You can’t stop the NSA from tracking you, but you can make it harder

[Batu69]

What can regular people do to stop NSA spying? That’s the big question in the wake of the NSA surveillance news that’s shaken the nation.

Unfortunately, it doesn’t have a simple answer. There’s no way to block NSA surveillance completely. Even if you rebelled against technology, ditched your mobile phone, and avoided using heavily-tracked web services like Facebook and Google, you’d still be on surveillance cameras that capture your face, license plate scanners, and credit databases, among other things.

But let’s not get pessimistic. There are tools you can use to make it harder for others to track you. They won’t eliminate your footprint, but they’ll blur the picture of you that emerges through your data. Read on to learn about them.

Let’s start with a little context. It’s important to remember that almost all surveillance starts with private companies. Apple, AT&T, Microsoft, Google, Verizon…companies like these mine your data for commercial reasons, but they end up having to give it up to law enforcement when asked. Staying more private means keeping your data out of the hands of the private companies that feed the government.

Once the private sector collects personal data, three main things can happen to it. You might not care about all three, but you’ll probably care about one:

1. It’s lost in a data breach. Look at the LivingSocial breach as an example: 50 million people’s names, emails, birthdates, and encrypted passwords gone in one hack.

2. The company misuses it in a way you didn’t expect or intend, that violates your privacy, or that makes you uncomfortable. Facebook is a champion of this kind of misuse by constantly changing its privacy policies and eroding default protections.

3. The government may use it. Enter PRISM and the NSA.

Whether you’re concerned with 1, 2, or 3, the results are the same and the solution for consumers is the same: use tools and best practices to avoid private companies from ever getting your data in the first place. Privacy laws certainly need an overhaul, but regulation isn’t an immediate solution for the everyday Internet user.

Tools to help you go private

For more in-depth guides, we recommend the Electronic Frontier Foundation’s Surveillance Self Defense site and Prism-Break.org.

Also note that 1), some of these tools are kind of complicated if you aren’t tech savvy; and 2), many require 2-way encryption to work (so both you and the person you’re communicating with would have to have it installed).

A good starting place if you’re a Firefox user is our collection of simple-to-use privacy add-ons.

Here are some of our favorite tools that you can try:

Internet Service Provider (ISP): Sonic
Wireless provider: Cricket
Encrypt an email account you already have: Thunderbird with Enigmail; Mac Mail with GPGTools; Outlook with GPG4Win
Private email clients: Unspyable, Countermail, or Shazzle
Search engines: Ixquick and DuckDuckGo
Mobile calls: RedPhone, Silent Circle
Android proxy: Orbot
iOS proxy: FoxyProxy (configure it as a proxy, not a VPN)
Mobile photos: ObscuraCam
Text messaging: TextSecure
Online tracker blocking: our very own DNTMe
Web-based chatting: Adium with OTR, Cryptocat
Mobile chatting: ChatSecure (iOS)Virtual private networks (VPNs): iVPN, Private Wifi
Hard drive encryption: TrueCrypt
Web browser: Tor Browser (and Mozilla’s Firefox is the best major browser on privacy)
Mobile browser: Onion Browser (iOS), Orweb (Android)

There’s an emerging consumer privacy movement built around the premise of giving regular web users (regardless of tech-savvy) the power to limit the personal info collected about them, so expect the usability and availability of privacy tools to skyrocket soon. For example, if you’re a user of our stuff, then you probably know that we have a tool in the works that will help mask your contact information. We’re actually optimistic that people will have more privacy 5 years from now than they do today.

Mindsets to help you go private

Adopt the mindset of only giving out the personal data that you absolutely must—for example, at checkout or when signing up for an online account—to significantly reduce your digital footprint. Avoid companies that don’t respect your privacy. Just as one bad actor can induce a privacy scare, one good actor – like Edward Snowden, or you – can take the necessary steps to reduce your exposure and strengthen your sense of privacy. Please spread the word to the people you know that privacy invasions are a big deal. And realize that powerful web services like Facebook offer zero protection.

Most of the recent stories about big data collection and breaches have a central theme: the little guy matters and can do something. Whether that individual is a Facebook user who refuses to give the site her real name, an NSA whistleblower who tells the world when it’s being watched, or a person using a tool to block companies from tracking him online, each person has the power to move privacy forward or diminish it.

You should be concerned about the lack of privacy today, but not pessimistic. You already have tools and services that give you a say in the matter, and the best is yet to come.

Credit to

[straycat19]

I have a guaranteed way to stop anyone from spying on you. Put your cell phone on the floor and jump up and down on it till it is dust. If you have a wired phone, yank it out of the wall. Remove your modem/router and smash it with a hammer. Unplug your computer and take it to a deep lake and throw it in. Go to the doctor and have your tongue removed. Cover all your windows with heavy black cloth. Don't ever go outside. You are now safe from being spied on.

[humble3d]

I have a guaranteed way to stop anyone from spying on you. Put your cell phone on the floor and jump up and down on it till it is dust. If you have a wired phone, yank it out of the wall. Remove your modem/router and smash it with a hammer. Unplug your computer and take it to a deep lake and throw it in. Go to the doctor and have your tongue removed. Cover all your windows with heavy black cloth. Don't ever go outside. You are now safe from being spied on.

Sorry, you forgot a few ways they will continue

to track or watch you... it's their nature...

:(

[Sylence]

I have a guaranteed way to stop anyone from spying on you. Put your cell phone on the floor and jump up and down on it till it is dust. If you have a wired phone, yank it out of the wall. Remove your modem/router and smash it with a hammer. Unplug your computer and take it to a deep lake and throw it in. Go to the doctor and have your tongue removed. Cover all your windows with heavy black cloth. Don't ever go outside. You are now safe from being spied on.

You mean something like this?

[SURbit]

Expositionsprophylaxe great OP and write up ! Thought I share my set-up and other information some might find interesting.

My Projects for a Cold Winters Day:
Harden Windows 8 for Security - http://ttp://hardenwindows8forsecurity.com/index.html

Harden Windows 10 for Security - http://hardenwindows10forsecurity.com/

WHAT IS SPIDEY?
SPIDEY is an app that helps you identify whether someone is attempting to monitor your cell phone location or activity. The app detects fake cell phone towers (called IMSI-catchers) and informs you if there’s a potential threat to your cell phone privacy. IMSI-catchers mimic real cell phone towers, acting as a middleman between mobile phones and cell companies, allowing adversaries to receive potentially private information from you mobile phone and to identify you and your location.

While the app doesn’t provide a method for stopping this surveillance activity, it alerts you to potential anomalies in your cell
networks, and gives you practical tips about what to do if you think someone is trying to spy on your phone. https://github.com/jtwarren/spidey

Blur brings you the ultimate online privacy solution by allowing you to create temporary, masked email addresses, credit card numbers, and phone numbers so you’ll never have to give your personal data to online merchants again.
You won’t just be keeping your data safe from hackers, but avoiding that dreaded, inbox-clogging spam.
Also a password manager for desktop and mobile devices, Blur is a powerful, full-service information protector.
stacksocial has it listed on a commerce page with "Coming Soon" I seen this code " BLURSPECIAL " from c\net news Takes $6.- off that then links you to stacksocial which has a faded "Sold Out" click on bar, with coming soon above it. Seems this was May2015 offer.
PCmag has a review - http://www.pcmag.com/article2/0,2817,2473654,00.asp

{NOTE page 3 of the review "What About Your Privacy" and "Blurring the Lines".}

USING NOW:
I bought Privatoria and use it / somewhat slow as all VPN's reduce your speed, I'm tethering PC off phone for Internet.

Your secure and confidential internet:8-in-1 Security Solution!
Anonymous surfing through Secure VPN, Proxy, Secure communications with Secure Chat, Voice and Video calls,
Anonymous E-mail and Secure Data Transfer.
https://privatoria.net/

1 Month 3,9 - month // 12 Months one off payment of $22,8 // 2 day trial - "7 day Bonus" Rate Privatoria's services - https://privatoria.net/survey/

Privatoria Personal VPN & Tor:3-Yr Subscription $39.-
[says 6 in 1 /as long as you get a subscription you get all services of the 8 in 1 as I have]
**at the time I bought it was a 2yrs deal from another site and said 6/1 also.

All these sites say Ending In: 5 days and show the popup 10% discount
A popup will show - 10% your first purchase when you subscribe to receive email updates
https://deals.iphoneincanada.ca/sales/three-years-of-privatoria-personal
https://deals.thenextweb.com/sales/three-years-of-privatoria-personal?utm_source=thenextweb.com&utm_medium=referral&utm_campaign=privatoria230515
https://deals.thewindowsclub.com/sales/three-years-of-privatoria-personal
https://deals.cultofandroid.com/sales/three-years-of-privatoria-personal

I use Adguard both on Phone and PC, and can tell you it has made a difference of websites and then Ymail alone has no ad's.
AG is install-and-forget program / also offers an assistant as a shield button on/within every website you visit.

This is hardly spoke of in reviews - once clicked on opens a popup window to 6 option to use which I've used the "Block element" more than the rest, you know those small windows that chase you for something as simple as email sign-up, will you can get rid of it and it writes a rule automatically for you next time you visit and you can go advances in the B E Rule Parameters and set it as a Rule for all websites you visit.

AG then reloads the window with the Rule enforced - really cool, but that's only one of the 6 there is 1 more complex Add Exception, then 4 simpler actions.

On phone AG with the help of Firewall, Adguard can manage apps access to the Internet, as well as their filtering.
AG is able to block ALL kinds of ads, not only in browsers but also in games and apps.
https://adguard.com/en/adguard-android/overview.html

I use KIS 2016 for PC firewall/antiVirus and block all traffic except for 21 programs that need to make contact with the Internet.

My privacy or important programs on PC:

Maxa Cookie Manager Pro - Lifetime License - Cool program to rid cookies, I've set it for 15min. to rid all cookies.
SoftEther for Privatoria VPN use.
VPNCheck Pro to Close programs or network when VPN crash, Notification when VPN is offline, DNS leak fix, Computer ID protection.
PDANet+ for USB tether to T-M network
R-Wipe and Clean for browser closing of any programs and privacy, then full clean at PC shut down.
PrivaZer-Portable once weekly clean just for safe measures and catch what R-W&C may have missed.
RoboForm password manager.
KeyScrambler for online forms.

Still looking to do more, so I be reading most all posts in this thread.

You know that there post somewhere on the Web that tells of a loophole how to get lifetime license of Adguard for under $10.00.

It still works I bought a second LT License a week ago with it, AG Lic. can be used on a phone and PC. So 1 Lic. covers 2 devices.

You have to use another Country currency, I did and used PayPal - Results under $10.- USD

[SURbit]

Fox Web Security add-on for Firefox

Fox Web Security is a neglected add-on for the Firefox web browser that blocks or allows connections to websites based on blocklist information of the three DNS providers Yandex, OpenDNS and Norton ConnectSafe.

There are plenty of security solutions out there for the Firefox web browser to improve the default state of the browser in this regard.

Fox Web Security takes a different approach than most as it uses the DNS system to allow or block connections.

Technically, it checks domain names that the browser connects to against all three DNS database. This is the first request Firefox makes when you connect to domains with the add-on installed, and it will block access to the domain or third-party connections on a site if they are blacklisted by one of the services.

See the rest of article here- http://www.ghacks.net/2015/11/12/fox-web-security-add-on-for-firefox/

[SURbit]

Cross-Device Tracking: a privacy invasive tracking method

Marketing companies are always on the lookout for new methods to track user activity on the Internet. These information are used to display targeted advertisement to users which have a better return than less-targeted ads.

