Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 29 August 2014 at 9:04:54 AM, in mid:54003426.4030...@signal100.com, Mark Rousell wrote: Social interaction inevitably involves some extent of information sharing, and always has, but that doesn't mean that privacy (and all the nuanced concepts that are contained within that word) has somehow evaporated the first time you communicate with someone, or travel somewhere, etc. I think one of the major problems with social networks is the published and permanent record left behind by interactions that are experienced in a similar way to casual conversations. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Why is the universe here? Well, where else would it be? -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlQE6UhXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pPFMD/1io/C/rW9dIqYoRCVXi58xV9XFyVnERs1BX DbBlga1W6QtTju48MllBrtBtDPCThpJjWNvDPX9VtCSPdjOA2BZ9FycMSwg5GJO4 UuzjK4SQ4d6XC1eZ1b66AquWLIGniO3NX0p9gZFLQvRqp+AVIO7dJZv7lJ2cY0qu wwVWH2SP =oHUw -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 27/08/2014 11:16, Jason Antony wrote: What can't be controlled is when people who know you give out your personal details on social networks. It could happen because they may not see anything wrong with it, they may be tricked into it [games/surveys], or they wish to harm you. This is true and it's a good point but, as MFPA points out, it's not a new threat in principle. I think the key point still remains that what one shares with the world is very much under one's practical control, if one only remembers it. Social interaction inevitably involves some extent of information sharing, and always has, but that doesn't mean that privacy (and all the nuanced concepts that are contained within that word) has somehow evaporated the first time you communicate with someone, or travel somewhere, etc. -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 27/08/2014 11:46, d...@geer.org wrote: I fully agree with you, which means that I see few ways to preserve the liberty that privacy represents than to withdraw from much of civil society while it shares ever more -- sharing ever more on the I've got nothing to hide premise. Technology makes what is observable by others daily grow wider; lip reading robots, electric grids that know the noise signature of every device you own, smart cameras on every street corner, MIT's visual microphone, electronic health records that are and must be shared amongst providers plus the providers' paymasters, and on and on. That these are possible is worrisome; that they are widely built into services which promise convenience is the Pied Piper institutionalized. As I wrote elsewhere(*), we are becoming a society of informants -- I have nowhere to hide from you. I agree that information sharing, especially statutorily-imposed information collection and sharing, is a great threat to liberty. Fighting it is very difficult without fundamental reform of state structures. But this still does not mean that we need to share more than we want or need to where we have a choice, and we still do have lots of choices in this matter (especially in the context of my earlier message). -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
It is safe to say this thread has moved way off topic from being about using gnupg. Samir -- Samir Nassar sa...@samirnassar.com https://samirnassar.com PGP Fingerprint: EE76 B39E 0778 8F95 F796 B044 FE67 9A90 8E99 7AB2 Public Key: https://samirnassar.com/files/key.asc signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 27/08/2014 17:15, Robert J. Hansen wrote: Figure out what *precisely* you're concerned with, and start talking about that -- but privacy as a word has become so vague it's almost useless. If we can't describe precisely what we're afraid of losing, we're going to lose it and we won't even be able to accurately tell people what we've lost. This is a key point. The words privacy and liberty are too vague to be useful for this purpose. The big problem is that what we are losing is not easily amenable to rational explanation. It exists, it is real, it matters, and yet it is difficult to explain in intellectually precise terms. This lack of precision plays into the hands of those who desire to remove such liberties. Can anyone describe in clear, intellectually persuasive terms, why liberty (and privacy is a subsection of liberty) matters? No one should have to explain such things and yet that is what is now required. The second is a more general observation: authority tends to behave best when it's forced to submit to oversight. Corporations behave best when they're forced to answer to public shareholder meetings where anyone with a single share to their name can demand answers -- and if they don't get them, there's hell to pay. Politicians behave best when there's a free press following them around and asking them rude questions. Terrorists wear masks not to hide from the authorities, but to hide from their own communities -- social oversight would make their job impossible. Unfortunately, oversight only works when those in charge take it seriously. We as a society would rather watch reality television than television about reality: we'd rather watch _Big Brother_ than C-SPAN hearings about whether government has become Big Brother. Well observed. The third is that those who *do* care, tend to care in deeply broken ways. I can't tell you how many times I've run into self-styled privacy advocates here in the U.S. who are furious over how the U.S. has been reading their email. The only problem is there's very little evidence of that occurring. Reading email metadata, maybe, but not email content. When I try to explain that to them I usually find myself wondering inside of two minutes why I ever bothered trying to bring fact and reason to what is fundamentally an argument from passion and emotion. I have had people literally yell in my face over the metadata-versus-content distinction. When the front line of advocacy appears to be detached from reality in one way, and the body politic is detached from reality in another (reality television), well... how does one fix this? Surely the metadata versus data argument is something of a red herring. Whilst there are clear technical differences between metadata and data/content, the fact is that when the powers that be read my communications metadata without warrant and at will (something that I never gave them permission to look at), it is no less an invasion of my privacy than if they read the data/contents. The nature of communications metadata is that it can tell people who look at it a great deal about a person, information that may well be private in nature. Warrantless snooping in metadata is too much. I am also aware that there are longstanding legal definitions that treat metadata differently to content. Well, legal niceties be damned. Technical (and legal) differences between metadata and data/content notwithstanding, the reality is that when my communications metadata is snooped on without warrant and without my permission then it is an invasion of privacy, one that is indistinguishable in seriousness (both morally and practically, in terms of what can be inferred from metadata) from snooping on data/content itself. (For those who are about to point out that we willingly share communications metadata with service providers to allow for routing our communications to the right place, this is done intentionally and for the purposes of routing only. It does not follow that such metadata should be available to anyone and everything; it is still private information that we should have every right to expect is shared only for the purposes of communications routing). My reading of what Dan's said (I apologize, Dan, if I'm getting you wrong) is that he sees no way to stop the technological assault. I don't think that's quite true, though. If we were as a society to suddenly say, stop this, right now, let's establish some laws to protect the essential core of privacy, we'd do it. It seems to me that a great many people believe that there is nothing that can be done. They truly seem to think that the only thing to do is to give in and throw away all aspects of personal information/travel/communications privacy (whatever precise meanings privacy has in this context). It's a defeatist attitude and I think it's playing into the enemy's hands. Now I'm waving my arms and screaming at the other Eloi that they
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
(This did not seem to reach the list previously. Apologies if you've seen it twice.) On 27/08/2014 15:54, shm...@riseup.net wrote: actually you chose to step out of the front door today i assume ? you took the bus to work or maybe you drove ? i don't know, maybe a tractors more your thing, but you took it to the gas station and filled 'er up or you got breakfast at the deli before your meeting ? I think you are conflating separate things with questions like these. See Mark H Wood's comment above: It was never possible to live in perfect anonymity. You can't participate in society and be invisible to it at the same time. One has to accept being known, to some extent. So, secrecy is only one part of privacy.[...] how many times were you photographed by the big bad social network before your first coffee break? What big bad social network? First define what you mean by social network in this context. My earlier comment was, as I stated, primarily context of social networks and other media. You seem to mean something something different by the big bad social network. how can you as an individual be in control of this ? I choose where I go and what I do, both online (which was the main context of my earlier comment) and in the physical world. Whilst, as Mark Wood says above, some involvement in society inevitably involves sharing some information about oneself (and always has done), one can nevertheless to a massive extent choose how much one shares, what one says, and what one does. One does not need to blab everything to everyone. do you honestly believe you're in control of what information you share? To a very considerable extent, yes. It is a self-evident reality (although what I choose to share versus what I need to share varies on the specific context). I have not given way all control over my mind, body and actions. no prob, phone[sic] up FB or dr G and have a word to the secretary: yes sir, we just had a looksy can confirm all your bits are 100% accounted for, your datas are currently residing on 3,521 servers in 59 countries and if you like, we can press this red button and have it all removed straight away sir, no lawyer required, no warrant, no questions asked and a 100% satisfaction guarantee - this weeks promotion also includes free removal of your NSA vacuum trail, we can delete that too with the same red button because your data that we were forced to share can be accounted for exactly sir, we know where it went because we take pride in knowing we serve our customers best interests... What data on FB? Whilst, as Jason Anthony pointed out, other people can post information about me to social networks such as FB, data leakage by third parties is not a new risk (as MFPA observed). Apart from such data leakage, FB or other social networks only know about me what I choose to tell them. As I say, I do not need to blab to the world about everything. I *am* in practice in control of what I say and do and where I say and do it. which privacy policy thesis have you read cover-to-cover ? have you read it each time it was updated ? did you prepare yourself for opt-out changes ? Perhaps it is more sensible to control what one shares in the first place. which CV of yours have you parted ways with to prospective employers is equipped with nice little java scripts phoning home to your elaborately setup web server all-the-while alerting you to all those, whose pdf reader allows outgoing comms, who open your file ? where is your CV from 15 years ago - you know precisely how many people have read it don't you ? What point are you trying to prove here? Releasing a CV is still a controlled act, even though you don't necessarily know where it is going to get to. It is all a matter of choice. What you include is under your control. are kids confident that they know their snapchats will be deleted just like they were promised ? As I say, the better, wiser option would be to not post in the first place. where are these snap chats now - do they know lest do they care ? Wise people do care. Wiser people were always careful what they said on third party provided services. if you truly wanna be in control of your data, your gonna have to regulate and restrain yourself until your testicles are drawn over the back of your neck *or* accept it aint possible now, it may never be, and when you accept that you'll keep out of the loony bin fruit cake parlour I think you are looking at the whole situation through defeatist's eyes. :-) -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 29/08/2014 09:29, Samir Nassar wrote: It is safe to say this thread has moved way off topic from being about using gnupg. Samir Yes. My apologies for my part in taking it off-topic. -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
| Is this not the core of the question? In a world of social media | and sensor-driven everything, does not the very concept of private | information fade, per se? I believe it does. | | No. Taking part in social networks and other media is a choice. One can | a) choose not to take part at all, or b) choose how one takes part and | what information one shares. | | In short, privacy of information is still real, still relevant, and | still (largely) within the control of the individual. Tools such as | encryption help retain the reality of privacy of information. | | The question of privacy of information is of critical importance to | liberty. By choosing to believe that privacy (or specifically privacy of | information) is a concept that has fadeed you are playing into the | hands of those who would wish to forcefully strip us all of privacy, | whether we like or or not. That would be a mistake, I think. I fully agree with you, which means that I see few ways to preserve the liberty that privacy represents than to withdraw from much of civil society while it shares ever more -- sharing ever more on the I've got nothing to hide premise. Technology makes what is observable by others daily grow wider; lip reading robots, electric grids that know the noise signature of every device you own, smart cameras on every street corner, MIT's visual microphone, electronic health records that are and must be shared amongst providers plus the providers' paymasters, and on and on. That these are possible is worrisome; that they are widely built into services which promise convenience is the Pied Piper institutionalized. As I wrote elsewhere(*), we are becoming a society of informants -- I have nowhere to hide from you. --dan (*) We Are All Intelligence Officers Now http://geer.tinho.net/geer.rsa.28ii14.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2014-08-27 15:02, Mark Rousell wrote: No. Taking part in social networks and other media is a choice. One can a) choose not to take part at all, or b) choose how one takes part and what information one shares. What can't be controlled is when people who know you give out your personal details on social networks. It could happen because they may not see anything wrong with it, they may be tricked into it [games/surveys], or they wish to harm you. - -- Jason -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJT/a/3AAoJED1Q2DsLuMaGVu0P/2aLIXzQ/FMy3OqoIS2J+J6q YaWrgutyQCuPbVBcMoCxvAV/IMRePEQr/LEApo+AC6n2rl3vnUpBsuvhp/Ehl5lR KzBviDhOYduz1jtaxA5dL2hk9Jof7ky5dMVlD0f2x4RNJKpNx+AYGgE+VN5QKSsV 0IRrf5c4qVWSgZnYpLVe6tATm67fz1FrVQ+lJjp1xtTKWzoH2Tmcaon3vWvSfDwJ 4HevrL+/daV+EgueqZuRQwnym0tAlysIm6YLDCe6NMkIwCWZR+wQjagKEqBnTkpx rtkoyxuk7PTtccDBzXleK1R9hbaokjpL1ygLpL33lwTkOEkkV1Oxi90QS5hM3pyX hA/s+NEpZbG9kj+UuHFygu/TdIpRBYgzN0i1r/tBulADYlVHsVSMHOwr+y0Tfuxk dkjJTy18R/gmD44WttmRNq7K3fnUzgsoenrz++fp9X/LDlSx0T9GWnBmUsUq3SzR 1WeBtE5bw5J7hJzAVT2DX/8f6fDtOk/Yit0eIxKu/odLaMekbFOEt3OTmmFlfYkT nHYRRU60Z6embBttTpRmdp9eU0jEjxuNNV2Tkec39fGLa6sOtltlUvz3dgjeYIt1 rpv4RaXAD4DUD60ODJwbBDUFTCo9qWBE3d3NZ67rna6ImBbrSzIMF2MqAil/qxnl wuPBrzrlW4xE4POZKXl/ =oyuC -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On Wed, Aug 27, 2014 at 06:46:13AM -0400, d...