[HN Gopher] Help make mass surveillance of entire populations un... ___________________________________________________________________ Help make mass surveillance of entire populations uneconomical Author : doener Score : 559 points Date : 2023-05-01 12:42 UTC (10 hours ago) (HTM) web link (prism-break.org) (TXT) w3m dump (prism-break.org) | monkeynotes wrote: | Getting regular folk, myself included, off of these popular | platforms - especially Gmail isn't economical for most people. | Just changing your email address and migrating to another | provider isn't an easy sell. | | Whilst the motivation of this project is commendable it's not | going to reach the volume of folks needed to make a difference. | vladharbuz wrote: | Why? Signing up for FastMail or Migadu and redirecting your | mail is very easy. If you use a custom domain, you don't even | have to change your address when you migrate to a new provider. | psd1 wrote: | I spent several days evaluating mail providers and migrating. | It is work. | monkeynotes wrote: | > Signing up for FastMail or Migadu and redirecting your mail | is very easy... | | > If you use a custom domain... | | I'd suggest trying to talk the average American into doing | that. You'd have to be quite out of touch with everyday | people to think this is a battle you can win. | timcavel wrote: | [dead] | bragr wrote: | This seems great until you dig into some of the recommendations. | A tool to save webpages is not an alternative to a news reader. A | dynamic DNS service is a not an alternative to Google public DNS, | etc, etc | | I can't see the this making any kind of dent on the average | person with these kinds of recommendations. | cptskippy wrote: | I started going through the list and found several "wait, why | is this to be avoided?" mentions. I started looking around for | an explanation on their site and can't find anything. | | There doesn't appear to be any clear explanation or rationale. | There is however the every unhelpful libertarian mantra "... do | your own research ...". Whenever I hear those words uttered I | immediate question the legitimacy of the source. | | Hiding your research (or lack of) and telling people to do | their own is a manipulation. It's telling people to either take | you at your word or invest a lot of time and energy into | research which might yield a similar conclusion. | | Research is meaningless unless it's documented and shared so | others can evaluate it. | JohnFen wrote: | > Hiding your research (or lack of) and telling people to do | their own is a manipulation | | Yep. And even worse, since those people are also telling you | what conclusion they want you to reach, they're encouraging | people to engage in the illusion of research (starting with a | conclusion and looking for confirming data points) rather | than real research. | pickledish wrote: | Word, I was a bit surprised by the "email" section as well. As | a better alternative to Gmail, I would have expected to see | e.g. protonmail or fastmail, but instead saw... thunderbird, an | email client? Which doesn't make a lot of sense | Applejinx wrote: | If it is actually a malicious site trying to herd people | toward exploitable behaviors it'd be following the Nigerian | Scammer tactic of pre-screening by allowing simple errors to | scare off more savvy inquiries. | | This would go along with the rather crude emotional appeal. | | That said, it hardly seems an efficient way to exploit | people... though there are useful points. If you can get | somebody credulous to use something that's compromised, and | you're acting like a baleen whale and accumulating whole | populations of credulous government-suspicious folks whom | you've steered towards some mechanism where YOU can surveil | them, that's got to have some usefulness. | | People absolutely don't take into account the effectiveness | of loosely manipulating entire populations in selective ways. | You never need to select an individual and 'make' them take | any action at all. You only have to cultivate the conditions | for the outcome you want. Facebook might have discovered this | first, but the idea sure caught on quick. | hammyhavoc wrote: | Maybe you should raise these concerns on | https://gitlab.com/prism-break/prism-break/-/issues ? | hammyhavoc wrote: | It makes plenty of sense. | | On https://prism-break.org/en/all/#email, they state "For | more email providers, take a look at Privacy-Conscious Email | Services. Please decide for yourself whether if you trust | them with your data. For more discussion about safe email | providers, please see issue #461.". | | They even state that Thunderbird is a "Extensible, cross- | platform email client.". The implied idea being to use | Thunderbird to access a "Privacy-Conscious Email Service". | | I use Gmail as an email client more than than I use it as an | email _provider_ because it has an External Accounts | function. I apply Google 's "App Script" system to my email | to do things that you could do in Outlook's full-fat client | or maybe in Thunderbird with some extensions. | motohagiography wrote: | The only meaningful use case for privacy tools is to use them to | organize to create enough influence that you can reduce the need | for privacy tools. If you aren't doing that, the tools are just | tolerated by govts because they neutralize your resistance and | explicitly enable mass surveillance, imo. | | How many Signal users are there, and why aren't there enough of | us to drive the political agenda? One big problem with most | privacy tools is they don't name their threat actor (it's your | own governments), and using the tools doesn't translate to a vote | for anyone who will do something about the problem. On top of it | all, installing these tools acts as a reliable political metric | for popular intelligence community approval. | Maximus9000 wrote: | What's wrong with 1Password? I've seen several famous cyber | security pros recommend 1password (like Troy Hunt). | chaxor wrote: | I think most segments against online password companies is that | they get hacked so often. The most practical problem is having | to switch all your passwords around after such a leak occurs, | which seems to be more and more permanent these days. Contrary | to popular belief, the best reason to store passwords offline | is actually convenience, so that you don't have to change them | so often (your single password dump is not a target, but _all_ | people 's data is). | Invictus0 wrote: | 1Password doesn't have my passwords, they exist in an | encrypted vault on Dropbox which is itself encrypted. The | whole thing is extremely secure. | cosmolev wrote: | Which version are you currently using? I used to have the | same setup back in the days when 1Password was only a | standalone app, before it became a SaaS as it is now. | | Can you please explain how you have organized your current | setup? | Invictus0 wrote: | Hmm, seems that version 8 and above discontinued Dropbox | sync. I haven't updated my app in ages so I still have | the dropbox setup. | itslennysfault wrote: | My guess would be that it is because it is not open source, but | I am surprised that there is no mention of BitWarden. | denton-scratch wrote: | Email addons: Enigmail is no longer an add-on for Thunderbird; | it's built-in (and has been for years). | graderjs wrote: | But if your phone OS / cellular firmware is compromised then e2e | or even at-rest encryption won't matter. Anything you can see on | your phone can be seen. | | I think a more rational alternative is to consider that | everything except your unexpressed thoughts and emotions is | already logged. At some point, this will become true (if it ain't | already), so....then you at least will be ahead of that curve. | | So if everything you do is monitored, how do you achieve privacy | in such a world? That is the question, I think. | | In fact, it's similar to how a corporation or nation needs to | think about protecting their own secrets. They have to assume | compromise (of people, systems, etc)...how do you confuse and | compartmentalize what you want to protect? | htag wrote: | 1. It's completely possible to treat your phone as an insecure | device. Maybe I'm naive, but I think it's possible to run a | daily Linux system with a reasonable assumption of privacy. | | 2. When you act as if you are being monitored and judged for | your words/actions, you begin to self govern them to be more | acceptable to the presumed omnipresent agent. Sometimes the | fear of being surveilled is as powerful as actual surveillance. | graderjs wrote: | But not if we assume compromise. | | How would you hide in plain sight? That is the question. | | Bruce Lee said: be water. But maybe you need to: Be Hamlet | blatant303 wrote: | Stab the guy behind the curtain ? | Mistletoe wrote: | Talk to skulls. | heavyset_go wrote: | > _1. It 's completely possible to treat your phone as an | insecure device. Maybe I'm naive, but I think it's possible | to run a daily Linux system with a reasonable assumption of | privacy._ | | Your computer is running several operating systems under ring | 0 that Linux has no idea about, same goes with many | components and peripherals. Those operating systems have | direct memory access. | LinuxBender wrote: | _So if everything you do is monitored, how do you achieve | privacy in such a world?_ | | I might put a physical paper notebook in a reporters pocket | then meet with them and buy them a coffee or tea. Or I might | give them a USB drive with a self-decrypting file and | instructions for how to use it securely. | | Or if I am feeling silly I might _borrow_ a few hundred digital | billboards and just broadcast the data to everyone and let the | public sort it out. _FoghornBlowing?