Links are mostly in reverse chronological order (most recent at the top).
Crypto and Privacy Links
- Surveillance Self-Defense “Tips, Tools and How-tos for Safer Online Communications” from EFF. (For personal self-defense see 21 Most Effective Self Defense Techniques Everyone Should Know.)
- A spying service leaked personal data on millions of customers. See also here.
- Krebs on Security
- Facebook Announces It Will Use A.I. To Scan Your Thoughts "To Enhance User Safety"
- Ordinary US Citizens Now Surveilled By Air Marshals As Part Of Secret New ProgramThe Boston Globe has revealed a new federal program that profiles and surveils ordinary US citizen travelers who otherwise have no legitimate reason for being profiled [and watched]. ... In essence, the program gives the TSA the option to monitor and track whoever it likes for any reason whatsoever, effectively granting TSA agents a green light to violate anyone's personal privacy ...
- Google reportedly allows outside app developers to read people's Gmails
- Dan Goodin: Encrypted or not, Skype communications prove “vital” to NSA surveillance
- Skype can't fix a nasty security bug without a massive code rewrite
The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights — granting them access to every corner of the operating system. But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work.
- Ava Kofman: Interpol Rolls Out International Voice Identification Database Using Samples From 192 Law Enforcement AgenciesSpeech recognition technologies can identify and tag individuals every time they open their mouths [and say something], effectively ending anonymity.
- Voice Recognition: Risks To Our Privacy
- Is VPN Legal in Your Country?VPNs are illegal in China, Turkey, Iraq, United Arab Emirates, Belarus, Oman and Russia. VPNs are somewhat illegal in: Iran, North Korea and Turkmenistan.
- Virtual Private Networks (VPNs):
- Top 10 VPN — Find the Best VPN
- VPN Reviews of 2017 — Find the Best VPN Provider
- Online Privacy Guide
- Best VPN Services: VPN Comparison Chart
- Best VPN for US citizens to avoid the NSA and FBI
- DNS leaks:
- What Are DNS Leaks and How to Avoid Them
- DNS leak test — test your VPN
- IP Leak test for VPNs/Tor
- DNS Leaks (Causes & Fixes)
- How to Beat the Netflix VPN Ban
- Sarah Jamie Lewis:
- Assessment of the Privacy and Security of Smart Toys Marketed to Children
- The Information Superhighway has become The Information-Tracking Superhighway
- Joe Jarvis: How Digital Citizens Will Become Independent of Location Based Governments
- Sam Biddle: The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal
- France joins US-led “Five Eyes” spy organization
- The Surveillance State: An Inexorable March Toward Totalitarianism
- Welcome to the United States: Discriminated, detained, searched, interrogated
- Naked online: cyberthreats facing users of adult websites and applications
- The NSA's voice-recognition system raises hard questions for Echo and Google Home
- CPUís most likely immune to Spectre
- Libreboot: Why is the latest Intel hardware unsupported in libreboot? [Published April 2017.]
The Intel Management Engine [ME] with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored. ... [The ME] and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent [later than 2009] generations of Intel hardware.
- Andy Greenberg: A Guide to Getting Past [U.S.] Customs With Your Digital Privacy Intact
Before going into customs, alert a lawyer or a loved one who can contact a lawyer, and contact them again when you get out. If you are detained, you may not be able to access your devices or otherwise have the opportunity to reach the outside world. And in the worst case scenario of a lengthy detention, you'll want someone advocating for your release and legal representation.
- Brave web browser
- Website Cookies: Everything You Need To Know
- Pam Dixon: Your Net Health: Why Some Cookies Can Be Hazardous, and How to Say No
- Online Privacy Guide for Journalists 2017 — lots of useful advice, and not just for journalists
- What does Facebook really know about you?
- Zero Hedge: Trump May Be Right: The 'Five Eyes' Allies Do Spy On One Another
One commenter says:"MAY" be right? Of course it's right. It's how the NWO was intended to be built. Interlocking secrets/scandals/pedophilia/blackmail on one another's leadership with the bankers jerking the puppet strings. Creates a net of controlled corruption extending transnationally with consequent treasonous conduct in each of one another's countries collapsing them into cesspools of decaying stinking corruption. It's how they, the bankers, squash national allegiences among leaders so corrupted by promising to "save" them from domestic prosecution for their crimes.
- Symantec SSL Site Checker by 352 Inc. — Checks whether the SSL certificate used by a website (such as a bank) is secure.
- Erik Kangas: What Do the CIA Vault 7 Leaks Mean for Your Business?
- Wikileaks Unveils 'Vault 7': "The Largest Ever Publication Of Confidential CIA Documents"
- Snowden: What The Wikileaks Revelations Show Is "Reckless Beyond Words"
The fallout from the Wikileaks' "Vault 7" release this morning of thousands of documents demonstrating the extent to which the CIA uses backdoors to hack smartphones, computer operating systems, messenger applications and internet-connected televisions, will be profound.
- Government Spooks Can Use Mic, Camera On Trump's Phone (Even When He Thinks It's Turned Off)
- My Friend Cayla doll banned in Germany over surveillance concerns
-  The Year Encryption Won
- Privacy International
- Starting Today [2016-12-01], Feds Can Hack Millions Of Devices With One Warrant
- These Are The 48 Organizations That Now Have Access To Every Brit's Browsing History — "... In other words, everyone."
- Windows 10:
- ‘Incredibly intrusive’: Windows 10 spies on you by default
- ‘Don’t spy on me!’ How to opt out of Windows 10’s intrusive defaults
- ‘No matter what platform you use, it’s all under surveillance’
- Windows 10 privacy settings
- Windows 10 Shares Wi-Fi Passwords With Your Contacts — Here's How to Disable It
- Windows 10 service agreement stirs espionage fears in Russian Communists
- Windows 10 “Privacy” Feature 'Rats' Kids To Their Parents
- Microsoft Auto-Scheduling Windows 10 Updates
- Microsoft accused of Windows 10 upgrade 'nasty trick'
- Fearing forced Windows 10 upgrades, users are disabling critical updates instead
- Never10: A new tool for turning off Microsoft's Windows 10 update
- France: Windows 10 collects 'excessive personal data', issues Microsoft with formal warning
- How to turn off Windows 10's keylogger
- How to reclaim your privacy in Windows 10, piece by piece
- You can't turn off Cortana in the Windows 10 Anniversary Update
- Microsoftís new small print — how your personal data is (ab)used
- Cortana: The spy in Windows 10
- Microsoft shares Windows 10 telemetry data with third parties
- How Windows 10's data collection trades your privacy for Microsoft's security
- Microsoft to address latest Windows 10 privacy concerns with Creators Update
- Microsoft is disgustingly sneaky: Windows 10 isn't an operating system, it's an advertising platform
- How to replace Edge as the default browser in Windows 10 — and why you should
- Britainís mass surveillance bill rubber-stamped by House of Lords
- Yahoo secretly scanned customer emails for US intelligence-sources
Yahoo Inc last year  secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials ...
- Five EFF Tools to Help You Protect Yourself Online
- Krebsís 3 Basic Rules for Online Safety
- If you didnít go looking for it, donít install it!
- If you installed it, update it.
- If you no longer need it, remove it.
- [Queensland] Police granted live access to rail security cameras, prompting privacy concerns — QLD now a ‘surveillance state’
- DHS Wants Tourists To List Their Facebook Accounts to Enter [the U.S.A.]
- The best Linux distributions for beginners — that is, for those wishing to remove Windows 10 spyware from their PC.
- New Web Privacy System Could Revolutionize the Safety of Internet Surfing
- The countries most vulnerable to cyber-attacks
The top five: Belgium, Tajikistan, Samoa, Australia, China.
- Google voice search records and keeps conversations people have around their phones — but the files can be deleted
- Police are filing warrants for Androidís vast store of location data
- Is Facebook eavesdropping on your phone conversations?
Facebook is not only watching, but also listening to your cell phone. It all starts with enabling your microphone feature in your settings. Once you do, choose your words carefully.
- Forget Big Brother, Facebook Is Watching (And Listening) To Everything You Do
- Pre-Loaded Laptop Software Comes With Security Risks
- Your phone number is all a hacker needs to read texts, listen to calls and track you
- Robots to replace border police? To speed up lines at airports, French firm [Thales] to scan your irises
[Thales] has the French state as a major shareholder. ... "Today, it’s testing at the border, tomorrow it could be facial recognition deployed in public places," Dave Maass, Electronic Frontier Foundation, said. "Today, the photos taken are being kept segregated from other departments and agencies, tomorrow they could be shared for a whole host of other purposes."
- Microsoft's Platypus can help robots locate and identify you
- Papers Please
The Identity Project explores and defends the fundamental American right to move freely around our country and to live without constantly having to prove who we are or why we are here.
- How does your bank know your dog's not a terrorist?
- More news about blocking of money transfers
- What''s at stake in the European PNR debate this week?
- How safe is airline passenger data? Not secure at all
- EU mandates US-style pre-crime profiling of air travellers
- Cryptowars: UK activist fears US extradition, 99yr sentence for refusal to surrender encryption keys
- Paul Szoldra: Here's why it's important to stop government spying, even if you have nothing to hide
However, everyone has "something to hide". Why do you think that your bank encrypts your data when you use online banking? To assist the FBI in "keeping us safe", would you rather that banks stopped encrypting everyone's data (including your own)?
- Shelly Palmer: Information Warfare: Surveillance & Encryption
- Ivo Vegter: Political lowlifes blame encryption for Paris attacks
- ‘Intrusive’ and ‘secretive’: ACLU obtains government docs on Stingray surveillance
- Australia Proposes Eliminating Passports. There's Just One Problem...
- US and EU scramble for new data-transfer deal
- Russia launches internet blacklist to protect the kiddies
- Data retention has started in Australia, but carriers aren't ready
- FBI boss: No encryption backdoor law (but give us backdoors anyway)
- Martin Anderson: HTML5-based data transfer for terrorists, pirates and investigators
- Sharfest: Send files directly — Secured, anonymous, instant, without a cloud.
- Natalie Wolchover: The Tricky Encryption That Could Stump Quantum Computers
- Obama faces growing momentum to support widespread encryption
Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail ... “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.” ... What is clear, though, is that the law enforcement argument is “just not carrying the day,” said a second senior official ... “People are still not persuaded this is a problem. People think we have not made the case. We do not have the perfect example where you have the dead child or a terrorist act to point to, and that’s what people seem to claim you have to have.”
So get ready for another false-flag "terrorist attack".
- New Russian law bans citizens’ personal data being held on foreign servers
- US spies seek to lure private companies like Uber into collaboration
- FBI says that citizens should have no secrets that the government can't access
- Alex Krasodomski: The focus on terror has distorted the debate on encryption
- Patrick Wallace: Encryption and the Consequences of Public Policy
- David Cameron Wants To Ban Encryption
- UK internet firms warn of more mass surveillance
- Backdoor demands cause PGP founder to quit US
- Jolly Roger’s Security Guide for Beginners
- Tails — privacy for anyone anywhere
- The Tor Project — Anonymity Online
- Alfredo Lopez (2015-04-21): The Encryption Debate is Really About How Best to Spy on You
Nobody is saying the obvious: cracking encryption to steal data is unconstitutional and illegal and this debate is taking place at a moment when massive movements of protest are convering the streets of our cities organized through social media and cell-phone communications. ... Both the First and Fourth Amendments to the Constitution make absolutely clear that the government cannot do mass data capture. There is no fuzziness about that in the document’s wording. Data from citizens can only be captured with a court-approved search warrant and then only when the object of the data seizure is specifically described in the warrant. ... Privacy, the constitutional principle written to protect movements and citizen organizing (among other things), has been washed down the legal drain. The only protection we have is to encrypt what we send and constitutionally we have an absolute right to do so.
- Computer Processes, Spyware, and Adware — Alphabetical Directory
- Marshall Honorof (2015-04-15): How to Decrypt Files Seized by CoinVault Ransomware
- Lee Munson (2015-04-13): The NSA wants a multi-part encryption key for 'front door' access to your data
- Bruce Schneier's new book: Data and Goliath — The Hidden Battles to Collect Your Data and Control Your World (reviewed by EFF)
- Australia's 2015 data retention law (passed March 2015)
- Malcolm Turnbull says access to journalists' metadata 'a special case'
The Greens senator Scott Ludlam said the last-minute amendments to protect journalists “did nothing to protect the 23 million other Australians who will still be exposed to out of control warrantless surveillance”.
- Data retention laws pass Federal Parliament
- Australian government minister: Dodge new data retention law like this
- Malcolm Turnbull explains how people can avoid having metadata collected
- Greens' Scott Ludlam provides tips on how to hide metadata from government
- Washington 'real danger' of cyber warfare, not China or N. Korea — WikiLeaks
- Spyware Warrior —"Waging the war against spyware". Has a page with a lot of crypto links.
- Hack gave U.S. and British spies access to billions of phones
U.S. and British spies hacked into the world's biggest maker of phone SIM cards [Gemalto], allowing them to potentially monitor the calls, texts and emails of billions of mobile users around the world, an investigative news website reported.
- Britain’s “War on Terror” Insanity Continues — David Cameron Declares War on Encryption
- Is the attack on Charlie Hebdo a reason for air travel surveillance?