@geer.org wrote: | Is this not the core of the question? In a world of social media | and sensor-driven everything, does not the very concept of private | information fade, per se? I believe it does. | | No. Taking part in social networks and other media is a choice. One can | a) choose not to take part at all, or b) choose how one takes part and | what information one shares. | | In short, privacy of information is still real, still relevant, and | still (largely) within the control of the individual. Tools such as | encryption help retain the reality of privacy of information. | | The question of privacy of information is of critical importance to | liberty. By choosing to believe that privacy (or specifically privacy of | information) is a concept that has fadeed you are playing into the | hands of those who would wish to forcefully strip us all of privacy, | whether we like or or not. That would be a mistake, I think. I fully agree with you, which means that I see few ways to preserve the liberty that privacy represents than to withdraw from much of civil society while it shares ever more -- sharing ever more on the I've got nothing to hide premise. Technology makes what is observable by others daily grow wider; lip reading robots, electric grids that know the noise signature of every device you own, smart cameras on every street corner, MIT's visual microphone, electronic health records that are and must be shared amongst providers plus the providers' paymasters, and on and on. That these are possible is worrisome; that they are widely built into services which promise convenience is the Pied Piper institutionalized. As I wrote elsewhere(*), we are becoming a society of informants -- I have nowhere to hide from you. It was never possible to live in perfect anonymity. You can't participate in society and be invisible to it at the same time. One has to accept being known, to some extent. So, secrecy is only one part of privacy. Another part is effectively asserting what you believe is right. Just because someone knows something about you, doesn't mean he understands it or can argue properly. Challenge the idiots, the misinformed, the insufficiently educated, the malicious, and make their misuse of your personal information costly. Without that, you will indeed live in a bubble of privacy which steadily shrinks until it evaporates entirely. Lies, rumors, and faulty logic readily die of exposure. Expose them! If someone attacks your secrets...attack his! The falsity of a false argument is one of your opponent's centers of gravity, so strike it to keep him busy protecting it. Secrecy alone is defensive. The term for a purely defensive figher is loser. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Mark Carousel wrote: On 23/08/2014 11:16, d...@geer.org wrote: On 2014-08-22 at 21:13, Rejo Zenger wrote: Open data and transparency should only be about what concerns everybody, like government actions, trains schedule, etc. not private information. Is this not the core of the question? In a world of social media and sensor-driven everything, does not the very concept of private information fade, per se? I believe it does. No. Taking part in social networks and other media is a choice. One can a) choose not to take part at all, or b) choose how one takes part and what information one shares. actually you chose to step out of the front door today i assume ? you took the bus to work or maybe you drove ? i don't know, maybe a tractors more your thing, but you took it to the gas station and filled 'er up or you got breakfast at the deli before your meeting ? how many times were you photographed by the big bad social network before your first coffee break? how can you as an individual be in control of this ? how is it a choice ? do you honestly believe you're in control of what information you share? no prob, phone[sic] up FB or dr G and have a word to the secretary: yes sir, we just had a looksy can confirm all your bits are 100% accounted for, your datas are currently residing on 3,521 servers in 59 countries and if you like, we can press this red button and have it all removed straight away sir, no lawyer required, no warrant, no questions asked and a 100% satisfaction guarantee - this weeks promotion also includes free removal of your NSA vacuum trail, we can delete that too with the same red button because your data that we were forced to share can be accounted for exactly sir, we know where it went because we take pride in knowing we serve our customers best interests... which privacy policy thesis have you read cover-to-cover ? have you read it each time it was updated ? did you prepare yourself for opt-out changes ? which CV of yours have you parted ways with to prospective employers is equipped with nice little java scripts phoning home to your elaborately setup web server all-the-while alerting you to all those, whose pdf reader allows outgoing comms, who open your file ? where is your CV from 15 years ago - you know precisely how many people have read it don't you ? used to be fun getting prints back from the lab of you and your partner having fun times; there was a certain nativity before high-speed data comms; and who prints photos now anyway, huh ! are kids confident that they know their snapchats will be deleted just like they were promised ? where are these snap chats now - do they know lest do they care ? to err is human, but to forgive divine - how do you tell hard disks this ? geer's point about moving to a new town also relevant about not forgetting the past if you truly wanna be in control of your data, your gonna have to regulate and restrain yourself until your testicles are drawn over the back of your neck *or* accept it aint possible now, it may never be, and when you accept that you'll keep out of the loony bin fruit cake parlour or, don't have any data, go to the amazon heck, you probly knew how your traffic was being routed through iceland, why it was, who did it and what the content was, right ? In short, privacy of information is still real, still relevant, and still (largely) within the control of the individual. Tools such as encryption help retain the reality of privacy of information. The question of privacy of information is of critical importance to liberty. By choosing to believe that privacy (or specifically privacy of information) is a concept that has fadeed you are playing into the hands of those who would wish to forcefully strip us all of privacy, whether we like or or not. That would be a mistake, I think. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Jason Antony wrote: On 2014-08-27 15:02, Mark Rousell wrote: No. Taking part in social networks and other media is a choice. One can a) choose not to take part at all, or b) choose how one takes part and what information one shares. What can't be controlled is when people who know you give out your personal details on social networks. It could happen because they may not see anything wrong with it, they may be tricked into it [games/surveys], or they wish to harm you. it could also happen because that's what FB wants too: http://owni.eu/2012/07/24/facebook-added-informant/ -- Jason ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
I fully agree with you, which means that I see few ways to preserve the liberty that privacy represents than to withdraw from much of civil society while it shares ever more... I see a couple, but much like Dan, I'm not optimistic about them. The first is this: *stop talking about privacy*. What people are calling 'privacy' is really a large number of concepts which are all being glommed together under the umbrella of 'privacy', but these concepts may not all belong together at all. Figure out what *precisely* you're concerned with, and start talking about that -- but privacy as a word has become so vague it's almost useless. If we can't describe precisely what we're afraid of losing, we're going to lose it and we won't even be able to accurately tell people what we've lost. The second is a more general observation: authority tends to behave best when it's forced to submit to oversight. Corporations behave best when they're forced to answer to public shareholder meetings where anyone with a single share to their name can demand answers -- and if they don't get them, there's hell to pay. Politicians behave best when there's a free press following them around and asking them rude questions. Terrorists wear masks not to hide from the authorities, but to hide from their own communities -- social oversight would make their job impossible. Unfortunately, oversight only works when those in charge take it seriously. We as a society would rather watch reality television than television about reality: we'd rather watch _Big Brother_ than C-SPAN hearings about whether government has become Big Brother. The third is that those who *do* care, tend to care in deeply broken ways. I can't tell you how many times I've run into self-styled privacy advocates here in the U.S. who are furious over how the U.S. has been reading their email. The only problem is there's very little evidence of that occurring. Reading email metadata, maybe, but not email content. When I try to explain that to them I usually find myself wondering inside of two minutes why I ever bothered trying to bring fact and reason to what is fundamentally an argument from passion and emotion. I have had people literally yell in my face over the metadata-versus-content distinction. When the front line of advocacy appears to be detached from reality in one way, and the body politic is detached from reality in another (reality television), well... how does one fix this? My reading of what Dan's said (I apologize, Dan, if I'm getting you wrong) is that he sees no way to stop the technological assault. I don't think that's quite true, though. If we were as a society to suddenly say, stop this, right now, let's establish some laws to protect the essential core of privacy, we'd do it. The problem I see is the old one of the Eloi and the Morlocks... and I feel like an Eloi who fell down into the Morlock tunnels and spent just barely enough time down there to get a sense of just how bad it's going to be. Now I'm waving my arms and screaming at the other Eloi that they aren't going to like what happens when the Morlocks come, but nobody's listening to me. I'm getting in the way of the latest special about the Kardashians, you see... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 27 August 2014 at 5:15:09 PM, in mid:53fe040d.2080...@sixdemonbag.org, Robert J. Hansen wrote: I've run into self-styled privacy advocates here in the U.S. who are furious over how the U.S. has been reading their email. The only problem is there's very little evidence of that occurring. Reading email metadata, maybe, but not email content. When I try to explain that to them I usually find myself wondering inside of two minutes why I ever bothered trying to bring fact and reason to what is fundamentally an argument from passion and emotion. I have had people literally yell in my face over the metadata-versus-content distinction. Is there really as much of a distinction as some would have us believe? The EFF [0] puts it quite well, albeit using phone rather than email metadata:- They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don't know what you talked about. They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret. They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed. They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion. They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day. But nobody knows what you spoke about. Sorry, your phone records—oops, so-called metadata—can reveal a lot more about the content of your calls than the government is implying. Metadata provides enough context to know some of the most intimate details of your lives. [0] https://www.eff.org/deeplinks/2013/06/why-metadata-matters - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Wisdom is a companion to age; yet age may travel alone. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlP+L3VXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pX1MEAKiauaH6FXvPNvQZZNlq97jz3yCtO7u08eKo 0IxEjXpv85USf22kVxzQZ6gIjnbbmaw2IHrLYk2lbFVsC78tf0nJAvqPlp8uDJG3 XNeId6xqPjcfTQh0TdUtl829Z9mIcaaOgCkuOvRSqEKwrHUslnXvmLP98bEMhuwS 0afKQ0EP =p6H2 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 27 August 2014 at 11:16:24 AM, in mid:53fdaff8.30...@gmail.com, Jason Antony wrote: What can't be controlled is when people who know you give out your personal details on social networks. It could happen because they may not see anything wrong with it, they may be tricked into it [games/surveys], or they wish to harm you. Remove the words on social networks and you have a statement that was true long before the invention of the internet. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Day-old pastry is hollow succour to a man who is bereft of ostrich. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlP+MJpXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p3soD/1jpTbNR9NtBQuzedWP+tUIKSdDGDRxb5Yte lkzkJ2n3rNhn/ZwukpLqq7Zhs091+nBsB0Ct7hHIjzVdGED41tnVwbvkIltzkJY+ lzOnZn5UtkGp5DiGKdCdaqhI4fRy1uFPi88qjee2jEBpiShp1zV0RLYOND5zo9Gd wqJPrVyc =GcTY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Is there really as much of a distinction as some would have us believe? Yes, absolutely. If the problem is X and your advocacy loudly insists that Y is happening, then you're (a) not solving X (although Y might need fixing anyway), and (b) all the people you've persuaded to join your cause will desert you as soon as they discover you were totally uninformed. As an example: malaria kills millions of children worldwide. Imagine an advocate telling people, we must end malaria, and we can start by getting these villages clean drinking water!, and getting tens of thousands of people to donate money to the cause of drilling safe water wells in the developing world. Yes, preventable diseases caused by unclean drinking water is a *very* serious problem, and yes, those wells will almost certainly ameliorate some problems... but it will do absolutely nothing to stop the spread of malaria. How do you think people who bought into the advocacy, who believed they were saving the world from malaria, will react when someone comes along and tells them, uh, the advocate was completely wrong, and although you may have done some good for the eradication of, I don't know, cholera or something, you've had zero effect on malaria? I'll tell you what happens -- an epidemic of cynicism. And that hurts us all. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 27 August 2014 at 8:37:10 PM, in mid:53fe3366.6010...@sixdemonbag.org, Robert J. Hansen wrote: Is there really as much of a distinction as some would have us believe? Yes, absolutely. If the problem is X and your advocacy loudly insists that Y is happening, then you're (a) not solving X (although Y might need fixing anyway), and (b) all the people you've persuaded to join your cause will desert you as soon as they discover you were totally uninformed. A good point well made. The act of collecting metadata is distinct from the act of collecting content. But there will be significant overlap between the dataset collected by somebody harvesting content and the inferences about somebody's life that could be drawn by somebody harvesting metadata. I had hoped the quote from the EFF website would illustrate this. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Don't be silly, it's all make believe anyway -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlP+bl9XFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p9RIEAJQDY9Sam7o5hXGcGzMZ5gKKoss30cfC/DTU pHiARmg6gurELF9hQKVDcYH6WP1SIEqQDjO/3J4hpTvAdv6ukIaWqbPyzmjoRLgG jBQXlX7tsTCYEx0ylFg70rjNOUTe0r0S9dXUVWv2KUZff595OVfGzsVIE0Adz73p fJ8cEg8Q =g3iy -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
But there will be significant overlap between the dataset collected by somebody harvesting content and the inferences about somebody's life that could be drawn by somebody harvesting metadata. I had hoped the quote from the EFF website would illustrate this. For some individuals, yes. For others, not so much. While traffic analysis is a tremendously powerful tool it does not apply to all parties to equal degrees. It was also part of why I used the metaphor that I did. Malaria and cholera are two different diseases that often are found in the same populations and some of their symptoms mimic each other. One is a mosquito-borne parasitic disease, and the other is caused by unsafe drinking water. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 23/08/2014 11:16, d...@geer.org wrote: On 2014-08-22 at 21:13, Rejo Zenger wrote: Open data and transparency should only be about what concerns everybody, like government actions, trains schedule, etc. not private information. Is this not the core of the question? In a world of social media and sensor-driven everything, does not the very concept of private information fade, per se? I believe it does. No. Taking part in social networks and other media is a choice. One can a) choose not to take part at all, or b) choose how one takes part and what information one shares. In short, privacy of information is still real, still relevant, and still (largely) within the control of the individual. Tools such as encryption help retain the reality of privacy of information. The question of privacy of information is of critical importance to liberty. By choosing to believe that privacy (or specifically privacy of information) is a concept that has fadeed you are playing into the hands of those who would wish to forcefully strip us all of privacy, whether we like or or not. That would be a mistake, I think. -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 22 August 2014 at 3:17:30 AM, in mid:53f6a83a.1050...@sixdemonbag.org, Robert J. Hansen wrote: I respectfully submit that once the definition is broadened that far, the word ceases to have probative value. But if that's the definition people want to use, then I'll just shrug, register my objection, and move on. :) I prefer the far more succinct definition from Oxford Dictionaries [0] Close observation, especially of a suspected spy or criminal Origin: early 19th century: from French, from sur- 'over' + veiller 'watch' (from Latin vigilare 'keep watch'). [0] https://www.oxforddictionaries.com/definition/english/surveillance - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net When duty calls...hang up immediately -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlP7HBVXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pGUMD/2Y+AOso9CM72Ft0JTY9+uXg0lPwBxaEOACs njnPWJKxb7FTVRwMhxdCS54ePcBg2NZVkVARm/hBX58aLI4L7kTUfJOtu3E612ku BeaGTy1SXWep+Rzh+UJ2ebi+KY3nHYBir0N5GHOIeFcur1025yh9yq3x9d2l6a6d HkEodcr2 =P7/M -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 2014-08-22 at 21:13, Rejo Zenger wrote: Open data and transparency should only be about what concerns everybody, like government actions, trains schedule, etc. not private information. Is this not the core of the question? In a world of social media and sensor-driven everything, does not the very concept of private information fade, per se? I believe it does. We Are All Intelligence Officers Now http://geer.tinho.net/geer.rsa.28ii14.txt --dan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 2014-08-23 at 12:16, d...@geer.org wrote: On 2014-08-22 at 21:13, Rejo Zenger wrote: Open data and transparency should only be about what concerns everybody, like government actions, trains schedule, etc. not private information. Is this not the core of the question? In a world of social media and sensor-driven everything, does not the very concept of private information fade, per se? I believe it does. It will be when any kind of authority (thus hierarchy) or intolerance (thus ignorance/inconsciousness) would have *perfectly disappeared*. Whenever it’s possible or not, we can still see that today it isn’t so, therefore privacy still has importance. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
| On 2014-08-23 at 12:16, d...@geer.org wrote: | On 2014-08-22 at 21:13, Rejo Zenger wrote: | Open data and transparency should only be about what concerns everybody, | like government actions, trains schedule, etc. not private information. | | Is this not the core of the question? In a world of social media | and sensor-driven everything, does not the very concept of private | information fade, per se? I believe it does. | | It will be when any kind of authority (thus hierarchy) or intolerance | (thus ignorance/inconsciousness) would have *perfectly disappeared*. | Whenever it's possible or not, we can still see that today it isn't so, | therefore privacy still has importance. Given that Philosophical and legal analysis has often identified privacy as a precondition for the development of a coherent self. -- Phil Agre, The Architecture of Identity, 1998 one must conclude that it is a mortal peril to give up privacy, at least before, as you said, evil has disappeared from the face of the Earth. My point was and is simply that nearly everything is now observable IN PUBLIC. Technology makes this possible but it social media and sensor networks through which that technology brings observability of the heretofore unobservable to the attention of whomever wants it. That trend cannot be undone, ergo, I said in the speech, [W]e are becoming a society of informants. In short, I have nowhere to hide from you. This being the gnupg list, we are likely now in a rat hole, but if we are not yet there, then let me ask a question: Many's the member of this list who posts under a pseudonym. Is pseudonymous posting a privacy-preserving tactic or something else? --dan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 08/23/2014 08:08 PM, d...@geer.org wrote: | On 2014-08-23 at 12:16, d...@geer.org wrote: | On 2014-08-22 at 21:13, Rejo Zenger wrote: | Open data and transparency should only be about what concerns everybody, | like government actions, trains schedule, etc. not private information. | | Is this not the core of the question? In a world of social media | and sensor-driven everything, does not the very concept of private | information fade, per se? I believe it does. | | It will be when any kind of authority (thus hierarchy) or intolerance | (thus ignorance/inconsciousness) would have *perfectly disappeared*. | Whenever it's possible or not, we can still see that today it isn't so, | therefore privacy still has importance. Given that Philosophical and legal analysis has often identified privacy as a precondition for the development of a coherent self. -- Phil Agre, The Architecture of Identity, 1998 one must conclude that it is a mortal peril to give up privacy, at least before, as you said, evil has disappeared from the face of the Earth. My point was and is simply that nearly everything is now observable IN PUBLIC. Technology makes this possible but it social media and sensor networks through which that technology brings observability of the heretofore unobservable to the attention of whomever wants it. That trend cannot be undone, ergo, I said