Hacker News new | past | comments | ask | show | jobs | submit login

While I understand and sympathise with the compulsion to resist surveillance in this practical, technological way, I think it might be the wrong reaction to the information. It's typical of techie people to seek technical solutions to social problems, and this is one such case.

It may well be possible to mitigate their ability to watch you by wearing enough tin-foil hats. Even if you succeed, all you've achieved is to protect one solitary person at the cost of considerable personal inconvenience. Worse, once you consider yourself "safe enough" from prying eyes, your incentive to actually act on what they're doing will be diminished.

I think that we should try not to be meek about this issue, passively hiding ourselves and then getting on with our lives saying "Fuck you, got mine". Why should the tech community flee the very Internet that it has played such a crucial role in building? Is the idea that our democracies could eventually fix this situation really beyond all hope?

If you live in the UK, write to your MP (http://www.writetothem.com/). Support PPUK (http://www.pirateparty.org.uk/) if you feel strongly enough, as they're seemingly the only political group treating this matter with the seriousness it deserves.

I'm starting to think people should begin to create "crypto-selves". I've seen a lot of talk saying essentially "get off facebook! get off gmail!" But that's a lot of persistent effort even for fairly technical people. Plus even in secure, anonymous environment interacting with your real life friends, purchasing your favorite books on amazon etc will reveal who you are anyway.

In non-web life we have private and public spaces and there's plenty of study on how these two play together and how important they are. Most people have erroneously thought that because your computer is in your private physical space that it's also 'private', but that's clearly not the case.

What people need is the education to create the technological equivalent of locking yourself in your bedroom for the afternoon to clear your head.

Gmail is like sending a postcard, facebook like chatting with friends at the mall or park. Tor/truecrypte/pgp etc for parts of your life you want private. Separate usernames, interests, tones of voice, etc in this private space.

Trying to hide your real (ie public) self is silly as should you become a target of the nsa & co. they'll find a way to dig up something even if you've been completely hidden from july 2013 on. What people need is a reasonably benign public self and a hidden crypto-self.

Also I'm all for fighting the surveillance state, but I'm extremely cynical of it's success. I see no feasible way to reduce the power and authority of the militarized aspects of our government(s). I can't think of a single example of where public knowledge and outcry has changed anything other than getting a few puppets punished anywhere except the non-militarized parts of government.

>I see no feasible way to reduce the power and authority of the militarized aspects of our government(s).

I partly think it's because people are asking for the wrong things. People say things like "stop NSA surveillance" which is vague and impractical. What needs to happen is to hit them where it hurts: Reduce total defense spending to 50% of what it is now. That should be the demand from everyone. Money is power. If you want them to have less power, stop giving them so damn much money. And besides, who can't get behind massively lower taxes?

If you want them to have less power, you need other powerful entities to tell them to stop abusing their powers. Boycott the tech giants and you'll see it happen. it's way more effective than any protest or online petition.

Isn't that another way of saying, "rule of the strong" instead of "rule of law"?

The problem is that the selves bleed into each-other. For instance, making up a completely different city to claim you live in while still talking to other people from your own city is hard.

If the NSA spots half a dozen people on Crypto-Reddit's /r/boston who claim to be from San Francisco, New York, Seattle, Chicago, rural Tennessee, and Miami respectively, then it knows it has probably found six actual Bostonians.

Individuals are in many ways an expression of our context. To remove all information leakage that would tell what our context is or, more simply, who we are, you basically have to remove the person entirely. Even 4chan-grade anonymity won't cut it, since writing style and narrative threading can be used to extract some sense of pseudonymity from even a /b/ thread.

I thought about this problem, but it was more to do with soliciting anonymous feedback from a group of close nit friends. It's a hard problem to fix, but I think maybe running the text through something that reduces it to all lower case and all txtspk, with some sort of grammer-fucker-upper might remove some of the personality attached to the original text input.

Do you think that's NLP-complete, or something we can actually do?

The root problem isn't the surveillance state. As long as we keep fighting and have conflict over resources and past wrongs, we're locked into this feedback loop of an arms race. Information and intelligence are a key advantages in conflicts.

We want our conveniences, we want our privacy, yet we don't want terrorists. We want our iPhones, our cars, and our comforts, and we don't want to see the price exacted from the rest of the world.