The more a company knows about a user, the higher the return and that is the main reason why companies step up the tracking game despite public outcry about it and the rise of ad-blockers.

In fact, tracking is one of the core reasons -- the other is invasive ads -- that users install ad-blockers on their devices.

Cross-Device Tracking is yet another ingenious method to track users. As the name suggests, it has the capability to track users across devices. This is done by using high-frequency sounds that are inaudible to the human ear.

The method links devices such as web browsers, mobile devices or TVs through the use of these sounds and browser cookies resulting in a combined tracking profile of the user across devices instead of just individual devices.

The technique allows companies to track users even more, as they know for instance for how long TV ads are watched.

SilverPush, one of the companies that uses cross-device tracking, monitors 18 million smartphones already as of April 2015.

For those who are tracked, it is nearly impossible to tell if they are. These companies don't offer opt-outs and there is no software available that blocks the transmission of high-frequency audio signals. Furthermore, it is unclear which apps, ads or companies make use of the technology. The technique is limited by distance first and foremost.

It seems as well that only apps are used currently to pick up these audio signals, and that ads on the PC and TVs are merely used to push out these signals.

The CDT letter of SilverPush revealed some information, including that the company's software is used on 67 apps, and that "more than a dozen marketing companies" use cross-device tracking.

One recourse that users have is to limit microphone access on their mobile devices. The main issue here is that this is not available by default on many devices. While there are apps available that block the microphone altogether, they may cause usability issues as the microphone needs to be enabled for phone calls for instance.

It is interesting to note that Cross-Device Tracking resembles badBios, a malware discovered in 2013 that uses inaudible sounds to bridge air-gapped computer systems. (via Ars Technica)

By Martin Brinkmann on November 14, 2015

http://www.ghacks.net/2015/11/14/cross-device-tracking-a-privacy-invasive-tracking-method/

[Chancer]

In the wake of the latest set of terrorist actions, Paris, perhaps we need to take a different direction.

Let our governments see our transmissions - then they may be better able to root out those who plan acts of terror and stop them?

I know its an invasion of personal liberty - but perhaps its better than being bombed and killed or maimed?

[SURbit]

In the wake of the latest set of terrorist actions, Paris, perhaps we need to take a different direction.

Let our governments see our transmissions - then they may be better able to root out those who plan acts of terror and stop them?

I know its an invasion of personal liberty - but perhaps its better than being bombed and killed or maimed?

LET THEM WITHOUT SIN CAST THE FIRST STONE...

If you give up the freedom you have now, then when newly elected officials come to power and want more and then more,

your no more than a servant to those governments. Your life and values are not your own, you are not free.

Generations of good men have fought to give you your freedom, all of it, so never give away one speck of it.

If you see a bad thing and you can do something to stop it - then do. If you want a strong government to protect you then

vote those people to power. Transparency is for governments who take our money in one form or another, it's not a thing

for the society under that government to be transparent. The region where these animals operate need to step up and be the

defenders of all mankind against this kind of brutality.

With the advancement of technology we all are less engaged with own families and neighborhoods, this is what allows these

cells into our lands to do bad things, so this is where improvement needs to start not governments but - each individual, family

neighborhood, town, city all the way up to it's nation. Let freedom reign brother/sister. Not our governments of our civil liberties.

[SURbit]

Opt out of global data surveillance programs like PRISM, XKeyscore and Tempora.

Help make mass surveillance of entire populations uneconomical! We all have a right to privacy, which you can exercise today by encrypting your communications and ending your reliance on proprietary services.

Link: https://prism-break.org/en/

DISCLAIMER: Using the recommended projects on this site will not guarantee that 100% of your communications will be shielded against surveillance states. Please do your own research before trusting these projects with sensitive information.

Lots of Information reviled by clicking on the TAB's - It's like everything 101 coverage !

[SURbit]

How To Make VPNs Even More Secure

Link: https://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/

[SURbit]

5 Cybersecurity Truths to Know Now

. Common security failures have enabled cyberattacks to cause significant damage to businesses.

