Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: In light of the PRISM revelations how have you changed?
10 points by achalkley on July 5, 2013 | hide | past | favorite | 9 comments
I would like to ask have you altered since the revelations on PRISM and the NSA?

Have you moved your eMail off Google? Have you deleted your Facebook? Have your political views changed? Have you decided to contribute to a decentralised cryptography project?

Have you just thought of doing something or have you done something different?




For the last five or so years, I've used an encrypted primary partition, and the occasional TrueCrypt vault when necessary. I also have recently moved most of my personal storage to Dropbox and Google Drive, with no encryption for the usability benefit.

And I've changed almost nothing since the "PRISM revelations". In fact, I've begun to post more under my actual name, without any anxiety over "NSA" activity.

It may have become a cliché, but I always identified with the logic of continuing to fly after 9/11 to not let the "terrorists win". Us vs. them-speak aside, the sentiment holds true that the best means to oppose a new "threat" is to hold course.

If "government overreach" is really as bad as some claim, someone will be jailed for posting some innocuous musings, and will serve as proof and catalyst for meaningful change. But the far worse outcome would be to suppress free expression based on a nebulous fear of government surveillance (the NSA was formed from a WW2 era signals agency that at one point inspected almost all telegraph transmission to and from the US). And yet we still have a tendency to idealize the past as an embodiment of more pure "American values".


Nothing really. Ever since I saw something such as http://news.bbc.co.uk/2/hi/sci/tech/437967.stm

I realised that most likely these types of agencies can get access to your data if they really want. If everyone moved from FB , Goog or whatever they will simply start to spy on the new services people have moved to.

If a service is in Europe it really doesn't matter. They will still snoop or ask another agency to snoop for them. The UK have been snooping on Ireland for a long time http://cryptome.org/jya/gchq-etf.htm

I guess one way to avoid these problems is that people become far more understanding of other peoples dirty secrets, that way it cant be used as leverage. That could hopefully devalue the process of snooping.


To be honest, I didn't change a single thing about my digital life. Even it didn't make the news before, I have been using the internet for the past 15 years or so and since then, have always been aware that what you do on it is not completely private.

So, I didn't kill my Facebook account as I don't store personal info on it. I didn't kill my Google services as I use encryption to transfer sensitive data (trade secrets and such). Etc.


I've started using encrypted partitions on DropBox/GDrive/BTSync (using encfs and BoxCryptor).

I've added JottaCloud - a Norwegian cloud storage provider, to get some storage outside US/NSA jurisdiction (and I'm using encjs encrypted storage on there too).

I've made sure all my published GPG keys are still working and have strong passphrases. I've started using GPG again occasionally just for the LULZ - so it'll not stand out quite so obviously if/when I need to use it in anger.

I'm considering my email options. I've got encrypting all non-encrypted email on the way into a mail server working as an experiment, but the questions of where to do that remain - my DigitalOcean VPS is no less likely to be under NSA compulsion than gmail, I don't trust my local (Australian) government to not be leaning just as hard on server hosting suppliers in Australia. I'm currently leaning towards hosting my personal mailserver at home strongly encouraging (or perhaps even enforcing) STARTTLS encrypted mail transport, running via a VPN tunnel to an internet connection at an inexpensive VPS with a non-US based provider. Since much of my mail is local (corresponding with other people inside Australia), I'm trying to decide whether an Australia based VPS perhaps under control of the local intelligence services but not requiring the bulk of my inbound (probably unencrypted) mail to hit any trans-ocean/crossing-national-boundaries backbones, would be a lower risk than a Norwgian or Icelandic based VPS which is more jurisdictionally difficult for ASIO and the NSA but which requires my inbound mail to cross those high-value-target-for-firehose-sniffing cross border backbones.

I've been raising cloud data storage legal jurisdiction based on the cloud's physical location and the cloud company's nationality whenever appropriate at meetings (which gets interesting responses with health/financial/childcare clients, and bored dismissiveness from just about everybody else… "Oh, you're storing PII patient data? Does storing that on Amazon S3, even if encrypted, meet your regulatory requirements?" I'm looking forward to the "Ahhh, so you're providing information to pharmaceutical managed mental health patients. Have you considered the privacy leak that Google Analytics represents? WHat disclosures and/or provacy assurances have you made to your users?" discussion next week…)


You can't do absolutely nothing, once you upload something(encrypted or not) by default is public, dropbox/gdrive etc.., even if you send an email it is public.

Is really naive thinking that "some storage outside US/NSA jurisdiction (and I'm using encjs encrypted storage" will stop government to reach you, because they really don't care about jurisdiction.


I suspect you've made less favourable assumptions about the resilience of OpenSSL and GPG than I have - but while I have _doubts_, I'm aware that I've got nowhere near the expertise required to participate in discussions about whether the NSA has working attacks against them - but that people who I trust _do_ have the expertise mostly seem to be saying that they're both _probably_ safe, and are both _almost certainly safe_ against dragnet "intercept and archive everything" surveillance.

"Is really naive thinking that …"

I think it makes somewhat more sense for me - since I reside outside the US. I'm reasonably sure that SSL transported encfs encrypted files moving between Australia and Norway - even when routed over US based or US company owned backbones - is reasonably safe from dragnet surveillance.

At the same time, I have no doubt that if "government" becomes interested in me specifically - all my privacy precautions will not stand up to nation-state level scrutiny. The right combination of "leaning on" Apple, Dropbox, and Agilebits (the company behind 1Password) would - given expertise the NSA no doubt has, and sufficient time - eventually reveal almost all my keys, passphrases, and passwords. But then so will the $5 wrench, the rubber hose, or the threat of jail time.


- Deleted my Facebook account.

- Looking for European alternatives for server locations: https://news.ycombinator.com/item?id=5993947

- Looking for a good alternative to GMail.

- Looking for a good alternative to sharing photos with family (currently Google Picasa and Google+)


Truth be told, I haven't changed a thing. Even before PRISM, it was always a good idea to assume that any data uploaded to the net will be public. And as a non-American citizen, being spied on by Americans is nothing new.


-deleted google account. -abandoned gmail,started using riseup. -trying out duckduckgo.

+already switched to Linux and started encrypting my hard drives long ago.

The only problem I still have is Facebook.I can't leave because of the groups.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: