Tag: Privacy

Good Advice on Privacy

No Comments

Over at The Intercept, they have an article on how to run an anonymous twitter account with as much security as possible.

This is important if you are, for example, a disloyal bureaucrat serving under your Trumpian overlords

The basic steps are as follows:  (with my comments indented with lower case letters)

  1. Buy a burner prepaid phone with CASH.
    1. Get a cheap feature (non-smart) phone.  Some of them actually have keyboards.
    2. Remember, your face will probably be recorded at the 7-Eleven, or whatever, so wait 2-3 weeks until they overwrite the old records, or at least wear a hoodie and sunglasses.  (Parking a few blocks away would be a good idea as well)
    3. Don’t turn on the phone at home at work.  Better yet pull the battery.
    4. If you want to use the phone, choose a place, a very public place (like the Lexington Market Metro stop, and ONLY use it there.  I used to take the Lexington stop to work every day, which is why I know the location)
    5. Don’t buy a smart phone as a burner, they are privacy sink holes.
  2. Get a TOR compatible browser.
    1. Use a browser designed for this from the start, and not to rely on addins.
    2. You could also use I2P instead of TOR, I do not know the relative merits. 
    3. Note that there is significant evidence that much of TOR’s funding might have come via the US state security apparatus, so be careful.
  3. Get a TOR based email service.
    1.  Again, you could use I2P.
    2. Listed in the article are SIGAINT, Riseup, and ProtonMail.
  4.  Activate the phone using the TOR browser.
  5. Determine your phone number.
  6. Create your Twitter account using your the TOR browser, and enter in the phone’s number.
  7. Go to your special place (1. d.) and get the confirmation text, and then enter it into the confirmation.
    1. In the Lexington Market case, there is a Starbucks down the street, so TOR the wifi, and probably do the hoodie and sunglasses thing.
  8. Be circumspect about who you talk to.
  9. Be circumspect about who you might communicate with via TOR.
  10. Consider rebooting your machine into a secure operating system before accessing Twitter, such as “Tails, or  Qubes with Whonix,” which can boot from a memory stick.
  11. (on edit) I shouldn’t need to say this, but never use the phone for anything else but your tweeting, or in the case elucidated below for that.

Read the rest of the article, and then leak away.

BTW, all of part 1 should also apply to giving a burner phone to a reporter to leak.  Only use it at a specific place, and have it off, or better yet, the battery out, when not in use.

You don’t want someone using traffic analysis to figure out who your are.

This has been a public service announcement of Matthew’s Saroff’s Beer (and Laptop) Fund and Tip Jar.

Please give generously. 

    The Internet of Things Will Spy on You

    No Comments

    It turns out that cops are subpoenaing data from various devices that listen to you for criminal investigations:

    “Doorbells that connect directly to apps on a user’s phone can show who has rung the door and the owner or others may then remotely,m if they choose, to give controlled access to the premises while away from the property.

     “All these leave a log and a trace of activity. The crime scene of tomorrow is going to be the internet of things.”

     ………

     Mr Stokes said detectives of the future would carry a ‘digital forensics toolkit’ which would allow them to analyse microchips and download data at the scene, rather than removing devices for testing.

     ………

     In the US, Amazon is currently fighting requests by the US authorities to hand over recordings from one of its Echo home entertainment systems belonging to James Andrew Bates.

     Officers in Arkansas are investigating the murder of Victor Collins who was found dead at Mr Bates’ hot tub in 2015. They have already taken evidence from an electric water meter, which appears to show that a huge amount of water was used. Detectives say it could have been to wash blood away from the patio.

    First, it will be murder, then it will be tax evasion, then it will be unpatriotic thoughts.

    BTW, put tape over your laptop’s camera as well when you are not using them.

    Not Sauce for the Gander, It Would Seem

    No Comments

    Politicians have exempted themselves from Britain’s new wide-ranging spying laws.

    The Investigatory Powers Act, which has just passed into law, brings some of the most extreme and invasive surveillance powers ever given to spies in a democratic state. But protections against those spying powers have been given to MPs.

    Most of the strongest powers in the new law require that those using them must be given a warrant. That applies to people wanting to see someone’s full internet browsing history, for instance, which is one of the things that will be collected under the new law.

    For most people, that warrant can be issued by a secretary of state. Applications are sent to senior ministers who can then approve either a targeted interception warrant or a targeted examination warrant, depending on what information the agency applying for the warrant – which could be anyone from a huge range of organisations – wants to see.

    But for members of parliament and other politicians, extra rules have been introduced. Those warrants must also be approved by the prime minister.

    That rule applies not only to members of the Westminster parliament but alos [sic] politicians in the devolved assembly and members of the European Parliament.

    Lovely:  Politicians are saying “Rule of law for me, but not for thee.”

    F%$# them with Cheney’s dick.

    Yet Another Reason to Oppose the AT&T/Time Warner Merger

    No Comments

    It turns out that AT&T has created a warrant free smorgasbord privacy invasions while charging the taxpayer through the nose:

    ………

    Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why.

    “Merritt was in a position to access the cellular telephone tower northeast of the McStay family gravesite on February 6th, 2010, two days after the family disappeared,” an affidavit for his girlfriend’s call records reports Hemisphere finding (PDF). Merritt was arrested almost a year to the date after the McStay family’s remains were discovered, and is awaiting trial for the murders.

    In 2013, Hemisphere was revealed by The New York Times and described only within a Powerpoint presentation made by the Drug Enforcement Administration. The Times described it as a “partnership” between AT&T and the U.S. government; the Justice Department said it was an essential, and prudently deployed, counter-narcotics tool.

    However, AT&T’s own documentation—reported here by The Daily Beast for the first time—shows Hemisphere was used far beyond the war on drugs to include everything from investigations of homicide to Medicaid fraud.

    Hemisphere isn’t a “partnership” but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company’s massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public.

    ………

    While telecommunications companies are legally obligated to hand over records, AT&T appears to have gone much further to make the enterprise profitable, according to ACLU technology policy analyst Christopher Soghoian.

    “Companies have to give this data to law enforcement upon request, if they have it. AT&T doesn’t have to data-mine its database to help police come up with new numbers to investigate,” Soghoian said.

    AT&T has a unique power to extract information from its metadata because it retains so much of it. The company owns more than three-quarters of U.S. landline switches, and the second largest share of the nation’s wireless infrastructure and cellphone towers, behind Verizon. AT&T retains its cell tower data going back to July 2008, longer than other providers. Verizon holds records for a year and Sprint for 18 months, according to a 2011 retention schedule obtained by The Daily Beast.

    The disclosure of Hemisphere was not the first time AT&T has been caught working with law enforcement above and beyond what the law requires.

    ………

    Once AT&T provides a lead through Hemisphere, then investigators use routine police work, like getting a court order for a wiretap or following a suspect around, to provide the same evidence for the purpose of prosecution. This is known as “parallel construction.”

    “This document here is striking,” Schwartz told The Daily Beast. “I’ve seen documents produced by the government regarding Hemisphere, but this is the first time I’ve seen an AT&T document which requires parallel construction in a service to government. It’s very troubling and not the way law enforcement should work in this country.”

    ………

    Sheriff and police departments pay from $100,000 to upward of $1 million a year or more for Hemisphere access. Harris County, Texas, home to Houston, made its inaugural payment to AT&T of $77,924 in 2007, according to a contract reviewed by The Daily Beast. Four years later, the county’s Hemisphere bill had increased more than tenfold to $940,000.

    AT&T is profiteer in support of the modern surveillance state. 

    Increasing the data that they can collect through mergers and acquisitions is not good for the rest of us.

    Google Goes to the Dark Side

    No Comments

    The firm that used to have the motto, “Don’t be evil,” has just decided to renege on their promise not to use personally identifiable tracking:

    When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.”

    And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.

    But this summer, Google quietly erased that last privacy line in the sand – literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools.

    The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

    The magic of the market will not fix this ……… ever.

    Pardon Him Now

    No Comments

    It appears that one of the effects of the Snowden disclosures was to make the US State Security Apparatus significantly less likely to abuse the provisions of the Patriot Act:

    Edward Snowden’s disclosures were partially responsible for reversing a massive growth in the use of a controversial provision of the Patriot Act for acquiring email and other so-called “business records”, the US justice department’s internal watchdog has found.

    The Patriot Act provision, known as Section 215, permits intelligence and law enforcement agencies to acquire from a service provider records of someone’s communications – such as phone calls or email records – that are relevant to a terrorism or espionage investigation.

    In June 2013, the Guardian, based on Snowden’s leaks, revealed that the Bush and Obama administrations had secretly been using Section 215 to acquire Americans’ phone data in bulk. The revelation led Congress to significantly curtail domestic bulk phone records collection in 2015.

    The new report from the justice department inspector general reveals that around 2009, the FBI began encountering resistance from email providers and others to a highly controversial nonjudicial subpoena for records, known as a National Security Letter. In the wake of this, the FBI began acquiring the information it sought through warrant requests to the Fisa court, a secret surveillance panel, using Section 215 of the Patriot Act, which the inspector general notes is a slower process.

    ………

    But Snowden’s revelations, beginning in mid-2013, helped shift the FBI away from using Section 215 to acquire email and other metadata. The Fisa court approved warrants to collect non-bulk business records 179 times in 2013, a number falling to 142 times in 2015 – though this was still a vast increase on the 21 approved in 2009.

    A senior national security official with the justice department told the inspector general that a “stigma” had been created around the Patriot Act provision, even outside of the bulk collection that privacy advocates rallied to stop.

    Edward Snowden is an American hero and a patriot.