I've recently become very paranoid about my internet activites, and I'm wondering what steps I could take toward making myself more secure and private.

What browser should I use? Which emails should I use? Search engines? Apps?

Any advice is helpful.

Have you read this thread?
http://www.revleft.com/vb/tutorial-hide-your-t165143/index.html
It's filled with excellent advice. Keep in mind that you can never be truly anonymous online. If enough resources are thrown at at, you can be tracked. Unless you're distributing kiddy porn or American military secrets, the information there should be sufficient.

Encrypt your data and communications, too. That's a good step towards more online security. There are some resources for that in the above thread.

TorProject(dot)org is the way to go.

And VPN.

VPN is still on the "regular" internet. It still has to go through servers whose location is known and whose owners are known. Furthermore, the VPN provider knows your location, and knows what sites you visit. If the US government wants to find information about a user all they have to do is to go to the VPN provider. Yeah the information is encrypted, but with an encryption which the NSA/CIA can break, otherwise it wouldn't be allowed.

Just like voting, if it changed anything it would be illegal.

Tor is true anonymity. It's slow, but it works.

don't post sensitive stuff on the internet or on the phone do it face to face

TOR and I2P can be pretty good if you use them correctly, but before you go ahead I'd recommend browsing the FAQs and setting up privoxy.

Also, it's easy to tell if someone is using TOR. The point is that it's hard to tell what they're doing when they're using it. I used to use TOR on this site a lot but now just settled for a proxy. It might be better to avoid raising suspicion by using tor or whatever, but a certain amount of paranoia can be productive.

Firefox is pretty good because of foxyproxy (http://getfoxyproxy.org/downloads.html) which is great for tackling tor and i2p, HTTPS Everywhere (https://www.eff.org/https-everywhere) which encrypts your traffic on many sites and beefree (http://honeybeenet.altervista.org/beefree/) which takes care of tracking links and such. Also, there's noscript and adblock as well.

Firefox is the best browser right now (if google continues to support them in the future)
Addons: NoScript, HTTPS-Everywhere, DoNotTrackMe, GoogleSharing

I would recomment using DuckDuckGo.com as a search engine. It is almost as good as google, but much more privat.

Using Tor might be a good alternative, but it is just too slow. And even if you are doing illegal activities, they could still track you if they really want to.

In addition to the previous two posters, I would add Freenet (https://freenetproject.org/) as a peer-to-peer (so serverless) encrypted and anonymous network.

I've been meaning to setup a permanent node for Freenet for some time now, but onl having a laptop doesn't make it easy or wanted to have that up 24/7 (which provides the best Freenet experience).

In other news, TOR is not as secure as you might think:

h1NYRskDt-Q

The same video also explains why Freenet is a really good idea.

Fix Tracking! (http://fixtracking.com/) is a useful site, giving browser-specific tools to secure your internet experience. I recommend everyone to take a look.

The Electronic Frontier Foundation created an extensive guide about Surveillance Self-Defense. It explains what can be tracked, how it can be tracked, who tracks it and, of course, how to defend against it. Even a cursory read-through should be helpful.

You can find the page here: https://ssd.eff.org/

Just read this (https://freenetproject.org/news.html). Another real world example of why TOR is a bad idea:


5th August 2013 - Statement on the recent Freedom Hosting (Tor) bust

According to the press (http://arstechnica.com/tech-policy/2013/08/alleged-tor-hidden-service-operator-busted-for-child-porn-distribution/), half of the hidden sites on Tor are now down, apparently connected to the arrest of a man allegedly behind Freedom Hosting, a hosting service for Tor hidden services. Some of these sites were said to offer illegal content and were apparently run by the FBI for two weeks, using a Javascript-based browser exploit to try to find their users.

This has had no effect on Freenet and could not happen on Freenet. Tor hidden services are centralised: A hidden service on Tor is run by a single server somewhere, and if this server is found, the whole site can be shut down, or compromised. In this case half the hidden sites on Tor were run on the same group of servers! See the Tor blog (https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting) and mailing list (https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html).

On Freenet, anything you upload is distributed across the network across thousands of separate nodes all over the world, and will remain available for as long as it remains sufficiently popular: Freenet is a distributed data storage network designed to prevent censorship, provide anonymity and be hard to block. To see more information on the difference between Freenet and Tor, see our explanation in the FAQ (https://freenetproject.org/faq.html#tor).

Also, the Javascript exploit mentioned would not have worked on Freenet because Freenet removes Javascript by default. The Tor Browser Bundle has an option to block Javascript. We recommend that you enable this if you use Tor.

Furthermore, there was no attack against Tor itself: As far as we know, no users of the major "darknets" (Freenet, Tor and I2P) has been traced by attacking the networks, by law enforcement or anyone else. In this case, it appears to have been user error, not a problem with Tor itself. Similarly on Freenet, users need to be careful, and Freenet will often tell you when you are about to do something risky.

Having said that, Freenet's security is not perfect, and there are some known (but theoretical) weaknesses, so it might be possible for an attacker with relatively limited resources to trace individual Freenet contributors. Most of Freenet's weaknesses can be addressed by making long-lived connections with people that you trust, i.e. building a friend-to-friend "darknet". This functionality is already a part of the regular Freenet software, but we need more users who use Freenet in friend-to-friend mode to improve anonymity.

We have planned further improvements, which should greatly improve security (censorship resistance, anonymity and resistance to blocking), speed and usability. The expanding online surveillance from both governments (e.g. PRISM) and private corporations clearly show that tools such as Freenet, TOR and I2P are essential for a healthy democracy.

Please help us secure freedom of access to information by contributing to the Freenet-project with code, donations, translations, or just by running a node or creating content (anonymously)!

Volunteers - especially developers - are always very welcome. Feel free to contact us, through IRC online chat (https://freenetproject.org/irc.html), the mailing lists (https://freenetproject.org/lists.html), or on Freenet itself in the "freenet" board on FMS.

For press enquiries please contact Ian Clarke ([email protected]).

Just read this (https://freenetproject.org/news.html). Another real world example of why TOR is a bad idea:

Really? But the other half of TORnet works still? And what is alternative? Maybe having such signature on all posts: My name is (real name and address). I am a state enemy. Arrest me, please!"?

I've recently become very paranoid about my internet activites, and I'm wondering what steps I could take toward making myself more secure and private.

Any advice is helpful.

Smash the state;)1

Really? But the other half of TORnet works still? And what is alternative? Maybe having such signature on all posts: My name is (real name and address). I am a state enemy. Arrest me, please!"?
Maybe you missed the, rather large, citation from the Freenet project. But yes, Freenet is a structurally better alternative.

tor can be risky. turn off java-script and make more effort to encrypt your data. you wont be truly secure online unless you have an extensive knowledge of security.

in fairness, there isn't much reason to be truly worried unless u distribute child porn or something, or if you're involved in other scummy activity like human trafficking etc.

also, beware that many of the nodes on the tor network are run by the cia/fbi - they operate many 'honeypots', so i've read.

tor can be risky. turn off java-script and make more effort to encrypt your data.

Everything can be risky, if used improperly. Freenet can have nodes used by special forces too. But using such software as freenet or TOR the risk of being charged by court is very low. I haven't heard about a one case someone who was sentenced for any crime when TOR was used.

also, beware that many of the nodes on the tor network are run by the cia/fbi - they operate many 'honeypots', so i've read.
Actually, the fundamental problem with TOR is its connection with the www: Tor has three types of nodes, one of which are gateways that direct you from the TOR network to the www. This allows you to be anonymous at x, y or z website. However, by far most of these gateway nodes are run by security agencies and they make an active effort to shut down other third party gateways.

The press release I quoted anove points to another problem with TOR, which is shared with I2P, which is that sites are run in the classic server-browser model. This makes servers liable for a raid by the authorities and plant honeypots on it.

