• 🇬🇧󠁿 🇸🇪 🇿🇦 🇮🇪 🇬🇭 🇩🇪 🇪🇺
    European & African
    Drug Discussion

    Welcome Guest!
    Posting Rules Bluelight Rules
  • EADD Moderators: Shambles

PRISM stuffs

The lad obviously isn't stupid, so why then didn't he go to Iceland and give this information from there if that really is his preferred destination.
 
Ceres said:
well, if he went to iceland straight away, without an asylum guarantee, he would have nowhere to hide and would be deported.

hongkojng presumably has pretty porous borders and some neighbouring countries certainly would buy him more time....just a thought anyway.
Click to expand...

eh? with china though, no?

frying pan/fire etc etc

and whut's Greenland's policy on extradition? ... probably best orf there than Taiwan or China, lulz
 
true. I thought though that he wanted to go to iceland because of their internet freedom laws or something of that sort. I see were your coming from though valid point.
 
This whole has reminded me of a great song.

Some lyrics:

Well, this golden age of communication
Means everyone just talks at the same time
And liberty just means the freedom to exploit
Any weakness that you can find

Turn off the TV just for a while
Let us whisper to each other instead
And we'll hope that the corporate ears do not listen
Lest we find ourselves committing some kind of treason
And filed in the tapes without rhyme, without reason
While they tell us that it's all for our own protection

I swear we never asked for any of this.
Click to expand...
 
jancrow said:
Never mind his old girlfriend, he'll have new ones coming out of his ears now. However, he won't be able to trust any of them.... which is an excellent starting point for a relationship anyway... snakes with tits! Wheels within wheels. Covered with snakes... with tits! Anyway, all of this points to our freedom being better than his mouldy old ex girlfriend anyway. res ipsa loquitur - 'it's a thing'. <3
Click to expand...

You bloody are Farmaz aren't you?

He (Snowden) seemed to have some misguided notion about Hong Kong having a tradition of freedom of speech. I suppose if you work for the CIA it all becomes a bit relative.

Haven't read all the thread so apologies if it's been covered but Iceland a champion of Internet freedom? One word. Pornography. Five more words. They tried to ban it. Somebody explain that anomaly please.
 
They do it because they can and if they don't do it, somebody else will - that will be the official line of deflection.

Ever wondered why the UK keep pushing the 'snooper charter'? To legitimise what they are already doing?? :-)
 
There is no longer any such thing as 'entitlement' to privacy. If you send data over public networks, you are doing so with the knowledge that the data can and will be intercepted and stored by the service providers. Whether it is email, web browsing, texting, calling or GPS, all of that information is stored on a server somewhere and can/will be used.

The good news is (so far) nobody has decreed that you aren't allowed to obfuscate this data or make it harder to obtain. Therefore peeps, I would recommend you take steps to protect your organic selves by not being so free with your digital counterparts.

You do not need gmail/yahoo/hotmail for email and if you do use them you already gave up your right to privacy. Setup your own email service which is under your control. Use GPG encryption and encourage others to do so.
You do not need gmail/yahoo/hotmail/FB/whatsapp/viber/imessage/skype to text with others and if you do use them you already gave up your right to privacy. Setup your own xmpp/jabber service with confederation. Use OTR and encourage others to do so. If others aren't using a xmpp/jabber service, encourage them to do so.

Most people do need a mobile phone service, yet you can use VOIP/SIP at the same time via the data attached to the service (or use a data only SIM). Look into some free VOIP providers which offer ZRTP (encrypted calling) for peer to peer calling (iPtel and OSTEL) for instance. Use a VOIP/PSTN gateway provider outside of your jurisdiction (UK/EU) who aren't so easily persuaded to hand over your data without probable cause for calls to 'regular' numbers. Use bitcoin to pay for services if possible.

Take care of your smartphones. Use complex passcodes and encrypt the data (built into newer android and iOS).
Most of these things will protect you from blanket surveillance, but not targeted attacks. If you have nothing to hide they still need a search warrant ;)
 
Ceres said:
the problem with cryptography is that people often make mistakes in how they apply it and don't use it properly, comprimising their information anyway.
Click to expand...
I am talking about protection from blanket surveillance, not targeted surveillance.

Ceres said:
and regardless of what you run on your mobile, don't trust it further than you can throw it, android, apple alike.
Click to expand...
See previous comment.

I would trust both systems to a certain degree and certainly much more than none at all. Android uses LUKS, which is pretty standard across *nix. To break it would require obtaining a snapshot of your phone and brute forcing it. Not easy and beyond the abilities of most LEO's. iOS encryption requires the attack to be performed on the device as the key is hardware based. If your passcode is of reasonable strength, again it will beyond the capabilities of LEO. Does apple have a 'master key' to unlock all iOS devices or a copy of your hardware key? Maybe, but unlikely. The security involved in keeping this data secure would be a nightmare and a headache apple doesn't need.

But I could be wrong ;)
 
I generally assume anything I do online has been, will be or, at the very least, could be read, stored and used by pretty much anybody who wants to.

Interesting that thing about passwords, Ceres. Isn't it a slightly unfair comparison to have the different "bits of entropy" (one of those phrases where I know what each word means but put together in the context they are in become somewhat opaque)? I kinda knew that just Ch4ng1ng a few characters and adding an entire punctuation and numeral wasn't exactly the holy grail of password fiendishness but didn't realise simple, unconnected words alone were much better. Is it not just cos it's longer and using better encryption (I'm presuming that's what the bits of entropy are for?
 
Shambles said:
Interesting that thing about passwords, Ceres. Isn't it a slightly unfair comparison to have the different "bits of entropy" (one of those phrases where I know what each word means but put together in the context they are in become somewhat opaque)? I kinda knew that just Ch4ng1ng a few characters and adding an entire punctuation and numeral wasn't exactly the holy grail of password fiendishness but didn't realise simple, unconnected words alone were much better. Is it not just cos it's longer and using better encryption (I'm presuming that's what the bits of entropy are for?
Click to expand...

Pick your favorite song:
The only way is up, baby
For you and me, baby

Easy to remember and easy to recall if you forget the key (1st line 1st letter, 2nd line 2nd letter). Highly, highly unlikely to be cracked.
 
Ceres. You seem to be very pessimistic about what is possible in terms security. I'm not going to argue with you. Your points are valid but are more of a 'worse case scenario' IMHO.
Of course, nothing is 100% safe. But most things mentioned (OTR, TOR, GPG) have a long history of use and are regarded as being relatively effective (more so than not using them). Of course, if you become a target of legitimate surveillance, your chances of keeping any privacy are limited. But, up until the time when a court decides you need to hand over your encryption keys, those keys are going to keep most people out.
Your mobile phone isn't remotely secure from blanket surveillance and forensics capabilities of police forces nowadays are far more advanced than the kind of security measures even a fairly motivated end user ends up using.
Click to expand...
I beg to differ on this point. A modern smartphone with encryption enabled with a strong password will keep out all police forces without an authorised search warrant. They will need to employ the help of outside agencies if they are to even attempt further access. BUT, that phone needs to be off when it leaves your possession.
 
Ceres said:
The worst case scenario is the only scenario, especially when the people doing the spying have the full resources of the state to employ. Unless of course all you want to do is prevent your nosey flatmate from casually picking up your phone and reading your text messages.

If you don't know about attacks on OTR, PGP and SSL then you aren't looking hard enough, because they do exist. PGP is called 'pretty good' privacy, for a reason.

Police in the UK finding a cryptoed up phone will just sent it to a contractor for forensic analysis, there is no 'outside agencies' involved that make it unlikely for them to do. Infact if your phone appears to have encrypted stuff on it you can bet they are going to want to know what it is. They can force you to disclose the keys aswell.

What exactly are you encrypting on your phone? This still doesn't deal with the issue of traffic analysis. They still know your movements around the country (and outside the country) and who you talk to. Which is bad enough.
Click to expand...
Seems we're arguing the same point from two different perspectives. PRISM is a metadata vacuum. Knowing who the meta data belongs to won't be helped by employing encryption (i'm agreeing with you). Not knowing who the data belongs to (obfuscation by running own services and the use of TOR or VPN's) certainly makes analysis much more difficult and on a massive scale utterly bamboozling.

I'm well aware of attacks on OTR, GPG, SSL. But why would they be deployed against a random Joe like me? Highly unlikely and would come under the heading of 'targeted.' PRISM does not account for 'pretty good privacy' even if they can see 'from' 'to' 'subject' in headers: see my first point.

The police in the UK can not unlock a well encrypted phone nor can they force you to hand over your keys. Only a court of Law can do so and there is a big difference. Forensic analysis will work on weakly encrypted phone (4 digit PIN) but not on a strong passcode. If the phone ends up in a forensic lab (unlikely for a random stop and search) and it isn't cracked within an hour, it will go onto a special shelf 'awaiting further instruction,' in other words, from a court as they move onto the next easier target.

With regards traffic analysis. What you don't want seen, hide.
 
The third party servers that I bounce things through are beyond the reach of the local authorities (most important). They are also a mix of ones I own and have physical access to and ones I don't own but do trust (and trust always comes into the equation). I don't call on GSM networks because I don't generally use the phone to communicate. If I do, I use VOIP which terminates outside of local jurisdiction. I can connect to them via VPN if required.
iOS has whole disk encryption which generates its key from a dedicated hardware chip and a combination of a password you type in. You need to enable it and make sure simple passcode (4 digit) is off.
Android uses dm-crypt (sorry, not LUKS) and again needs to be enabled with a strong passcode.
Some interesting articles:
http://www.sciencedirect.com/science/article/pii/S1742287611000727
http://www.extremetech.com/computin...ption-is-too-good-says-us-intelligence-agency
And this!
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
 
tragiclemming said:
The third party servers that I bounce things through are beyond the reach of the local authorities (most important). They are also a mix of ones I own and have physical access to and ones I don't own but do trust (and trust always comes into the equation). I don't call on GSM networks because I don't generally use the phone to communicate. If I do, I use VOIP which terminates outside of local jurisdiction. I can connect to them via VPN if required.
iOS has whole disk encryption which generates its key from a dedicated hardware chip and a combination of a password you type in. You need to enable it and make sure simple passcode (4 digit) is off.
Android uses dm-crypt (sorry, not LUKS) and again needs to be enabled with a strong passcode.
Some interesting articles:
http://www.sciencedirect.com/science/article/pii/S1742287611000727
http://www.extremetech.com/computin...ption-is-too-good-says-us-intelligence-agency
And this!
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Click to expand...

Translation: I <3 child porn.
 
You must log in or register to reply here.
Top