
Ways to protect yourself from the NSA and other eavesdroppers - tanglesome
http://www.zdnet.com/six-ways-to-protect-yourself-from-the-nsa-and-other-eavesdroppers-7000016860/
======
marcinw
Quitting social networks and using Tor and PGP isn't going to protect you from
a nation-state intelligence agency. To suggest so is laughable and naive.
We're not even at amateur hour yet.

You're better off reading Grugq's post[1] on developing good OPSEC, and even
then you're far and away from it.

[1] [http://grugq.github.io/blog/2013/06/14/you-cant-get-there-
fr...](http://grugq.github.io/blog/2013/06/14/you-cant-get-there-from-here/)

~~~
javajosh
Did you read the article?! It's a straw-man pointing out that the only way to
ensure privacy is with the protection of law:

>If we really want to protect our privacy on the net what we need is more than
better technology, we need fundamental changes in our laws and how we enforce
the privacy laws we do have. Then, and only then, will we have a fighting
chance of keeping our privacy on the Internet.

~~~
bpatrianakos
You're right but I don't think this very likely. I think changing your online
behavior is the only real way to escape surveillance. That basically means
either not using the web or only using it when you don't care about who's
watching.

Changing the laws and/or enforcing them would be ideal but then it seems we'd
end up right where we are again. Part of the reason for the secrecy of these
programs isn't only national security but a way to circumvent the laws. From
what we know about the current NSA controversy, these programs are mostly
legal and being enforced just fine. Courts are ruling in favor of these
things. That's not to say a debate over the 4th amendment isn't unreasonable.

Sometimes I feel there's a part of me that believes we could change the laws.
The problem may not be our representatives exactly but rather the power that's
been given to the military industrial complex. It's like a totally separate
government unto itself, creating problems to solve to justify its own
existence.

------
thex86
I seem to be discussing this topic with my friends almost on a regular basis
now.

However, and as we all agree, it's much difficult putting them into use. We
need these services. If I get lost, I need Google Maps to find the way. I need
GPS. These are things that have no other alternative.

Likewise, if I want to talk with a friend over video and I tell him I don't
want to use Skype, he laughs at me. Will he download and install Jitsi just
for me? No, that is not how it works.

If we are using these tools for ourselves, say personal browsing using Tor,
that is fine. But the moment you start interacting with someone else and
expect them to send you PGP encrypted emails, not to use Google Talk/Skype,
people just don't care and will not switch to other alternatives. Also, you
will get laughed at for being a paranoid nut. Unless these secure alternatives
become the norm, good luck expecting others to change. That means your family
and friends who just want to use a service and don't care about the privacy
problems behind it.

TL;DR: our reliance on these technologies makes it difficult to completely let
go of them. And for most of them, there are no privacy-preserving
alternatives.

~~~
rmc
As an alternative to google maps, try openstreetmap. It's got good coverage,
and there are numerous routing engines based off it.

~~~
switch007
Also, try a map ;-) (semi serious)

------
lignuist
The only way to protect yourself, is to force politics, to stop the sniffing
now and to delete all the previously gathered data. There is no technical
solution, only a political one.

~~~
mpyne
And then in 5 years, when the program rises from the dead only with a
different name and a more closely-screened cadre of analysts, what then?

I hate to say it but what you're saying is like telling a 17-year-old that the
only way to protect themself from STD/pregnancy is to never have sex. I mean,
_you 're right_, but you're also failing to cope with the reality of the
situation. ;)

~~~
lignuist
Well, before enough people are telling their governments to stop surveillance,
it needs to be a strong matter of public interest. The same applies for a
broad application of any technical solution.

At the end we probably need both, the public constantly controlling politics
and technical solutions to make surveillance generally harder, but it all
requires the public interest reaching at least the critical mass.

If 99% of people didn't want surveillance, then governments would have
virtually no chance to install it, but at the moment many people think
surveillance is good for them.

------
elorant
_Instead run your own IM service with your own Extensible Messaging and
Presence Protocol (XMPP) server_

Only technical savvy people can do something like that, and from those few
will ever bother. Besides if I’m to set-up my own XMPP server why not hangout
at IRC.

 _Quit social networks, all of them_

Try telling that to a 20 something. Social networks are the Internet for them,
they don’t just quit.

Advices like these are absolutely useless. HTTPS Everywhere is probably the
only usable advice in the whole article. Everything else can’t be proposed to
the average user.

IMHO privacy is one thing and protecting yourself from NSA a whole different.
While you can protect your privacy following some simple rules, making
yourself invisible from NSA is practically impossible-unless you're willing to
forgo many of the conventions of modern life.

~~~
zxcdw
> Advices like these are absolutely useless. HTTPS Everywhere is probably the
> only usable advice in the whole article. Everything else can’t be proposed
> to the average user.

Considering that the so-called Average User doesn't care aboit his/her privacy
in the first place, is this much of an issue really?

~~~
Pherdnut
Facebook is pretty much 100% https already. Think about it.

~~~
cinquemb
And then there is open graph…

[https://graph.facebook.com/search?q=my%20cell%20number&type=...](https://graph.facebook.com/search?q=my%20cell%20number&type=post&limit=50)

Become your own NSA!

------
cottonseed
It seems like it should be possible to make a much lighter weight encrypted
email protocol than, say, GnuPG. Address books should have a public key field.
Emails should have a X-Public-Key: and X-Signature: fields. You can add key
exchange on the existing protocol. If you've got a public key in your address
book, outgoing emails should be encrypted. It seems like it would be trivial
for GMail or Thunderbird to support something like this. I realize this
doesn't solve all the problems GnuPG does, but email exchange would be
encrypted, it would be easy to adopt, and would let the end user choose manage
keys and store emails encrypted (Thunderbird, say) or not (GMail).

~~~
lignuist
> Address books should have a public key field.

Smart.

~~~
mpyne
They do, in the DoD.

------
naveen99
It will be funny if the NSA saves the newspapers as the only method left of
communicating securely. You just take out encrypted ads in the nytimes when
you want to communicate with someone. No way for them to know who it was meant
for. What are they going to do, ban encryption in newspapers ? Are they going
to torture everyone taking out encrypted ads ?

~~~
naveen99
Clarification, I meant save print delivery.

~~~
naveen99
Don't need print delivery if nytimes releases an app that pumps all
classifieds to you even if you ask for just the front page.

~~~
swang
Did you forgot to change your username when you replied to yourself?

------
Pherdnut
A much shorter version of this article: "Quit Google. Quit Facebook. Quit
Apple. Quit Microsoft. Quit Yahoo. Quit Skype."

~~~
kanungoparth
That seems to be the truth. but almost impossible.

~~~
eliasmacpherson
Debian + Duck duck go.

------
bifrost
This article is a bit of a copout, but you can certainly lower your footprint.

Using Tor or a VPN are definately good things to obfuscate traffic, but you
basically have to use them ALL the time otherwise your activity can be
corrolated.

Using your own IM isn't a requirement either, you can use OTR for semiprivate
conversation.

------
kanungoparth
What about the data that is already out there ?? Is there any way to get that
removed from their servers ?

~~~
bifrost
Probably never.

------
ams6110
_we already know the government can, and will, grab cloud servers._

They will grab your private servers too, if they have probable cause to do so.
I don't see this particular argument being very persuasive.

~~~
gboudrias
Yeah but your private servers have full disk encryption. And whichever other
security measures to decide to not skimp on for convenience.