These failures include:

• Weak security hygiene. At the heart of many of the largest breaches are phishing attacks that capture user login information or enable malware installation. Many attacks succeed because default passwords have not been changed, patches have not been installed, accounts have excess privileges or system configurations are left in wide open, insecure states
• Insufficient Data Protection. The ultimate goal of most malicious actors is to obtain sensitive user information or critical data. Encrypting stored data is one of the most effective ways of thwarting such attacks. Encrypting data at all stages, at rest, in motion and in use is the best way to prevent critical data from being compromised. But it must be done -- securely, efficiently and effectively.

2. Attack vectors continue to shift.

Cyber criminals are increasingly better able to avoid detection, more selective about whom they target for attack and better at using counterfeit encryption keys and certificates. They create attacks that will go unnoticed by signature-based malware and intrusion-detection systems and use a variety of communication paths and techniques to avoid detection by DLP technology.

Attackers also zero in on specific data at specific organizations in specific fields. Increasingly, they zero in on people who have access to sensitive data: top-level directors and IT administrators. And, as mentioned above, they are upping their use of counterfeit encryption keys and certificates. A real-life example is Google’s discovery in 2014 that the National Informatics Centre of the Indian government had been issuing counterfeit keys being used in counterfeit websites. This discovery caused the NIC to cease its certificate issuing operations.

3. Private key extraction is a real threat.

Public-key algorithms are used for key exchange and transport encryption in a number of critical Internet protocols in use in high-value applications. The most common example is Secure Sockets Layer, which is the most widely used transport encryption on the Web. For the last eight years, though, attackers have been able to inspect server-side RAM and extract private keys by using randomization detection techniques. This attack has succeeded against a number of protocols:

• PKI certificate authorities
• Secure DNS servers
• VPN servers
• SSL servers
• SSH servers

To stop these attacks, the use of secure execution space for encryption is required.

If a trusted execution environment is available and has enough capacity, other sensitive applications and algorithms can be run in the highly secure TEE space. Examples include digital watermarking and digital currency (e.g. Bitcoin) processing.

4. Cyber criminals’ focus is now primarily data theft…

… where previously it was aimed at disrupting service or vandalism. This caused a corresponding shift to data protection. Common forms of data protection include transport encryption and persistent data encryption. For transport encryption, Secure Sockets Layer and Transport Layer Security are often used to safeguard sensitive data in motion over internal and external networks.

However, SSL/TLS do have vulnerabilities, leading to key and certification generation and validation occurring on vulnerable servers. By compromising software-only-based SSL server environments, attackers can compromise high volumes of user sessions with a single attack.

In terms of persistent data encryption, encrypting stored data can provide an exceptional level of protection against data breaches. However, if a server operating system is compromised, or if encryption and key management are not performed securely, data can be compromised.

5. High-security environments need trusted storage...

... and TEEs completely separate from IT operations and system administration. Diverse computing environments and performance issues – along with advanced threat vectors – have also driven the development and deployment of hardware security modules, trusted hardware appliances for running mission-critical security applications.

In the same way that firewalls are used to provide network security outside of the operational network, HSMs have evolved to provide trusted storage and execution for high-security applications. HSMs are purpose-built, highly secure appliances or stand-alone processors that implement trusted storage and encryption functions and can also include a TEE.

HSMs are typically used in encryption applications, for secure key generation, trusted encryption/decryption and secure certificate operations in certificate authorities used to generate and manage public-key certificates. For these reasons, many HSMs also include dedicated cryptographic processors that implement standards-compliant cryptographic algorithms and provide performance acceleration.

From Knowledge to Action

As technology evolves, so do attack methods. Common security mistakes like ineffective encryption and poor network hygiene have opened the door to successful attacks and emboldened attackers. They have gotten better at avoiding detection, targeting just the right people and counterfeiting or extracting private keys. Not even data encryption is foolproof.