Freenet in contrast doesn't have either of these problems: It doesn't connect to the www and there is no server-client model as every Freenet node dedicates a specific amount of harddrive space to Freenet, so Freenet "sites" are shared and mirrored across the network. There is no center.

That said, Freenet has its own vulnerabilities, which are mostly solved by creating your own darknet (that is, a friend-to-friend connection), see again the press release quoted above for more details.

Everything can be risky, if used improperly. Freenet can have nodes used by special forces too. But using such software as freenet or TOR the risk of being charged by court is very low. I haven't heard about a one case someone who was sentenced for any crime when TOR was used.
someone was just convicted in ireland due to being caught because of a firefox bug. this was the owner of freedom hosting who, to be fair, hosted a lot of highprofile sites for pedos and other undesirables and he had an extensive collection of child porn when they caught him, but this was somebody who was very well 'hidden' for many years, repeatedly refusing to take down sites in the face of both the authorities and internet activists who objected to his position. he was caught because of a tiny bug in firefox, which could get anybody. if you couple this threat to anonymity with the fact that various government honeypots exist, a curious user could've had all of their available details (which leaked out due to the bug) on an fbi watchlist, merely as a result of accidentally clicking the wrong thing.

there have been other cases and this one is extreme but the point is that these softwares aren't as safe as many people think they are - there are a lot of misconceptions regarding internet security. people should be even more weary now, given that most governments are trying as best they can to reduce the potential anonymity that the internet can provide people.

either way, i don't think that most people on revleft have a real need to protect themselves in such extreme ways. i've used tor a few times for silk road but after research, i found that its probably more dangerous to be fairly uninformed about internet security and use tor to try and hide myself than to just use the web as i usually do, innocently. there is more risk of accidentally clicking the wrong thing and, through a bug (or malicious code, etc etc), stumbling upon a government node and having whatever details i hadn't covered end up on a serious watchlist.

this is the qualitative difference between being seen on the web and being seen on the deepweb. average web users don't have the know how required to truly cover themselves but, due to their lack of security knowledge, can easily end up at the mercy of all kinds of people on the deepweb (not just government people, either).

i guess the idea is that, without proper security, a person can be more open to exploits on the deepweb than they would be when surfing 'normally'.

he was caught because of a tiny bug in firefox, which could get anybody.

If you mean bug as in glitch...no, he was caught by a code inserted by law enforcement that could track the location of a user. It had apparently been there for awhile and was used to monitor people. If I'm not mistaken, TOR advertises itself as being developed by the US military - why would anyone think it's secure?
I also would have been surprised if he hadn't had an extensive collection of child porn when he was caught. Were talking about the FBI here.

The Java script that nailed that dude was in Tor's Firefox browser bundle, not in Tor itself...plus it was only a factor in older versions of the software, the bug had been fixed since July 2013, IIRC.

It was also only targeted at users w/ a Windows operating system.

Merely using Tor in the USA can and does sometimes draw the attention of security agencies, though.

Because what could you possibly have to hide in the "land of the free", right

face to face conversations with people who you trust in non public locations without the presence of your own or other phones or computers, it is that simple

Merely using Tor in the USA can and does sometimes draw the attention of security agencies, though.



Not only in the USA. In Germany and Poland, there were (and propably are) attempts to make a trojan horse that had to be spread by iliegal software to omit Tor IP masking. Certainly it makes Freenet vulnarable too.


someone was just convicted in ireland due to being caught because of a firefox bug.

Exactly. By Firefox bug. Besides he was jailed after there was found iliegal content on his computers. And this is important issue. In the most countries of the world IP (regardless obtained legally o ilegally) isn't ultimate evidence. And if you get caught by IP and nothing else state services have against you, don't ever admit any wrong doing. IP records is text saved records on computer that can be easily forged. And it is widely used argumemt in courts. And I don't know any case when anyone would have been sentenced, when only evidence was IP record in logs and acccused one didn't admit any wrong doing.