_ | opportune wrote: | This, given these NSA programs have had 10 years to evolve and | expand, and that the NSA can easily get access to effectively | the entire planets' mobile devices by showing up to just two | American companies' HQs with guns and gag orders, it seems | almost a certainty that they'll have OS-level access. So I'd | highly doubt any standard mobile device is NSA-safe. | | In terms of dimensionality, I actually do not think it would | physically be possible for the NSA to warehouse all the raw | data they could Hoover (haha get it) up, so that might be a bit | comforting. And certainly whatever data they do Hoover up will | mostly never be directly seen by a human due to physical | constraints on eyeball time available to spy vs produce | content. That yields one answer to your question which is to | just not attract enough attention they decide to turn on full | logging and comb through your life | deafpolygon wrote: | AI can probably drastically reduce the time it requires to go | through a massive trove of data. | freedomben wrote: | Don't let perfect be the enemy of good. The likelihood and | prevalence of deeply low level monitoring is orders of | magnitude less than the likelihood of using modern apps and | saas where is virtually guaranteed. It's an additive game and | you can dramatically reduce invasions, even if you can't | eliminate them. | TimTheTinker wrote: | See https://news.ycombinator.com/item?id=35698547 | | Even at the hardware level we have real examples of | exfiltration. | 0l wrote: | While perhaps true in many cases, this example was untrue: | https://blog.brixit.nl/nitrokey-dissapoints-me/ | transpute wrote: | Nitrokey article improvement: | https://twitter.com/grapheneos/status/1651601840520278018 | | _> Per our request, NitroKey has fixed one of the main | issues in nitrokey.com /news/2023/smar.... XTRA downloads | are done by xtra-daemon in the OS, not firmware. It also | does use HTTPS by default, but the OS can override the | default URLs via gps.conf and some OSes do override to | HTTP URLs ... NitroKey is correct that xtra-daemon has | support for sending information on the device including | device model, serial number, etc. They're also correct | that the user is never asked about it. It's less of an | issue than SUPL which sends nearby cell towers, phone | number and IMSI._ | graderjs wrote: | > likelihood lower | | Not if we take the lore around mass survey into account | (Snowden etc) | snowwrestler wrote: | It has been clearly reported, but in case folks are not aware: | PRISM is not a system for deep persistent access into tech | platforms, it is the internal NSA designation (code name) for | data sourced via FISA court orders. The FBI actually secures the | court order and then requests the data. | | https://en.m.wikipedia.org/wiki/PRISM | | If a company stores data about you, it is possible it could be | subject to a FISA request. Data which is end-to-end encrypted | would still be provided if it satisfies the criteria in the FISA | court order. But it would be up to the NSA to try to break the | encryption. Metadata might or might not be encrypted. | sdfghswe wrote: | That's.... not as bad as originally advertised, is it? | photochemsyn wrote: | In general it's a good thing that more and more people are aware | of the necessity for good security practices for all online | interactions - but the belief that individual technological | efforts can defeat large-scale corporate and nation-state | monitoring is pretty silly. At best you'll just have an added | layer of security against things like theft of credit card | information by criminal gangs. | | If you actually want to do something like communicate with a | journalist while hiding your own endpoint from exposure you have | to go to fairly ridiculous lengths, such as acquiring a laptop | used only for that purpose and which has no associated | identifying information, use random open Wifi networks to log | onto, and have a decent understanding of the concepts of public- | key, asymmetric and symmetric cryptography. | | Note that there is simply no way for two known parties on the | internet to hide the fact that they are communicating with one | another from government-corporate managers of the Internet - | although it's possible to keep the content hidded, to some | extent, unless your passwords get compromised, which seems fairly | easy to accomplish for such actors via keylogger malware | installed through backdoor attacks using secret zero-day exploits | and so on. | | The only real solution is the passage of data privacy laws that | provide criminal penalities and which allow class-action lawsuits | against corporations and governments that engage in warrantless | mass surveillance or the retention and aggregation of customer's | personal data in searchable databases. | gnarbarian wrote: | The laws don't really stop it either. The 4th amendment in the | United States hasn't prevented huge dragnet style data | collection and partnerships with private entities to provide | access to whatever data the government wants. | feedsmgmt wrote: | Why isn't full transparency and an end to criminality a viable | solution? | DennisP wrote: | It might be, if it also applies to everyone in the | government. Then all of us can keep them accountable. | amelius wrote: | > Note that there is simply no way for two known parties on the | internet to hide the fact that they are communicating with one | another from government-corporate managers of the Internet | | Not entirely true. I could post a message on a popular forum | like HN, where the message contains a hidden message. | didgetmaster wrote: | Maybe that explains some 'word-salad' speeches by our VP. She | really is sending a hidden message to somebody who has the | secret decoder ring. Then again, maybe not... | NoZebra120vClip wrote: | Steganography is a real thing. I've often wondered about | those meme powerhouses, like on Facebook. | | I used to collect thousands of memes and just blast them to | my mother indiscriminately. Then I wondered whether silly- | looking memes could be carrying secret messages, or just | nasty hidden stuff. I decided to stop helping traffick in | that stuff. | | Has anyone read/seen _Mother Night_? That 's a real good | example of how secret communication can hide in plain sight. | InitialLastName wrote: | > Has anyone read/seen Mother Night? That's a real good | example of how secret communication can hide in plain | sight. | | Are there any confirmed examples from non-fiction? | burkaman wrote: | https://www.justice.gov/opa/pr/new-york-man-charged- | theft-tr... | | > The criminal complaint alleges that on or about July 5, | Zheng, an engineer employed by General Electric, used an | elaborate and sophisticated means to remove electronic | files containing GE's trade secrets involving its turbine | technologies. Specifically, Zheng is alleged to have used | steganography to hide data files belonging to GE into an | innocuous looking digital picture of a sunset, and then | to have e-mailed the digital picture, which contained the | stolen GE data files, to Zheng's e-mail account. | bawolff wrote: | On the other hand, he did get caught... | Jimmc414 wrote: | In World War II, German spies used a technique called the | "microdot" to embed secret messages within seemingly | innocuous documents. The microdot technique involved | shrinking the text of a message to the size of a small | dot (about 1 millimeter in diameter) and then placing it | within the text or image of a cover document, such as a | letter or newspaper article. The recipient would need a | microscope to read the tiny message. | | The Least Significant Bit method is used frequently for | the legitimate use of watermarking image, video and audio | IP. It is a simple technique that embeds the watermark | data into the rightmost bit of a binary number (LSB) of | some pixels of the cover image. | | It is also very common for malware to hide it's | configuration data or payload within image files. | (ZeusVM, Zberp, NetTraveler, Shamoon, Zero.T) | bitwize wrote: | In one of those historic ironic twists, the technology | the Germans used to make microdots was created by a | Jewish inventor, Emanuel Goldberg. | brvsft wrote: | Yes. | bitwize wrote: | In 2010, the Colombian government commissioned a pop song | called "Better Days" that received nationwide airplay. | Hidden within the song was a Morse code message for FARC | hostages (some of whom were soldiers and trained in | Morse) that help was on the way. | | https://www.bbc.com/news/world-latin-america-63995293 | letitbeirie wrote: | Basically a digital dead drop. | MichaelZuo wrote: | Yeah the parent's assertion seems incorrect. It's totally | possible to hide such messages on the internet. | bawolff wrote: | > but the belief that individual technological efforts can | defeat large-scale corporate and nation-state monitoring is | pretty silly. | | Nation states may have a lot of budget, but they still have a | budget. Mass survelience needs to have low per user cost to | succeed. It is entirely reasonable to assume small changes if | widely adopted could make mass surveilence ecconomically | unfeasible. | scarface74 wrote: | You mean you want the same government that is interested in | putting back doors in phones and other surveillance techniques | to pass laws that keep them from doing so? | smolder wrote: | Yes, our government is not a single homogenous entity. We can | theoretically (and sometimes actually) use our legislative | representatives to change the behavior of other parts. | coldtea wrote: | A, the optimism of youth! | scarface74 wrote: | You realize the legislators are the ones asking for | backdoors because - "terrorism" and "think about the | children". | | When has the government ever wanted less surveillance power | or less control over the internet. | roribolden wrote: | [dead] | TchoBeer wrote: | "the government" is not one person with a concrete | ideology, it is an amalgamation of hundreds of people who | all want different things and are theoretically beholden | to their voter base. | scarface74 wrote: | The government in the US is not beholden to "the people". | | Because of the setup of the electoral college, 2 senator | per state where RI has the same number of Senators as | California and gerrymandering, it is very much about the | will of the minority. | | That's not to mention all of the things that get done by | unelected officials and judges with lifetime tenure. | smolder wrote: | The clipper chip idea flopped, right? So have a few other | stupid, draconian, privacy-defeating bills since. | | But yeah, it may not be realistic to think that we can | stop the expansion of surveillance powers for TPTB and | erosion of rights for the average citizen, given the | consistency and persistence of the proponents of such | crap. When I look at trends of the past 20 years, it | seems like wherever the law has fallen short of placing | everyone under a microscope, private industry has | conveniently stepped in to become the 1984-telescreen | service providers instead of the government. | [deleted] | kornhole wrote: | This site and many guides like it are intended to help people | avoid mass surveillance rather than targeted surveillance. | Confounding the two threat models seems intended to confuse and | exasperate people. | nunuvit wrote: | Or at least intended to piggy back their own cause onto a | superficially related effort. | photochemsyn wrote: | So, let's say the NSA is collecting data on every person on | the web, and they're able to see who is using these 'mass | surveillance avoidance tools' and who isn't. The former | category then actually stands out and becomes targets of more | intensive surveillance because they're using tools that allow | them to hide surveillance to a limited extent. Using such | tools would flag the 'strong-selector' metadata collection | system for further (targeted) examination, i.e. | | https://en.wikipedia.org/wiki/Turbulence_(NSA) | | This is of course what an outfit like the STASI or Gestapo | would do, isn't it? If you're actually trying to hide from | surveillance, the best tactic is to hide in plain sight, | maintaining a cover story consisting of bland normal online | presence that doesn't draw extra attention. | | Of course living in an authoritarian panopticon and having to | hide in this manner is an undesirable situation, and the | solution is not technological, but rather political in | nature. One basic issue is transparency, i.e. the public | should be able to see what the intelligence agencies and | corporations are up to with their surveillance programs. This | is why Snowden's exposure of PRISM, XKEYSCORE, TRAFFICTHIEF, | etc. was in the public interest, i.e. legitimate | whistleblowing. | roribolden wrote: | [dead] | bilalq wrote: | These are good points, but political solutions (by which I | mean political changes within the system) are almost | certainly never going to happen. More unrealistic than a | technological solution addressing this, even. | | Instead, social/cultural solutions might be the key. If | only a few people use these mass surveillance avoiding | tools, then yes, they become targets. But if almost | everyone uses them and they become ubiquitous, the | landscape changes some. | majormajor wrote: | I think the line between political solutions and | technologial/cultural solutions is quite blurry. | | To get past those "using these tools makes you | suspicious" phase, you have to convince everyone to both | care and to use the tools. | | Once they care that much, the political solution is also | much more feasible. | gtop3 wrote: | > These are good points, but political solutions (by | which I mean political changes within the system) are | almost certainly never going to happen. | | I don't think political solutions are impossible, but if | they are then our government is incapable of executing | the public will. I think the key to generate this type of | change is to tell a very compelling and broad story about | why the current situation is unacceptable. Discussing | {history lesson} or {personal security risk} doesn't seem | to be a strong enough narrative. A very strong narrative | can turn public opinion and force action by lawmakers. | Over the last 100 years there has been a number of | examples of popular opinion becoming so massive that the | political system has to do something they clearly did not | want to do. | | * The draft is now reserved for emergency use only. | Previously it was used for Korea and Vietnam, which were | more about global power projections than direct threats | to the US. | | * The role of the US Military is moving away from World | Police and limiting itself to more directly protect | American interests. Troop deployments are highly | scrutinized by the public and impact Presidential | approval ratings. | | * Cannabis went from the poster child for war-on-drugs to | essentially unenforced federally and openly | cultivated/traded/consumed in large regions of the | country. Rules on Magic Mushrooms, MDMA, and Ketamine are | beginning to loosen to. | | * The end of COVID lockdowns and mask mandates in the US | was largely determined by grassroots actions instead of | top-down decisions. | thfuran wrote: | >but if they are then our government is incapable of | executing the public will. | | I don't think it really even tries to. | kornhole wrote: | The logic that anybody we can't see should be a suspect | would then target our grandmas with landline phones who buy | their groceries with cash or live in nursing homes. It | would be a colossal waste of resources and detract focus. | | The methods of the STASI were extremely crude and different | to what is available today. They relied on human informants | and collected lots of paper. | chimpanzee wrote: | Or they can just filter for age, likelihood of technical | proficiency (indicated by such things as education, prior | employment, family, peer group, etc), and likelihood of | "effective political concern" (or whatever we might call | a person's affinity for independence, skepticism, | distrust of authority, knowledge of past authoritarian | transgressions, knowledge of current authoritarian | capabilities, and access and willingness to non-technical | resources, eg time or money, needed to act on their | concerns) | darawk wrote: | Your point is valid, but in this context, going to the next | level of targeting will require them to probably burn 0day | to achieve it. If that's the case, not even the NSA can | afford to do that en masse. And if they did for some reason | decide to make that policy, it would be a gold mine for | foreign governments to setup honeypots to collect every | 0day in the NSA's arsenal like pokemon. | rationalfaith wrote: | [dead] | psychphysic wrote: | Most media now have secure drop and guides on usage. | | In the UK atleast such as this BBC page[0]. As do the Guardian, | Bloomberg and many more Im sure. | | I appreciate that it is an involved process as you say but it | doesn't seem excessive especially if you can use your | smartphone now that tor browser is on android and iOS. | | [0] https://www.bbc.co.uk/news/uk-60972903.amp | sigmoid10 wrote: | This might hinder small time criminals and companies at best | from finding out who snitched on them. But in an | authoritarian regime with state level resources or just a | sufficient level of corruption or even just a media corp run | by boomers that is vulnerable to phishing, you can't count on | discretion for these things. Secure tunnels and end2end | encryption are worthless if the endpoints are easy to | compromise. The above comment is right that at the very least | you should use bespoke hardware that was never associated | with you or anyone you know in any shape or form (in addition | to the things mentioned on that site). And even then you'd | have to make sure that the info you leak can't be traced back | to you, at which point it becomes a game of intelligence and | counter intelligence. For example, if an organisation | suspects their people are leaking info to the press, it could | begin to place targeted (mis)information among employees to | uncover them. This was done at Tesla last year to track and | eventually bust leakers. | naravara wrote: | It's dangerous to assume phishing vulnerability is solely a | Boomer thing. Tech literacy is unevenly distributed even | among younger generations, and the upcoming generations | that grew up on Chromebooks and tablet computing aren't | that much more tech literate than old folks on the aspects | of OpSec that matter. "Kids these days" don't even really | understand how file systems work. | Y-bar wrote: | Non-AMP link: https://www.bbc.com/news/uk-60972903 | LinuxBender wrote: | _The only real solution is the passage of data privacy laws_ | | AFAIK governments empower specific agencies and groups with | qualified immunity. How would such laws be enforced if an | agency has immunity? | Matticus_Rex wrote: | No need to invoke qualified immunity; the data privacy laws | that have been passed (e.g. the GDPR) make explicit carveouts | for government surveillance. Yes, the carveouts are for the | jurisdiction's own government only, but that's the one you | should be most worried about mass surveillance from in most | cases. | pclmulqdq wrote: | Arguably, government surveillance is one of the main points | of regulations like GDPR. Data residency requirements make | it a lot easier to do that. | misterprime wrote: | >High ranking member of political party 1 does something | illegal. | | >Huge stink and nationwide conversation ensues. | | >High ranking member of political party 2 does the same damn | thing. | | >Crickets. | | You can even reverse the order of the events or parties. It | happens a lot. Such laws, unfortunately, simply become | political tools. | westmeal wrote: | This depends on your filter bubble. | hirundo wrote: | In the U.S. qualified immunity is a creation of the judicial | system, and those decisions could presumably be reversed by | statute if the political will comes to exist. | MSFT_Edging wrote: | The expression of power is in who gets to decide the | exception to the rules. Real power is rarely beholden to | rules. That's why whistleblowers who call out illegal | programs are treated like the criminal, because the laws | essentially don't matter when dealing with things at that | high of level. | | Powerful people can lie, cheat, and steal and face zero | repercussions. They hold institutional power so groups like | the police will protect them regardless of laws being broken. | It's not illegal for a corporation to either literally or | metaphorically kill someone, because there is no body that | will hold them accountable, but it is illegal to assassinate | a CEO and systems will pull all stops to hold the assassin | accountable. | | Its the real reason why Western style democracy ends up being | a busybox for people who like rules. The people who can grant | endless exceptions have addresses and beds where they rest | their heads but people without power cannot decide on an | exception to the rules, regardless how dangerous and damaging | that person is. | kornhole wrote: | We should push for laws and resist new acts that curtail our | rights of privacy and free expression, but that is not a | solution. We are generally on our own in making our choices of | technology to use. If you go on using proprietary services and | networks hoping that someday laws will suddenly fix all the | problems, you are seriously deluded or naive. | reaperducer wrote: | _The only real solution is the passage of data privacy laws_ | | Even your own example -- a whistleblower talking to a | journalist -- illustrates that the fear is not of people who | abide by laws, but people and organizations that don't care | about the laws. | | I'm not saying that there shouldn't be laws. But like almost | everything involving human beings, the solution is not an if- | then binary choice. | | You have laws, but you _also_ have mitigations. | bannedbybros wrote: | [dead] | EGreg wrote: | The problem you describe is far more pervasive than that: | https://magarshak.com/blog/?p=362 | shadowgovt wrote: | This has big "Society getting you down? Just go live in a cave on | a mountaintop" energy. | | It certainly a choice an individual can make. But it will have | about as much societal impact as domestic recycling has on global | warming. Especially since we're talking about internet | communications technologies here... The alternative to using | Discord for most people these days is not corresponding with the | people they need to correspond with. | guywithahat wrote: | I wonder how useful even this list actually is. Famously Tucker | Carlson was being spied on by the NSA through his signal app, and | while I don't trust them to be able to figure out exactly what | the point of entry was, it does imply without regular | whistleblowers from throughout the NSA/etc, we won't know exactly | what their capabilities are and I'm not sure how meaningful a | list like this can be. | milofeynman wrote: | Famously? I've never heard of that. Is that even true? | Perceval wrote: | Tucker made the claim that an internal USG whistleblower told | him that his communications were being monitored by the NSA. | Tucker stated that he sought the counsel of a Senator, and | that the Senator told him that he should go public with the | information. Tucker then discussed the claims on his | television show. The NSA issued a statement saying that | Tucker was not a surveillance target. Later, there was | information that Tucker had been setting up an interview with | Putin, and that those communications were intercepted, and | Tucker's name was unmasked (when a U.S. citizen has | communications picked up by the NSA, their name is redacted | as part of the normal intelligence reporting, and it requires | a high level official to request to see the actual name of | the U.S. person). Subsequently, the NSA's internal watchdog | began an investigation into whether Tucker was improperly | targeted for surveillance. After investigating itself, the | NSA cleared itself of any wrongdoing. | JohnFen wrote: | That sounds like a far cry from Carlson being spied on. | More like Putin was being spied on, and Carlson walked into | Putin's surveillance aura. | SassyGrapefruit wrote: | He meant to say "Famously Tucker Carlson claimed that the NSA | spied on him". Given that the man is a bastion of | journalistic and personal credibility I can't see any reason | not to believe him /s | klntsky wrote: | Sure thing, next time I'll use Thunderbird instead of Gmail, and | pay with Monero instead of Paypal. I will also use Riseup instead | of Google Docs. | titzer wrote: | > by encrypting your communications and ending your reliance on | proprietary services. | | Well, unfortunately, you can't encrypt your location and pretty | much every mobile phone is sending detailed GPS, accelerometer, | barometer, WiFi, and other sensor data back to the mothership | multiple times an hour. | kornhole wrote: | This is technically easy to fix on any Android or Linux phone. | Willingness by people to make the changes is the challenge. | titzer wrote: | Google Play Services is not easy to rip out, and it installs | itself as a "better" location service provider _for the | device_ , meaning that app requests for location go through | it. And it can and does upload "anonymized"[1] data of all | these types constantly as part of its normal operations. You | can withhold consent to uploading "anonymized" data by paying | careful attention to click-through agreements[2] and | explicitly turning off "high location accuracy"[3] in your | Android settings. | | [1] The technical details of how this data are anonymized, | nor how it is analyzed and used to "improve products" are not | public. | | [2] The implications of each click-through agreement are, as | usual, non-obvious. | | [3] The name of this mechanism keeps changing and it is | harder and harder to find and disable. | kornhole wrote: | Within a few minutes I can deactivate Google Play Services | on an Android phone using ADB. The universal android | debloater available on Github makes it easier. The better | solution is a custom OS forked from Android, but what is | possible depends on the device. | hammyhavoc wrote: | This is interesting: https://www.theregister.com/2023/04/27/q | ualcomm_covert_opera... | hammyhavoc wrote: | Threat models vary wildly. Someone's location may not be a | consideration. | htag wrote: | You fundamentally cannot have location privacy with cell | service. A cell tower will provide service to a limited | physical region. When someone dials your number, the telecomm | company needs to know which tower to route your call to. If | telecomms didn't know where you were then cell service would | not work. Sure, WiFi/GPS can provide more detailed location | information and are commonly sent into the cloud and this is a | problem too. | hermannj314 wrote: | Is it legal to have private conversations discussing actual plans | for acts of terrorism? | | I assume you have to pierce some veil of reality, make a | purchase, buy a ticket, etc. before it becomes a crime. | | My point is if we can make surveillance costly by filling the | airwaves with false positives that are just a group of bots | plotting a terrorist act? I assume that is legal to do. | | Edit - ok, so it definitely seems like this is not clever at all | and almost certainly a crime. Don't do this! | coldtea wrote: | I've read news stories of people caught, charged and | everything, just for discussing those things. | | So, no actual act is necessary. | Cthulhu_ wrote: | Only if you don't get caught; plenty of schools have been | evacuated because people mentioned comitting a crime without | actually intending to execute it. | | That said, flooding the systems with false positives is | definitely possible, but it would be used as a cover for actual | terrorist attacks. | rolph wrote: | you seem to be describing "swatting" | coldtea wrote: | > _Only if you don 't get caught;_ | | Well, that's true for any crime tho, so doesn't answer the | parent's question. | [deleted] | vvilliamperez wrote: | Not legal. | | The problem with conspiratory talk is that while one person may | fully not intend on action, it could inspire and/or manipulate | others into committing acts. The blame is shared on all for | conspiring and creating that environment where acts can emerge. | drdaeman wrote: | What if an unhinged language model generates all this noise | talking to other language models, with no humans involved at | all? The only human involvement would be an instruction to | start spouting some believable bullshit on controversial | topics, plus granting access to some private messaging tools | and providing a contact list of other language models to talk | to. | coldtea wrote: | If the human did this for "plausible deniability" to avoid | being persecuted, they shouldn't bet on it. | | If they can get them, they will. The law is more of a | technicallity for such cases. | rolph wrote: | we have a dearth of FPS games [aka combat sims], it would | be easy to include terroristic operations in this type of | product. | Thrymr wrote: | M-x spook | | https://github.com/emacs-mirror/emacs/blob/master/lisp/play/... | citizenkeen wrote: | > Is it legal to have private conversations discussing actual | plans for acts of terrorism? | | Not in most countries, no. | slavik81 wrote: | There's great sketch by the Whitest Kids U'Know on the legality | of such statements. https://youtu.be/gmiKenqLVAU | kristopolous wrote: | Bachs brandenberg concerto #3 is always a nice choice. One of | my faves | prmoustache wrote: | it gets quickly less fun when all your family is woken up in | the middle of the night by a SWAT team, your kids are yelled | at, your equipment is seized and your partner ask for divorce. | bragr wrote: | No, that would likely constitute criminal conspiracy, even if | you have no intent to commit it. | | https://leginfo.legislature.ca.gov/faces/codes_displaySectio... | nashashmi wrote: | > (2) Falsely and maliciously to indict another for any | crime, or to procure another to be charged or arrested for | any crime. | | So this means police informants in connection to the police | are also committing a crime? Far too often people with | recorded criminal activities are baited into getting another | person caught for a more severe crime like terrorism, in | exchange of being let go. | coldtea wrote: | > _So this means police informants in connection to the | police are also committing a crime?_ | | It says "falsely and maliciously". | | So, if what say is true, it's not a crime. | | If what they say is false but they believe it to be true, | it's not done "maliciously", so it's not a crime. | | If what they say is false and they know it, yeah, it is a | crime. | | But if the police and court believes them, or if it's the | police itself that pressured them to point their fingers to | some person they wanted to get, then it doesn't matter | whether it's a crime or not, as it wont be prosecuted, and | the police not only doesn't care, but explicitly wants the | false testimony. | nashashmi wrote: | Ok. So it is regards to a false prosecution or to frame | someone else for a crime. That is not the same as baiting | someone to commit a crime. | mkoubaa wrote: | I'm pretty sure it's illegal unless you're an intelligence | operator trying to entrap people, in which case it's your job | nathanmcrae wrote: | I think pen-and-paper one-time pads are an underestimated tool | for private communication. Granted they are cumbersome and | limited, but they provide almost perfect secrecy and bypass | issues of compromised computers completely. And with some basic | steganography (section h in the guide below has a good example), | you can pretty easily hide when / who you're sending a message | to. 'The Complete Guide to Secure Communications with the One | Time Pad Cipher' is a really good resource: | https://www.amrron.com/wp-content/uploads/2015/05/one_time_p... | wintogreen74 wrote: | "If you're on Windows click here". OS > Avoid: Windows. | | I get it, but not very helpful. The premise of making it | "uneconomical" for a nation-state to perform mass surveillance is | a bit naive; at best we can make it more expensive for our own | governments to perform, which is backwards in IMO. We should make | it cheap, efficient and easy to get too much garbage data. | unstuck3958 wrote: | Saw wallabag in there. Unfortunately, it's a paid service unless | you self-host. I just finished hosting my own wallabag instance | today! | | read.fahads.net | | Feel free to register. Though you won't get an activation mail, I | would be happy to activate your accounts manually. Though you | shouldn't probably use it for anything too serious, since I'm not | an expert sysadmin. | avodonosov wrote: | An important part of the problem is that super complex software | and hardware stacks are required today for even basic tasks. This | limits customer's chioce, essentially forcing customer to use | these bloated, insecure, obscure products. | | Even browsing the plain text Hacker News forum requires a web | browser, so complex that only few companies in the world can | produce it. And runs on super complex OS. | | I wish we had something like "basic computing / commnication | device" specification. Simple, limited and transparent, that | everyone can produce. With small software, That would allow to | exchange messages and browse information online. Not all data | formats, but a limited set of formats, good enough for basic | communications. | | Better a frozen spec, not a moving target. (Or a very careful | evolution, with very rare release of new versions) | | Good publishers, web sites, etc, could test their systems against | the "basic comp / comm device". | jraph wrote: | > Even browsing the plain text Hacker News forum requires a web | browser, so complex that only few companies in the world can | produce it. | | This not take anything out of your point, but HN can be browsed | with simpler browsers like lynx, w3m, Ladybird or NetSurf, | which are all written by a small set of people. | | (they do rely on quite complex operating systems though) | can16358p wrote: | While I'd definitely want a huge win for privacy, the current | (that we need to avoid) suite of tools is extremely convenient | (especially the collab/social ones) and are affected by network | effect. | | We should be aiming for a solution that is private while also | convenient as the centralized ones. Otherwise even if we (HN | audience) switch, many others won't and only a niche set of users | will be using the private technologies and services. | swapfile wrote: | > Otherwise even if we (HN audience) switch | | This is a problem. Even the HN audience seems to struggle | greatly in choosing non-proprietary and privacy friendly | solutions. While the amount of privacy advocates are certainly | greater here than in many other places, the general sentiment I | get from reading a lot of these threads is that "If you have | nothing to fear, you have nothing to hide". | | Why do you think that is? Certainly a community like this | shouldn't be bothered by the slight obstacles you would be | challenged with. | JohnFen wrote: | > the general sentiment I get from reading a lot of these | threads is that "If you have nothing to fear, you have | nothing to hide". | | > Why do you think that is? | | I think it's because a lot of people think that there's | nothing that can be done to change the situation, and so they | adopt that mental stance in order to be OK with it. Whether | or not that stance is correct isn't important. It's an | emotional "safe space". | win32k wrote: | [flagged] | [deleted] | scarface74 wrote: | And they recommend using a Google free Android phone to prevent | surveillance. Ignoring the fact that Qualcomm based phones will | still leak data. | | https://www.nitrokey.com/news/2023/smartphones-popular-qualc... | Zetobal wrote: | Did you understand the article you just linked or do you just | wanna throw shit on a bonfire? They pull GPS data and nothing | else. | scarface74 wrote: | Yes because worrying about your location being tracked is | silly and never used by government - especially in the case | where they want to arrest everyone who was protesting in a | given area. | Zetobal wrote: | Ah yes... the dystopian sci-fi argument without merit. | scarface74 wrote: | They are doing that _today_. The FBI asked cell phone | providers for everyone who was around the capital January | 6th. | | https://freebeacon.com/latest-news/google-gave-fbi- | location-... | 8K832d7tNmiQ wrote: | Should've add (2021) at the end because the site itself hasn't | been updated in years. | stefncb wrote: | That would imply it's out of date, which it apparently isn't. | The website itself doesn't need updating if it stays relevant. | hammyhavoc wrote: | Plenty is out of date on it. | | They also still link to https://prxbx.com/email/ from | https://prism-break.org/en/all/#email, which doesn't consider | https://techcrunch.com/2021/09/06/protonmail-logged-ip- | addre... | maerF0x0 wrote: | Who is Peng Zhong, and why should I trust their curated list of | 0days err Safe bets? | | Also btw we should put 2021 in the title because it hasnt been | updated since. | ROTMetro wrote: | I finally realize that all those weird face tattoos in futuristic | scenarios were to throw off facial recognition. Who here is | starting an AI defeating temporary face tattoo business? | pizzalife wrote: | Recommending people to use Monero instead of Paypal? That is | ridiculous for several reasons and makes me question their other | recommendations. | jonhohle wrote: | It would be helpful to have some description regarding why some | entries made the naughty list. For example, is there evidence | that iOS sends data to PRISM? Has any analysis shown that Safari | leaks any more data than Firefox? | swapfile wrote: | It probably goes along the lines of: | | "It is impossible to download and examine iOS's source code, | which means that it is impossible to prove that iOS is not | spyware. Any program which does not make its source code | available is potential spyware." | | Which I agree with. I'm not going to trust and put as much | personal data as a smartphone usually contains into a | proprietary black box. | KennyBlanken wrote: | Yeah, this bit: | | > "Apple iOS devices are affected by PRISM. Even using the | software tools we recommend here, your privacy may be | compromised by iOS itself. The operating system of any device | can unfortunately lever out any privacy protection that a | program tries to offer you." | | ...made me conclude that these people are idiots. You don't | need to activate iCloud on an iPhone and you can use standard | stuff like IMAP and WebDAV to sync contacts and calendars etc. | There's also a huge list of telemetry controls you can shut off | in the OS. | | Not to mention they have the best physical and OS security of | any mobile device. | | Suggesting that a small homebrew Android ROM, maintained by | anonymous individuals, which hasn't seen any security updates | in almost a year, is comparable in terms of end-user privacy is | ludicrous. | amatecha wrote: | I didn't use iCloud yet Apple Customer Support was able to | directly send a "remote access request" to my iPhone, years | ago, which I simply had to press "accept" and they were able | to remote-control my phone and see everything on screen. | There's no reason the OS can't allow that exact same | comprehensive remote access, without asking my permission. | There's also no reason Apple can't surreptitiously introduce | new back doors with any given iOS update -- especially | considering the new "urgent update" functionality they | recently introduced. | kristopolous wrote: | I've been a proponent of fuzzing - having systems that do noisy | inauthentic engagement that is statistically indistinguishable. | | Essentially it's to give an intolerable SNR to this scraping | where they have to discard their metrics as useless | [deleted] | Nifty3929 wrote: | The main problem I see is that people are completely distracted | by privacy _from corporations_ - when what we really need to be | worried about is privacy from our own governments. | | So much ink is spilled talking about cookies, ads tracking, etc. | But really what's the worst a corporation is going to do? Try to | sell you something? | | Meanwhile, we continue to allow our governments to regulate and | legislate ever more intrusive invasions of our privacy. And they | can put us in jail, or worse. | | This also gets blurry as governments take increasing control of | companies, to the point that some are just about arms of the | government, surveilling us in ways that the government can't | (yet) do on their own - and being forced to pass that data to the | government under penalty of law themselves. | pavon wrote: | Until these companies turn around and sell that data to the | government, which doesn't require a warrant since the company | is volunteering to provide it, and if they don't want to sell | it, the government will happily use one of it's loopholes | around warrants to demand it anyway. The government does this | constantly with location data[1], browsing history[2], license | plate scanners[3], and more. | | We should be pushing to close these warrantless search | loopholes, but in the meanwhile the only pragmatic way for an | individual to maintain privacy is to prevent any and all third | parties from collecting the data to begin with. After it has | been collected, you have no control and no reasonable | expectations of how it will be used. | | [1]https://www.eff.org/deeplinks/2022/06/how-federal- | government... | | [2]https://www.nbcnews.com/tech/security/can-government-look- | yo... | | [3]https://arstechnica.com/tech-policy/2020/07/cbp-does-end- | run... | Applejinx wrote: | I'm completely uninterested in the distinction you draw here. | | Actually, several distinctions. What do you mean 'our OWN | governments'? This is a world where hostile foreign governments | can wreak absolute havoc... including by popularizing arguments | literally the same as the one you're making, for the purpose of | undermining that government and fomenting revolution for their | own selfish, imperialist purposes. | | I can think of two great powers (okay, one formerly great) | actively doing this within my lifetime, and the formerly great | one was doing it as hard as it possibly could, within the last | ten years, and is still doing it. | | I don't trust your argument at all. You're leaving out | significant things, conveniently. | Nifty3929 wrote: | The difference between my own government and a foreign | government is twofold: 1. It has always been illegal for a | foreign state actor to surveil me, and in any case has no | authority over me and can't put me in jail (as long as I'm | not in their country). 2. My own government is _legally | entitled_ to surveil me and collect my personal data, and can | indeed put me in jail. | ipaddr wrote: | It is not illegal for a foreign state actor to surveil you. | In fact governments sign agreements with other governments | for them to surveil you while we surveil their citizens and | trade information. This gets around the illegal act of | government spying on it's own citizens. | | Your government mass surveil's foreign citizens. But they | can't mass surveil citizens legally. | 0x445442 wrote: | You speak as if corporations are separate from governments. | Nifty3929 wrote: | I did allude to the gap there closing. I still see them as | distinct in most countries, including my own. But I fear | we're allowing the gap to close further. | | As an aside, I think a lot of people _want_ this gap to | close, but for entirely unrelated reasons more related to | political and economic goals, with the loss of privacy and | individual autonomy being an unconsidered consequence of | this. | JohnFen wrote: | > The main problem I see is that people are completely | distracted by privacy from corporations - when what we really | need to be worried about is privacy from our own governments | | Governments have grown to rely on corporations to spy on their | own citizens, so being worried about corporate surveillance | _is_ being worried about government surveillance. | | However, between the two (for the vast majority of people), | corporations pose a more realistic threat than governments do. | elevation wrote: | While corporations aren't as powerful as the government, they | use data for more than "trying to sell you something." | | Network effects cause society to coalesce around the same large | corporations for social media, online shopping, payment | processing, etc to the point that it can be hard to function in | society without their services. Once their services are used by | virtually everyone, their governance becomes governmental in | its impact. On a weekly basis we see programs like the app | stores, ad markets, search algorithms, and payment processors | enforcing opaque policies that close businesses and end | livelihoods, all based on an automated interpretation of the | data we share with them. | Nextgrid wrote: | I disagree. | | Companies are building surveillance infrastructure that is: | | * way ahead of governments in terms of technical capability | (NSA and top-level intelligence agencies are outliers, but your | average government IT departments are too incompetent to be of | any threat) | | * widely accepted and not regarded as malicious - not even the | NSA can get people to _voluntarily_ include some malicious | Javascript on the vast majority of public-facing webpages, yet | Google Analytics managed exactly that | | * profitable and self-sustaining - the government doesn't have | to spend money on building and maintaining it, nor needs to | justify its budget/spending | | Those companies however are still at the mercy of governments, | either via violence/coercion (in the US, they have to obey a | national security letter by law, or armed goons will show up) | or mutually-beneficial relationship (a lot of companies either | outright sell this surveillance data to the highest bidder, or | don't outright sell it but will be happy to let the government | in on it in exchange for a good relationship and favors in the | future). | seaners wrote: | What sort of argument is this? I prefer a corporatocracy to a | democracy? You elect officials for your government, you have no | say in what Google does. | coldtea wrote: | > _So much ink is spilled talking about cookies, ads tracking, | etc. But really what 's the worst a corporation is going to do? | Try to sell you something?_ | | Cooperate with domestic and remote governments, work with the | deep state, influence elections and work with candidate teams, | and so on. There are also companies with more reach and | resources than entire countries. | | Plus, corporations have been known to downright spy, threaten, | beat up, and murder people when multi-billion interests are | threatened (e.g. by local populations wanting clean water or | better working conditions). | RetpolineDrama wrote: | True. For all their flaws, Google doesn't have the ability to | send men with guns to my house to abduct me if I don't pay them | 50% of my income. | Nextgrid wrote: | But Google built a surveillance machine much more advanced | than the gov can even dream of, so the guys with guns just | have to go to Google first to get your data and then they can | go to your house. | dadrian wrote: | Almost nothing on this list is actually positive for security, | and most of the applications provided are not actually | substitutes. Good luck replacing Discord with Signal. | sundarurfriend wrote: | Agreed with the second part, but what do you mean by "Almost | nothing on this list is actually positive for security"? | doodlesdev wrote: | Yeah an actual substitute to Discord would be matrix.org, not | Signal. | tivert wrote: | tl;dr: This is just your typical list of "privacy focused" and | "self hosted" alternatives (e.g. use Signal not Facebook | Messenger), with some attention-grabbing framing. | | Some of the recommendations are pretty suspect, too: how is using | Thunderbird for email supposed to "opt you out of PRISM and | XKeyscore"? | Qem wrote: | > how is using Thunderbird for email supposed to "opt you out | of PRISM and XKeyscore"? | | The mail client may help improve privacy if you configure it to | erase data in the server as it is downloaded to the client | (POP), instead of letting it stay in the server for a | indefinite amount of time (IMAP). If people are going to break | into your provider, a empty mailbox would limit compromise. | etiam wrote: | Do you realize that page was established in 2013? | | If the reference is keeping all your messages, and potentially | your PGP keys, in "cloud" storage at a PRISM provider it's not | particularly hard to understand some ways in which using | Thunderbird instead is supposed to help. It's a fair point it's | not a particularly satisfying mitigation though. | tivert wrote: | > Do you realize that page was established in 2013? | | No, but that makes sense. The framing would have been much | more apt back then than it is now, with the Snowden stuff | being fresh. | | > If the reference is keeping all your messages, and | potentially your PGP keys, in "cloud" storage at a PRISM | provider it's not particularly hard to understand some ways | in which using Thunderbird instead is supposed to help. It's | a fair point it's not a particularly satisfying mitigation | though. | | The reference is just "instead of Gmail, use Thunderbird" | (e.g. https://prism-break.org/en/subcategories/macos-email/). | They don't mention PGP in that section at all, though there's | a later one about "Email Addons, which does, which is easy to | miss (e.g. skipping b/c you don't already use addons). | | Their (broken HTML) recommendation to run your own email | email server is also suspect, because it's a bad tradeoff. | Unless you want a second, unpaid job as email server | administrator (with a pager!), you're "protecting" yourself | against a rare hypothetical threat (government surveillance) | by making yourself vulnerable to a much more common one (run | of the mill hackers). | | Realistically, they probably should have just said something | along the lines of "email surveillance is practically | unavoidable," so don't use it for anything you don't want | monitored. PGP failed because it's too hard to use, so no one | uses it, and _any_ reasonable use of email will mainly | involve exchanging messages with some "monitored provider's" | servers. | zelphirkalt wrote: | I guess using Thunderbird would get many people away from | relying exclusively on the web interface of gmail. Then the | next step would be to make an e-mail account at another e-mail | provider. Later maybe switch away from gmail entirely. | spokeonawheel wrote: | so they can just raise taxes? | acapybara wrote: | [flagged] | rngname22 wrote: | Is this AI generated? The first paragraph sounds sort of Chat- | GPT-esque to me. | [deleted] | graderjs wrote: | Please don't post shallow dismissals. It ruins what this site | is for. | | Interesting that the message content is not what's being | adjudicated by down votes here. If a mod says it: all good. | If a cocommenter says it: _very bad._ | vpribish wrote: | same. turing test failed. it's over-wordified, too formal, | message-light. how did it get to the top? | wafflemaker wrote: | Wouldn't be surprised if GPT-4 learned it's style from higher | quality HN comments. | saagarjha wrote: | Considering it sounds nothing like their past comments, I'm | guessing they're asking ChatGPT to rephrase their words. | Lewton wrote: | Nice catch, the switch in comment style is very noticeable | Garvi wrote: | [flagged] | [deleted] | acqbu wrote: | The classifier considers the text to be unclear if it is AI- | generated. Try it for yourself at: | https://platform.openai.com/ai-text-classifier | NoMoreNicksLeft wrote: | I was under the impression that someone did the math a few | years back on the US government making long-term/indefinitely- | kept recordings of every phone call. Not every phone call for a | calendar date, or for a city... but all of them, going forward, | forever. | | It was deemed expensive, but feasible given current pricing and | technology. Especially when the cost would be amortized out | over the next 15 or 20 years... it might even fit in a black | ops slush fund budget. | | Maybe I misunderstand, but the technical challenge has been | lost. Only legislative obstacles are now possible, supposing | they ever were. | teddyh wrote: | [Spider Crab] Silence, GPT! | MyFirstSass wrote: | Can we please lifetime ban users posting AI drivel? | | It's 100% noise, and it's going to steal our time and isolate | us from everyone. | yreg wrote: | Posting 100% AI generated content should be against the | rules. (Outside of exceptions where it is relevant.) | | But where should the line be drawn when a user collaborated | with an AI on a comment? As an english-as-a-second-language | speaker, I've been for years using tools like Grammarly or | Hemmingwayapp to improve my writing. I will gladly use a GPT- | based proofreader/editor browser plugin eventually, why not? | kossTKR wrote: | I agree but the alternative is the the end of HN + the end | of the rest of the open internet in a year or five. | | When you soon will only meet bots that are trying to | manipulate you or sell you something - the value for | everyone goes to zero pretty quickly. | | I'm not sure how this will be solved besides most people | ditching the open internet and 100% engaging in tiny groups | of people they already know the mental capacities of. | | Christ, this really is the end of the "social internet" | where you could find inspiration and new perspectives isn't | it? | Applejinx wrote: | Might well be. It's also an opportunity to study (meta- | study?) the behavior of populations under these changes. | It's a lot like an A-life experiment writ large, and | played out in real life. | hoherd wrote: | It makes me want to revisit The Web Of Trust[1], and apps | like Keybase where users have a cryptographically | verified social graph comprised entirely of people who | were verified by another human that knows them. That | whole idea goes directly against anonymity though, so | maybe that will become a more pronounced way to split the | internet: verifiable human identities, and anonymous bots | and humans. | | 1. https://en.wikipedia.org/wiki/Web_of_trust | yreg wrote: | This is a solution against botnets, but not against | humans who use AI to enhance/write their comments for | them, like the ancestral poster was accused of doing. | hoherd wrote: | I suspect most of us would like that, but it doesn't seem | feasible. Detection of AI text is incredibly difficult, and | false positives would be a huge stain on the user base. Can | you imagine posting a thoughtful comment, then having your | user banned for a false positive calling you out as an AI? I | would find that quite offensive and I don't know if anything | could be done to reverse the negative effect it would have on | me in regards to how I view HN. | jevgeni wrote: | Ok, so according to this, to one should EtherCalc web service for | productivity. Why? What are the guarantees here that no | surveilance is taking place. | turnsout wrote: | Thanks to this article I learned about Nextcloud[0], which at | first glance looks like a really nice self-hostable alternative | to the Google Suite. | | [0]https://nextcloud.com | tgv wrote: | And Dropbox. | 0xbadcafebee wrote: | I think OSS developers should adopt ethical licenses. Licenses | that specify you can't use the software for a variety of use | cases, such as violating human rights, or mass surveillance. | | Oppressors will still buy or make software for those purposes, | but we don't have to hand them the tools they use to oppress us. | Kwpolska wrote: | That is against the spirit of open source. People and | corporations will be wary of using such software, since someone | someday may define their use as "unethical". And the | "oppressors" don't care about following your license anyway. | deafpolygon wrote: | Right, because people who violate human rights are going to | adhere to a software license term. I can see it now, while | beating the crap out of someone the panic that they'll | experience when they realize the software they are trying to | use has an ethical license. | mkoubaa wrote: | Wouldn't it be more viable to just curate multiple personal | identities? It's not illegal and as long as they don't need your | SSN they won't care. | | I've thought about doing this to have a pen name with a pseudo | anonymous identity but I also have burner emails to avoid spam. | psd1 wrote: | My concern is leaking through browser sessions. If browser | adware finds traces of two identities in a session, your secret | is out. If browser fingerprinting works (it does), your secret | is out. | 29athrowaway wrote: | Profiling people requires you to provide clean data. | | Just do not provide clean data. Search for random shit | occassionally so that the entire profiling gets poisoned with | fake data points. | marcrosoft wrote: | The suggestions here are not great. For example file syncing has | no mention of syncthing and recommends something I've never heard | of. | evilspammer wrote: | The site hasn't been updated since 2021-08-02 per the footer, | and probably sparsely before that. I think this site was most | popular around when Snowden did the leaks and hasn't had as | much hype since then. | | A more modern alternative is https://www.privacytools.io/ but I | haven't checked it in a while and can't vouch for the current | contents. | flangola7 wrote: | privacytools had a hostile takeover by its long absent domain | owner and now