I would advocate for thinking about security / privacy as a human problem, not a technical one. You can do all that stuff and cultivate good security / privacy habits.. but you can also cultivate good privacy / security habits and still have a facebook account and a cellphone.

You are more likely to be targeted by the FBI because of your associations, publications, or finances than through a snoop app on your cellphone recording all your conversations by default. That can also happen, but the former is more likely than the later.

CRZHQ EBKPX


On Wed, Jun 12, 2013 at 6:23 PM, GtwoG PublicOhOne <g2g-public01@att.net> wrote:


PRISM is only the tiny tip of a huge iceberg, and below the water level is the huge corporate data-mining complex that has the goal of knowing more about you than you do.  Fortunately most of it is easy to beat. 

Install every tracking-blocker and cookie-blocker utility you can find, on your browser, turn up the security settings as high as they go, and quit your browser often (some of those anti-snooping utilities require quitting the browser to flush out the bugs).  Don't use gmail, google voice, google docs, or facebook.  Don't keep your data in a corporate "cloud."  Turn off your mobile device whenever you want to have a private conversation face-to-face.  Encrypt your email, obviously; and for this to become ubiquitous is going to require crypto tools that are far more user-friendly.   Sprinkling keywords in your email doesn't help and may only attract unwelcome attention.

Many of these steps are incredibly easy to take. 

The goal here isn't to have 100% perfect results, it's to keep the dossiers on you below the level of critical mass needed to assign you to categories and predict your behavior.  It may or may not be possible to stop them knowing "anything" at all about you, but you can certainly prevent them knowing "everything" about you.

Another goal here is to make the data-mining _uneconomical_.  The more people who opt out of being tracked, snooped, and sniffed, the less profitable it is.  If the cost of collecting data on everyone is more than the marginal profit from doing so, it will stop.  By analogy, if it costs even a tiny fraction of a penny to send an email, that destroys the business model of spam, so spammers go out of business. 

-G.


=====


On 13-06-12-Wed 5:48 PM, Matthew Harbowy wrote:
Yes!

Don't ignore the tools, use them. Understand them. Expose weaknesses, just as I did. Don't think the solution to tools is a better tool. Better is meaningless. Better is very often worse.

Your solution, which you look like you're trying to shame me with, is TERRIBLE. Imaging everyone spamming the networks constantly with random messages. Oh wait- they already do that, it's called spam. Lets fill the bandwidth limited fat pipes with random, so that signal is obscured. Good luck trying to do anything useful.

Furthermore, a little Shannon style filtering and you can easily defeat that. You know, if only a few people all use one technique, they stand out like a sore thumb. Hide in crowds: Facebook has its uses.

More advice: Don't provide recipes for anything. People are easier to track when they follow directions, do the same thing over and over. Best advice I got out of 9/11 era Bernie Kerik was to be random: don't always take the same route. Don't develop habits. Thieves and other bad guys rely on you following patterns so that they can find the right moment to strike. And meta: don't always be random. Don't accept pre packaged anything all the time, that's garbage. Bake your own.

As soon as someone says "solved", tell them to GTFO. Three hackers have already cracked it. But there are things you can do.

The while benefit of the realm of shared experience is that it plays to the strength of one time pads for encryption. Learn about the history of crypto and one time pads, and arm yourself. They can take your freedom, but they can't take your intelligence, ingenuity, or creativity; and an intelligent or creative person is forever free.

Matt



On Wednesday, June 12, 2013, Paul Ivanov wrote:
Hi Matt,

Matthew Harbowy, on 2013-06-12 16:17,  wrote:
> I'm mystified how any of this helps.

There is no silver bullet, so those recommendations won't be some
magical privacy pixie dust you can just sprinkle and feel warm
and fuzzy about, but at least encryption helps you secure the
content of your communication (not the fact that communication
occurred).

One can imagine even the latter being obscured. I could automate
the sending of randomly generated encrypted messages at a
particular time of day (say at 16:17), but have that process be
pre-empted by a real message, should I choose to send one (so not
my randomly generated message gets sent out, but the one I want
to actually send). One drawback, of course, is that if I queued
up a message at half past four, it would be almost 24 hours
before it got sent. (Though the upshot of a protocol like this
would be that the intended recipient would know they'd only have
to check their email once a day, if they're interested in
receiving messages from me)

Should more frequent communication be desired, you could switch
to sending gobbledygook messages  at a certain minute of every
hour. Of course, the recipient has to "wade" through potentially
more random messages with that, but that's the price you pay.

> So, for my vote, following recommendations like this is a
> terrible idea.

Are you proposing an alternative, or should be just throw our
hands up in resignation?

best,
--
                   _
                  / \
                A*   \^   -
             ,./   _.`\\ / \
            / ,--.S    \/   \
           /  `"~,_     \    \
     __o           ?
   _ \<,_         /:\
--(_)/-(_)----.../ | \
--------------.......J
Paul Ivanov
http://pirsquared.org
_______________________________________________
sudo-discuss mailing list
sudo-discuss@lists.sudoroom.org
http://lists.sudoroom.org/listinfo/sudo-discuss


_______________________________________________
sudo-discuss mailing list
sudo-discuss@lists.sudoroom.org
http://lists.sudoroom.org/listinfo/sudo-discuss


_______________________________________________
sudo-discuss mailing list
sudo-discuss@lists.sudoroom.org
http://lists.sudoroom.org/listinfo/sudo-discuss




--
-------
Andrew Lowe
Cell: 831-332-2507
http://roshambomedia.com