Thursday, October 1, 2015
America Unprepared For Devastating 'Black Swan'
Urban Man- Here is another interesting story I just read in regards to EMP issues.
WASHINGTON – Supply-chain disruptions often are the result of adverse weather, unplanned telecom outages, data breaches or even cyber hacking.
However, the one “Black Swan” event that would make these instances pale by comparison and result in a cascading disruption is a natural or man-made electromagnetic pulse event.
A “Black Swan” is an event regarded at the time of its occurrence as unprecedented and unexpected but later, in hindsight, understood to have been inevitable.
An EMP is in that category, since scientific experts repeatedly warn that a major EMP event is not a question of if, but when.
Barrett Moore, a security specialist and founder of the security company Triple Canopy, told WND that federal officials have modeled the effects of a “Black Swan” event on the timely delivery of food, water, fuel, medical care and technology. But they have done it primarily for the government’s benefit.
Michael Maloof’s “A Nation Forsaken” exposes the catastrophic vulnerability scientists and other experts have been warning about for years
“Seeing potential for large-scale chaos,” Barrett said, “they have mitigated this risk for themselves by investing hundreds of billions of dollars in a continuity-of-government plan that has overseen the construction, equipping and provisioning of over 100 classified ‘haven’ facilities accessible only to families and staff of government officials,” he said.
“No parallel provisions have been made in our country for the general population,” he said.
Years ago, Barrett noted, there were civil-defense centers in which the local population could assemble in the event of an emergency, stocked with food, water and essential medicines. But they disappeared in the 1960s.
Consideration, he said, should be given to bringing them back as one type of “safe haven” for the general population.
Catastrophe
A recent survey shows that an EMP event is not on the radar of professionals whose industry is part of the supply chain.
A 2014 Supply Chain Resilience Survey, conducted by the Business Continuity Institute on behalf of the Zurich Insurance Group, asked the professionals to look five years ahead regarding potential, evolving world threats
They ranked the biggest threat as cyber attacks, followed in order by IT/telecom outages, outsourcer service failure, data breaches and adverse weather conditions.
Yet, supply-chain disruption caused by an EMP – a super-burst of energetic radio waves that could knock out the already vulnerable national grid – can either destroy or damage unprotected electronic systems by instantly overloading their circuits.
The immediate result would be catastrophic damage to all the critical infrastructures that rely on the grid, including automated control systems for electric power, telecommunications, transportation, banking and finance, food and water distribution and emergency services.
A natural EMP event would be a direct hit on Earth from a massive solar storm, while a man-made EMP would be a high-altitude nuclear bomb burst instigated by any adversarial country with a nuclear weapon and a missile-delivery system.
Given the level of U.S. unpreparedness, it is estimated that within 12 months of an EMP event, two-thirds to 90 percent of the U.S. population would likely perish from starvation, disease and societal breakdown, according to the Secure the Grid Coalition.
The coalition is an ad hoc group of policy, energy and national security experts, legislators and industry insiders dedicated to strengthening the U.S. electrical grid by seeking the passage of legislation and raising public awareness of the national and international threat of an EMP.
‘Keystone’ infrastructure at risk
One of the coalition’s spokesmen is Peter Vincent Pry, who told WND that “political gridlock” in Washington has hindered the implementation of any of a number of cost-effective plans to protect the national electrical grid.
He said the electric grid is the “keystone” infrastructure necessary to recover all other critical infrastructures. Protection of the grid from an EMP – which Pry said is the “worst threat” – will also enhance overall grid security against all other threats including cyber attack, sabotage and severe weather.
Pry is a former analyst for the Central Intelligence Agency who serves as executive director of the congressional Task Force on National and Homeland Security and director of the U.S. Nuclear Strategy Forum.
Pry also was staff director of the congressionally mandated EMP Commission, which in 2008 looked at the impact of an EMP on the nation’s vital infrastructure.
Among other things, the commission recommended an “all hazards” strategy to protect the electric grid and other critical infrastructures against all threats.
Pry said the “all hazards” strategy is the most practical and cost-effective solution to protecting the grid and the other critical infrastructures.
He pointed out that electric grid operation and vulnerability are dependent on two key technologies – extra-high voltage, or EHV, transformers and Supervisory Control and Data Acquisition Systems, or SCADAS.
“EHV transformers are the technological foundation of our modern electronic civilization as they make it possible to transmit electric power over great distances,” Pry said.
They cost millions of dollars and are custom-made rather than mass-produced. Making one EHV takes about 18 months under normal conditions, and only 200 are made a year.
While EHV transformers were invented in the United States by Nikolai Tesla, Pry said, they no longer are manufactured in the U.S.
“Because of their great size and cost,” he said, “U.S. electric utilities have very few spare EHV transformers. The U.S. must import EHV transformers made in Germany or South Korea, the only two nations in the world that make them for export.
“An event that damages hundreds – or even as few as nine – of the 2,000 EHV transformers in the United States could plunge the nation into a protracted blackout lasting months or even years,” Pry said.
SCADAS are small computers that run the electric grid and all the critical infrastructures. For example, they regulate the flow of electric current through EHV transformers, the flow of natural gas or water through pipelines, the flow of data through communications and financial systems and operate everything “from traffic control lights to refrigerators in regional food warehouses.”
SCADAS number in the millions and are indispensable as EHV transformers in running a modern electronic civilization, Pry said.
“The EMP Commission found that if the electric grid can be protected and quickly recover from nuclear EMP, the other critical infrastructures can also be recovered, with good planning, quickly enough to prevent mass starvation and restore society to normalcy,” Pry recently told a congressional panel.
“If EHV transformers, SCADAS and other critical components are protected from the worst threat – nuclear EMP – then they will survive, or damage will be greatly mitigated, from all lesser threats, including natural EMP from geomagnetic storms, severe weather, sabotage, and cyber attack,” he said.
Pry said cyber warfare is another existential threat to the U.S., not because of computer viruses and hacking alone, but owing to military doctrines of potential adversaries that call for all-out cyber attack, including an EMP.
Pry told the congressional panel that a 2011 U.S. Army War College study, “In The Dark: Planning for a Catastrophic Critical Infrastructure Event,” warned U.S. Cyber Command that U.S. doctrine should not overly focus on computer viruses to the exclusion of an EMP attack and the full spectrum of other threats, as planned by potential adversaries.
Pry said anti-hacking and anti-virus solutions will just result in an “endless virus versus anti-virus software arms race” that will prove “unaffordable and futile.”
He said the worst-case cyber scenario can be overcome through an “all hazards” strategy recommended by the congressional EMP Commission. He said the worst-case scenario envisions a computer virus infecting the SCADAS that regulate the flow of electricity into EHV transformers, damaging the transformers with overvoltage and causing a protracted national blackout.
But if the transformers are protected with surge arrestors against a high-altitude nuclear EMP attack which Pry said would be the worst kind of attack, they “would be unharmed by the worst possible overvoltage that might be system-generated by any computer virus.”
“While gridlock in Washington has prevented the federal government from protecting the national electric power infrastructure, threats to the grid – and to the survival of the American people – from EMP and other hazards are looming ever larger,” Pry said. “Grid vulnerability to EMP and other threats is now a clear and present danger.”
Urban Man-
Saturday, September 26, 2015
What Is An Infidel?
Below is a very interesting email that I recently received. It is worth the time to read it. -Urban Man
In light of what happened 14 years ago on 09/11/2001, here’s a commentary worth reading. (the TRUTH)(check it out if you don’t believe it is what is taught and written in the Koran). Linda
The author, Rick Mathes, is a well-known leader in prison ministry,says, The man who walks with God always gets to his destination. If you have a pulse you have a purpose. The Muslim religion is the fastest growing religion per capita in the United States , especially in the minority races.
Last month I attended my annual training session that's required for maintaining my state prison security clearance. During the training session there was a presentation by three speakers representing the Roman Catholic, Protestant and Muslim faiths, who each explained their beliefs.
I was particularly interested in what the Islamic Imam had to say. The Muslim gave a great presentation of the basics of Islam, complete with a video..
After the presentations, time was provided for questions and answers.. When it was my turn, I directed my question to the Muslim and asked:
'Please, correct me if I'm wrong, but I understand that most Imams and clerics of Islam have declared a holy jihad [Holy war] against the infidels of the world and, that by killing an infidel, (which is a command to all Muslims) they are assured of a place in heaven. If that's the case, can you give me the definition of an infidel?'
There was no disagreement with my statements and, without hesitation, he replied, " Nonbelievers"
I responded, 'So, let me make sure I have this straight. All followers of Allah have been commanded to kill everyone who is not of your faith so they can have a place in heaven. Is that correct?'
The expression on his face changed from one of authority and command to that of a little boy who had just been caught with his hand in the cookie jar.'
He sheepishly replied, 'Yes.'
I then stated, 'Well, sir, I have a real problem trying to imagine The Pope commanding all Catholics to kill those of your faith or Dr. Stanley ordering all Protestants to do the same in order to guarantee them a place in heaven!'
The Muslim was speechless.
I continued, 'I also have a problem with being your friend when you and your brother clerics are telling your followers to kill me! Let me ask you a question: Would you rather have your Allah, who tells you to kill me in order for you to go to heaven, or my Jesus who tells me to love you because I am going to heaven and He wants you to be there with me?'
You could have heard a pin drop.
Needless to say, the organizers and/or promoters of the 'Diversification' training seminar were not happy with my way of dealing with the Islamic Imam, and exposing the truth about the Muslims' beliefs. In twenty years there will be enough Muslim voters in the U.S. to elect the President.
I think everyone in the U.S. should be required to read this, but with the ACLU, there is no way this will be widely publicized, unless each of us sends it on! This is your chance to make a difference.
For the sake of CHRIST ...SEND THIS ON
Tuesday, September 22, 2015
Big Brother Surveillance Threat, Part 3: Anti-Surveillance Guide
Big Brother Surveillance Threat, Part 3: Anti-Surveillance Guide
This is Part Three, of a series that Urban Survival Skills is calling "Big Brother Surveillance Threat" and is publishing, that are excerpts from a huge article titled "You Are a Criminal In a Mass Surveillance World – Here’s How Not To Get Caught", but David Montgomery and posted on Prepared Gun Owners.com
[http://preparedgunowners.com/2015/06/11/you-are-a-criminal-in-a-mass-surveillance-world-heres-how-not-to-get-caught/]
ANTI-SURVEILLANCE GUIDE
The following guide is 10 basic steps which involve using free software. It’s followed by a list of essential security practices. The guide is intended to be a “minimum effective dose” of security against hackers, fraudsters and mass surveillance. It may seem like a lot, but if anything I went light because I don’t want people to get overwhelmed and do nothing. This is an incremental process. If one of these steps is too difficult or intimidating, don’t bail on everything else. Every step substantially decreases your risk exposure.Good security is a habit more than anything. What may initially seem like an inconvenience will eventually not even be noticed, just like locking the door to your home. Suggestions for improvements and updates are welcome and appreciated.
STEP 1 – CLEAN AND PREP
Why: There’s a good chance your computer is already infected with malicious software (malware). Unfortunately malware attacks are a never-ending plague. You can’t spend time online and not be at risk of infection. This includes viruses, key loggers (which secretly record everything you type, like GROK or Magic Lantern) and various other programs that track you and send your private information to bad guys.There are thousands and thousands of malware programs out there with new ones being launched daily. It’s not just hackers, fraudsters, or governments who create and spread malware. Huge companies that you’d think would be fiercely protective of their reputation, like Sony, will infect you. Lenovo, the world’s largest personal computer vendor, is under fire for selling 43 models with pre-installed malware which dramatically undermines your computer’s security. This site shows if you’re infected. If you are, here’s how to fix it.
***For Apple desktops and laptops only***
Install and run the following programs:
CCleaner – Download the free version. After you’ve run a scan and fixed any problems it finds, close it and then move onto the next program. I suggest running CCleaner once per month.
Sophos Anti-Virus Home Edition – This program is free. Install and run a scan to make sure you’re clean. Macs are much less virus prone than Windows PCs, but infections are still possible. I recommend this program because phishing attacks keep getting more and more sophisticated, and it’s pretty easy these days to be tricked into clicking malicious web site links and opening malicious files. If you already have another anti-virus program installed, update and run it instead.
***For Windows PCs and laptops only***
First, let’s make sure your copy of Windows is up to date. Microsoft is constantly releasing security patches to fix security vulnerabilities, and your computer should be set to automatically install important updates. If you don’t know how to check if important updates have been installed, see this if you’re running Windows 7 and this if you’re running Windows 8. Windows 10 installs updates automatically.
Second, see if your anti-virus scanner is up to date and then run a scan. Both Windows 7 and Windows 8 come with free anti-virus software. If you already run a third party anti-virus program, update and run that instead. If you haven’t installed any third party anti-virus software, on Windows 7 load Microsoft Security Essentials and do a scan. If you don’t have it, install it free here (ignore this if you run Windows 8). For Windows 8, run a scan with Windows Defender (see here if you need help). Don’t continue until the scan is finished. Virus scans take a while (10-20 minutes), so it’s a good time to grab a drink or a snack. If you find any infections, quarantine or delete them.
Third, we’re going to install and run four free programs that protect against malware. They all work a bit differently and catch different infections. If you already have other anti-malware programs you use, you can decide whether to delete them and go with this suite or stick with what you have.
Reboot your machine if it’s been on a long time. (A fresh restart is generally a good idea when installing a bunch of new software.) Then install and run the following:
CCleaner – Get the free version. Make a backup of your registry when it asks. After you’ve run a scan and fixed any problems it finds, close it and then move to the next program.
Malwarebytes Anti-Malware – Get the free version. Check for updates before running the scan. Fix any problems it finds and continue to the next program.
Spybot Search & Destroy – Get the free version. Check for Updates and run a scan. After it’s done and you fix any problems, Immunize your system. Immunization blocks your computer from communicating with a long list of known malicious sites.
Malwarebytes Anti-Exploit – Get the free version. This program shields your browser from sudden attacks that malware companies don’t yet know about called zero-day exploits. You don’t need to do anything. Just install and it will work in the background.
I suggest running CCleaner, Malwarebytes, and Spybot scans once a month. You should also do it immediately if you suspect that you’ve made a mistake like following a link to a shady-looking site you didn’t mean to visit or opening a suspect file.
STEP 2 – REPLACE YOUR BROWSER WITH FIREFOX
Why: (If you already use Firefox, skip to the add-on section.) People get attached to web browsers, so please consider my reasoning if you recoiled in horror at this suggestion. Google’s Chrome is the most popular web browser in the world. That image of Google’s boss and Obama gives an indication of how closely tied to the government Google is. Google is not only one of the government’s key business “partners.” It’s the juiciest target for the government to infiltrate. Snowden showed us that it has. You can virtually guarantee that NOCs work at Google.Google’s business is literally mass surveillance. It collects more data about more people than any other company in the world. The business model is simple. Google tracks and records you and then turns you into a profile that it sells to advertisers. As Eric Schmidt said, “We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”
The reason Google’s services are free is because you’re not the customer. You are the product. As Google itself says, “Our customers are over one million advertisers, from small businesses targeting local customers to many of the world’s largest global enterprises…” It’s biggest customer is of course the U.S. government (federal and state).
In contrast, Firefox doesn’t track you and sell you as a product. The developers of Firefox are highly vocal about being anti-surveillance. Firefox is open source, meaning any programmer can audit the code to see what it’s doing. And Firefox has add-ons that are necessary to thwart tracking and surveillance. (Chrome has add-ons too, though many of them contain malicious code.) Bottom line is the Firefox people aren’t in the surveillance business.
If you’ve been using Internet Explorer, know that it’s being phased out by Microsoft and has been plagued with security flaws. And it doesn’t support important add-ons needed to protect you.
If you’re on Mac, I recommend Firefox over Apple’s Safari browser as a matter of diversifying trust. At the end of the day we’re trusting all software we use not to exploit us. But Firefox doesn’t have the financial incentive like Apple does to track you. And while Firefox is open source, Safari is not. Also Firefox has a more robust collection of add-ons.
What to do: Install Firefox and set it as your default web browser. After you have Firefox running, click the Options button (the gear icon), click the Update tab, and select “automatically install updates.” Then install these security add-ons. (Each add-on puts an icon in the Firefox toolbar for quick access to its settings.)
HTTPS Everywhere – (click “Install in Firefox”). This increases the difficulty of bad guys intercepting what you see in your browser and makes it harder for them to set traps that can give them access to your computer.
Adblock Plus – This protects you from some sites that are set up to install malicious software on your computer. It also blocks ads from companies whose business is surveillance (like Google and Facebook which track you even when you’re not on their sites). If there’s a site whose ads you want to see you can easily tell Adblock to show ads for that site. When you install Adblock, a confirmation screen will appear. Scroll down and turn these switches ON.
Privacy Badger – (click the ‘download for Firefox’ link). This add-on pays attention to when you’re being tracked by a browser cookie and then deletes it. There is some overlap with AdBlock Plus, but Privacy Badger fills in some gaps because it doesn’t rely on block lists.
Random Agent Spoofer – When you visit web sites your browser sends information about its configuration that leaves a unique digital fingerprint. This fingerprint identifies you. If you’re curious you can see the print it leaves here. Install Random Agent Spoofer so you don’t leave prints wherever you go.
Ghostery (optional) – If for some reason you try AdBlock Plus and don’t like it, Ghostery is a solid alternative to try. I suggest using one or the other. If you use it I don’t recommend enabling GhostRank. (The program will ask when you install it, saying that its data collection is anonymized). Anonymized data collection isn’t necessarily anonymous.
NoScript (optional) – NoScript is optional because there’s a substantial learning curve. NoScript makes web browsing more secure, but the price is that many sites won’t display properly until you tell NoScript which parts of the site to allow. Once you set the permissions for a site, NoScript will remember them. But there’s that initial few seconds at a new site where you may need to allow the core parts of the site for it to display correctly. It took me a couple days to get used to it, but this article gives good guidance if you need help. If it’s not too intimidating, give it a try. You can always remove any Firefox add-on if you don’t like it.
STEP 3 – USE A SURVEILLANCE-FREE SEARCH ENGINE
Why: Google tracks and records your search terms along with when you entered them as part of its profiling analysis. Yahoo and Bing do the same thing. By analyzing every search you make, a shocking amount can be learned about you. You can get the same search results without being tracked and profiled.What to do: The good news is you can get Google’s search results without being tracked and recorded. StartPage is an anonymized version of Google, meaning it asks for search results on your behalf so that Google doesn’t know who is doing the asking. Go to StartPage and click “Add to my browser” and make it your default search engine. If you want non-Google search results, use Ixquick for a composite of several other search engine results. Both are excellent. Just make sure you set one of them as your default search engine. One other option is DuckDuckGo, which also doesn’t surveil you, though I prefer the search results of the other two.
STEP 4 – END THE PASSWORD NIGHTMARE
Why: Passwords are our bread and butter security measure. We use them every day to guard our accounts, assets, and personal information. The nightmare is that passwords as a security measure totally suck. The majority of passwords are so weak that they’re hacked within seconds. The security industry desperately needs to innovate beyond passwords, but we’re stuck with them for now.The reason passwords suck is it’s really hard to remember a strong password, much less a strong password for every account you have. So people end up using weak passwords, and they use the same one or two passwords everywhere. This is a security disaster.
Massive advances in computing power and password cracking software have made once-strong passwords a joke. Ed Snowden put it simply. The government can make 1 trillion password guesses per second. Free agent bad guys can make trillions of guesses too; it just takes them a bit longer. And the guesses are educated, not random, starting with databases of millions of real passwords which have already been hacked.
The disturbing truth is that 99% of the passwords people use are easy to crack for a reason. The same strategies we use to make passwords memorable are the very same strategies hackers exploit to crack them.
Hackers study how we come up with passwords – the most common words, the way we combine them, and the modifications we make. Then they write software that tests variations of those strategies using alternate spellings (like “l34rn” instead of “learn”), famous dates, names, movies, sports teams, addresses, combinations of your personal and family info, phrase and quote dictionaries, song lyrics, et cetera.
Even when we think we’re being really clever, we’re not. One site recommended taking an easy-to-remember password and then shifting your hands over a key to the right to type it. So Happydays would becomeJs[[ufsud. Seems like a great idea since the password now looks totally random. Except it’s not random at all. Hackers know this strategy too and can easily write software to apply the key shift strategy against all the other educated guesses they’re making.
Even if you do have a strong password, if you’re using it (or a slight variation of it) multiple places, you’re opening yourself up to attack. Even if the password is rock solid, the web sites we entrust our passwords to get compromised. Google, AT&T, Apple, Home Depot, Ebay, Target…all have been hacked at various times.
You can have the strongest password in the world, but if the system storing it is defeated, the attacker will have access to wherever else you use that password. And they’ll try variations of it too.
Given the disastrous state of passwords, we have to know how to make strong, unique passwords which can withstand sustained automated attacks. But what if you have 20, 30, or even 100 web site accounts? Fortunately the market has provided us with password management software that can generate and remember strong passwords with minimal effort. But the master password to access the manager needs to come from you and obviously be very strong. Same thing with the password to access your computer and phone.
What to do: Before we get to the password manager, it’s imperative that you know how to create strong, memorable passwords. I’ve researched a bunch of approaches and incorporated them into a basic methodology.
I can’t get overly specific about how to use the method because a specific strategy that’s public is easy to reverse engineer and crack. For example, people think the strategy of taking a famous phrase like “to be or not to be” and using the first word of each letter – tbontb – is a good password strategy because it looks so random. It’s actually a lousy password because it’s too short and that first-letter strategy is well known. Any good password cracker will run that strategy against databases of famous phrases, quotes, lyrics, poems, et cetera. So I’m going to show you how to make your own strategy using a modified pass phrase.
Unlike a password, a pass-phrase is several words. Every pass-phrase you make should be at least six words long. Here’s the catch. The words can’t be something you’d find in a database, like tobeornottobe, or variations of it like t0b30rn0tt0b3 or ToBeOrNotToBe! These are all readily cracked.
You need six words that mean something to you personally, but not to a bunch of other people. That’s the key. When people hear they should use a pass-phrase, they often pick something others would too, like newenglandpatriots or dancetillyoudrop. Not strong. It’s got to be 1) personal to you and 2) quirky. For example, mysizzlingloveaffairwithbacon is good because it’s pleasant to type, easy to remember, and the wording is quirky, not just a simple statement like ieatbaconeveryday. Even if you knew me and my affinity for bacon, mysizzlingloveaffairwithbacon would still be extremely difficult crack. (Don’t use this passphrase even if you share my love of bacon.)
So to review, we want personal and quirky – not literal information, like iwenttowaldonhighschool or ihavetwoyoungersisters or mymomisnamedsallysmith.
By the way, some people use totally random words like cowhandlestringredplentywindow, but I find that much harder to remember. It’s very secure though because it guarantees the user won’t pick an obvious or famous phrase. But a quirky, personal pass-phrase will not only be easier to remember, it won’t be annoying to type.
Make sure you use 6+ words. The difference in typing time between six or seven words versus two or three is only a couple seconds, but the difference in password security is gargantuan. The word count is much more important than the word length. blueantsfreakmybedout is strong even though it’s made of short words. Don’t skimp on word count.
Also know that you can include spaces in your passphrases (blue ants freak my bed out). I didn’t just to make the examples I’ve provided easier to distinguish from the text.
Now that you know how to make a quirky personal pass-phrase, we’re going to add one more layer of security. We’re going to apply a modification to the pass-phrase. Why? Because if an adversary figures out you’re using a pass-phrase, lower-case English words with no modification will be the first line of attack. The relentlessly increasing speed of computers means you might be vulnerable even if you use six words. Also if you unknowingly pick a common phrase like a famous quote or line from a song, the modification can save you from being cracked.
One example of a modification is to capitalize the first word of the pass-phrase – Mysizzlingloveaffairwithbacon. This modification is the most obvious one though, and bad guys know that, so pick something else. Pick anything that does something with capitals, punctuation, numbers, or any combination of those. Do your own thing, even if it’s simple. That’s better than a common modification like using leetspeak (e.g. substituting 3 for e, 4 for “a,” and 0 for “o”). Hackers have common modifications like this nailed.
It doesn’t need to be finger-twisting to type. You could even integrate the modification into the context of the passphrase itself, like eat8baconstripsEverymorningyay! That’s a deliciously strong password that you shouldn’t use.
An extremely powerful modification technique you should consider is swapping one or more of your pass-phrase words with a foreign language equivalent. Don’t bother with foreign words that are so popular that they’re used in English too, like nada or mucho. It doesn’t matter what language you pick, even Pig Latin, as long as you can remember the word. mysizzlingloveaffairwithaconbay turns “bacon” into Pig Latin, pun intended.
You’ll only need to invent and remember a pass-phrase to unlock your password manager and to log into your (soon to be encrypted) devices. The rest will be handled by your password manager.
If you’re nervous about forgetting a new strong password, you can write it down until it’s grooved. Some security people will tell you to never write down a password, but writing down a strong one is far better than having a weak password. Just don’t put the password someplace obvious, like next to your computer. The odds of somebody breaking your weak passwords online is exponentially higher than somebody breaking into your home and finding your passwords.
If you write down a password, here’s a technique in case someone finds the paper and tries to use it. Insert some dummy characters into the password that you’ll recognize as not being legit but which will fool others. You could add something, like your year of birth, as a decoy. So it would be, for example, mysizzling1980loveaffairwithbacon. If somebody finds and uses it, when it fails they’ll think you’ve changed your password.
Picking a Password Manager
A password manager does two critical things. First, it remembers all your passwords in an encrypted vault (except of course the password to access the vault). And second, it can replace your crappy passwords with automatically generated very strong passwords.After you’ve chosen a manager, you’ll want to make sure that you’ve told Firefox not to remember your passwords. Go to Options ? Security and uncheck “Remember passwords for sites.”
There are several password managers to choose from. They all have pluses and minuses. Here are a few I think are worth your consideration. Using any of them will massively improve your security, so go with whatever seems to suit you best. They are all free to try.
KeePass has been around a long time. It’s open source, free, and everything is stored on your machine. None of your passwords are uploaded to the cloud (a third party’s servers), so you don’t have to trust strangers to keep your passwords safe. But KeePass has a clunky interface that takes some getting used to. It’s also less convenient for the same reason that it’s more secure: Having your passwords in the cloud means you don’t have to worry about backing up the password vault or syncing your vault with other devices. With KeePass you have to back up your vault because if your computer dies or is stolen, you’ll lose all your passwords. And if you change a password, you need to manually sync the vault with any other computer or mobile device you use. KeePass was originally written for Windows, but because it’s open source there are multiple versions for all platforms to choose from.
Next we move to cloud-based managers. Dashlane has an elegant interface and is feature rich. Lastpass is the most popular manager and is also feature rich. They have a lot going for them, but both companies are based in the U.S. and subject to strong-arming. They promise that they store your passwords in an encrypted form that they can’t access, but there’s no way to know for certain because it’s not open source software.
If either company gets a government demand to divulge customer data or compromise their software with a backdoor, they will be legally gagged from telling people about it. I’m not making a value judgment against the companies – they seem very sincere and well-intentioned. But let’s not fool ourselves. Nobody at these companies is going to go to prison protecting your or my security. That said, Dashlane gives you the choice of storing your password vault locally (no copy in the cloud). If you’re willing to handle backing the vault up, that provides a substantial measure of assurance.
Another good choice for a cloud-based closed source manager is 1Password. One benefit it has over Dashlane and Lastpass is that it’s not in the U.S. The company is Canadian, and they point out that they have key people based in four different countries. If a demand was issued with a gag order, the principals in the other three jurisdictions could alert customers that their security was compromised without being tossed in prison.
Last but not least, my favorite choice is Encryptr, a free and open source cloud-based manager and e-wallet. Encryptr is zero-knowledge, meaning you don’t have to trust a third party to keep your passwords safe. You get the benefit of cloud storage without the risk of trusting closed source software. It’s not nearly as feature rich as 1Password, Dashlane, or Lastpass, but I personally like simplicity. And when it comes to all your passwords, open source transparency and zero-knowledge are arguably an overriding consideration.
I encourage you to try two or three out and see what feels right to you. Don’t stress about your choice. Whatever you pick, you’ll be massively more secure.
The final step with any password manager is to visit every site you have an account with and replace the old password with a newly generated strong password. Yes it’s an annoyance, but you only need to do it once. The payoff in security is enormous. (And don’t forget to turn off Firefox’s password storage: Options ? Security ? uncheck “Remember passwords for sites.”)
STEP 5 – ENCRYPT YOUR COMPUTER
This means your computer’s hard drive(s) and any external hard drives.Why: If you currently use a password to log onto your computer, that doesnot protect the information on your computer. The log-in can be circumvented with little effort by anybody with modest skills. Your drive needs to be encrypted, or your data is exposed to anybody with access to your computer.
If your computer is ever stolen, you’ll be out a computer but encryption means you won’t have to worry about being blackmailed, defrauded, stalked, or having your life otherwise hacked to bits.
If your internal or external hard drive dies and you chuck it or take it to get repaired, a stranger won’t be able to take it and recover all your data on it. They will only find an encrypted volume.
If your computer is ever confiscated at an airport, a border crossing, or in a government raid of your home, everything on it will be inaccessible rather than wide open.
***For Apple desktops and laptops only***
Apple ships its desktop and laptop computers with built-in encryption called FileVault. Follow these directions and turn it on. Don’t store your security key with Apple, and don’t store it on iCloud where Apple can be forced to disclose it or expose it in a security breach. Use the third recovery option: a strong passphrase. If you’re nervous you’ll forget it, print it out and store it someplace safe (not with the computer). And if you print it use the tip about printed passwords: Insert some dummy characters into the password that you’ll recognize as not being legit in case somebody finds it.
If you have external hard drives, you should encrypt those with FileVault too.Here’s how.
If you don’t want to trust Apple with your encryption (e.g. the possibility of a government back door), there is a free and open source solution. Veracrypt. It’s the successor to a highly respected encryption program called TrueCrypt. Unfortunately using Veracrypt is more complicated than File Vault, so expect about 30 minutes of learning curve. You can use VeraCrypt to encrypt your main computer drive and any external drives. It also can create an encrypted “file container,” which is like having a virtual hard drive of any size you choose where anything you put in it gets encrypted. For example you could make a 1 gigabyte file containers, put all your most important documents in it, and then put that file container anywhere – USB drives, the cloud, wherever – and your data is secure even if someone gets their hands on the container. (You can use Veracrypt to make file containers even if you use FileVault to encrypt your drive.)
Here’s the VeraCrypt documentation, most of which you don’t need to read to benefit from the core functionality of the program. (The default options are fine to use unless you need advanced features.) You can also search Youtube for several Veracrypt tutorials. The Beginner’s Tutorial is a good place to start. It will show how to make a file container. Once you feel comfortable making a file container (make and delete a couple just to get the hang of it), then try encrypting an external volume, like an external hard drive. The final step is to encrypt your main drive.
***For Windows PCs and laptops only***
Just to reiterate, having a Windows password will deter a nosey passer-by from going through your computer, but it is does not provide meaningful security.
You have a few decent options. The first is to use Microsoft’s disk encryption, which is called BitLocker. It’s free if you already are running Windows Vista Ultimate or Enterprise, Windows 7 Ultimate or Enterprise edition, or Windows 8 or 8.1 Pro or Enterprise edition. If you’re not you’ll need to upgrade to use BitLocker. Here’s a guide to get started if you want to got his route. My one criticism of BitLocker is it’s closed source, so nobody can tell if it has government backdoors. (Also new Windows 8.1 PCs ship with “Pervasive Device Encryption,” but Microsoft forces everyone to upload the encryption key Microsoft, so it’s not truly secure.)
The other option is to use the free and open source Veracrypt. It’s the successor to a highly respected encryption program called TrueCrypt. Unfortunately using VeraCrypt is a bit more complicated than BitLocker, so expect 20-30 minutes of ramp up. You can use VeraCrypt to encrypt your main computer drive (the one with your operating system on it), as well as any external drives. It also can create encrypted “file containers,” which is like having an encrypted virtual hard drive of any size you choose. Anything you put in a file container gets encrypted. For example you could make a 1 gigabyte file container, put all your most important documents in it, and then put that file container anywhere – usb thumb drive, cloud storage, wherever – and your data is secure even if someone gets their hands on the container file (assuming you used a strong passphrase).
Here’s the VeraCrypt documentation, most of which you don’t need to read to benefit from the core functionality of the program. (The default options are fine to use unless you need advanced features.) You can also search Youtube for several Veracrypt tutorials. The Beginner’s Tutorial is a good place to start. It will show how to make a file container. Once you feel comfortable making a file container (make and delete a couple just to get the hang of it), then try encrypting an external volume, like an external hard drive.
The last step is encrypting your system disk (your main drive, typically the C: drive). To do that you need a CD burner and a blank disk to make a Rescue Disk in case there’s a problem. If you’re not technical it’s a bit scary, and I appreciate how much it sucks to feel technically intimidated. So if you get freaked out, either use BitLocker if you have it, or make a big VeraCrypt container (they can be whatever size you want) and keep all your private data in there. A VeraCrypt container is pretty quick and easy to make, and you can copy it anywhere just like a regular file.
DiskCryptor is another free, open source alternative that is a bit easier to use (and has fewer features). Here’s a tutorial video that walks you through how to encrypt your main drive step by step.
STEP 6 – SECURE YOUR MOBILE DEVICES
Why: If your phone or tablet is ever stolen the last thing you want is to worry about is having all your contacts, email, photos and other personal info in the hands of bad guys.I know people who have had phones taken into back rooms during random airport security questioning. You really want your data encrypted with a strong password in a situation like that because all of your phone’s data can be cloned very quickly.
Because you can be arrested for trivial infractions such as driving without a seatbelt or having unpaid parking tickets, even the smallest crimes can be combined with narratives cops are trained to concoct about reasonable suspicion to pry open the door for a full-blown search of your digital life using sophisticated analytical tools. The only protection you have – and it’s great protection, thankfully – is to encrypt and password protect your mobile devices.
Needless to say, if a police officer or other government agent tells you to unlock your phone, politely refuse. If you comply, anything they find can be used against you. And it doesn’t matter whether you’ve been Mirandized or not. No matter how certain you are that you haven’t committed a crime (re-read the Into the Abyss section again if you think you’re innocent), there are officers who will plant evidence and fabricate testimony, so don’t give them rope to hang you. This guide provides essential guidance on how to interact with police.
***for iPhone and iPad users only***
TouchID – If you have an Apple device that has TouchID, I recommend using it.
Passcode – Many people don’t even put a passcode on their iOS device. Hopefully it’s clear by now that doing that is pretty much like begging for misery.
If you don’t have a passcode, from the home menu tap the gray settings icon. Then tap the “General” settings button and choose “Passcode Lock.” Tap the “Turn Passcode On” option at the top of the menu. Turn “Simple Passcode” OFF and choose a real passcode – at least 10 characters. Will it be annoying at first to spend an extra 2-3 seconds unlocking your phone? Yes, but you’ll get used to it.
People who use the “simple passcode” option might as well not have a passcode. Anybody who is determined can guess a 4 digit password within a couple hours, often within minutes since people pick obvious ones like 1111, 1234, 4321, 4444, 1357, 3579, et cetera.
If the extra 2 or 3 seconds to enter a real passcode is unpalatable, at the very least turn the “Erase Data” option to ON in the Passcode Lock settings page – and don’t use an obvious 4 digit code.
Don’t Trust – Apple’s attempts to make things automatic can lead to critical security breaches. Here’s one many iPhone users don’t know about. Say a coworker is going to put a file on your iPhone, like a sales video you both made together. You plug your iPhone into his Mac. Up pops a question asking if you “Trust” his computer. If you say ‘yes’ and you have your iTunes set to backup iPhone data automatically, ALL your iPhone data will be copied to your coworker’s computer – contacts, messages, email, photos, everything. So don’t “Trust,” or make sure you have automatic backup turned OFF.
***for Android users only***
Cyanogenmod – Manufacturers of Android devices install various software that they ship with the device. You really don’t know what that software is doing. It may track you, and it’s often “bloatware” that slows your device down. A solution is to install Cyanogenmod. If you have a device on this list, then you can use the Installer which makes things easy. If you don’t have a device supported by the Installer, I would skip it unless you want to roll up your sleeves and get fairly technical.
There are many advantages to Cyanogenmod. Your device will run faster and have some extra privacy features. Here’s a good roundup to judge if you think it’s right for you. If you want to give it a go, this is where you start.
Encrypt your device – While iPhones are encrypted by default, Android devices generally are not. (Some new Android models like the Nexus 9 are shipped with encryption on by default, and fortunately most other new Android devices will follow suit shortly.)
Be aware that if your Android device is more than a couple years old, encrypting it will make it perform more slowly. I think it’s worth it, but it bears mentioning since this is the case for older models. You can try it, and if it’s not workable for you, you can unencrypt the phone, but know that unencrypting it will factory reset it. Newer Android devices don’t suffer any noticeable performance hit.
When you enable encryption, you’ll need your phone to be mostly charged as well as plugged in. It takes about 30-60 minutes. Go to Settings->More->Security->Encrypt device. Here you’ll of course want to pick a strong passphrase that’s ideally easy to type. Remember without a decent passphrase there’s not much point to the encryption. Will it be annoying initially to spend an extra 2-3 seconds unlocking your phone? Yes, but you’ll get used to it. It’s worth it.
Be sensible – I agree with this article’s advice that you generally don’t need anti-virus software for Android devices if you’re sensible about sticking to legit-looking apps from the Google Store or other trusted sources that seem legit. Also avoid apps that demand unreasonable permissions to access to your phone. If you’re downloading a game and it wants permission to access all your contacts or dial phone numbers, for example, I’d skip it. The freeDCentral1 app lets you monitor what permissions your apps have.
STEP 7 – USE SECURE CLOUD STORAGE
Why: If you’re going to upload files to cloud storage like Dropbox, Google Drive, iCloud, or OneDrive, use a service that encrypts your files before they are uploaded. No matter what Dropbox claims about security (and they’ve been caught contradicting themselves), you don’t want to trust any company with your personal files. The Dropbox site says, “Dropbox employees are prohibited from viewing the content of files you store.” Saying people are not allowed to look at your files is not security you can count on, nor is it protection from the government surveilling your Dropbox.What to do: To quote Snowden, “Get rid of Dropbox.” Snowden’s suggestion is to use SpiderOak because it’s zero-knowledge, meaning they encrypt your files before they’re uploaded, making it impossible for the company to see the contents of what you store on their servers. The first 2GB on SpiderOakare free. An alternative to SpiderOak that takes a similar approach is Wuala, which gives the first 5GB free. Also worth considering is open source encrypted cloud storage such as Seafile (1GB free) or the mostly open sourceCyphertite (8GB free).
Any of these options are far better than Dropbox, Google Drive, et cetera. Since they all give free storage space, maybe try out two or three.
STEP 8 – SHUN SURVEILLANCE-BASED SOCIAL MEDIA
Why: Many people in this world are lonely. “Free” social networks like Facebook are designed to capitalize on this. In return for helping you feel connected to others, they study you like a lab rat and turn you into a product. I’m not exaggerating. As the founder of Facebook said, “They ‘trust me’ – dumb fucks.” Meanwhile he surrounds his home with empty lots and hundreds of acres of undeveloped land.Facebook’s “like” system is designed to reinforce whatever your existing beliefs are. Facebook is engineered to be a giant echo chamber which figures out what you like to hear so it can feed it to you. That’s how it hooks people.
It’s also the ultimate propaganda system. Recall Facebook’s notorious social engineering experiment which proved it could manipulate the mood of over half a million people by altering their feeds. The experiment received funding from the US Army Research office. The military funds research on the mass manipulation of a population’s mood? You don’t say.
As with Google, Facebook’s core business is mass surveillance. You’re the product, not the customer. Facebook collects and stores an insane amount of intel about every facet of your life. It not only tracks everywhere you go, it lets others track you too.
Facebook has developed software as accurate as the human brain to reveal your identity in any photo you or someone else uploads. And yes, even 4 years ago Facebook was tracking you and assembling hundreds of pages of intel on you even when you weren’t logged in. Now it’s thousands of pages, and the surveillance and analysis are much more sophisticated.
Every time people post photos of themselves and others to Facebook, Instagram (owned by Facebook), Twitter, Google, or other surveillance-based services, they are unwittingly building mass surveillance databases containing the details of people’s appearances, who they associate with, what they do, and when and where they’ve been.
A single innocuous photo can reveal a lot of information. Trillions of photosis a frightfully vast surveillance database to be exploited by regimes, corporations, and free agent bad guys. Mass surveillance depends on social media as a primary data source.
Every American technology mega-corp has backdoors. Snowden made it clear: Tech giants are surveillance proxies for the government. The government’s own top secret slide is worth repeating here as it just says it all.
The Mass Surveillance ComplexThe Mass Surveillance Complex
To put it plainly, Facebook and other “free” social media services are mass surveillance roach motels. Free is the bait to get you in the door, and surveillance intel is used to hook you on the service so you can become a forever profitable product. Yes they are slickly marketed, convenient, and ultra-popular. They are also a trap and indispensable to the mass surveillance scaffolding. Check out of the roach motel.What to do: It’s easy to share photos with friends and family without undermining our security by using encrypted cloud storage (step 7) or encrypted messaging and email (coming up). But to some the prospect ofopting out of Facebook or other social networks is unthinkable. But is Facebook actually improving the quality of your life? Are you now happy and fulfilled because of Facebook? If you’re willing to try, here are some suggestions for breaking the addiction.
If you’re unwilling to reject surveillance-based social media, at the very least adjust the “privacy” settings as tight as you can so that your life isn’t an open book to free agent bad guys. Facebook and Twitter are primary research tools for hackers and stalkers, and of course police and surveillance agencies. They use fake profiles to friend you and gather intelligence. Or impersonate you and use you as an unwitting honeypot. The NSA evenimpersonates Facebook.
You can replace surveillance-based social networks with non-surveillance alternatives. I’m a member of Liberty.me, a member-funded social and publishing network. Because its members are its customers, Liberty.me eschews a surveillance-based business model. Members can sign up with fiat money or bitcoin. Unlike Facebook which demands people use their real names, you can choose any name you’d like and reveal your identity only to those you personally trust.
I haven’t tried them, but Diaspora and Friendica are two other social networks which are not surveillance based, and there are others in development.
STEP 9 – ENCRYPT YOUR EMAIL, CHAT, AND TEXTS
Why: Your email, chat, and texts desperately need to be secure. They are a jackpot of personal information about your life that can be used to harm you in any number of ways. It doesn’t matter if you think your life is not particularly exciting. People who stalk, extort, kidnap, and blackmail don’t limit their targets to hard-partying celebrities. Your email gives a treasure trove of leads to bad guys about how and where else they can invade your life. Surveillance-based email options like Gmail are not encrypted, and your email is automatically scanned and analyzed for packaging you to advertisers.Companies that offer closed source software which claim to use robust end-to-end encryption are not worth considering unless there are no other options (and fortunately there are). A perfect example is WhatsApp, owned by Facebook. The company says it uses and likes open source, and yet WhatsApp’s code is not open source. Being closed source, people have no way to verify the quality of the encryption, whether there are bugs in the implementation, whether there are backdoors, and what is happening to your data behind the scenes. There have been several security breaches, but as with all closed source software, we don’t know how many security flaws are being quietly exploited right now.
The same issues make Skype untrustworthy despite its claims of secure encryption. Microsoft scans your Skype messages, and there have been back-doors in Skype and other Microsoft products for years.
The bottom line is no matter how exciting and promising the security claims, any closed source software, especially if offered by a U.S. based company with U.S. backers who fund military contractors, is fundamentally unable to provide reliable security assurances.
What to do: Replace your communications software with encrypted alternatives. Email, chat, texts, and phone calls. (Yes, even SIM card manufacturers have been hacked.)
Texting:
Open Whisper Systems – Signal for iOS. TextSecure for Android.Telegram – iOS, Android, Mac, Windows, Linux
Phone calls:
Signal for iPhone. Red Phone for Android.Chat:
CryptoCat – iOS, Mac OS X, Firefox add-onChatSecure – iOS and Android.
Telegram – iOS, Android, Mac, Windows, Linux
Adium – Mac OS X
Email:
If you like the convenience of using a webmail account, choose a provider who uses built-in encryption. I like Tutanota, Protonmail, Neomailbox, and Countermail. (I’d recommend Startmail too if they accepted bitcoin.) They all use an open source, gold standard encryption called PGP. Tutanota deserves particular recognition because it’s entirely open source. Some of them are subscription based, and some operate on donations. Unlike Gmail and its ilk, these all have robust privacy policies, are hosted outside the U.S. (making them harder to strong-arm), and make the encryption process seamless.By contrast, if you want to use a local email client like Thunderbird, the only way to do so securely is to configure and use PGP yourself. Doing that onWindows and on Mac is frankly a huge pain in the rear for non-technical people. Even Glenn Greenwald, the reporter who broke the Snowden story, couldn’t follow the tutorial Snowden made for him. Upstart Whiteout looks like it’s trying to make the process far easier.
If you’re dead set on using an insecure mail provider like Gmail, Yahoomail, or Outlook, your best bet is to use Mailvelope to incorporate PGP encryption. It’s still a hassle to use, though, compared to Tutanota and the others who do the encryption for you automatically.
I realize that switching email providers is a big deal (as far as these things go). But notifying people that you’re switching to an encrypted email provider is a desperately needed message people need to hear. Overcoming mass surveillance is more of a motivational challenge than anything else. Mass surveillance is packaged as just another news item to shake your head over. But personal action is the only thing that will inspire others to take it seriously. Mass surveillance is not a news items. It’s a silent war being waged against us.
When you choose an email address, consider not basing it on your name. There are constant security breaches at companies resulting in email addresses getting lifted along with other potentially embarrassing info. If your email address also reveals your name, it gives bad guys another piece of data to work with in taking you apart.
STEP 10: USE A QUALITY OFFSHORE VPN
Why: You have an ISP who provides you with internet access. The problem is that ISPs monitor and record your activity online. Net neutrality will onlyintensify the monitoring as ISPs are turned into government regulated utilities.The same monitoring happens when you’re at a coffee shop, airport, hotel, or other public wifi. But at those places it’s even worse because anyone with technical skill can monitor what you’re doing in addition to the ISP.
That’s where a VPN comes in. It stands for Virtual Private Network. The main benefit it offers is to encrypt your Internet traffic. Neither your ISP or the creepy guy at Starbucks will be able to track what you do online.
What to do: Choosing a good VPN is key. This is the one step in this guide where I urge people to avoid the free route. There are free VPNs, but they are slower and typically have lousy privacy policies because they target you with ads to compensate for the VPN being free. VPN services require substantial capital investment, so you really want to be a customer rather than the product for advertisers. It’ll cost around 15-20 cents per day. Hugely worth it for the security benefit.
What you want is a reputable VPN that uses strong encryption and a “no log” policy. You also want the VPN to be based outside the U.S. Otherwise the company can be legally gagged and crushed like Lavabit. I suggest choosing one of the VPNs from the list provided here.
ESSENTIAL SECURITY PRACTICES
Congratulations on taking action! The process of hardening your security gives great perspective on just how insecure our digital lives are. No wonder we’re constantly hearing about security disasters.The following practices are for the most part quick and simple to adopt. They can save you untold grief.
PDF and Word doc risks. Adobe pdf files can be rigged with malware. If you download or receive a pdf from an unknown or untrusted source, scan it with your virus scanner before opening it. Also disable Javascript in your pdf reader. If upon opening an untrusted document you are solicited to click on a hyperlink, it’s likely a trap. Same for Microsoft Word documents. Avoid opening them unless they’re from a trusted source.
By the way, if you’re tired of paying for Microsoft Office, switch to the free and open source Open Office. It reads and writes Microsoft Word, Excel, and Powerpoint files.
Recognize when “free” is a trap. Bad guys know that free things are enticing. There’s a lot of wonderful free and open source software (FOSS). But there’s even more free software out there that despite promising great benefits is malicious. Exercise caution and do some web searching first to see if a program is malware before you try it out. A little due diligence can quickly confirm what’s legit.
The same warning applies to free reports or books sent as pdf files or Word docs. Typically they promise to deliver health, sex, or money-making secrets. Documents can have malware embedded in them, as can the sites that promise to give you access to them.
Keep Adobe Flash up to date, or better, dump it. If you decide to use Flash (many sites and online games use it), make sure you keep it up to date because it’s been plagued with security flaws. Adobe Flash will also try to slip in McAfee Security Scan during the installation. The installer annoyingly opts you in by default because Adobe gets an affiliate kickback. I suggest notallowing McAfee to be installed (uncheck the box). It’s a crippled version of McAfee’s paid product that will say your computer is at risk until you purchase it, and it’s a pain to uninstall. If it slipped by you already and you want to uninstall it, here’s how. Or even better, uninstall Flash and see if you can get by without it.
Cover your webcam when you’re not using it. Even five years ago public school employees were remotely turning on web cams and secretly recording students at home. Plenty of malware and commercial stalkerwareout there does the same thing. Most desktop computers don’t have a camera or microphone, so you can disable them both just by unplugging your webcam when you’re not using it. And that little dot above your laptop screen where the camera lens is? Cover it up with a bit of post-it note or black electrical tape. It takes 3 seconds to cover and uncover the lens, so just groove the habit. Unfortunately there’s no easy fix I know of to physically enable and disable your computer’s mic.
If you have an Android device, here’s an inexpensive app that can disable your camera and microphone, which can be remotely activated and used as a surveillance device.
Use two-factor authentication (2FA). 2FA uses two security tests to permit access to information or physical resources. One example is an ATM card and a PIN code. Another is a password and a fingerprint. The more factors you add, the harder it is for bad guys to crack. Just going from one to two factors provides a huge increase in security. Many mobile devices can take advantage of 2FA. The downside is it’s usually more inconvenient to use. Bad guys are counting on you to be dissuaded by that, so use 2FA whenever you can. Here’s a directory of sites that support 2FA.
Have kids? Parental controls. Kids are a security nightmare. Gold stars to you if you teach them how to behave intelligently online. Just recognize that it’s highly unlikely they will always follow your instruction. Kids are particularly resourceful about things that are forbidden. If they ask you to buy a movie or video game for them and you say no – if they ask at all – they may decide to find it online. Whether or not you approve of that, “free” software is a honeypot for malware.
Bad guys are smart. They’ll offer a “cracked” copy of a video game, for example, but the act of installing it will also surreptitiously install malicious software that can do anything from stalking you to recording everything you type (including passwords) to sending files from your hard drive to bad guys. A lot of malware also turns your computer into a zombie that infects other computers on the web. If you care about not harming others online, use measures to avoid becoming a tool for bad guys to go after others.
Both Microsoft and Apple provide parental control settings for choosing what can be downloaded and visited on the web. There is also free third party software that gives you more options, as well as parental control apps for mobile devices. Consider these options carefully unless you have full confidence in your kids and their friends.
Encrypt individual files and folders. There are lots of reasons for encrypting individual files or folders. Maybe you need to email files to people who use insecure (unencrypted) email like Gmail or a corporate email address. Maybe you want to put files on a USB stick and take them someplace. Maybe you need to upload files to somebody’s Dropbox or Google Drive account who is unwilling to switch to SpiderOak. Maybe you want a person or organization to have files in their possession but not be able to access them until a certain event happens like an accident. Maybe you want to back up a big directory full of files and keep it at a location that’s handy but not secure like the desk of an apartment filled with roommates. Or maybe you just want an extra layer of protection for very important files in case somebody accesses your computer when you’re logged in and your hard drive is decrypted.
Whatever the reason may be, there are several free programs for encrypting individual files or folders. To encrypt a file or folder full of files, I suggest the free and open source 7-zip on Windows or Keka on Mac. Both programs compress your files but also give you the option of encrypting them. There are different compression formats those programs can use like 7-zip, zip, and rar. I suggest using 7-zip format because it’s Mac and Windows compatible and the compression is good. Here’s a quick how-to for both programs. Just remember compressing files won’t encrypt them by default; you also need to enter a (strong) passphrase. After you encrypt it the name of the file like “MyAccounts.7z” or “SurpriseVacation.7z” will still be visible.
Deleted files aren’t deleted until you shred them. Any file you delete isn’t actually deleted when you trash it. All trashing it means is that you’ve given permission for the file to be overwritten. To make sure that the empty space on any storage device is actually empty rather than filled with your deleted files, you need to use a program that writes dummy data over your real data a few times. A program we’ve already used, Ccleaner, does this (use at least 3 overwrites). On Windows another option is Eraser, which is open source. An even more comprehensive one is BleachBit. Mac users can shred deleted files by selecting Secure Empty Trash. More details on Mac file shreddinghere.
Securely deleting files on SSDs (used in mobile devices, lots of laptops, USB thumb drives, and many desktop computers) is a no-go for technical reasons. That’s why it’s all the more important to make sure the drives are encrypted. If you ever want to sell or give away your Android or iOS device, do a factory reset. The encrypted data will still be there but the encryption key will be erased, making the data unrecoverable.
Privatize your purchases. Your credit card transactions are recorded and distributed to multiple government agencies. As with tech companies, the government is a direct customer of the credit agencies who give them your financial information. Like surveillance-based social media, you are the product, not the customer.
A running record of every transaction you make along with when and where you make it is a mass surveillance wet dream. Like uploading your photos to Facebook, every credit card transaction helps weave the mass surveillance net. I don’t deny the convenience of credit cards or the benefit of “points.” But as with social media, the price is hidden but high.
Use cash when you can. It’s still relatively private, which is why the government hates it. But know that having a few thousand dollars in your possession makes you a criminal suspect. If found, your cash will likely beconfiscated. Its use is gradually being outlawed and several countries arerapidly going cashless.
Also know that if you try to withdraw a few thousand dollars out of your bank account you will likely be questioned and have a Suspicious Activity Report filed with the government. The same thing goes if you try to deposit a sizable amount in your account.
Precious metals are also difficult for the government to track. While they can be a great way to hold onto your savings in a zero-interest QE-driven world, the problem is it’s difficult to purchase things without resorting to barter.
So how to deal with the fact that withdrawing or holding cash in meaningful amounts has become a serious liability? More people every day are turning to non-government digital currencies. These non-government currencies are called cryptocurrencies because they are secured against counterfeiting through their use of cryptography. The most popular cryptocurrency is bitcoin.
There are many good reasons to use cryptocurrencies. The first is that you have monetary independence and privacy. You don’t have to fill out bank forms or get permission to access your money. You can send money anywhere in the world instantly without forms or questioning, and it costs only a few cents in fees. People who work abroad and send money home typically pay 10% in remittance fees. The compound savings by not getting clipped 10% every time is huge.
Hundreds of thousands of items can be purchased with bitcoin, including the recommended VPNs in Step 10.
The second is security. Accounts can be locked down and siphoned for bail-ins. Cash can be lost, stolen, and seized. You cannot walk around with a substantial amount of cash without making yourself a target. That is doubly true if you travel, where carrying $10,000 on a plane effectively makes you a criminal suspect.
You can carry any amount of cryptocurrency in a secure “wallet” on your phone, computer, USB thumbdrive, or even your camera’s flash card without anybody seeing what you have. Your wallet can be backed up the same way you would back up any computer file. If your phone or computer get stolen, the money can’t be spent without the key to your wallet. You can copy your wallet as many places as you want and even print it out as a paper wallet. You also can split your money into as many wallets as you want and store them different places if desired.
For the ultimate in portability and security, you can use a brain wallet. A brain wallet means that access to your money is literally only in your brain via your passphrase. There is no other way to access your wallet (so don’t forget the passphrase!) You can cross any border with just the clothes on your back while “carrying” any amount of money with you.
While bitcoin transactions are not systematically identity tracked and reported to corporations and government agencies, bitcoin purchases are not truly anonymous. While your name isn’t attached to purchases, the purchases themselves can be traced. There are techniques for anonymizing bitcoin, such as mixing. Another option if you want to make anonymous purchases is the DASH cryptocurrency, which is specifically designed for anonymity.
The third reason is cryptocurrencies allow you to hold your savings in a currency that is not being systematically counterfeited (the government term is inflated). Cryptocurrencies are new, so the primary risk in using them is volatility. Volatility can work for or against you. People love upsidevolatility; downside volatility is what makes people nervous.
The way to deal with volatility if it worries you is to dollar cost average (DCA) your cryptocurrency purchases. If you wanted to own, say, $5,000 worth of a cryptocurrency like bitcoin, you could DCA the purchases by buying $1000 in bitcoin per week for 5 weeks, for example. Or $500 per day for 10 days. The more you spread it out, the more volatility is reduced.
Lastly, use bitcoin out of principle. The government derives its power to do all the objectionable things it does from the monetary system. Fiat currencycan be created in any quantity by the government at any time and at zero cost.
Given the government’s ability to create money instantly at zero cost, tax collection today is mostly about social engineering. Paying taxes maintains the illusion that fiat money is scarce and therefore valuable. Yet with every additional trillion dollars that it snaps into existence, the government enriches itself while eroding the purchasing power of savers who treat the dollar as an article of faith. The fiat story never has a happy ending. Nobody is going to end (or audit) the Fed, but cryptocurrencies enable us to largely ignore it. That is truly liberating.
Torrent carefully. If you’ve never used Bittorrent, you’re missing out on a ton of quality content that is absolutely free. Bittorrent is a way for people to efficiently share files of their choosing with anyone else in the world. Many people think bittorrent is only for downloading copyrighted material like movies, TV shows, and music, but there are loads of copyright-free contenton bittorrent.
Whatever you download, be careful. It’s easy to download files that have been shared with the purpose of injecting your system with malware. If you’re going to use bittorrent, here are a few suggestions:
Use qBittorrent for your client. It’s open source, unlike the popular but closed source utorrent. For increased security use IP filtering andanonymous mode. For even more security use it with a VPN service that permits bittorrent use. (All the VPNs recommended in step 10 allow bittorrent use.)
Media files like mp3, mp4, avi, mov, and flac are safe to download. They don’t carry malware infections. I recommend playing media with VLC Player. It’s fast, free, open source and doesn’t spy on you.
Don’t download any software from bittorrent unless you trust the source or really know what you’re doing. Anything that requires installation (like an .exe file) is a big security risk. If you have kids, they may (will) download games from bittorrent which are likely malware carriers. (Just because a game runs properly doesn’t mean your computer hasn’t been loaded with malware.) To make matters worse, the directions for much of the software you see on bittorrent sites tell you to disable your anti-virus during installation. It’s true that anti-virus software can impede installation of some software, but disabling it for an untrusted source is a great way to get slammed with malware.
If you decide to download software from untrusted sources, at least sandboxthe program. Sandboxing is a powerful security measure, but it’s not a silver bullet.
Grow your knowledge – Once you feel comfortable using the security measures in this guide, I encourage you to investigate other ways to increase your protection. Liberty.me’s free privacy guide has some good advice that goes beyond online protection of your identity.
For more online security measures, this guide is a solid next step. Note that it’s still a beginner’s guide, which gives you an idea of how much can be done. It’s wise to remind ourselves as security beginners that we’ve only taken basic steps. This guide also offers some more in-depth advice when you’re ready. Both cover using your VPN in combination with TOR. There is a performance hit to your browsing speed, but you get substantially more privacy. Just don’t take the anonymity claim on the TOR web site as literal. There’s no such thing as bulletproof anonymity online, though when you use TOR properly, you can achieve an extremely high level of security that requires very sophisticated adversaries to defeat.
Donate – Many extraordinarily talented, principled, generous people who understand the horrific implications of mass surveillance work ceaselessly to provide free, open source solutions to protect us. I encourage you to send a market signal that their heroic work is sincerely in demand and appreciated. In other words, please donate here or to whatever open source projects you use. Also consider supporting critical resources that journalists, activists and whistleblowers depend on like SecureDrop, TOR, and Tails. They require continual development to keep pace with mass surveillance expansion. Without these resources we’d be in the dark about what’s being done to us.
Snowden is one of many who have risked their lives to expose mass surveillance and the other awful things regimes do in secret. As mass surveillance technology advances, if the tools to fight it don’t advance then resistance will become impossible. We depend on the ongoing diligence of skilled coders in a very real and urgent way.
AFTERWORD
Ok, I gotta ask. Did you skip some steps because you made a value judgment about your life? Maybe you decided to stick with Dropbox since you only put family reunion photos or cooking recipes there? Perhaps you didn’t switch to encrypted calls and texts since you think whatever you have to say will be met with indifference by those who record you.Every bad guy and every regime banks on you thinking this way so that you don’t take action. Mass surveillance depends on mass indifference. It’s not about whether files are sensitive or whether you’d share them with someone who politely asked to see them. It’s about your power to give permission. It’s about control. Universal control. Snowden wasn’t mincing words when he risked his life to expose the greatest weapon of oppression in the history of man.
When it comes to mass surveillance, principle is inseparable from risk. If you choose not to act, everything can and will be taken without permission. Whenever down the line you decide things have gotten insufferably out of control, it will be too late to do anything. Ignoring ugly truths is how we end up looking back and wondering how things got so bad. Don’t fall for it. If you haven’t already, please act now.
Gratitude for Alan Turing
Encryption is what empowers us, the governed, the peaceful outlaws. Without it we would have no shelter from the shadow of criminality politicians have cast over us.What breathtaking irony that the means to protect ourselves is owed to a heroic criminal named Alan Turing. The father of computer science and mastermind of cryptography, Turing broke the Nazi regime’s “unbreakable” encryption code, Enigma.
After providing the British government with its single most powerful weapon – the means to know everything the Nazis were going to do in advance – Turing was prosecuted by the regime in 1952 for being homosexual. The man who saved millions of lives by shortening war – that greatest of government abominations – was a criminal.
Alan Turing, heroic criminalAlan Turing, heroic criminal
Turing pled guilty to the crime. As punishment the government ordered him to be chemically castrated in a series of brutal medical treatments which led to his suicide two years later.
This man was a liberating force for humanity. We owe him our deepest gratitude.
Parting Thank You
The Internet is the most powerful tool we have to inform, protect, and help ourselves and others. By taking action, you are materially advancing the cause of human liberty. Our own psychology is the biggest risk in determining our fate. Will we succumb to learned helplessness? Or will we quietly and with determination cut the noose from our necks?Together we can thwart those who seek to dominate and control. Let’s take care of ourselves, help others wherever we can, and turn away from fear, the eternal enemy of freedom.
Saturday, September 19, 2015
Big Brother Surveillance Threat, Part 2: Codified Oppression
Big Brother Surveillance Threat, Part 2: Codified Oppression
This is Part Two, of a series that Urban Survival Skills is calling "Big Brother Surveillance Threat" and is publishing, that are excerpts from a huge article titled "You Are a Criminal In a Mass Surveillance World – Here’s How Not To Get Caught", but David Montgomery and posted on Prepared Gun Owners.com[http://preparedgunowners.com/2015/06/11/you-are-a-criminal-in-a-mass-surveillance-world-heres-how-not-to-get-caught/]
I’ve focused on the U.S. government because that’s what I know, and it tends to do these things on a broader scale than other regimes. But every regime follows the same pattern of outlawing the very same behavior it exhibits. Some just do it more aggressively than others. Generally the larger the regime, the greater the victimization of the governed.
Even when a law applies both to the government and the governed, it’s not enforced equally. Martha Stewart went to prison for lying about a stock trade, and Marion Jones went to prison for lying about using steroids. But General James Clapper, czar of the government’s mass surveillance complex, wasn’t even prosecuted for the felony of lying under oath to Congress about mass surveillance. General David Petraeus walked free despite lying to FBI investigators and leaking top-secret information. Members of the government’s Federal Reserve bankster cartel were exempted from punishment for committing multiple felonies.
What enables this codified, self-perpetuating hypocrisy? The institution of government is defined by its monopoly on both the creation andenforcement of law. This means the government can do whatever it wants, from double parking to mass slaughter with essentially no repercussions other than “regime change” through elections. Who in their right mind believes this is a good way for society to operate? If there were ever a monopoly to break up, it’s the one government protects with all its might.
As pieces of the picture came together for me, I felt depressed and wanted to throw my arms up and say, “Forget it. There’s nothing I can do to change any of this.” Then I realized. “There’s nothing I can do” are the magic words every power-hungry person longs to hear. Learned helplessness – the conviction that you are powerless to change whatever’s being done to you.
Those who watch Game of Thrones know the show has much to teach about those who seek power. The pitiful character Reek is the personification of learned helplessness. Even with a razor at his barbaric captor’s throat, he is incapable of doing anything but obeying. When his sister risks her life to rescue him, he clings to his cage and refuses to go. That’s the essence of learned helplessness.
The Greatest Weapon of Oppression in the History of Man
Every regime uses physical violence to force compliance with its rules, but physically breaking people who resist takes considerable effort, resources, and manpower. Mass surveillance gives those who seek control a vastly more powerful, far-reaching weapon.This article was inspired by Ed Snowden’s own words to Laura Poitras inCitizenfour. He warns her that the government’s Collect-It-All mass surveillance apparatus is “the greatest weapon of oppression in the history of man.” It’s a War of Terror that’s being waged on us.
In a mass surveillance world where the law is unknowable, we live our lives wondering what crimes we’re committing and when we’ll be detected and prosecuted. This has a chilling effect on how we live. We censor ourselves to suppress the underlying anxiety of knowing we’re criminals who are being watched and recorded.
The end-game of mass surveillance is self-imposed subjugation. Threats and cages are no longer required because people believe resistance is hopeless. When we know we’re being monitored by those who have the power to beat, cage, and kill us, we imprison ourselves in our own fear.
I refuse to live that way. I hope you do too.
When people self-censor out of fear, they erect their own walls, saving government the effort. The governed avoid inquiry into controversial issues.They censor what they read at the library. They censor the web sites they visit. They censor their browser search terms. They censor what they write in emails and texts.Free thought and inquiry into the most important matters get suffocated as we live under perpetual anxiety about whether what we do is acceptable to those who govern us. Fear leaks into our consciousness like black ink. I recently joked with a friend that he’s addicted to Coke, and he nervously wrote back clarifying “to anyone else reading” that it was Coca-Cola.
People censor what they say on the phone, on Skype, on Google Hangouts. Surveillance software automatically transcribes your words into text. Your conversations become instantly searchable and trigger key word alerts. (If you’re thinking of organizing or attending a police brutality protest, know that a trigger word list leaked years ago includes the terms cops, police,authorities, and law enforcement among hundreds of others.)
People censor what they share with friends on social networks. They increasingly limit posts to selfies, photos of food, and opinions about approved topics like sports and movies, rather than information or opinions that can land them on a terror suspect list.
They shy away from protesting and see the often brutal treatment of those who do. They hear about domestic black sites. Signing a petition opposing a government program is like handing the government a suspect list.
People come to know that political affiliations can make you an IRS target or trigger a home invasion. They read that withdrawing cash from a bank account is cause for criminal investigation. Yet if they don’t put cash in the bank, they risk outright confiscation as has happened over and over.
They see the persecution of whistleblowers and the crushing of business owners who won’t compromise their customers’ security. Innocent peopleend up on terrorist watch lists. They see the mainstream media’s bipolar twitching between terror-mongering and titillating celebrity scandals.
This all brings on a chilling sea change in our daily lives. The message becomes unmistakable. The government is off-limits to meaningful criticism or resistance to whatever it dictates.
Authority as a Conditioned Response
Obeying authority is what we’re taught to do from childhood. You don’t want trouble, do you? Then don’t complain. Follow the rules. Abide by the law.We’re raised to follow orders and pledge allegiance to authority. We are conditioned to comply. Chain of command is a principle which pervades our society, not just the military. The apex of command is of course the head of the government, the Commander-in-Chief. What comic irony to call this individual “leader of the free world.”
What’s the upshot of our perpetual compliance conditioning? “Just following orders” and “Just doing my job” routinely precede the most atrocious acts perpetrated against other human beings.
What about those with enough self-awareness and independence of thought to see the pattern at work? The realization that mass surveillance makes you a perpetual suspect and non-compliance with any government rule makes you a criminal silences meaningful opposition. It doesn’t take many horror stories to roll a fog of fear over an entire population. Especially when people know they’re being continually watched and recorded.
Learned helplessness will get you if you don’t brace yourself and think clearly. You can’t change the system, but that doesn’t mean you’re helpless. You don’t have to be a victim. We as individuals can take simple steps to impede the government’s dragnet recording of our lives. We can encrypt our calls, our texts, our emails, our phones, our computers. We can show our friends and family how to do the same. It’s really just a matter of quiet resolve.
Most people like to read articles that confirm what they already believe. But beyond venting to friends, people are generally too lazy to take action unless they feel immediate danger. Here’s where we must differentiate mass surveillance from every other threat. Mass surveillance is a silent, invisible war being waged on us. The only time you’ll actually feel immediate danger is when it’s too late.
The Action Mindset
Are you in an action mindset yet? If not, here’s my last loving nudge. I’m begging you – seriously, I truly am begging you – to overcome inertia and take action. If nothing else has convinced you, then do it to keep government employees from oogling your genitals. Or if you think government isn’t and never will be a threat to your well-being, then do it to protect against identity theft, fraud, blackmail and doxing by free agent bad guys. People don’t understand just how much risk they’re taking by not securing their computer and smart phone. Your life can be ruined. If you’ve already secured yourself, please encourage others and help friends and family.If you’re a parent with kids using computers, you need to know how to protect them. Kids are curious, and the more dangerous, forbidden or risky the topic, the more inquisitive they tend to be. What if your son comes home from chemistry class and wonders, just for the sake of curiosity, how to make a bomb? What if he’s watching Breaking Bad and starts browsing around wondering how Walter White made meth? What if a friend comes over and as a prank searches for how to join ISIS?
Are these the sorts of things kids might do? Of course. And it can turn your entire family into a target, including getting your home raided by men with automatic weapons who will shoot your dogs and take your computers, phones, and papers. Implement the enclosed anti-surveillance guide to protect your kids from getting your family in a world of trouble.
It’s All You
No matter what it is that motivates you to take action, the important thing is that you follow through. The best thing about the government’s bald-face lying about mass surveillance is it dispelled any notion that it will be “reformed” (whatever that means).A few months before the Snowden revelations broke, James Clapper, czar of all U.S. intelligence agencies, replied under oath to this question (which he received a day in advance of his testimony).
Richard Nixon, after secretly bombing Cambodia (which brought the genocidal Khmer Rouge to power), persisted in lying to the public about it. As he told his aides, “Publicly, we say one thing. Actually, we do another.” True to form, shortly after Snowden came forward Obama was in full-on denial mode. The lie below was from his appearance on The Tonight Show with Jay Leno.
Literally nothing the government says about mass surveillance is credible. Every public relations gambit to make it look like “something is being done” is aimed at deterring us from taking responsibility and acting for ourselves. Don’t be fooled by political theater.
Mass surveillance programs are built in secret and they operate in secret. Remember that what little we know is due to an act of treason (as defined by the government of course). And it’s only the NSA we know something about since that’s what Snowden had access to. The CIA, FBI, DEA, DHS, INR, DIA,NGA, NRO and other agencies have their own surveillance programs.
Any NSA policy change will be publicly heralded by politicians as a great victory while other programs silently spring up or continue operating under different code names or different agencies. As with mass surveillance obliterating the 4th Amendment, all Constitutional violations are not only predictable, they’re inevitable. Trusting the government is like trusting pit bulls to guard a pile of pork chops.
Thankfully Ed Snowden gave us the guidance we need.
Snowden’s Inspiration
Snowden’s most important insight is not that we’re being recorded in a Collect-It-All panopticon. It’s that we – as individuals – have the power to free ourselves from the surveillance noose: “We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes.”We have the power, but only if we exercise it. What does that amount to in practical terms? Being willing to use some free software. After a couple hours you’ll have taken action that can literally keep you out the worst kind of trouble including criminal prosecution, blackmail, and kidnapping. You may even save your life. Same goes for any friend or family member you can persuade to take action. And you’ll sleep better knowing you’re no longer enabling mass surveillance.
Some might object and say that taking defensive action is an unnecessary act of paranoia or ‘Murica hating. Those people may just be doing their job. Others may be fact-resistant humans. Fear of real risks is not paranoia. It’s motivation. Only the most fact-resistant among us would deny that there are individuals and extraordinarily powerful institutions who are actually out to get you one way or another.
Most people prefer to feel rather than think. I know I’d feel much better pretending all this is much ado about nothing. Even if you’re not the fact-resistant type, the temptation to abdicate responsibility and hope politicians will “fix the system” is as tempting as it is delusional. The system we live under was built by people who want it to work this way. To those in control, it’s not broken. It may not work for you, but it works for them. And you work for them. The only hope we have for change is to do it ourselves.
The U.S. regime is the alpha dog of mass surveillance, mass incarceration, and mass media propaganda. But all governments aspire toward ever greater control over their populations. China, Russia, England, all of them. The bigger the government, the more they squeeze. It’s just a matter of money, manpower, time, and technology. Smaller countries are often laughably ham-fisted in their approach, like making it a crime to insult politicians.
Big-Ass Disclaimer
Perfect security does not exist in digital or physical life. A house has a continuum of steps you can take to secure it, but it will never be secure from a determined adversary. A lock on your door is better than nothing, but most locks can be defeated in seconds by people who are trained. Even if you have great locks, what about the door itself? Can it be kicked in? What about your windows? Anybody can break a window. Alarms are useful, but they have several vulnerabilities. Plus they don’t actually keep people out of your home. (By the way, your home is now see-through to the government.)Just as perfect home security is impossible, there’s no such thing as perfect digital security. No matter how many precautions you take, there are too many “known unknowns” you can’t protect against. Software like your operating system, drivers, and web browser have faults which get exploited. Some of those faults are honest human error, and some are purposely engineered to weaken your security. Those who pretend to protect you are leading the charge to purposely undermine the security of products we rely on.
Now that the Internet is regulated – meaning, controlled – by the government like a utility, things will only get worse.
The very hardware you use – computer chips, routers, hard drives – also have exploits which you can do nothing about. The CEO of Intel refused to answer, with good reason, a question about whether Intel places “backdoors” in its chips. The biggest tech companies in the world are American, and they must comply with orders in the name of national security while being gagged from disclosing said orders.Bottom line: America’s tech giants are surveillance proxies for the government. The government is also typically their biggest customer. This is the essence of the military-industrial complex.
We almost never hear about it because to say something is a death wish, but corporations also employ NOCs (non-official covers) who carry out government directives.
Modern computers have become so complex it’s practically impossible to know everything that’s happening “under the hood.” Even TVs can record you, translate your speech to text, and beam it to third parties. Computer chips the size of a dime and cheaper than a Big Mac can do all that and more. Really just about any electronics device in range of a wifi signal can be reconfigured into a surveillance device. That includes seemingly innocuous things, like a keyboard or USB thumb drive.
I’m not trying to dishearten you. It’s better to see things as they really are than to be ignorant of real risks. The truth is we’re being attacked from all sides.
The only real shining light in all this is the free and open source software (FOSS) movement. Open source means publishing a program’s source code online so that anybody can inspect it, audit it, compile it, and test it. The complete transparency of FOSS stands as our best safeguard against purposeful sabotage of our security.
Our Goal
The way most people use computers and smart phones is equivalent to leaving your doors and windows wide open with a neon COME ON IN! sign blinking in the front yard. We’re going to close the doors and windows, install curtains and quality locks, and toss the sign in the dumpster.But know that if you’re ever individually targeted by the government as a person of interest (for example a journalist or whistle blower), pretty much everything you do on a computer or phone likely will be in the regime’s hands unless you have extremely specialized skills like Ed Snowden. As he said, “If there is a warrant against you, if the NSA is after you, they are still going to get you.” If you think you may have been individually targeted, run Detekt as a first step to check for malicious software commonly used against journalists and activists.
The goal of this guide is not anonymity. Anonymity is not possible because it requires control of many factors that are simply beyond our control. Our goal – Snowden’s plea to us all – is to stop the dragnet collect-it-all recording of our lives. As peaceful outlaws living in a mass surveillance world, the most effective act of self-preservation we can take is to render the greatest weapon of oppression inoperable.
If you don’t act, there will have been no real point in reading this. You’ll probably sleep less soundly, and mass surveillance will continue metastasizing. The reality is that to not take action is to enable mass surveillance. And remain highly vulnerable to hackers, stalkers, and fraudsters – threats which seem hypothetical until you get humiliated,blackmailed, stalked, or ruined.
Subscribe to:
Posts (Atom)