pushes several crypto services. | | The previous maintainers created and moved to: | https://www.privacyguides.org/en/ | joshuaissac wrote: | > For example file syncing has no mention of syncthing and | recommends something I've never heard of. | | It does mention Syncthing. | | From the site: | | > File Storage & Sync | | > Prefer | | > EteSync | | > Encrypted calendar, contacts and tasks sync. | | > Syncthing | | > Direct file sync between devices. | [deleted] | cynicalsecurity wrote: | Mass surveillance helped the UK Counter Terrorism Police identify | Russian spies Ruslan Boshirov and Alexander Petrov in Salisbury | investigation who were trying to kill a family of dissidents. | | Granted, the website is dedicated to mass surveillance in the IT. | But then think, generally speaking, is the mass surveillance on | some reasonable level really so bad? It's helping identifying | Russian soldiers who are committing war crimes and atrocities in | Ukraine. It helps preserve the free and democratic society rather | than creates a road to dystopia. Of course, I'm speaking of some | reasonable levels, not of something like real-time client device | scanning. It doesn't make any sense and it would simply not work. | layer8 wrote: | You know what they say about the end justifying the means. | 542354234235 wrote: | Police being able to walk into anyone's home at will to search | it would definetly lead to catching some criminal activity. The | issue isn't "would this thing lead to catching some criminals". | The issue is abuses, government overreach, and innocent | civilians being targeted. | | "It is better, so the Fourth Amendment teaches, that the guilty | sometimes go free than the citizens be subject to easy arrest." | William Douglas, Associate Justice of the Supreme Court. The | argument to give up your rights is always initially used to | target the worst of the worst. Its always terrorists, spies, | child murderers, etc. Of course we shouldn't be slowed down by | due process when it is for this child murderer. Yet it is then | used against those least likely to be able to defend themselves | for easy wins. Russian spies first, then its minor crimes | committed by immigrants. | moremetadata wrote: | [dead] | win32k wrote: | Completely agree. When used properly and ethically in a | democratic society, surveillance is an absolute net positive | for society. | radhad wrote: | [dead] | sundarurfriend wrote: | > When used properly and ethically in a democratic society | | So, for the first five minutes. | inglor wrote: | It is ok as long as you are not the target :) | | It is basically only ok if you can guarantee it's users always | use it in good faith which is virtually impossible. | [deleted] | ciabattabread wrote: | I take it you're not a Florida woman with a miscarriage. | win32k wrote: | Nice straw man | Tarq0n wrote: | Would it have been impossible to achieve the same goal with | targeted surveillance instead? | cal5k wrote: | Yes, it really is so bad. People are unbelievably ignorant of | history. | | What happens when the state intelligence apparatus has the | ability to perfectly surveil the population? Look no further | than what the Stasi accomplished - it becomes trivially easy to | discredit political opposition, journalists, business leaders, | or any other person or group standing in the way of the | powerful. | | People split hairs about this kind of oversight, or that kind | of oversight, but when the powerful are overseeing their own | surveillance apparatus - using secret courts, secret warrants, | and all manner of other methods for hiding the true scope of | the surveillance - I do not believe it can be contained. | win32k wrote: | But the Stasi was a secret police in a totalitarian state, | not a liberal democracy. Apples to oranges. Good faith actors | in government, with intense oversight from elected officials, | makes your concerns null and void. | Qem wrote: | A liberal democracy has the ever present risk of devolving | into a totalitarian state (just look at the Weimar republic | or Argentina in the 70s). We must hedge our risks, fight | tooth and nail so it doesn't happen, but when it eventually | happens, better not to leave a well oiled, powerful machine | ready for the totalitarians to crush us. | detaro wrote: | Because government agencies have such a good track record | of ensuring they only ever contain good faith actors and | would never hide things from oversight, and such oversight | would never be done by people willing to look away if it | "hits the right people" or some nonsense like that. | VWWHFSfQ wrote: | It's a dangerous train of thought. You will end up like China | where it's acceptable for the "greater good". And nobody will | ever give the power back once they have it. | ChatGTP wrote: | I agree it's dangerous but what are governments supposed to | do? | | In a world where individuals or very small groups of people | are increasingly gaining the power to do potentially | catastrophic damage using increasingly powerful technology, | what are the actual alternatives? Trust? | | How can society functionin going forwards without at least | some oversight ? | | Don't get me wrong, I don't want society to go this way, but | I'm starting to see fewer and fewer options presented to | Governments. I can see both sides of the story. | | I wouldn't pretend I know the right answer, but I think we | have to admit the world has changed quite a bit recently. | lettergram wrote: | I used to semi-joke the real way to break these systems is to | have multiple AIs on everyone's phones constantly talking to each | other. You do this over encrypted chat and tag if it's real or | not. Only display the real ones to the users. | | Then when you send a message it can be hidden. And it becomes too | expensive to review. | Orangeair wrote: | I wish it would expand on some of its recommendations. It says to | avoid Authy, but doesn't give any reasons. Is this just a FOSS | absolutist site? That doesn't really seem to mesh with the title | for me, I was expecting to see some actual info about curbing | data collection. | 93po wrote: | Same, I want to understand why I'm avoiding any of these. | loteck wrote: | What, Slack just gets a pass? | chillycurve wrote: | For a better and more up-to-date list of alternatives, see | https://www.privacyguides.org/en/ | roody15 wrote: | Too late. Not to be a downer but this ship has sailed. No matter | the cost governments and big business will unite in using mass | surveillance to monitor and control the population. In a sense | its a new feudal system enforced with complete surveillance. | WarOnPrivacy wrote: | > No matter the cost governments and big business will unite in | using mass surveillance to monitor and control the population. | | The cost has almost always been ~0 for gov officials performing | unnecessary surveillance. | | I trace this low cost back to news orgs. Most editors & | journalists opt out of honoring their extra constitutional | protections because they don't serve as an adversary to the | powerful. Instead they favor publishing sportsball or celebs or | parroting gov/corp/leo pr without any analysis, etc. | | We don't know how officials will behave if they have to pay a | persistent, meaningful cost for surveilling us. We've never | tried it. | mandmandam wrote: | > We don't know how officials will behave if they have to pay | a persistent, meaningful cost for surveilling us. We've never | tried it. | | To try that, step one would be making people aware of what's | even happening. As you say, news orgs are failing us all. | | Assange and Snowden took Step One toward that end... And were | made an international example of. The institutions and news | orgs who ought to have been their main support failed, and | even turned on them in most cases. | itherseed wrote: | I was surprised to find Authy in the "Avoid" column of the 2FA | apps in Android. Anybody knows why? I prefer something open | source like Aegis that I can backup myself but didn't hear | anything bad about Authy in particular. | raybb wrote: | Relatedly, does anyone know about 2fas.com ? They have a very | nice app and a lot of installs but it's unclear how well vetted | the oss is. | turnsout wrote: | Yeah, kind of surprising. I guess it's a private company that | manages your 2FA code backups, and they could theoretically | lock you out. | | I avoid Authy for a different reason: after upgrading phones, | my backup password (which is 100% correct, trust me) is not | unlocking my archive. I switched over to iCloud Keychain and | will never look back. | thekingshorses wrote: | I use google authenticator. I backup the QR code in the | TrueCrypt vault when I add a new account to the google auth. I | am not sure how secure it is, but I am very scared of losing | access to google authenticator. | pipingdog wrote: | https://news.ycombinator.com/item?id=33444223 | JohnFen wrote: | That makes it clear. Authy is an unacceptable piece of | software. | hot_gril wrote: | "Avoid PayPal, use Bitcoin." Wish it were that simple. | Nextgrid wrote: | > Avoid PayPal, use Bitcoin. | | So instead of the government being able to spy on you, you want | the government _and_ anyone else capable of monitoring the | blockchain to spy on you? That seems worse on all fronts. | hot_gril wrote: | It still seems a lot harder to track if you don't reuse | addresses. The same entry did also recommend Monero. | Meanwhile I purchased brandy with a credit card for the first | time, in-person at a small liquor store, and immediately | started seeing web ads for more brandy. ___________________________________________________________________ (page generated 2023-05-01 23:01 UTC)