# How do you feel about the NSA spying?



## MannDude (Jun 8, 2013)

This topic is making the rounds everywhere else, figured it'd be a good topic for discussion here. I've included a handful of random links from different sources below incase you're unaware of whats going on.

http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies

http://gizmodo.com/what-is-prism-511875267

http://finance.yahoo.com/news/u-collects-vast-data-trove-063600648.html

http://online.wsj.com/article/SB10001424127887324299104578529112289298922

http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google



But seriously, this shit has been happening for a long time. Don't forget about that NSA Utah Datacenter. No, they don't offer collocation but they may have a backup of your data there already


----------



## Chronic (Jun 8, 2013)

Not much we can do about it, to be fair. I'd like to think the people would get a say and be able to stop this kind of espionage, but ultimately we're fairly powerless apart from abandoning all forms of communication. Like you said, they've been doing this for a while now anyway.

*Edit:* The only way to beat them is to join them.


----------



## MannDude (Jun 8, 2013)

Chronic said:


> Not much we can do about it, to be fair. I'd like to think the people would get a say and be able to stop this kind of espionage, but ultimately we're fairly powerless apart from abandoning all forms of communication. Like you said, they've been doing this for a while now anyway.


Sadly the vast majority of the public can't be bothered anyway, as they possess the, "I've got nothing to hide" mentality and don't mind this sort of stuff because it has no perceived impact on their lives. Then again, you've got people who have no privacy anyways because they post every minor detail about their life online.


----------



## TheLinuxBug (Jun 8, 2013)

The sad part is everyone is acting like this is a new thing.  It has been going on for a long time now, just it wasn't brought to light (Think: just like the LEB/LET Scandal) So, does it suck? Yep.  Do I see it changing anytime soon? Nope.  Do I think its right what they are doing? Nope, they are trashing out rights as Americans (but that isn't a new thing either).   

Why do you think NSA is building a huge new DC in the Maryland/Washington area? Could it be that they plan to backhaul all the data from NY and Ashburn, VA before it heads over seas so they can sniff through it? Mmmm more "meta data". 

Cheers!


----------



## KuJoe (Jun 8, 2013)

I'm more upset that Google has more information about us than the NSA does. Seriously NSA, get your crap together or you'll be outsourced.

The government agency designed to keep tabs on us is less equipped than an internet marketing company and a cell phone provider. That's scary.


----------



## Aldryic C'boas (Jun 8, 2013)

KuJoe said:


> I'm more upset that Google has more information about us than the NSA does. Seriously NSA, get your crap together or you'll be outsourced.
> 
> The government agency designed to keep tabs on us is less equipped than an internet marketing company and a cell phone provider. That's scary.


Not really, when you think about it.  When has government EVER done something more efficiently than a privatized competitor?  The DMV and Post Office are two examples of that.


----------



## jarland (Jun 8, 2013)

I think it's time to replace a government.


----------



## Shados (Jun 8, 2013)




----------



## drmike (Jun 8, 2013)

KuJoe said:


> I'm more upset that Google has more information about us than the NSA does. Seriously NSA, get your crap together or you'll be outsourced.


 

If you look at most of these Silly-con Valley companies enough you'll discover the federal government funded them.

Facebook was certainly funded directly by intelligence money.

Google hired the top person at DARPA (black ops development wing) and recently someone else senior from DARPA jumped to them also.  It has plenty of government investment along the way.

Face it, these companies exist to get around limits on government to track and monitor.   We pounded the feds over spying and secret floors in telecom centers quite a number of years back.  Echelon was that?  

So they just funded these pawns who collect absolutely everything you could ever want from the zombie mASSES.

Government doesn't do the spying, so it's all legitimate.  They get their backdoors, APIs, data sets, data on demand access.

Me, I am highly pissed about the spooks and their spying.   We ought to go looking for heads to hang over it.   A few dead idiots would send the right message to Washington, DC, legal death penalty of course.


----------



## A Jump From Let (Jun 9, 2013)

Haha the poor people. Hahaha, so finally ya knew tht hidden Google somewhere tht has accezz to client side, but, bwhaha with also bwahahaha server side bwahahhaa data included at bwahaha results bwhahahah

Wasn't Internet an internal project for army? obviously they've brought people a demo outside of their walls in past years, FOR A REASON, right? Maybe it's time to take it back. OK, shut it down plz. Now users can go sleep, or die.


----------



## rsk (Jun 9, 2013)

If you don't have anything to hide, I do not see the problem.

However, what if the something you are hiding is not illegal? What if what you are hiding is just seen as "wrong" by your culture or environment? (Although it being fine - I guess..)

Then that is a different story all together.


----------



## Chronic (Jun 9, 2013)

rsk said:


> If you don't have anything to hide, I do not see the problem.


That's assuming the guy on the other end of the data stream is playing fair as well. Even if the NSA as a whole is using the information appropriately, an individual employee with access might not.


----------



## acd (Jun 9, 2013)

Chronic said:


> Not much we can do about it, to be fair. I'd like to think the people would get a say and be able to stop this kind of espionage, but ultimately we're fairly powerless apart from abandoning all forms of communication. Like you said, they've been doing this for a while now anyway.
> 
> *Edit:* The only way to beat them is to join them.


This attitude is wrong. There's plenty you can do to make it significantly more difficult for the NSA or any outside observer to capture your packets and communication. Here are a few options in order of ease of use:

Use SSL. For both your personal outgoing and on your websites; If an incoming connection is not SSL, redirect to SSL. With the proliferation of AESNI, this is getting extremely cheap for longer connections and only marginally more expensive for single ones. Cheap enough now with free ssl cert providers (e.g. startssl) that you can do it on pretty much any site.
Contact your government reps and express your concern. It may not get a lot done, but this is how the process works.
Use VPN. Find an anonymizing provider you like and start using them frequently. @wlanboy, posted an abbreviated quickstart guide (full guide) for getting started with openvpn on your dd-wrt router and get it to the point where you forget its even on. Any kind of *nix router that allows you to install binaries should be able to make it nearly transparent with some DHCP + openvpn/l2tp+ipsec/softether. with VPN endpoints in the 10-15$ per year range, you can with reasonable safety push your personally identifiable web traffic off your ISP to someone who is making their living off maintaining trust with their clients by providing anonymizing.
Secure your email. As a user, enable encryption for those recipients who support it and sign everything. Granted signatures don't prevent people from reading your mail, but it does provide assurance that you are who you say you are and a recipient might send a pubkey back for you to encrypt future emails. If running your own mailer daemon, configure it to try ssl first and verify certificates. Only provide IMAPS/993 (or POP3S if you're still using that) to off-server access.
Compartmentalize web browsing and network access. On your desktop, set up some lightweight VMs that boot from a shared, read-only disk image w/ distinct home directory mounts per VM. Spin one up when you need it and suspend when you're done. google apps in one. financials in another, social networks in a third, shopping in a fourth. If you really want to go nuts, you can have these go out different VPN endpoints pretty easily. There are probably web browsing sandboxes that do this easier, but most of those let flash out of the sandbox. Granted, this alone won't help against monitoring by IAs, but it'll limit your XSS & CSRF damages and mess with advertising people a fair bit.
Host your own services or find a provider who cares about security. Use services that are modeled like email; multiple hosts can group if they want (e.g. jabber) or can be completely separate.
Use darknets. Get your friends together and start carving up some fd00::/8 (IPv6 ULA) and link your VPNs together. You can set up routing manually with some GRE-in-IPSEC links or use something like cjdns. Maybe get a little crazy with some BGP.
Configure opportunistic encryption. Get some DNSSEC and IPSECKEY records for your in-addr.arpa delegations. Set up your IPSEC stack to attempt opportunistic encryption.
In the end, intelligence agencies will win the security game if they want to. These options only make it harder for them to opportunistically monitor that which they should not be monitoring without a court order.



Aldryic C said:


> Not really, when you think about it. When has government EVER done something more efficiently than a privatized competitor? The DMV and Post Office are two examples of that.


The administrative overhead of Medicare is quoted at 1% when executed in-house and 6% through privatized outsourcing by independent (scholarly journal) study. Private medical insurance agencies have an administrative overhead typically greater than 10%, usually in the high teens range. This suggests a significant cost advantage to federalized medical insurance.

The Post Office delivers last mile service to rural america where many privatized services (e.g. FedEx, UPS) do not because it doesn't make them money. In fact, they often hire the post office to do last mile delivery for those areas. IIRC, their budget deficit is due to a government mandate that they forward fund their retirement plans for all employees (even those not yet hired) through 2019 to the tune of 3-4B/annual. They're also much cheaper than fedex/ups at any distance delivered for first class, media mail, and flat rate, and approximately on par for costs for overnight, etc. The addons for delivery confirmation, package tracking, etc, bring them up to cost with their private competitors. I think they do pretty well for themselves.


----------



## blergh (Jun 9, 2013)

Might be interesting for you guys and girls.


----------



## mitgib (Jun 9, 2013)

acd said:


> The administrative overhead of Medicare is quoted at 1% when executed in-house and 6% through privatized outsourcing by independent (scholarly journal) study. Private medical insurance agencies have an administrative overhead typically greater than 10%, usually in the high teens range. This suggests a significant cost advantage to federalized medical insurance.


From my understanding, Medicare dictates rates and many do not accept it as payment, so other private plan while more costly may provide better care.  This whole Obamacare is a can of worms I am very interested in seeing how it plays out, I have high hopes, but the Government's record on being successful is stacked against it. 

Then there is Social Security, while it was never intended to be a sole source of income in retirement, has turned into just that for a great many.  I was speaking with Joel (Chief) last week and he was describing how it works in Australia that you still had a Government mandated contribution, but it was self managed, much more similar to a 401k, and I felt it sounded like a much better solution, and how could the US transition to something similar.


----------



## mikho (Jun 9, 2013)

mitgib said:


> I was speaking with Joel (Chief) last week


How was he? Did you talk about why let/b were sold ?


----------



## mitgib (Jun 9, 2013)

mikho said:


> How was he? Did you talk about why let/b were sold ?


He is fine, and I didn't care about talking about LEB/T, once I found out it was CC I was out and put it out of my mind


----------



## jhadley (Jun 10, 2013)

This video explains why you should care, even if you have nothing to hide:






And to those who are outraged, will you be doing more than writing angry messages on forums?


----------



## Chronic (Jun 10, 2013)

acd said:


> This attitude is wrong. There's plenty you can do to make it significantly more difficult for the NSA or any outside observer to capture your packets and communication. Here are a few options in order of ease of use:


All nice and dandy, but try getting the vast majority who struggle with day to day computer tasks to use that. They simply can not and will not. Unless a _solution_ applies to everyone, not just the most technical savvy and paranoid, I don't consider it a solution at all. I'm sure there are plenty of ways to secure oneself from prying eyes and you've neatly listed several of them, but you also have to consider the value of such practice in comparison to the practicality. Personally I have nothing to hide so I'm not going to sacrifice a major portion of usability for the sake of keeping my trivial activities secret. Once you reach the stage where you go full-out tech hermit, you realise that you sacrificed most of what you were trying to protect in the first place.


----------



## KuJoe (Jun 10, 2013)

While I dislike the "if you have nothing to hide..." mindset, I equally dislike the "evil government needs to stop..." mindset. I find it foolish to think the government will take my phone calls or e-mails and use them to make my life hell. At the same time I find it just as foolish that people complaining about privacy carry smartphones with GPS chips and cameras, both which can be activated remotely by people that don't report to anybody.

I'm comfortably in the middle of it all, I find it easier to put all my info out there publicly than to try and hide it and at the same time I keep the curtains closed and my webcam unplugged when I'm not using it. I do use VPNs 99% of the time, but that's because it's always on and I'm too lazy to turn it off when I don't need it.


----------



## D. Strout (Jun 10, 2013)

How do I feel? Meh... Government is government. TBH if I were in charge, I'd do this just 'cause I could If I was bored one day. This is not the "if you have nothing to hide..." mindset, it's the "they have way too much data now to be bothered sifting through it for my junk" mindset. I'm not surprised and definitely not concerned. Mildly annoyed they can't find anything better to do though.

Perhaps they could cancel this project, lay off the employees working on it, and put the money in to the federal debt.


----------



## mitgib (Jun 10, 2013)

KuJoe said:


> I'm comfortably in the middle of it all, I find it easier to put all my info out there publicly than to try and hide it and at the same time I keep the curtains closed and my webcam unplugged when I'm not using it. I do use VPNs 99% of the time, but that's because it's always on and I'm too lazy to turn it off when I don't need it.


You do have private info you do not share with anybody other than your wife I would imaging, nor should any of us care about that info, but watching the video @jhadley linked the concern was put before you, someone evil dials your number by mistake, now there is something to scrutinize you over, and wrongly accuse you by digging in your past in all the data being stored.

I would like to share your view of remaining in the middle, but growing up pre-internet and the forward push to less civil liberty over the past 4 decades  has shown me our freedoms as Americans are eroding.  My usual action is to stay out of anything, head in sand, if they don't see me, they won't bother me, but sometimes enough is enough, but what action must we all take to gain attention that this has gone too far for too long.


----------



## acd (Jun 10, 2013)

Chronic said:


> All nice and dandy, but try getting the vast majority who struggle with day to day computer tasks to use that. They simply can not and will not. Unless a _solution_ applies to everyone, not just the most technical savvy and paranoid, I don't consider it a solution at all. I'm sure there are plenty of ways to secure oneself from prying eyes and you've neatly listed several of them, but you also have to consider the value of such practice in comparison to the practicality. Personally I have nothing to hide so I'm not going to sacrifice a major portion of usability for the sake of keeping my trivial activities secret. Once you reach the stage where you go full-out tech hermit, you realise that you sacrificed most of what you were trying to protect in the first place.


On re-reading what I wrote I feel like I came off as more dickish than I intended.

Turning on forced ssl mode on your websites is something you can easily do that is transparent to your users, as is using or offering federated services like xmpp, email, or social network stacks that have an emphasis on security. Both of these provide significant privacy advantages to your non-technical users without any effort on their part and minimal effort on yours.

Automatic vpn sign-in in windows (both ipsec+l2tp & openvpn) is pretty much transparent as well, from a user perspective, once you get it set up the first time.

What I mean to say is there are options that have low maintenance effort that you can (and I believe should) do to increase your privacy level and that of your users without compromising ease of use.


----------



## netnub (Jun 10, 2013)

Lol they can't spy on me. Even it they can I got noting to hide so they can do it all they want.


----------



## KuJoe (Jun 10, 2013)

mitgib said:


> You do have private info you do not share with anybody other than your wife I would imaging, nor should any of us care about that info, but watching the video @jhadley linked the concern was put before you, someone evil dials your number by mistake, now there is something to scrutinize you over, and wrongly accuse you by digging in your past in all the data being stored.
> 
> I would like to share your view of remaining in the middle, but growing up pre-internet and the forward push to less civil liberty over the past 4 decades  has shown me our freedoms as Americans are eroding.  My usual action is to stay out of anything, head in sand, if they don't see me, they won't bother me, but sometimes enough is enough, but what action must we all take to gain attention that this has gone too far for too long.


And at the same time I share info online in public forums that I would never tell my wife. :X


----------