Surveillance seems like a very big problem, but only because it is so personal. It's distracting us from the real problems of the world, and that is pretty much every one of us are selfish, adding fuel to conflicts. We're crazy.

> Separate usernames, interests, tones of voice, etc in this private space.

I'm a big fan of this approach, as it allows people to explore different facets of their personality. Unfortunately, for the past year the big players, led by google, have been waging a war on it.


There are a number of flaws in your argument. The first is that we can do two things at once. Using privacy-protecting technologies is not mutually exclusive with promoting privacy-protecting legislation. We can, and should, do both.

But the more significant point is that using this stuff, as an individual, isn't really going to cut it without more, but who says that's the idea? We need to be creating things like this. What we have here is a list of open source projects you should all be contributing to and promoting to anyone you have influence over, and a list whose holes and shortcomings provide opportunities for creating new things.

I mean what good is Diaspora if everyone you know is still on Facebook anyway? But if you create an account and use it regularly, and convince as many people as you can to do likewise, that's how change ultimately happens.

And what you can do is: Read Facebook, write Diaspora. Don't shut off your Facebook account if all your friends still use it. Not enough people are sufficiently purist for that to scale. Just stop posting anything to Facebook that doesn't consist of "I just posted something you might be interested in to Diaspora" and then let all your friends wonder what they could be missing.

I don't think the idea is to 'flee', but to lead by example and use secure technologies so they become better and more convenient and spread faster.

If everyone used tools like this, it would be much more difficult for governments to trample on privacy rights. It seems like a worthy goal.

That's a very fair point. There's certainly nothing bad about making privacy conscious technology choices.

I also think that the very URL of this project - http://prism-break.org/ - invokes a certain over-focus on NSA's PRISM. As a UK citizen, however, my Internet traffic itself is being stored and monitored by GCHQ. So to me it seems especially futile switching from Chrome to Firefox, or from Google to DDG, or from Facebook to Diaspora.

Unfortunately, https://prism-break.org/ was registered before Snowden's revelations about Tempora. I'm working on adjusting the site's wording to apply equally to all governmental surveillance.

But let's also be realistic -- if this technology reached mass adoption, the predictable outcomes are either 1) The government outlaws it or 2) They figure out ways to work around the security

Mass adoption is a bulwark against legislation, not a promoter of it. Eg. alcohol is legal because it's popular, not because it's safer than drugs which are illegal.

But even so, a large percentage of developed countries did prohibit alcohol for a few years, both despite and because of its popularity, and it took years of people being turned into criminals before those laws were rolled back.

Popularity provides some protection, but it also creates a more desirable target for legislation amongst those who oppose it.

It seems to me that, for example, PGP is much more vulnerable to legislation than SSL, simply because of the latter's popularity. Not that I think either are currently particularly likely to be legislated.

People still puts locks and alarms in their house, even though they could avoid being burglarized through community watches and educating the public about the morals, ethics, and long term costs of stealing people's stuff.

I don't think the analogy works. This is using consumer-grade retail padlocks to keep out the world's richest and most well-equipped criminal organisation. The fact that the shops don't sell strong enough padlocks to stop them isn't the real problem: the deep-seated corruption in law enforcement allowing them to steal with impunity is.

Is it a crime for a hungry man to steal bread? None of your proposed solutions would address his needs.

America's government is so corrupt it is no longer democratic.

Watch this video: https://www.youtube.com/watch?v=mw2z9lV3W1g

> America's government is so corrupt it is no longer democratic.

Unfortunately yes, absolutely.

And you begin to see a direct cause-and-effect relationship between the level of corruption and the "quality" of the policy decisions that are made, example: The Iraq war. Another one: the "inertia" regarding climate change action (it's just corporate power effing it all up for us).

It really has a grave effect on all human beings on this planet. It's clear that this has become a fundamentally global problem.

You forget that we are as a whole a up-and-coming group and in 10 years, many of us will be in very powerful positions. The digital revolution did not enter mainstream before the 2000s: What we can and should do now, is talk to others, explain what is going on, share our ideas. Be the change and the world will follow.

...yes, it is.

It isn't under Sharia law.

Okay? I thought we were talking about the USA.

No doubt. The element in question is the state authorization for burglary. Letting "authorized burglars" walk into your house and take a look around when you are having dinner with your family.

Locks and Alarms are the lowest common denominator of security - it stops people from walking in but more than anything just gives an illusion of security.

More importantly, they make the distinction between a welcome entry and forced entry much clearer, which is very important from the legal point of view. It's not an illusion of security, but a precondition for a safety and recovery framework to kick in (police action, insurance, etc.)

This is a very strange way to think. In an ideal world it could be enough to just continue to use insecure services. But we are clearly not living in an ideal world, and even if all governments could be stopped from doing this type of thing there would for sure be others that would take advantage of the information. Just acting politically is not enough.

I strongly disagree with your statement that using encryption will make you passive. Instead it is the other way around: if you continue to use compromised services despite knowing the dangers you will become passive and lose your ability to think clearly about the issues at stake.

Cryptopunk's response to this is: write code, not law.

Law writers and enforces are corruptible, while code is not.

> "code is not"

... what exactly have we uncovered with PRISM and the NSA bulk wiretapping, if not code having been corrupted from its original purposes in ways and extents unforeseen at the outset?

One has to write anonymizing p2p proxies because the old stack was corrupted. It's hardly different than the reason one would want new laws to address the way the old ones have been corrupted.

And our new p2p proxies? They're also (going to be) subject to corruption, by unforeseen things like Sybil attacks. Just as any new law is subject to possible future corruption.

> If you live in the UK, write to your MP (http://www.writetothem.com/)

Does anyone have a suggested template letter for this?

Don't use template letters -- put your thoughts in your own words. MPs/their staff tend to weight template letters lower as they indicate less effort and thought, and writetothem blocks them if it detects them.

> Is the idea that our democracies could eventually fix this situation really beyond all hope?

Of course not. We should vote these creeps out of office and elect someone that really stands for privacy and civil liberties - like this promising young man: http://www.youtube.com/watch?v=B6fnfVJzZT4

"The FISA court works. The separation of powers works."

'works' for who, buddy?

> I think that we should try not to be meek about this issue, passively hiding ourselves and then getting on with our lives saying "Fuck you, got mine". Why should the tech community flee the very Internet that it has played such a crucial role in building?

Who is "the tech community"? I'm in the tech community, and I'm pretty sure I didn't create The Internet, or Facebook, or the NSA. I think the goal here is to provide people with resources so they can the internet more safely, and to normalize safety measures in order to guard against their demonization or prohibition.

Edit: However I absolutely agree that it's important to fight on social and political fronts as well as technological ones.

For Europeans, writing letters to foreign politicians is obviously pointless. And given the ongoing TSA facepalmery, I don't think my tourism boycott has made a difference in the US either. What else can we do?

Talk to your own government and local representatives and let them know you're not happy with their collaboration with the NSA. It's very unlikely they don't collect and share your information already, and very likely they're breaking local laws to do so. Agitate for laws to be passed banning this sort of surveillance and for the repeal of those authorising it.

There's lots we can do, it's just that some of it is hard, time-consuming and probably frustrating. I do know that this will be the first question on my lips when a politician next asks me for a vote.

> your incentive to actually act on what they're doing will be diminished.

Because you already have acted on it, they attempted to violate your privacy and you solved the problem, there's no point wasting time with useless political solutions that are largely ignored. That is the route which could more fairly be described as "not actually acting on what they're doing"

> If you live in the UK, write to your MP

I tried that, but, perhaps unsurprisingly, got no reply. I suspect that is because the main parties share one policy here.

> Support PPUK

Potentially, also, the green party:


I think these things are not mutually exclusive. You raise good points that aren't addressed at Prism Break though.

You're right in the sense that tech will never be the "final" solution.

But we need to use all the privacy-enhancing tools we can get our hands on, on the way to "real" solutions: You can't organize activities and exchange your thoughts freely while being watched by the government. The fear of being put on "the list" will stifle free speech and therefor sabotage the creation of any meaningful movement. It's called "self-censorship" and I've been told it's the worst form of censorship.

So yes, migrate all of your communication towards encryption and use an open-source operating system.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact