly walks in a guy whose face is upside-down and he has a crazy robotic smile, you know him from IRL so why is he wearing a disguise?
AND THAT IS WHAT YOU DID. Didn't some crazy Goddess once tell us not to take shit so fucking seriously? Well now you have it, Facebook is fucking serious business and everybody takes it seriously and if you even dare to go in wearing pants, they all look at you weirdly.
I'm not on Facebook anymore. I'm thinking if I do go back it'll be for similar reasons as this, with a pretend person profile... and only if things like this (http://www.stuff.co.nz/technology/digital-living/7286795/Facebook-stalkers-may-be-outed) are put into place across the site, balancing the information exchange a little...
Even then, I'm going to have to automate posting text as images (and work out how Facebook handle thumbnails and images to determine whether that's a useful thing to open up to others, with control over the life of the image) to make it harder to crawl and build a profile of what I like to talk about... and figure out other little things to make it slightly less creepy.
I just been 'experimenting with different ways of backing-up information on servers that I rent, I still don't have exclusive physical access to them, howev, I think it's prolly safer than dropbox. The problem I'm encountering is how to employ encryption with an incremental back-up system. I can't seem to get convenience and privacy to go together :lol:
Quote from: P3nT4gR4m on July 13, 2012, 10:36:20 AMThey're drowning in inverse signal to noise ratio.
I used to believe the same thing.
But we can actually store and process the data with smart enough computer programs, we can do it, we're doing it right now. I don't think I linked that particular article, but some TLA whistleblower told a reporter that they in fact DO have a 10-page report on everyone in the US.
Click back a few pages and re-read the article I linked about the Utah Data Centre. They got processing power bigger than Google and the storage and intelligent self-learning algorithms to match.
Or what Xooxe said (gonna watch that TED talk later, thx).
Quote from: LMNOI use FB, but I don't post anything of interest. I use it for what I believed it's original intent was: to augment my social network.
But your social network IS the information of interest.
Most people know not to post incriminating information on FB. There's exceptionally dumb people that make the exception, but you don't wanna know what you'd see if everybody REALLY dropped their pants.
No the biggest piece of information the agencies want is simply YOUR SOCIAL GRAPH and to know who your friends are. That tells them everything they need to know. It may seem boring because humans don't naturally pick up a lot of info from complex graphs if they grow over a certain size, but computer algorithms eat those things for breakfast. It's full of juicy side-channel patterns.
But you can't use a centralized social network like FB without exposing your social graph.
Are all your friends "not of interest", their actions not subversive, not illegal? They're probably smart too, not posting about it on FB. And your presence in their social graphs exposes them, and connects all of you into a nicely partitioned sub island, and if ANY of them ever becomes "of interest" (due to surveillance outside FB), then so will everybody in their social graph neighbourhood whose local topology matches any pattern of "interest". Imagine a paper napkin and a felt marker, black ink spreading through the fibers as you hold it down, kind of like that except more accurate precise digital and with magic marker ink.
That is why I said I should create multiple FB accts, so's not to tie in all aspects of my life with eachother and become another prototypal high dimensional data point, but to keep them strictly separate. Pondering about this, I realized how fucking HARD that would be to do on Facebook. You can't use anything that sounds like your real name, your real face or any real details, because you'll get tagged bagged searched and found. And not by Them, but by your own friends who notice your face in a picture in a separated aspect that happened to come along in a photo by a friend-of-a-friend and comment or tag you to the Wrong account and BAM the two aren't separated anymore.
And that's not even AI Machine Learning stuff, just crowd-sourcing. Really clever idea that photo tagging. Because in that friend-of-a-friend link, the middle friend could be
just like you, smart, careful not to post anything of interest, and still unwittingly helping to build a potentially incriminating data nugget
simply by being present in the social graph.
Now WITH processing power and state of the art algorithms, that example is merely the straight forward friend-of-a-friend connection, the type of info us humans can still discern from a complex data structure IF we pay careful attention. A computer program can easily reason on many levels deeper, of course including probabilities that adapt based on other information sources, also known as a Bayesian Belief Network (http://en.wikipedia.org/wiki/Bayesian_belief_net).
Quote from: VERBL on July 16, 2012, 06:59:49 PMAnyway, that interview with the Tor guy, which I read just now, is pretty terrifying. Ungh.
That's the same one about the Utah Data Centre. Truly recommended reading for everyone. It really opened my eyes when I realized fuck shit damn yeah I should have known we already CAN let computers do the work for us to not only filter but also process and
reason about the deluge of data they'd otherwise drown in.
The hope that I'd simply get lost in an ocean of noise, as long as I appear like everyone else is merely wishful thinking, because they do have a line on everyone else, because everyone else is just as likely to suddenly stop acting like everyone else (except that ALL OF YOU are even more likely simply for being quite closely via-via connected with sufficiently loud subversive spags that your "may become of Interest" probability is probably quite higher than the bleach blonde next door).
Quote from: PAESIOREven then, I'm going to have to automate posting text as images (and work out how Facebook handle thumbnails and images to determine whether that's a useful thing to open up to others, with control over the life of the image) to make it harder to crawl and build a profile of what I like to talk about... and figure out other little things to make it slightly less creepy.
Fuck yeah thanks for reminding me!! There was an app browser plugin type of thing that did pretty much exactly this ... except better.
It works for all "social" things including FB and Twitter, but also GMail and G+ and quite possibly for just everything.
It transparently replaces everything you post with a special shortlink to encrypted data. The encrypted data is stored on someone's server but it's encrypted. However YOU control who gets the key and who doesn't. You can put the key in the link so everyone who can see the link can read the data, or you can selectively give out the key to friends via other channels to keep even more control. Additionally there was a way to change or delete the data after you posted it.
The big advantage is that you are in control and you remain in control of that data, and mostly that the plaintext data NEVER hits the servers of GMail, FB, Twitter, etc.
For people that also have this browser plugin, the shortlink is replaced transparently by the decrypted text if they have the key. For people without the plugin, they can simply click the link and be prompted for the key (if it's not present in the link itself).
I just forgot what the app was called. Sorry. I'll get back on that later :)
Quote from: Triple Zero on July 28, 2012, 02:20:32 PM
Quote from: P3nT4gR4m on July 13, 2012, 10:36:20 AMThey're drowning in inverse signal to noise ratio.
I used to believe the same thing.
But we can actually store and process the data with smart enough computer programs, we can do it, we're doing it right now. I don't think I linked that particular article, but some TLA whistleblower told a reporter that they in fact DO have a 10-page report on everyone in the US.
Click back a few pages and re-read the article I linked about the Utah Data Centre. They got processing power bigger than Google and the storage and intelligent self-learning algorithms to match.
Not quite what I was getting at. I'm well aware that they can record and datamine every fart that anyone on the face of the planet makes and red-flag accordingly. My point is that the only thing their data would tell them is that every single man woman and child on the face of the planet is a borderline dangerous subversive criminal terrorist. If they ever turned that on they would be deafened by the sound of seven billion alarm bells going off at once.
The whole privacy issue is moot as far as I'm concerned. Whether or not it's your god given unalienable right is irrelevant given that, as of a fucking long time ago, there's no such thing. Privacy as a basic concept exists only in the fevered imagination of the kind of people who always strike me as part conspiracy theorist and part paranoid about being put in jail for a crime they didn't commit.
The thought that flamboyant queens, DJs, and rock bands could once again fall under the "politically subversive" umbrella actually makes me kind of happy.
STONEWALL WILL RISE AGAIN!
Given that the have the processing power to do that with Facebook, it couldn't be difficult to tie that to Google searches and tie that across multiple social sites/forums etc.
Which of course means they have dossiers on all of us... including this POST!!
HAI SECRET AGENT GUYZ!!!
Quote from: Triple Zero on July 28, 2012, 02:20:32 PM
Quote from: PAESIOREven then, I'm going to have to automate posting text as images (and work out how Facebook handle thumbnails and images to determine whether that's a useful thing to open up to others, with control over the life of the image) to make it harder to crawl and build a profile of what I like to talk about... and figure out other little things to make it slightly less creepy.
Fuck yeah thanks for reminding me!! There was an app browser plugin type of thing that did pretty much exactly this ... except better.
It works for all "social" things including FB and Twitter, but also GMail and G+ and quite possibly for just everything.
It transparently replaces everything you post with a special shortlink to encrypted data. The encrypted data is stored on someone's server but it's encrypted. However YOU control who gets the key and who doesn't. You can put the key in the link so everyone who can see the link can read the data, or you can selectively give out the key to friends via other channels to keep even more control. Additionally there was a way to change or delete the data after you posted it.
The big advantage is that you are in control and you remain in control of that data, and mostly that the plaintext data NEVER hits the servers of GMail, FB, Twitter, etc.
For people that also have this browser plugin, the shortlink is replaced transparently by the decrypted text if they have the key. For people without the plugin, they can simply click the link and be prompted for the key (if it's not present in the link itself).
I just forgot what the app was called. Sorry. I'll get back on that later :)
Is it called "Scramble!"? This thing: http://freehaven.net/anonbib/papers/pets2011/p12-beato.pdf ? Or... http://cups.cs.cmu.edu/soups/2012/proceedings/a11_Fahl.pdf that one. If not, those are pretty interesting anyway.
Quote from: Bebek Sincap Ratatosk on July 30, 2012, 03:20:00 PMGiven that the have the processing power to do that with Facebook, it couldn't be difficult to tie that to Google searches and tie that across multiple social sites/forums etc.
Which of course means they have dossiers on all of us... including this POST!!
Indeed. You can laugh but the NSA whistleblowers that have come forward almost literally admitted as much:
* Whistleblower Binney says the NSA has dossiers on nearly every US citizen (http://www.networkworld.com/community/blog/hope-9-whistleblower-binney-says-nsa-has-dossiers-nearly-every-us-citizen)
* "For years, government lawyers have been arguing that our case is too secret for the courts to consider, despite the mounting confirmation of widespread mass illegal surveillance of ordinary people," said EFF Legal Director Cindy Cohn. "Now we have three former NSA officials confirming the basic facts. Neither the Constitution nor federal law allow the government to
collect massive amounts of communications and data of innocent Americans and fish around in it in case it might find something interesting. (https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program)
* William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.
“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said.
“You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.” (http://www.wired.com/threatlevel/2012/07/binney-on-alexander-and-nsa/)
* From the story about the Utah datacentre again: According to one unnamed former NSA official, “
Everybody’s a target; everybody with communication is a target.” (http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/) -- this is all part of the same scandal.
QuoteIn the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes.
... so, yes. What used to be literally hilarious tinfoil hat paranoia, is what they're actually doing for real now.
Quote from: Signor Paesior on August 03, 2012, 06:32:00 AM
Quote from: Triple Zero on July 28, 2012, 02:20:32 PM
Quote from: PAESIOREven then, I'm going to have to automate posting text as images (and work out how Facebook handle thumbnails and images to determine whether that's a useful thing to open up to others, with control over the life of the image) to make it harder to crawl and build a profile of what I like to talk about... and figure out other little things to make it slightly less creepy.
Fuck yeah thanks for reminding me!! There was an app browser plugin type of thing that did pretty much exactly this ... except better.
It works for all "social" things including FB and Twitter, but also GMail and G+ and quite possibly for just everything.
It transparently replaces everything you post with a special shortlink to encrypted data. The encrypted data is stored on someone's server but it's encrypted. However YOU control who gets the key and who doesn't. You can put the key in the link so everyone who can see the link can read the data, or you can selectively give out the key to friends via other channels to keep even more control. Additionally there was a way to change or delete the data after you posted it.
The big advantage is that you are in control and you remain in control of that data, and mostly that the plaintext data NEVER hits the servers of GMail, FB, Twitter, etc.
For people that also have this browser plugin, the shortlink is replaced transparently by the decrypted text if they have the key. For people without the plugin, they can simply click the link and be prompted for the key (if it's not present in the link itself).
I just forgot what the app was called. Sorry. I'll get back on that later :)
Is it called "Scramble!"? This thing: http://freehaven.net/anonbib/papers/pets2011/p12-beato.pdf ? Or... http://cups.cs.cmu.edu/soups/2012/proceedings/a11_Fahl.pdf that one. If not, those are pretty interesting anyway.
Hmm this one? https://scrambls.com/
It looks slightly different, apparently this one replaces online comments with scrambled characters, whereas the app that I saw replaced them with a link to scrambled data. BUt yeah something like that anyway.
Quote from: Triple Zero on August 03, 2012, 12:33:22 PM
Quote from: Bebek Sincap Ratatosk on July 30, 2012, 03:20:00 PMGiven that the have the processing power to do that with Facebook, it couldn't be difficult to tie that to Google searches and tie that across multiple social sites/forums etc.
Which of course means they have dossiers on all of us... including this POST!!
Indeed. You can laugh but the NSA whistleblowers that have come forward almost literally admitted as much:
* Whistleblower Binney says the NSA has dossiers on nearly every US citizen (http://www.networkworld.com/community/blog/hope-9-whistleblower-binney-says-nsa-has-dossiers-nearly-every-us-citizen)
* "For years, government lawyers have been arguing that our case is too secret for the courts to consider, despite the mounting confirmation of widespread mass illegal surveillance of ordinary people," said EFF Legal Director Cindy Cohn. "Now we have three former NSA officials confirming the basic facts. Neither the Constitution nor federal law allow the government to collect massive amounts of communications and data of innocent Americans and fish around in it in case it might find something interesting. (https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program)
* William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a "word game" and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.
"Unfortunately, once the software takes in data, it will build profiles on everyone in that data," he said. "You can simply call it up by the attributes of anyone you want and it's in place for people to look at." (http://www.wired.com/threatlevel/2012/07/binney-on-alexander-and-nsa/)
* From the story about the Utah datacentre again: According to one unnamed former NSA official, "Everybody's a target; everybody with communication is a target." (http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/) -- this is all part of the same scandal.
QuoteIn the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes.
... so, yes. What used to be literally hilarious tinfoil hat paranoia, is what they're actually doing for real now.
It's tinfoil hat reversal. Now the tinfoil hat conspiracy freaks are vindicated and proven sane. Meanwhile the very government "intelligence" agencies that used to poo-poo the tinfoil brigades claims are now running about with tinfoil hats of their own, ranting and drooling that everyone is out to get them. :lulz:
Quote
Hidden Government Scanners Will Instantly Know Everything About You From 164 Feet Away
Within the next year or two, the U.S. Department of Homeland Security will instantly know everything about your body, clothes, and luggage with a new laser-based molecular scanner fired from 164 feet (50 meters) away. From traces of drugs or gun powder on your clothes to what you had for breakfast to the adrenaline level in your body—agents will be able to get any information they want without even touching you.
And without you knowing it.
http://gizmodo.com/5923980/the-secret-government-laser-that-instantly-knows-everything-about-you
:eek:
Quote from: Net on September 06, 2012, 01:11:19 PM
Quote
Hidden Government Scanners Will Instantly Know Everything About You From 164 Feet Away
Within the next year or two, the U.S. Department of Homeland Security will instantly know everything about your body, clothes, and luggage with a new laser-based molecular scanner fired from 164 feet (50 meters) away. From traces of drugs or gun powder on your clothes to what you had for breakfast to the adrenaline level in your body—agents will be able to get any information they want without even touching you.
And without you knowing it.
http://gizmodo.com/5923980/the-secret-government-laser-that-instantly-knows-everything-about-you
:eek:
Well, that's bad.
How are they supposed to plant drugs on you if they don't even have to get close to you to search you?
Make it go BEEP, like some sort of troubleshooting program or something, ask you to step out of line, and when they frisk you, plant and re-scan. Ta da! Instant scapegoat.
So they can invent a tricorder but they can't invent transporters? Fuck this century, those fuckers are holding out.
Bump.
Here's a great primer comic (http://projects.aljazeera.com/2014/terms-of-service/#1) hosted by Al Jazeera about privacy issues from a very moderate point of view. Probably not any new information for most of us, but could be excellent introductory material for people who are first grasping the implications of just giving out reams of personal information.
It also has a cool mobile function that is a little buggy but zooms in on each panel if you're wanting to read it on your phone or tablet. Here's a link to the comic viewer code:
https://github.com/ajam/pulp