In a speech today in Strasbourg opening the current session of the European Parliament, the President of the European Council (the executive branch of the European Union, comprised of national governments) invoked the attack on the satirical cartoonists of Charlie Hebdo as a reason for popularly-elected EU legislators to put aside their previous objections and enact a comprehensive EU-wide mandate for surveillance and profiling of airline passengers on the basis of Passenger Name Record (PNR) data from airline reservations.
- Travel Surveillance, Traveler Intrusion
- Cryptohippie's Guide To Online Privacy
- Trevor Timm (2014-11-15): First Snowden. Then tracking you on wheels. Now spies on a plane. Yes, surveillance is everywhere
US government-owned airplanes that can cover most of the continental United States are covertly flying around the country, spying on tens of thousands of innocent people’s cellphones. It sounds like a movie plot, but in a remarkable report published on Thursday, the Wall Street Journal exposed that these spy planes are part of an actual mass surveillance program overseen by the Justice Department (DOJ). And it’s been kept secret from the public for years.
- UN Votes to Protect Privacy in Digital Age
- A Guide for Guarding Personal Information in the Workplace — "Key Principles for a Solid Plan for Information Security"
- Susan Stellin (New York Times, 2013-10-21): Security Check Now Starts Long Before You Fly
At the heart of the expanded effort is a database called the Automated Targeting System ... [which] is used to decide who is placed on the no-fly list — thousands of people the United States government has banned from flying — and the selectee list, an unknown number of travelers who are required to undergo more in-depth screening ... The T.S.A. also maintains a PreCheck disqualification list, tracking people accused of violating security regulations, including disputes with checkpoint or airline staff members. Much of this personal data is widely shared within the Department of Homeland Security and with other government agencies ... and in some cases, [with] private companies for purposes unrelated to security or travel.
- James Kanter (New York Times, 2013-10-21): Rules Shielding Online Data From N.S.A. and Other Prying Eyes Advance in Europe
- Burner Phone
The simplest, most anonymous, and most affordable disposable cell phone ever manufactured. Made for people who value security and privacy.
- Glimmerglass Intercepts Undersea Cable Traffic for Spy Agencies
- NSA Prism: Why I'm boycotting US cloud tech — and you should too
- CryptoCloud: Leave Surveillance Behind — Forever
- Alexander Hanff:
- 2013-06-10: PRISM — Where do we go from here?
- 2013-06-13: PRISM-Break List is dangerously misleading
- 2013-06-22: Still trust DuckDuckGo?
- Julian Assange (2013-07-09): How cryptography is a key weapon in the fight against empire states
What began as a means of retaining individual freedom can now be used by smaller states to fend off the ambitions of larger ones
- The Guardian (2013-06-21): Mastering the internet: how GCHQ set out to spy on the world wide web
Project Tempora — the evolution of a secret programme to capture vast amounts of web and phone data
- EFF Answers Your Questions About Border Searches — Advice on safeguarding your laptop and digital devices from warrantless searches at the U.S. border.
- Glenn Greenwald and Ewen MacAskill (UK Guardian, 2013-06-07): NSA Prism program taps in to user data of Apple, Google and others
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian. The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
- Glenn Greenwald (UK Guardian, 2013-06-06): NSA collecting phone records of millions of Verizon customers daily
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April. ... Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.
But at the very least they can know who you're calling and they can track your movements. Whenever you switch on your cellphone they know instantly where you are.
- Data Leak Shakes Notion of Secret Offshore Havens and, Possibly, Nerves
[Some rich people who hide their money to avoid paying taxes on it] are suddenly very anxious after the leak of 2.5 million files detailing the offshore bank accounts and shell companies of wealthy individuals and tax-averse companies. ... [The] the enormous size of the data dump obtained by the International Consortium of Investigative Journalists ... has punched a big hole in the secrecy that surrounds what the Tax Justice Network estimates are assets worth at least $21 trillion held in offshore havens.
- Encryption Learning Center — links to articles on various aspects of encryption and security.
- Peter Lee: US digs in for cyber warfare
In the United States, providing government law enforcement with back-door access to networks, aka 'lawful intercept', is a legal requirement for digital telecom, broadband Internet, and voice-over-IP service and equipment providers under the CALEA (Communications Assistance to Law Enforcement Act) law. The Federal Bureau of Investigation (FBI) is currently lobbying the US administration and the Federal Communications Commission to require that social-media providers such as Facebook provide similar access so that chats and instant messaging can also be monitored in real time or extracted from digital storage.
- Australia Moves to Massively Expand Internet Surveillance
The Australian government has proposed sweeping changes to its surveillance and national security laws. The government's wish list includes mandatory data retention, surveillance of social networks, criminalization of encryption, and lower thresholds for warrants.
Under the guise of expanding "the fight against terrorism" the Australian spooks wish to "establish an offence for failure to assist in the decryption of communications". So if you have some proprietary commercial information which you encrypt and send in a file to a colleague, and if you refuse a request by the Australian government to allow them to decrypt that file, then you can be charged with the commission of a crime (proposed penalty as yet unstated but could be imprisonment).
- Senate panel criticizes anti-terrorism data-sharing centers
A federal domestic security effort to help state and local law enforcement catch terrorists by setting up more than 70 information-sharing centers around the country has threatened civil liberties while doing little to combat terrorism, a two-year examination by a Senate subcommittee found.
And here is a link to the report itself.
- Dwayne Winseck: Big New Global Threat to the Internet or Paper Tiger?: the ITU and Global Internet Regulation, Part I
- John Feffer: The worm that turned on the US
Offensive cyber-tactics fall into five basic categories: using the Internet to win hearts and minds; denial of service attacks that effectively paralyze websites; electronic attacks on infrastructure such as nuclear power plants; sabotage through the sale of defective hardware or software; and operational attacks that accompany conventional battle plans ...
- James Bamford: The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)
TThe purpose of the NSA's "Utah Data Center" is "to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. ... Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails — parking receipts, travel itineraries, bookstore purchases ...
- Chris Crum: Social Discovery is BIG (and Creepy?) at SXSWThere's a new trend in social media and application development, and it's called ‘social discovery’.
The one thing social networking is NOT about, is “giving” people opportunities to connect better, unless that means better opportunity for exposure to product and data gathering by government. Once upon a time there were phone calls and actual face to face connecting. And then along came email which made it possible to connect quickly and cheaply with those who were far away and did that very well actually but unfortunately there was no place for marketing in private email exchanges so email had to be replaced.
Here’s my stand, I choose NO, so I don’t do Facebook, Twitter or any online social networking site because I know what the true purpose is, i.e., harvesting target info. I discourage my clients from this as well. Amazingly I survive quite well without being “connected” or “liked” and I am quite sure there is plenty of information about me available anyway. I’m such a relic I do my interacting the old fashioned way with people I have intimate relationships; I communicate one on one, face to face, by phone and the now archaic tool of email. There is no substitute for this kind of interaction with humans. None. It seems to me that the more knowledge has increased, the more information we have, the less we really know because not only has the human touch thing been circumvented by digital technology, humanity itself is now systematically being counterfeited with a shallow reproduction. We are becoming programed holograms. The real deal, that unique part of humanity that has always been delightfully serendipitous, has now been replaced with a robotic, predictable, never allowed to step sideways, soul-less clone that lives for, acts and reacts, and by default witlessly worships, the god of commerce.
- Anick Jesdanun: 5 ways to control your privacy on Google
- Recording Everything: Digital Storage as an Enabler of Authoritarian Governments
[Soon] it will become technologically and financially feasible for authoritarian governments to record nearly everything that is said or done within their borders — every phone conversation, electronic message, social media interaction, the movements of nearly every person and vehicle, and video from every street corner. Governments with a history of using all of the tools at their disposal to track and monitor their citizens will undoubtedly make full use of this capability once it becomes available.
- Carrier IQ Withdraws Legal Threat Against Security Researcher
[Security researcher Trevor] Eckhart said he'd discovered Carrier IQ's software secretly monitoring “many U.S. handsets sold on Sprint, Verizon, and more.” He estimated that it was running on more than 141 million handsets. Furthermore, as installed by carriers, the software oftentimes couldn't be removed, or could be removed only by advanced users willing to root their phones.
- Can the [U.S.] government take away my laptop?
Federal Customs and Border Patrol agents have the [legal] right [according to the 9th Circuit Court in San Francisco] to confiscate and examine electronic devices belonging to anyone entering the United States. The agents aren't required to have probable cause before searching someone's devices. And they can look for any evidence of any crime at all.
- Tighter oversight on border laptop searches
The procedures also allowed border agents to retain documents and devices for 'a reasonable period of time' to perform a thorough search 'on-site or at an off-site location.'
So if you enter the U.S. with a laptop you can expect federal agents to look through your personal files and maybe even take your laptop away for a few hours or days and perhaps even copy the entire hard drive. Better to stay far away.
- Digital Due Process — Modernizing surveillance laws for the digital age
The Electronic Communications Privacy Act ... is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today's digital communication services may no longer be adequately protected.
- Cryptome.org is a respected website which for many years has served as an archive for documents relating to privacy and other matters. Its stated purpose is to make available to the public documents
that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those. Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served ...
- JR Raphael, PC World: The Google-NSA Alliance: Questions and Answers
- New Spy Software Coming On-Line: "Surveillance in a Box" Makes its Debut
- An Illustrated Guide to the Kaminsky DNS Vulnerability
This paper covers how DNS works: first at a high level, then by picking apart an individual packet exchange field by field. Next, we'll use this knowledge to see how weaknesses in common implementations can lead to cache poisoning.
- Former AT&T worker details federal Internet spying in S.F.
In an interview Tuesday [2007-11-06], he [Mark Klein] said the NSA set up a system that vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T. Contrary to the government's depiction of its surveillance program as aimed at overseas terrorists, Klein said, much of the data sent through AT&T to the NSA was purely domestic.
- How to surf anonymously without a trace
Several ways to protect yourself from the feds and others
- Schneier on Security: Hackers Clone RFID Passports
- A Cost Analysis of Windows Vista Content Protection
- Wayne Madsen: Crypto AG: The NSA's Trojan Whore?
- Joris Evers and Declan McCullagh: Security risks of e-passports exposed
Radio tags used in everything from building access cards to highway toll cards to passports are surprisingly easy to copy and pose a grave security risk, researchers said this week.
"At security conferences researchers demonstrated that passports equipped with radio frequency identification (RFID) tags can be cloned with a laptop equipped with a $200 RFID reader and a similarly inexpensive smart card writer. In addition, they suggested that RFID tags embedded in travel documents could identify US passports from a distance, possibly letting terrorists use them as a trigger for explosives.
- Ingrid Melander: EU court rules airline data deal with U.S. illegal
- Ryan Singel: Whistle-Blower Outs NSA Spy Room (Also here and here.)
AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.
- Eric Weiner: Wiretapping, European-Style
Think Bush's warrantless NSA surveillance is bad? Wait till you hear what the British government does.
- EFF's Class-Action Lawsuit Against AT&T for Collaboration with Illegal Domestic Spying Program
- William M. Arkin: NSA Expands, Centralizes Domestic Spying
The Stop Badware Coalition will seek to spotlight companies that make millions of dollars by tricking Web users into putting spyware, adware or other deceptive software on their machines ...
- Bruce Schneier on Project Shamrock
- How to Make an RFID Blocking Wallet
- The media must learn the difference between a wiretap and "Echelon" (What's Echelon?)
- Doug Thompson: An enemy of the state
- Steve Jones: GCHQ — Government Communications HeadQuarters (Also here.)
Europe's most powerful intelligence gathering agency
- John Perry Barlow: Decrypting the Puzzle Palace
- Chapter 8, Chapter 9 and Chapter 10 of James Bamford's The Puzzle Palace: A Report on America's Most Secret Agency
- Techi Warehouse's :: Security :: page.
- Handbook for bloggers and cyber-dissidents
Practical advice and technical tips to help bloggers stay anonymous and to help web surfers circumvent censorship.
- Electronic Frontier Foundation decodes printer tracking dots
- Want to check your e-mail in Italy? Bring your passport.
An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit.
- 4th Amendment & The People Under the Eaves — Echelon, Carnivore, CODIS and Privacy
- Andrew Kalukin: Automating Camera Surveillance
Recent developments in computer vision, robotics, and pattern matching increase the possibility of drastic social transformations. The dictatorship of Big Brother had one small limitation of power: it depended on the obedience and vigilance of subordinates to enforce control. The application of data mining methods to massive video data sets enables a sufficiently organized power to outmatch humans in carrying out surveillance.
- Zip File Password Cracking
- How Companies Can Track Your Movements on the Intenet
- John Dillon: Are the Feds Sniffing Your Re-Mail?
- Smile for the US Secret Service
- Jonathan Wheeler: US adopts National ID: Homeland Security Now In charge of Regulations for all US States Drivers Licenses and Birth Certificates
- J. Orlin Grabbe: In Praise of Hawala
- Charles Arthur: Microsoft's browser dominance at risk as experts warn of security holes
Last week researchers at the Internet Storm Centre discovered a malicious program that used a flaw in the [Internet Explorer] software to install itself on the user's PC when a particular pop-up ad appeared. It would then monitor the user's typing when they visited any of 50 bank sites, including Barclays Bank, Citibank and Deutsche Bank.
- Accenture's 'Virtual Border' Project
Accenture and its partners will need to link the vast amounts of data that biometric devices capture with legacy databases of immigration, customs, law-enforcement, and intelligence agencies. ... it also will need to analyze data to spot suspicious activities.
- James Lewis: RFID: Big Brother Gets Small (86 Kb PDF file)
To help counteract counterfeiting of the new currency, the EU is hoping to have a new RFID [radio frequency identification] tagging system in place by 2005. Each piece of currency will have a tag with a unique code which should be irreproducible by counterfeiters. ... [T]his also means that the governments would also be able to track the money when it is not being used in illegal transactions. This would mean that any money you had in your possession could be used to track you, no matter which EU country that you were in.
- Declan McCullagh: Howard Dean's 'smart ID' plan
[Dean] called for state drivers' licenses to be transformed into a kind of standardized national ID card for Americans. ... Dean also suggested that computer makers such as Apple Computer, Dell, Gateway and Sony should be required to include an ID card reader in PCs — and Americans would have to insert their uniform IDs into the reader before they could log on.
- Infiltration of files seen as extensive — Senate panel's GOP staff pried on Democrats
Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media ...
- Reuters: U.S. Says Deal Reached with EU on Air Passengers [link expired and article not available by search]
Washington has requested non-U.S. airlines to hand over up to 39 pieces of data for each passenger, including credit card details, home address and phone number.
- Europe approves air passenger data transfers to US
The key comment in Mr Bolkestein's statement is that the Commission has made its 'political judgement' in favour of transfer in the hope that any privacy problem will be in the meantime resolved. In short, the statement should be seen as a mechanism to boot the privacy problems into the long grass whilst allowing the US authorities access to the data they want.
- Statewatch — monitoring the state and civil liberties in the European Union
- EFF's Privacy, Security, Crypto & Surveillance
- Netsurfer Focus on Cryptography and Privacy
- Adam Back's Crypto Pages
- Declan McCullagh's Politech
- Raymond Ker: The New McCarthyism
- Drug Enforcement Takes Control of Domain Names, Threatens Privacy
- Mark Ward: The hidden dangers of documents
Your Microsoft Word document can give readers more information about you than you might think.
If concerned, open your MS Word document with a text editor such as Notepad, which shows everything.
- Chapter 8, Signals Intelligence, from Jeffrey T. Richelson's The U.S. Intelligence Community
Another reconnaissance project involving submarines ... involved implanting a device to intercept the signals transmitted along a Soviet underwater cable in the Sea of Okhotsk, between the Kamchatka Peninsula and the eastern Soviet coastline. A combined Navy-NSA team, operating from a submarine, installed a miniaturized waterproof eavesdropping device — a large tape pod that fit over the Soviet cable, through which key Soviet military and other communications flowed. The pod had a wraparound attachment that intercepted the cable traffic by "induction" ... The Sea of Okhotsk operation continued until 1981, when former NSA employee Ronald Pelton sold the Soviets information about the operation.
- Carl Ellison's website includes Attempt versus Succeed — a discussion of the right of a US citizen to attempt to keep secrets, even from the government.
- Towards A European Framework for Digital Signatures And Encryption, a report on encryption policy released in 1997 by the European Commission (a Word/Wordpad document).
- Brian J. Bocketti: United States Encryption Export Policy: Turning the Corner
- Eckpunkte der deutschen Kryptopolitik (Bonn, 1999-06-02)
English translation: Key Elements of Germany's Encryption Policy
- Cryptography World
TA website "designed to help you understand the basics of cryptography ... [and to provide] access to a series of resources to help you apply, and implement, cryptographic solutions.
- Tom White: Head for the Hills, the End Is Nigh
- The Beginning of the End of Freedom on the Internet
- Nat Hentoff: We'll All Be Under Surveillance
Without any official public notice, and without any congressional hearings, the Bush administration — with an initial appropriation of $200 million — is constructing the Total Information Awareness System. It will extensively mine government and commercial data banks, enabling the FBI, the CIA, and other intelligence agencies to collect information that will allow the government ... 'to essentially reconstruct the movements of citizens.' This will be done without warrants from courts, thereby making individual privacy as obsolete as the sauropods of the Mesozoic era.
- Identity-based Internet idea shelved [webpage (re)moved]
[A] Pentagon research agency ... considered but rejected ... tagging Internet data with unique personal markers to prevent anonymous use of some parts of the Internet. ... The plan, known as eDNA ... would have divided the Internet into secure 'public network highways' where a user would need to be identified, and 'private network alleyways' which do not require identification. ... [The proposal] read in part: 'We envisage that all network and client resources will maintain traces of user eDNA so that the user can be uniquely identified as having visited a Web site, having started a process or having sent a packet. 'This way, the resources and those who use them form a virtual 'crime scene' that contains evidence about the identity of the users, much the same way as a real crime scene contains DNA traces of people.'
