Hacker News new | comments | show | ask | jobs | submit login

2013, it's the post-snowden era. We don't have a cold war any more, but the level of spying is unbelievable. I am currently moving out my emails from GMail and installed PGP. At the moment I am using OSX since I do for years. But in the end the only "safe" way to protect your business and privacy is to use Linux/Unix. The FSF said it for years; the german CCC told us for years. I admit, I didn't believe it's so bad. I always thought: good there are a few of us paranoid, they take care there is a balance.

Now we see, there is no balance. Good we have had these paranoid people because they are now providing us a chance to opt-out.

Good there were these programmers who worked for years and often in their prime time in free and open solutions like GNU/Linux. Snort, the intrusion detection system. GPG. And so on.

For me it is a hard job to opt-out of being spied. But I will move on, step for step. Email privacy is the first; no GMail, no Apple Mail. Old friend Thunderbird/Enigmail it is. I also installed TrueCrypt.

The biggest move will be to change the OS (again). Guess it takes me months or longer as I have a lot of great OSX software. But on the other hand, I can simply set up a new machine for private tasks - or dual boot my macbook with Linux.

I hope my government will take this warning serious and support more "Linux @ City" projects (Munich runs on Linux and Open- or LibreOffice).

Wow, long comment. I just needed to say. I am worried.

It is even worse. The attempt to escape into OSS/Linux is a step in the right direction. But as long as we are dependent on mass consumer hardware then there is always a risk of being spied through hardware backdoors. In this case it doesn't matter which software we use. Even encryption is useless. It is NOT enough to avoid Windows 8 because the real problem is modern hardware that uses Trusted Computing chips.

Trusted Computing (TC) is way more dangerous than classical hardware backdoors. I consider TC an evil technology because it not only takes control away from the user but it even allows to inject faked evidence into computers which could make innocent people -- independent journalists, political activists etc. -- suspect to crime.

TC could also be used to delete evidence from computers of journalists who would have no power to keep it. TC allows to control people without letting them even know about it. TC is a huge danger for freedom of speech. It should be banned politcally and boycotted in business. My recommendation: Don't buy consumer hardware but use embedded Linux systems with bare bone technology.

If we want to be truly secure from being spied then we must do a complete restart with new hardware and software from scratch. There is no way around.

I am actually "glad" about the NSA scandal (thank you Snowden) because it woke people up and made them aware of the reality of global surveilliance, and about the huge threats of Trusted Computing. NSA should be controlled by the people of the United States but obviously it has become out of control. This single NSA case has silenced the mouth of the conspiracy mockers once and for all.

> silenced the mouth of the conspiracy mockers once and for all

Before the Snowden leaks, you'd be hard pressed to find a technically-minded person arguing that the NSA doesn't have, at the least, the potential to have their fingers in every pie.

Before the recent leaks, the response was "OK, that's possible in theory buy surely they wouldn't." Now we know if they can, they do.

> TC could also be used to delete evidence from computers of journalists who would have no power to keep it.

Since Amazon deleted all those copies of 1984 from everyone's Kindles, I don't keep mine connected to the internet. If you have data, you can keep it. Keep it on your own devices.

I think journalists or other hobbyists/professionals with work they need to protect should start thinking about keeping an air-gapped computer around. I've seen this phrase used recently to describe a computer which has never been connected to the internet, a network or another device. I'm sure it's non-trivial to source a computer that arrives in a trustworthy state, however.

> Since Amazon deleted all those copies of 1984 from everyone's Kindles

What? When? Seriously?

They mistakenly sold books the publishers hadn't licensed, then refunded the customers and removed the books from their Kindles.

Thanks for your insight. I completely agree. Can you recommend any tutorials and secure hardware components?

It is the job of the hackers to think about the whole mess, and to develop solutions that actually work and which guarantee freedom of speech to us. Hacking insecure systems is one thing but now they have the opportunity to prove how smart they really are.

Meanwhile you could google around for "Linux embedded systems".

Do you have any more information about the use of Trusted Computing/the Trusted Platform Module to remotely run arbitrary code on a victim's computer? This is news to me.

A mainboard with such a feature just needs a hidden remotely accessible subsystem that is completely protected by TPM and which has access to your system through DMA, to read bytes and to write bytes in whatever system (RAM, Harddisks, SDcards, USB, WLAN, etc).

Consider it a "dual system" mainboard with the usual hardware where you have full control, plus a controlling subsystem where you have no access at all. Everything could be done remotely but you couldn't see any evidence.

I agree that this could be done in principle, and even that it isn't unlikely that people are thinking about doing it. But is there any evidence that such a subsystem has ever been created? Are there any additional technical details surrounding this?

What portion of people you communicate with email were you able to convince to use PGP with you?

My understanding is, that there isn't an email privacy, since at least they will have your metadata. In my limited understanding, secure communication is to be done using some secure chat service.

The important first step is to give the option of encrypted communications to people that want it. Also, not all email is sensitive, and you can convince the people that matter, e.g. coworkers, friends, family.

I'm also fairly sure that Google will start integrating PGP into their desktop clients (Android, iOS) because this is affecting their bottom line (just wait until governments will start banning Gmail usage in the public sector).

For most contacts you just move away from people who don't use secure communication and may compromise you in the future, no need to convince someone. Works for me.

"For most contacts you just move away from people who don't use secure communication"

people aren't JS libraries, you can't/don't "just move away from them"

"Hi Mom, I just want you to know: I am deprecating our relationship to "acquaintance" because you use Gmail and an iPad"

Those of you who downvoted this comment, please explain your reasons.

E.g. here are mine: not enough people communicate securely right now. I can't just abandon everyone; that's way too isolationist for my personal taste. Still, if you want to that _is_ an option.

I have no intention of moving away from Windows 8. I do, however, have a laptop that never connects to a network. Ever. It's where I keep things I consider private. Data transfer, minimal as it is, is done using swivel-chair integration.

Everything else (i.e. all my remaining devices and apps on those devices) are treated like any PC in an Internet café - untrusted and compromised.

How do you back up the private data on that laptop?

Two external hard drives. One stays at home, the other is at my dad's house.

> We don't have a cold war any more

We absolutely have a cold war, except, rather than a continuously increasing stockpile of nuclear weapons, we have a continuously increasing stockpile of zero-day exploits.

Another hallmark of the cold war is escalation and regional hegemony, and consider that draconian spying legislation is disseminating from the USA to her vassal states -- Canada, UK, Australia, NZ. Similar technology and legislation is being deployed in other major world players under the guise of fighting "terrorism," but it stands to reason that it's in response to Chinese espionage/reconnaissance.

The USA has a very serious rivalry with China, and vice versa. We can expect to see the USA trying to further compete with China by trying to level the playing field across a variety of fields. The TPP and the F35 Joint Task Force are shining examples of attempts to curry favour with fellow nation states.

> The USA has a very serious rivalry with China, and vice versa.

Can you say more about this? Are we afraid of them doing something to us? What? Are they afraid of us doing something to them? What?

My wife is Chinese and I do a lot of work related to US and China relations. Basically from what I know, China wants to be the best, jealously is very, very strong within the Chinese, if you are not number 1 then you are last. The CCP will do all it can to be number 1. For 50 years they have systematically provided the US with opportunities, enhanced our economy (on the surface), and done so much more. However, as the US is now seeing, it was all done for China and not for the US. Now the US has placed its self in China hands. We have become so dependent on China that the US has backed its self into a corner and has no clue how to get out. So China now is cracking its iron knuckles seeing how far it take advantage of the situation.

If the US speaks out, China pulls the plug on our Economy. If the US spies on them via technology, China uses its mass 25,000 military hackers to wreak havoc in cyber-security. With the debt we owe China, they keep waving it in our face, the US is helpless.

On the plus side, the Chinese people also are loosing faith in the party and have moved their money over seas, soon China's economy bubble will burst and the most of the US will be saved. New jobs will open, our debt to China will end, and all will be well. For those who make all their business importing from China, they will be the ones you will see on the streets if they don't stop and see the signs.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact