Internet Privacy or (In)Security..a lesson in paranoia
V.I. Kydor Kropotkin: Wel my phone isn’t tapped and I know yours isn’t tapped…
Don Masters, CEA Agent: But this phone booth was.
V.I. Kydor Kropotkin: Are you trying to tell me every phone in the country is tapped?
Don Masters, CEA Agent: That’s what’s in my head.
V.I. Kydor Kropotkin: Don, this is America, not Russia! – The President’s Analyst
Well it didn’t use to be. And according to this, nobody can expect any privacy over the Internet any more.
“Environmental advocates have the right to speak anonymously and travel without their every move and association being exposed to Chevron,” said Marcia Hofmann, Senior Staff Attorney with the Electronic Frontier Foundation, who—along with environmental rights group EarthRights International (ERI)—had filed a motion last fall to “quash” the subpoenas.
“These sweeping subpoenas create a chilling effect among those who have spoken out against the oil giant’s activities in Ecuador,” she added at the time.
According to ERI, the subpoena demands the personal information about each account holder as well as the IP addresses associated with every login to each account over a nine-year period. “This could allow Chevron to determine the countries, states, cities or even buildings where the account-holders were checking their email,” they write, “so as to ‘infer the movements of the users over the relevant period and might permit Chevron to makes inferences about some of the user’s professional and personal relationships.'”
First some background, so please excuse me as I get rather techy and geeky.
Right now we have the following four major operating systems to run on your PC, desktop or server machine:
Windows – Microsoft – the least secure.
OS X – Apple – more secure
Linux – the most secure for desktop use
BSD – the most secure of all but primarily for server applications.
BSD – (which stands for Berkeley Software Development) was originally developed at the University of California Berkeley from work they did to expand the usefulness of ATT Unix. Now supported by the BSD Community. There are two main flavors. NET-BSD and Free-BSD.
Linux was developed by Linus Torvalds and contains all free software from the Free Software Foundation. It’s generally known as GNU/Linux.
OS X is built upon a BSD core using a MACK Kernel, but since the user interface IE windowing system is Apple Proprietary, there is no knowing what it may or may not have in it or how secure it actually is.
Windows is totally proprietary, though there has been pressure on Microsoft to release the source, or at least part of it.
Linux comes in a number of flavors.
RedHat – now know mostly as Fedora.
openSUSE – a distribution that was developed so that it could run on particular IBM Mainframe machines under their VM operating system but will also run on Intel and others.
Ubuntu – a distribution of the Debian/GNU flavor of Linux. There are various flavors of this as well, depending on the Window manager you happen to like. I use Xubuntu which uses the XFCE window manager. But all Ubuntus can run programs from the Ubuntu software library which is now very large. There are a very large number of Linux distributions as one can see from this list. And going into the differences of each would take a large book. The nice thing is that nearly all applications that will run on one version of Linux will run on the others. These days just about about anything one would want, from photo manipulation to web browsing to office products to audio and mp3 and videos, is available for Linux and even for BSD.
And with Wine, nearly all Windows apps will run on Linux. I am currently running a few myself. So there really is little reason not to switch these days.
So why am I going into all of this ? Because it should be evident to all that anything you type in the clear will be seen by the US Stasi. Count on it. And you can count on the fact that Microsoft and Apple will cooperate fully with them as well.
So first of all one needs to ditch the corporate software completely. Yes, it will take some getting used to. However the Widowing systems now available for Linux can give you the look and feel of Windows or OS X or even IBM’s OS2 – yech.
Use Firefox for browsing and an anonymous plugin for anything serious. Use Thunderbird for your mail app and a pgp encryption for your serious mail. There are a number of plugins for both. DO NOT USE Gmail, Yahoomail or any of those free mailers for ANYTHING SERIOUS. Use a secure mail service such as riseup or hushmail which will not divulge who you are.
Do NOT use Twitter or clear chat. Risup is starting a secure chat service.
But the biggest problem is how the government acquires and uses metadata. From an email I received from Risup:
Metadata, i.e. all the information about who you communicate with, how
frequently, for how long, and from where, can be used to create a social
map. One way this social map can be used to determine who the bridge
people are within social movements and campaigns, i.e., which people are
Say that there is some really excellent, effective anti-coal organizing
going on — effective enough that the powers that be want to stop it.
Using the metadata to make a social map shows them who the handful of
people are that connect the green anarchists with the labor activists and
the climate change organizers. Even in really large campaigns, there are
often only a handful of people who are the connectors, and without them
communication, coalition, coordination, and solidarity will break down.
It’s not that it might break down, but it will. Corporations and
governments even know how many of these bridge people they need to take
out in order to disrupt a campaign. There are algorithms and academic
papers written about it. What they haven’t always known is who the heck
these bridge people are.
Enter the metadata’s social map, and they can easily and to an exacting
degree see who the bridge people are they need to target. Who to follow
and intimidate to stop their organizing. Who to have watched and legally
prosecuted via any small legal infraction. Who to illegally entrap. Who to
kidnap, torture, and kill. And let’s not be naive and imagine that hasn’t
happened before and will not happen again. The collection of this metadata
makes it all the easier.
Sound paranoid? Or are we at a point where nothing sounds paranoid anymore.
So, what can we do about it? For starters, get everyone you know to start
using an email provider that uses StartTLS. For email, this is the only
thing that can protect against the surveillance of our social networks.
What about phone calls, internet chat, and social networking sites? Riseup
birds don’t have all the answers, but we are working on it. One thing we
know, privacy and security are not solved by personal solutions. If we
want security, it will take a collective response and a collective
commitment to building alternative communication infrastructure.
In other words, just knowing who you are communicating with is important to the government these days. So to my mind what is necessary is this:
Someone is going to have come up with a secure communications scheme – probably cloud based – where you would not even know who was communicating with who, unless you had the key. And each person/communicator would have their own unique key to identify them.
Nothing – not even who you want to communicate with – would be in the clear. Everything encrypted so that when some kind of coordinated action is planned, at least knowing who is planning what with whom would be very difficult to discover. We have entered the era of the American Stasi and KGB, people, and everything you say, email, tweet and chat will be used against you.