So it seems that, for the authors of this proposal, accessing a website, or using the internet for any purpose at all, makes one a virtual criminal. What will they think of next?
- CNN: Crypto expert: Microsoft products leave door open to NSA
But it's even worse ... there's a "third key" ...
- Duncan Campbell: How NSA access was built into Windows
- Windows XP vulnerable to 'serious' attacks [webpage (re)moved]
Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software.
- Microsoft issues patch for "serious" XP hole
Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people's systems open to malicious attack.
- FBI wants access to worm's pilfered data
The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. ... [T]he worm replicates by sending copies of itself to all other email addresses found on the host's machine, and installs a keystroke-logger capable of stealing passwords ... The FBI wants indiscriminant access to the illegally extracted passwords and keystrokes of over two million people without so much as a warrant.
- Judge Demands Documents on FBI Computer Spy System [webpage (re)moved]
A federal judge on Friday [2001-09-07] ordered prosecutors to show him documents next week describing how a classified FBI computer spying system works, saying their argument the system should be kept secret from defense attorneys was "gobbledygook." ... During its 1999 investigation [of Nicodemo Scarfo], the FBI obtained a search warrant to secretly install a "key logger device" on the computer ... The government is resisting the disclosure, claiming the system is classified and that revealing it would endanger national security. But when prosecutors presented an affidavit on Friday from a high-level Justice Department official exhorting the system's classified status, U.S. District Court Judge Nicholas Politan said it was gibberish. ... " It says the guides (that define classified material) are even secret. ..." he said.
- The story about Crypto AG — with many annotated links.
- Researchers fault independent review of Carnivore
Carnivore is a software program that monitors packets of data passing through an Internet service provider's network. Officials at the FBI and the DOJ have said the surveillance system can only be legally deployed to monitor alleged criminal activity under a court order, but privacy advocates are worried that the software could lead to widespread and random surveillance of e-mail messages.
- Carnivore review confirms extended abilities of FBI sniffing software
The concern for privacy advocates ... is the potential for broad-sweeping data collection if the software isn't configured properly. ... According to the report, Carnivore will collect all e-mails in a packet delivered to an Internet service provider if its filters aren't set properly.
- UK Internet 'spy' plan condemned
In a report to the British government, spy agencies MI5 and MI6 and the police jointly request new legislation requiring communication service providers (CSPs) to log their traffic and keep the details for seven years. The proposals, drawn up by the National Criminal Intelligence Service (NCIS), suggest that the log would help the fight against cybercrime, paedophile rings, terrorism and drug trafficking.
- U.K. e-mail snooping bill passed
The surveillance bill granting the U.K. government sweeping powers to access e-mail and other encrypted Internet communications passed its final vote in the House of Commons on Wednesday and is set to become law on October 5 .
- The Wiretapping of Executives From Multinational Companies [webpage (re)moved]
S46 of the [UK Regulation of Investigatory Powers] Bill simply authorises 'any person by means of the exercise of a statutory power' to demand the key which will unlock the encryption." — A reason for multinationals to go elsewhere?
Hackers know the weaknesses in your system. Shouldn't you?
- Surveillance bill under fire
The critics say the legislation, if passed, could lead to innocent people being sent to jail simply because they have lost their data encryption codes.
- Cryptography's Role in Securing the Information Society
- Crypt Newsletter
- Center for Democracy and Technology: Encryption Issues
- Duncan Campbell's web site
- The University of Arizona has the following crypto web pages:
- Encryption Policy Resource Page
This web site is dedicted to educating Internet users, policy makers, and the public about the need to reform US encryption policy. On this site you will find a report by leading cryptographers and computer scientists which says that the U.S. Government encryption plan is risky and impractical.
- The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption.
The authors of this report conclude: "Key recovery systems are inherently less secure, more costly, and more difficult to use than similar systems without a recovery feature. The massive deployment of key-recovery-based infrastructures to meet law enforcement's specifications will require significant sacrifices in security and convenience and substantially increased costs to all users of encryption. Furthermore, building the secure infrastructure of the breathtaking scale and complexity that would be required for such a scheme is beyond the experience and current competency of the field, and may well introduce ultimately unacceptable risks and costs".
- Global Internet Liberty Campaign
- Quadralay's Cryptography Archive
- Cryptography, Encryption and Stenography Many links.
Email Encryption End-to-End Cryptosystem ME6 Email Encryption End-to-End Encryption and Security Hermetic Systems Home Page