Then if you wil have bad luck to be prosecuted, don't admit anything when they say that they have your IP. Just say that is mistake and deny anything bad. If they fing anything on your computer, you are lost.

the point is that these glitches can potentially expose users though, and my main point is that the average internet user is probably putting themselves in more danger by using tor than they would be by using the web normally, due to a lack of security knowledge.

blackhats work tirelessly to find exploits in all softwares, tor isn't always 'safe' and people should be very cautious when using it. i wouldn't suggest that people use it arbitrarily to cover themselves unless they have a good level of security knowledge. that's my only point, the ins and outs of these actual systems are the reason i don't think they're a good idea unless you truly need to hide yourself and have the relevant knowledge to do so effectively, because these ins and outs are complicated and way above the lay-users knowledge.

The past couple days have been kind of brutal, I think privacy is a total pipe dream at this point. Its one thing to side step advertisers and other private entities who want your data, but the state is a completely different animal. If you're worried about what you're doing online coming back to haunt you, then put a stop to it immediately because you're probably not paranoid enough. What a clever trap we've all been lured into

The past couple days have been kind of brutal, I think privacy is a total pipe dream at this point. Its one thing to side step advertisers and other private entities who want your data, but the state is a completely different animal. If you're worried about what you're doing online coming back to haunt you, then put a stop to it immediately because you're probably not paranoid enough. What a clever trap we've all been lured into

I don't know, I think that the idea of the state as a super-efficient and all-seeing panopticon entity is kind of disempowering and inaccurate. It hasn't gotten to that point yet, if it ever will. As an article recently reminded me, the national security apparatus was unable to prevent the "underwear bomber" from boarding a airplane after that dude's father explicitely warned authorities that his son was planning to blow up a plane. More recently the authorities failed to prevent the marathon bombing from happening, simply because even though one of the bombers was on their radar, they were spying on so many people that he slipped through the cracks.

Strong encryption is still a pretty good way to keep private data private. At least according to Snowden, anyway.

But really at the present date I'd only be seriously concerned if you're 1) a child porn aficionado, or 2) you're promoting fun "summer camps" in Yemen and Somalia.

Your last sentence is probably correct for now, their active surveillance obviously isn't that great yet. The threat this data collection poses exists in the future. Take a look at http://wearedata.watchdogs.com/ this is something that was created for a videogame, it's a superficial ad prop, but this was probably created by a team of low paid temporary workers using limited tools and data. Imagine what you could do with all the fucking data you could want, the most talented coders on the planet and an endless hardware budget. You could recreate a day or a month or a year and just watch it unfold, keeping track of each little piece of info that seems useful for you at the time, and in case you missed something you could always come back for it later. This isn't a joke or a little example of government overreach that can be combated by a small security obsessed subculture, this is some truly fucking dangerous shit. No one should be permitted to have this kind of power.

I don't know, I think that the idea of the state as a super-efficient and all-seeing panopticon entity is kind of disempowering and inaccurate. It hasn't gotten to that point yet, if it ever will. As an article recently reminded me, the national security apparatus was unable to prevent the "underwear bomber" from boarding a airplane after that dude's father explicitely warned authorities that his son was planning to blow up a plane. More recently the authorities failed to prevent the marathon bombing from happening, simply because even though one of the bombers was on their radar, they were spying on so many people that he slipped through the cracks.

I am sure there is human error and flaws in the security apparatus but that is not an excuse to utilize the internet or telecommunications for sensitive stuff. It is a completely avoidable thing.




Strong encryption is still a pretty good way to keep private data private. At least according to Snowden, anyway.

But really at the present date I'd only be seriously concerned if you're

engaging in actions against the state

Your last sentence is probably correct for now, their active surveillance obviously isn't that great yet. The threat this data collection poses exists in the future. Take a look at http://wearedata.watchdogs.com/ this is something that was created for a videogame, it's a superficial ad prop, but this was probably created by a team of low paid temporary workers using limited tools and data. Imagine what you could do with all the fucking data you could want, the most talented coders on the planet and an endless hardware budget. You could recreate a day or a month or a year and just watch it unfold, keeping track of each little piece of info that seems useful for you at the time, and in case you missed something you could always come back for it later. This isn't a joke or a little example of government overreach that can be combated by a small security obsessed subculture, this is some truly fucking dangerous shit. No one should be permitted to have this kind of power.

