Page 1 of 4

Opt out of PRISM

Posted: Sat Jul 13, 2013 10:42 am
by editor
This site has a large list of links to various software and services which are freedom and privacy oriented.

Re: Opt out of PRISM

Posted: Sat Jul 13, 2013 1:43 pm
by iamfreeru2

Check out Tails. It also use the Tor network, and I think it is better that just Tor browser alone.

Re: Opt out of PRISM

Posted: Wed Jul 17, 2013 8:04 pm
by Thomas Jeffrey
Communication, data, and internet security appear to be big issues these days. Prophecy and Oracle had a couple interesting posts in the Politics and Government page about the NSA and other agencies around the globe who are trying to monitor internet, telephone, and other data traffic.

Not out of real concern, but based on Principle, I think “opting out of PRISM” as much as possible would be a good idea. I went to the prism-break site to check it out and was hoping some of you may be able to answer a couple of questions.
  • 1. Does some of software listed, such as the video-conferencing, VOIP, Instant Messaging, and maybe e-mail encryption, require both parties to have the same software installed to be able to communicate?

    2. Would the use of a Proxy server be of any help, (and I don’t pretend to know exactly what that is)?

    3. Are there good tools available for Android phones that anyone knows about that could help with this privacy invasion?

    4. And… Michael, what do Tails and/or TOR do? Are they heavy and slow installs, and do they work on Linux?
Thanks in advance for any help.

Re: Opt out of PRISM

Posted: Wed Jul 17, 2013 10:56 pm
by iamfreeru2
Thomas Jeffrey wrote:4. And… Michael, what do Tails and/or TOR do? Are they heavy and slow installs, and do they work on Linux?[/list]

Thanks in advance for any help.
You can get Tor browser that is connected to the Tor network and is easy to download and install. It allows you to connect to the internet and has anonymous email included.

Tails also connects to the internet via live cd. It is burned to DVD disc which is used to connect to the internet anonymously. It must be authenticated with a key before burning to a disc. It is constantly being tweaked and is advisable to burn the newest version to minimize vulnerability.

I would suggest you read up on both at the links provided. There are limitations as will be explained.

I use both depending on what I need to do. Nothing is going to be absolutely NSA proof, but these certainly give you good anonymity as long as you are aware of the limitaions and what can be done to improve your chances of being anonymous.

They are designed for linux. They are slower connecting to the internet, but for the anonymity it is worth it.

Hope this helps. Blessings

Re: Opt out of PRISM

Posted: Thu Jul 18, 2013 7:57 am
by editor
The way I understand Tor is this: Tor uses encryption, along with a volunteer private network of "gateway" servers, to allow guest machines to connect to various Tor-specific sites. Guest machines must use a Tor browser to access the sites. The effect is that the guest machine's IP address is spoofed as another address, and the host sites which the guest connects to are unable to determine the guest's true IP address. In addition, all data sent over the connection is encrypted. Nothing offers perfect protection, but Tor is thought to be reasonably secure. This network is slower than regular internet, but the tradeoff is security. The Tor network is a form of proxy. Using Tor with Microsoft Windows would be a little like wearing transparent underwear underneath see-thru clothing.

Tails, as I understand it, is a live Linux DVD, which has been assembled specifically for internet communication and browsing. It uses Tor. The advantage with Tails is that you are booting your (or anyone else's) computer from the live DVD, and during the course of your browsing, nothing gets written to the computer, or the DVD. It's additional security comes from the fact that no record of what you have done is left behind on the machine, or your operating system media.

Generally, software offering any kind of encryption or other security features, does require that both people are using it. Otherwise, if anyone can read the messages without special software and the requisite keys, then where is the security?

The site does list some software for Android phones, including a software repository which replaces the Google Store, called F-Droid. I've just downloaded Redphone, and TextSecure. I don't have an opinion on them yet, since I haven't really used them much, but they look like an improvement on the genric apps. The advantage is that both are open source, and many eyes can spot any potential security breaches.

The Android OS itself is not to be trusted, and I second prism-break's recommendation to replace Android with either CyanogenMod or Replicant. I personally use CyanogenMod, and it works great. I have nothing against Replicant; I never heard of it until finding the prism-break site.

Keep in mind that no matter how secure Redphone might be, for instance, if Android is intercepting your calls and forwarding a compressed datastream to Google, then you're screwed. I'm not saying they're doing that, but I also don't know that they aren't.

I highly second prism-break's recommendation to run Firefox, and install AdBlocker and NoScript ad-ons. NoScript can be a bit of a pain, but again, that's the price you pay for security. It gives you a line-item menu as to which sites you will allow to run scripts in your browser. When you start using it, you will be amazed at the number of third-party sites which track you with scripts and cookies. NoScript stops them all in their tracks.

Re: Opt out of PRISM

Posted: Thu Jul 18, 2013 11:44 am
by iamfreeru2
Generally, software offering any kind of encryption or other security features, does require that both people are using it. Otherwise, if anyone can read the messages without special software and the requisite keys, then where is the security?
Tor is about hiding your location, not about encrypting your communication.
If you want better security, however, both ends need to be encrypted as Gregory has stated. I have provided a link to give you a better understanding of this.

Re: Opt out of PRISM

Posted: Thu Jul 18, 2013 3:08 pm
by Thomas Jeffrey
This is great info, Guys. Thank you!

It looks like I have some homework to do with the info you provided. It may take a few days, but I may have some more questions, if you guys don't mind...

Many blessings,

Re: Opt out of PRISM

Posted: Mon Jul 22, 2013 3:13 pm
by Thomas Jeffrey
Well, it took a couple days, but I downloaded tails and the Tor Browser Bundle and installed them on two separate flash drives. The TBB has some features that I need to get more familiar with, such as pop-ups. I tried to send a PM on these boards using TBB and the recipient would not get added through the "select" button at their name. (I believe it was because of the "no-pop-up" feature).

Tails is quite impressive from the get-go as it found my wireless card without having to install any other drivers (Broadcom 13XX card). I had absolutely no issues with it and it was fast. My flash drive is big enough, so I'll try to configure the persistence pretty soon and maybe use it as my secure "travel" drive with my browser bookmarks, etc.

I spent a good part of the weekend researching how to root my phone. There is a lot of info for mid to experienced folks but not much for noobs, but I finally found that ODIN is on my phone, how to access it, and downloaded the desktop app for it. I also downloaded CyanogenMod, per your recommendation, and Clockworkmod. My particular phone seems to be finicky about how it gets rooted (Galaxy S2), so I just need to get the guts to go for it. As soon as I can get info on whether or not to remove my external SD card and/or SIMM card before rooting, I'll give it a try. Very exciting!

Thanks, again, Guys!

Many Blessings,

Re: Opt out of PRISM

Posted: Mon Jul 22, 2013 6:16 pm
by editor
I've installed CyanogenMod on two Galaxy S2 phones without issue.

As for your SD card, you should do the sensible thing and make a full backup before you attempt the install. Also realize that any data you have on your phone will be wiped clean, so be sure to make a backup of the data on the phone as well.

Linux and the command line program "rsync" are your friends.

Startpage search engine

Posted: Thu Jul 25, 2013 3:38 am
by editor
Received the following press release in my inbox today:

StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance
First search engines to offer TLS 1.1.and 1.2 as well as "Perfect Forward Secrecy"

NEW YORK & AMSTERDAM - In the wake of the US PRISM Internet surveillance scandal, companies are revisiting how they do business online and beefing up their privacy practices to protect their users.

Private search engines StartPage and Ixquick have pioneered a new advance in encryption security this week, becoming the first search engines in the world to enable "Perfect Forward Secrecy" or PFS in combination with a more secure version of SSL encryption known as TLS 1.1. and 1.2 , which works by setting up a secure "tunnel" through which users' search traffic cannot be intercepted.

This is the latest in a series of security firsts by StartPage and Ixquick, which pioneered the field of private search in 2006. Combined, StartPage/Ixquick is the largest private search engine, serving well over 4 million searches daily.

Harvard-trained privacy expert Dr. Katherine Albrecht, who helped develop StartPage, says, "We take encryption very seriously, and we've always led the way when it comes to security. We were first to adopt default SSL encryption in 2011, and now we're setting the standard for encryption in the post-PRISM world."

SSL encryption has been proven to be an effective tool for protecting sensitive online traffic from eavesdropping and surveillance. However, security researchers now worry that SSL encryption may not provide adequate protection if Government agencies are scooping up large amounts of encrypted traffic and storing it for later decryption.

With SSL alone, if a target website's "private key" can be obtained once in the future - perhaps through court order, social engineering, attack against the website, or cryptanalysis - that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people.

StartPage and Ixquick have now deployed a defense against this known as "Perfect Forward Secrecy," or PFS.

PFS uses a different "per-session" key for each data transfer, so even if a site's private SSL key is compromised, data that was previously transmitted is still safe. Those who want to decrypt large quantities of data sent using PFS face the daunting task of individually decrypting each separate file, as opposed to obtaining a single key to unlock them all.

This can be likened to replacing the master "skeleton key" that unlocks every room in a building with a tight security system that puts a new lock on each door and then creates a unique key for each lock.

In addition to its pioneering use of PFS, earlier this month StartPage and Ixquick deployed Transport Layer Security, or TLS, encryption versions TLS 1.1 and 1.2 on all of its servers. TLS is an upgraded form of SSL encryption, which sets up a secure "tunnel" that protects users' search information.

In independent evaluation, StartPage and Ixquick outscore their competitors on encryption standards. See Qualys' SSL Labs evaluation of StartPage's encryption features: ... .90.210.72

CEO Robert Beens urges other companies to upgrade to these new technologies. "With Perfect Forward Secrecy and TLS 1.1 and 1.2 combined, we are once again leading the privacy industry forward. For the sake of their users' privacy, we strongly recommend other search engines follow our lead."