For National Cybersecurity Awareness Month, we are looking ahead to see how organizations can best protect sensitive information assets well into the future. The current cybersecurity environment makes it clear that for high-value applications and processes hardware-based security is critical. To secure critical digital assets against today’s sophisticated onslaught of attacks, federal agencies must deploy a trusted system wholly removed from the operational network.

Link Credit: http://www.nextgov.com/technology-news/tech-insider/2015/10/5-cybersecurity-truths-know-now/123227/

[SURbit]

Anonymous P2P inside browsers

You only need your browser

No installation - No plugins

Easy to use / Safe and Secure

LINK:http://www.peersm.com/

Encrypted and untrackable - Stream, Download, exchange private data

The image is often used to describe the problem:

It's still valid today:

you can not easily exchange information without using a third party that might do something with it without your permission.

But that's not the only issue, most of existing systems do not protect you from being tracked and spied and do not protect your privacy, the systems that allow it are usually not easy to use.

[SURbit]

Bill To End Warrantless Stingray Use Proposed

by Stan Ward

With the recent disclosure about the IRS possessing Stingray technology fresh in people’s minds, a recent initiative by US Republican CongressmanJason Chaffetz is being hailed by the privacy community as a welcome first step in the fight for private, personal communication freedom.

The need for legislation, now that the IRS has become the thirteenth federal agency to acquire the sophisticated Stingray technology has never been greater, if ’’mission-creep” and its proliferation, is to be checked. Because the measure has been introduced by the Utah Congressman, a Republican, and Chairman of the House Governmental Oversight Committee, there is a likelihood of broad support, and possible passage. As you are probably aware by now, Stingrays, also known as known as “cell-site simulators”, work by pretending to be a cell phone tower in order to strip data and metadata from any phones that connect to them.

Chaffetz correctly characterized the recent revelations about the IRS insinuating itself into the Stingray pantheon as alarming,

“When you find out the IRS, and potentially others are using this tech – whoa! That’s a bridge too far. If they have [probable] cause, go get a warrant. But if you’re just on a surfing expedition, back off.”

Since nobody can ascertain what the heck the IRS is doing is going to do with the devices, the Congressman’s words ring true. It is at least heartening to hear the IRS Commissioner, John Koskinen, acknowledge that the organization is aware that it must obtain a warrant for Stingray use before employing them. If only the other agencies, and local police, were as enlightened!

Chaffetz’s initiative is called the Stingray Privacy Act or Cell-Site Simulator Privacy Act, which makes use of these devices without a warrant punishable by a fine or up to 10 years incarceration, is necessary because technology is leapfrogging other elements of society. Law enforcement has tried to keep apace, but is lagging. Yet this is no reason for reverting to regressive measures such as secretive surveillance devices. Worse even, is the lengths to which law enforcement has gone to protect its furtive franchise, as has been witnessed in the tossing out of court cases rather than reveal details about the Stingray’s technology.

The Senate Judiciary committee is also holding an inquiry into their use, and in the Senate Finance committee, Ron Wyden of Oregon , a kindred privacy spirit, also asked Koskinen of the IRS for details about the agency’s use of Stingrays. In response, Koskinen reiterated that it requires a court order for their use, without specifying how it plans to employ the devices. That is a bit troubling to civil libertarians.

About Stingray and other clandestine devices in the pipeline, Chaffetz opined that,

“It’s going to present (a) new set of challenges for America. The seminal question is: how much liberty are we going to give up in the name of security?”

This question resonates and reverberates frequently in the privacy vs. security debate, and it may be that a real balance may never be struck. This, however, is the cost of democracy that must be understood, and ultimately absorbed in order to ensure its continuance – much to the chagrin of law enforcement agencies and their ilk.

[SURbit]

No, the NSA HASN’T Stopped Mass Spying on American Citizens

See this article http://www.thedailysheeple.com/no-the-nsa-hasnt-stopped-mass-spying-on-american-citizens_122015

by -