Interesting reading for us at "home" how much security is enough ?

[maxbudin]

This article really how little we know; or at least I did.  In the end it all boils down to how much personal security/privacy needs and effort we're willing to achieve it. So long as we're not terrorists ... heh heh.

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

[Slacker]

Stay away from proprietary software and stick to open source, use Linux or BSD!

Anyone serious about their security and privacy should never use proprietary software, you can't trust it and that article confirms it and Geeks have been saying this for years, maybe now people will sit up and finally listen.

Also a lot of people have been under the misconception about having an encrypted hard drive/partition(s), as soon as you start and use the OS that is encrypted it's no longer encrypted, you or anyone has access to it, it's only encrypted and secure when it's not accessed!

Something not mentioned on that article, learn how to add layers of security to your system, there are many ways on every OS how to harden and add layers for added security.

[redshift]

Stay away from proprietary software and stick to open source, use Linux or BSD!

Anyone serious about their security and privacy should never use proprietary software, you can't trust it and that article confirms it and Geeks have been saying this for years, maybe now people will sit up and finally listen.

Also a lot of people have been under the misconception about having an encrypted hard drive/partition(s), as soon as you start and use the OS that is encrypted it's no longer encrypted, you or anyone has access to it, it's only encrypted and secure when it's not accessed!

Something not mentioned on that article, learn how to add layers of security to your system, there are many ways on every OS how to harden and add layers for added security.

The article suggest, not even Linux is safe.

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you're running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won't detect them, and you'd have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period.

[maxbudin]

Yes redshift is right Slacker, as he highlighted. Thats what blew my mind.  After reading into/in between and around the article.  Basically, if an organisation or as in this case, government, wishes it, they have no trouble providing huge funds towards resources that will eventually meet their aims.  We are deluded if we think that the net is really free and a "public domain".  If you think about it, similarly, why there are some of us who prefer living in gated communities.

As at present, the "layers" of precaution that we take (including usage of vpns) is suffice to say, merely to make it difficult for those naughty boys/girls; hacker groups; or less well funded agencies, even google, from prying into our lives/activities.  Often we delude ourselves thinking we have grills in our doors and windows, we will have a good nights sleep. These wont stop intruders in their tracks, merely slow them down, if they really want to break in, they eventually will. Pardon my analogy.  We may have all amongst us taken various levels of security measures, still there is no perfect approach. If there is, one certainly, everyone would want in such a setup. At this point, this is about all I can do and can afford to do .... for me, paranoia has a limit. heh heh     At least this article chimes our bells, how we are watched and some measures to take against these watchers.  If we can hide a little from them successfully, then we might be invisible to lesser atacks.

Weird but true, that we have to fight tooth and nail everyday on the net and in the real world for security, privacy and our moral rights.  Then, at the same time, collectively, we are also responsible for the condition we are in.  Directly or indirectly we create and support the very institution/s that trouble us.  Go figure.  :'(

[fredsanford]

One of the points of the article is that yes, if they want into your computer badly enough they will get in no matter what operating system you run. They will simply pull a "black bag" job if they have to. However they have to really want something from you badly to give you that kind of individual attention, which as the article points out is expensive and risky for them. Most people will never have to deal with that.

Although Linux and the BSDs (or even Plan 9) would be vulnerable to that type of rare individual attack, it is much more likely that Windows and Mac OS have hidden back doors that enhance the type of routine, en masse data collection the majority of us are facing. So there is still good reason to use open-source type software rather than relying on the major commercial vendors for your software.

[maxbudin]

Excellent points made fredsanford. Am in agreement with all of them.

However, I'm beginning to wonder if even open-source OS are in jeopardy of having hidden/undiscovered backdoors.  Especially with the insidious Android many of us hold in our hands daily.  Touted as just another Linux offshoot, is the Android source code available to the public domain, ... all of it ?  Come to think of it, it will be interesting to discover how many expensive handsets will end up in the rivers the world over, "if" Google is discovered.  As it is, they have made clear their stance on email privacy, and everyone is still going about their business as usual with gmail.

Perhaps there is no one software we can depend on other than we ourselves.  Might have to resort to avoid unpredictable onlines habits during times when we dont want to be "read".  Behaving like a dual personality schizophrenic might throw them off for a tad. .... heh heh.

[fredsanford]

The other way to approach this is to load them up with false information. Some may be familiar with the old Patrick McGoohan series "The Prisoner" in which everyone in "The Village" was being watched. Knowing this, the residents indulged in what they termed "jamming" -- making up all manner of phony plots amongst themselves to keep their captors spinning their wheels.

I think it's fairly unlikely that a back door would be slipped into a major open source OS without being noticed. Android is a problem, though, although I don't use it myself my understanding is there are proprietary binary-only parts. (I personally use an old cell phone that has no GPS chip and is truly OFF when it is turned off. I only use it when necessary. No smart phone/tracking device for me, thank you.)

As long as you are not being individually targeted and are just facing general automated data gathering there are certainly steps one can take to minimize the problem. Use a non-U.S. VPN (such as Boleh ), stay away from using Google, Facebook, and other big name services, use a browser that has privacy plugins available to minimize tracking, etc. Also when buying at local shops use cash and avoid store "loyalty cards" unless you sign up for them with phony information. There's no need for the world to know what you do with your money.

Part of the problem is that the general population just does not care. As you say they still use gmail as well as Facebook and other anti-privacy facilities, knowing that everything they do is funneled direct to the United States government in real time, without giving it a second thought.  A lot of people continue to just dump nearly every detail of their lives online.

[redshift]

In my opinion, it's a lot easier for the NSA to muscle smaller companies to get what they want than giant, billion dollar corporation such as Google.  Welcome to the beginning of People"s Republic of the United States of America.

[maxbudin]

Fredsanford, wow "The Prisoner" ? I got transported immediately back, LOL.  Nice one. Now we know how old we are, heh heh.

Its uncanny how the three of us discussing here so far seem to draw some parallels and with that our appreciation to have found a common boundary in Boleh's proffessional services  , and I suspect we number amongst the legions out there.

At the same time perhaps we should observe some care when pointing fingures, after all we are also responsible for providing sustenance to the same system we defame.  We made a monster we did. 

[fredsanford]

"The Prisoner" (the original, not the atrocious remake) is one of my all-time favorites and is more relevant than ever these days. Another work worth reviewing in the light of what we are facing is the Terry Gilliam film "Brazil" -- this is probably closer to our current reality than Orwell's "Nineteen-Eight-Four." (Though that incredibly bleak scenario may be coming as well.)

As far as the small vs. large company issue, we know that pretty much all of the large U.S. telecom and internet companies have been compromised. On the other hand there are a lot of small fish out there, too many for the feds to go after all of them. Some will be run by people who won't just knuckle under and will if necessary close up shop rather than cooperate with the enemy. (Some already have done so.)

I know that if the NSA or FBI came to me wanting access to any of the servers that I administer without providing a valid and specific warrant from a court of record I would tell them to go pound sand. (Without getting into specifics in a public forum it would not be the first time I've told government agents to piss off. I have zero tolerance for thugs.)

[Slacker]

Of course anything can be suspect and vulnerable, but the absolute truth is, it's not safe to trust proprietary because that code will always sit behind closed doors.

Open Source is 100% safer because the code is open and can easily be audited making it harder to exploit.

Where Open Source is having a problem it's when you have MAJOR projects with hundreds and thousands of hands invovled, or big projects that make them a target of the government, so one the best ways to stay safe in this world is to limit the amount of hands involved on a project, sticking to smaller projects that can keep a better eye on the code.

There are many Unix/LInux systems only being maintained by one or a few people, and when an Open Source project is that small it's going to be hard or next to impossible to get at that actual code and exploit it.

Check out this post I put up about one of the safest systems out there;

http://www.bolehvpn.net/forum/index.php?topic=7479.0

Just check out Distrowatch http://distrowatch.com/ there are hundreds of Distros and in the world of Open Source, one of it's greatest strengths is being able to communicate directly to developers of a project or the actual owner(s) to see where they stand on such issues, and in time with experience in the Open Source world you will see how safe these systems can really be!

[maxbudin]

Slacker, certainly true and solid points made and I share your enthusiasm.  I've been with MS since the early days of DOS and windows thereafter, when we didnt think or worry about backdoors or considered breach of privicy. Not that DOS might have had any backdoors of course.

I suspect many window users presently fall into mainly two folds. The first, are not particular or oblivious with regard to security or lack of.  The other have simply formed old habits with a known OS and find it a hassle to move on to re-learn the workings of an alternate working enviornment, not to mention accessibility to familiar alternate software, drivers and what not.  Then there is the culture  already ingrained at the work place.  So to break away, the individual must want and value their privacy.  That I believe must be the tipping point.  The NSA would have prolly have picked up our posts from this forum, heh heh. 

[Slacker]

Truth is most people don't care and they figure because they aren't doing much of anything they don't care if they get spyed on...

I find it really appalling that many people around say they have nothing to hide and so what if big brother wants to spy on me, go right ahead.

The POINT these people MISS is that in many countries around the world you are entitled to your PRIVACY, and to be honest I'm really shocked if people didn't care that others were snooping around in their computers.

I just think that most people will find this hard to believe that the USA government has backdoors into Windows, they probably think this is all fantasy made up BS...

[maxbudin]

Yeah, I hear you.  They install grills on doors and windows, hoist fencing with big shiny auto gates, then scream their rights to this and that when trampled on claiming constitutional protection.  Then allow free access to their lives with a "who cares". Simply NutZ !  Come to think of it .... its come to the point where we have to resort to various means to hang on to some semblence of "self" if you get my meaning. Yup, the human condition continues to be a contradiction and will continue to be 'till we extinct ourselves for being too clever.  Of course this is me being optimistic, heh heh.