For some reason I couldn't load that page, my internet connection is crappy, but is it a video game trailer? I looked up "we are data" on Youtube and got a video game trailer, and managed to watch that. Seems like an interesting game I guess.

Anyway, I agree that massive data accumulation is troubling. But I also am wary of giving too much power to the idea of the omnipresent, impervious survelliance state, because they have to deal with their own violations of "privacy", as recent weeks have shown. Supposedly they've responded to this with a new strategy:


We can see this in the way the national security state has responded to leaks, first by US Army PFC Bradley Manning and now by former NSA contractor Edward Snowden. Hugh Gusterton, in Bulletin of the Atomic Scientists (“Not All Secrets are Alike,” (http://www.thebulletin.org/not-all-secrets-are-alike) July 23), notes that the government is taking measures to avoid future such leaks by “segmenting access to information so that individual analysts cannot avail themselves of so much, and by giving fewer security clearances, especially to employees of contractors.”

This approach is doomed. “Segmentation of access runs counter to the whole point of the latest intelligence strategy, which is fusion of data from disparate sources. The more Balkanized the data, the less effective the intelligence. And … intelligence agencies are collecting so much information that they have to hire vast numbers of new employees, many of whom cannot be adequately vetted.”

(link (http://c4ss.org/content/20717))

Maybe technology will get so good in the future that the state will get everything on "lock down", I don't know. I really do dislike "defeatist" attitudes with regard to certain subjects, though, like articles in which people just get on and complain about how the left is doomed. If that's the case then why even bother, and esp. why bother with commenting on stories just to say "WE'RE FUCKED!" I'm not saying that's what you're doing, it's just a general comment. I'd like to see people post things that help in fighting against what's destroying us.

No it's not a trailer, its actually kind of impressive to play with. they've basically collected data from several sections of large cities and displayed it on an interactive map. Basically you can see where particular tweets were sent from, view specific cell networks, cctvs, etc. It's dumbed down because like I said its for a video game, but if they had the right data and the means to put it together correctly, it means they can rewind and watch huge amounts of human communication and interaction unfold in real time. The possibility of them using it to track down dissidents is only a small issue compared to how they'll use this kind of information to further predict and control the global population.

the point is that these glitches can potentially expose users though, and my main point is that the average internet user is probably putting themselves in more danger by using tor than they would be by using the web normally, due to a lack of security knowledge.


Well, if the average internet user is using TOR for buying things by credit cards, it is probably true. But if the average internet user is using TOR to surf on websites that are not acceptable for ruling elites, it is more securing him. It makes harder for authorities to indentify him.
But for the forum activity a VPN will be enough for anonimity unless a forum user will organise terrorists attacks...

Besides I'd like to ask what do you think about the Proxifier and Tor as SOCKS5 conection of TOR. What is possibility for compromising of that solution?

... and my main point is that the average internet user is probably putting themselves in more danger by using tor than they would be by using the web normally, due to a lack of security knowledge.

... i don't think they're a good idea unless you truly need to hide yourself and have the relevant knowledge to do so effectively, because these ins and outs are complicated and way above the lay-users knowledge.


But really at the present date I'd only be seriously concerned if you're 1) a child porn aficionado, or 2) you're promoting fun "summer camps" in Yemen and Somalia.
I think we should reverse this logic: Using strong encryption and darknets should become "common sense". It should be frowned upon to use the unsafe methods of old.

For that to happen though, I agree that we need far more easy to use systems. Websites like Prism break (https://prism-break.org/) and of course the Electronic Frontier Foundation (https://www.eff.org) are helpful, but ultimately we need far more security integrated software and hardware like Plug/Lima (http://www.kickstarter.com/projects/cloud-guys/plug-the-brain-of-your-devices), that makes using clouds obsolete.

But the logic of "ah, let's not bother with it, it'll only attract unnecessary attention anyway" is straight out dangerous, plain and simple.

i agree with you, but for that to be the norm, internet security needs to become a part of common knowledge. the fact that it isn't is what makes me suggest that casual surfers are careful when lurking in the deepweb etc.

ideally, everyone should know how to protect themselves but they don't. perhaps the big movers and shakers behind software like tor should make education a part of their effort, as well as providing a good and just service.

the tutorial someone posted in this thread is a good start i'd say. i just think people need to be fairly savvy before using things like tor as there are a lot of opportunists on there who seek out curious browsers. finding naive people online is very lucrative.

[LaborTech] Does US have the rights to all your Google & FB data?


Does US have the rights to all your Google & FB data?
cio.economictimes.indiatimes.com

Does US have the rights to all your Google & FB data? - ET CIO

If Magistrate Thomas Rueter's ruling stands, anyone using US-based internet companies will have to live with the knowledge that, as far as the US government is concerned, it's America wherever they operate.

By Leonid Bershidsky

BERLIN: A Philadelphia court has made the unfortunate decision to reopen the legal debate on whether the US has the right to access emails stored on foreign servers if they belong to US companies.

If Magistrate Thomas Rueter's ruling stands, anyone using US-based internet companies will have to live with the knowledge that, as far as the US government is concerned, it's America wherever they operate. That's a dangerous approach that hurts the international expansion of US tech companies. Privacy-minded customers in Europe are already suspicious of the US government's cooperation with the tech giants, revealed by National Security Agency leaker Edward Snowden. Nationalist politicians in some countries want to ban cross-border personal data transfers.

Last July, Microsoft won a landmark case against the US government, in which it argued it didn't have to hand over e-mails stored on a server in Dublin to investigators working on a drug case. The US Court of Appeals for the Second Circuit agreed with the corporation, ruling that the US Congress never meant the Stored Communications Act to apply extra-territorially. Just two weeks ago, the court allowed the ruling to stand. US internet companies have assumed that if communications are stored abroad, they are out of the US authorities' reach.

Acting on that understanding, Google refused to disclose two users' data to the Federal Bureau of Investigation, and the FBI went to court in Philadelphia. Unlike Microsoft, Google doesn't even know the physical location of a file: its artificial intelligence-based system constantly optimises storage,.

Judge Rueter refused to be bound by the Microsoft precedent. In his ruling, he said,"When Google produces the electronic data in accordance with the search warrants and the Government views it, the actual invasion of the account holders' privacy -the searches -will occur in the United States."

Within that logic, any information, public or private, that the US government can locate using computers on US territory is fair game.And if the logic applies, the European Union wasted its time last year as it tried to establish an acceptable privacy standard for US companies operating in Europe.

A new framework for these companies became necessary after the European Court of Justice struck down the EU's so-called safe harbour agreement with the US, which allowed internet companies to shuttle personal data back and forth between the two jurisdictions based on an understanding that the US provided adequate protection for users' privacy.

The so-called Privacy Shield is still pretty permissive, allowing companies to self-certify their commitment to user privacy, but it simplifies redress and gives European data privacy authorities more power over cross-border communication. If, however, the US decides that it can just take the data from foreign servers, the new agreement will be rendered meaningless. For US companies, this will mean a need to invent new private arrangements.

It appointed Deutsche Telekom “data trustee“ for two data centres in Germany, making it impossible for anyone to obtain any information from the servers without the permission of the trustee and, ultimately, the client. Such tricks, however, may not stand up in US courts, if other judges agree with Rueter. The US Supreme Court will probably have to take a stand on the issue.

Waiting for a decision, millions of foreigners must decide whether to cut their losses in this front of the online privacy wars: It may no longer be OK to expose their lives to US corporations.

--
You received this message because you are subscribed to the Google Groups "LaborTech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]
To post to this group, send email to [email protected]
Visit this group at https://groups.google.com/group/labortech.
For more options, visit https://groups.google.com/d/optout.