in the speech, [W]e are becoming a society of informants. In short, I have nowhere to hide from you. This being the gnupg list, we are likely now in a rat hole, but if we are not yet there, then let me ask a question: Many's the member of this list who posts under a pseudonym. Is pseudonymous posting a privacy-preserving tactic or something else? --dan Pseudonymous posting is (of course) a privacy-preserving tactic. I'm not sure what you mean by or something else. Privacy is rather orthogonal to good vs evil, if that's what you're getting at. My response to the panopticon involves fragmenting my observable activity among multiple personae. Each persona has its unique set of interests and activities. Some, such as mirimir, are stable and very public. Others are very transient, and private. Each is appropriately isolated from my true identity, and from the other personae, through such technologies as virtual machines, VPN services, Tor and JonDonym. It's true that none of my personae use smartphones and other tracking devices. But that's just because relevant technologies for spoofing identity, location and so on are too immature. I have faith in the Guardian Project. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 2014-08-22 at 01:16, Robert J. Hansen wrote: On 8/21/2014 3:35 PM, Johannes Zarl wrote: Compiling a collection of publicly available information is an almost perfect description of the term surveillance. E.g. a surveillance camera does exactly that: it collects publicly available information. So does the phone book, Wikipedia, and IMDB. We don't call them surveillance. The difference in the relation we have with information is who does it concern: when it concerns everybody (like Science, information about politics, events, Philosophy, Art, etc. what generally is what Wikipedia contains, aka “encyclopedic informations”), it should be shared among everyone, and not doing so is taking part in some kind of oppression (like stopping people from sharing a software); when it concerns only some people (like private information, one-to-one communication, etc.) it should be keep secret amoung the few people it concerns, otherwise it is also taking part in some kind of oppression (like surveilling, spying, controlling). That’s why we ask for more transparency from the powerfull and more privacy to the weak. When someone watch the tweets of some friends of some person discussing with some others, while not knowing and not being interested of it, even if it doesn’t concerns her, just to spy the person, it *is* surveillance. Though Twitter haven’t sophisticated privacy features like circles or groups, so it’s possible even if it’s not always a good thing. The same applies to IP. In this case, it does concern only the person owning the house what color is it, what is the model of door, of lock, of key and how to open it. So even if it’s “publicly available information” (like in Twitter, Facebook, or any potentially privacy-harmful social network) it shouldn’t be collected without hurting someone’s freedom, so here the usefulness of the GNU patch for it :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
++ 22/08/14 11:38 +0200 - Garreau, Alexandre: The difference in the relation we have with information is who does it concern: when it concerns everybody (like Science, information about politics, events, Philosophy, Art, etc. what generally is what Wikipedia contains, aka “encyclopedic informations”), it should be shared among everyone, and not doing so is taking part in some kind of oppression (like stopping people from sharing a software); when it concerns only [...] That's an interesting point of view - or there is some misunderstanding on my end. Let's say the NSA does not only surveil all kinds of communications as it does right now, but it also publishes this information (open data in governmental speak), then there is no oppression according to you? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgptvL6RnRebe.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Can I ask that the whole discussion of what is or is not surveillance be taken off line somewhere? It really doesn't matter what we call it, the interesting bit here is that we know all kinds of data are being collected by all kinds of folks. That leaves open the (IMO much more interesting) question of what we can DO to protect our communication channels. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Or, to put it another way: security through obscurity is ok. as long as no one finds out, or goes looking for, public information, everything's hidden well enough. Regards, Charlie 602.420.4123 -Original Message- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Rejo Zenger Sent: Friday, August 22, 2014 12:14 PM To: gnupg-users@gnupg.org Subject: Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back ++ 22/08/14 11:38 +0200 - Garreau, Alexandre: The difference in the relation we have with information is who does it concern: when it concerns everybody (like Science, information about politics, events, Philosophy, Art, etc. what generally is what Wikipedia contains, aka “encyclopedic informations”), it should be shared among everyone, and not doing so is taking part in some kind of oppression (like stopping people from sharing a software); when it concerns only [...] That's an interesting point of view - or there is some misunderstanding on my end. Let's say the NSA does not only surveil all kinds of communications as it does right now, but it also publishes this information (open data in governmental speak), then there is no oppression according to you? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 2014-08-22 at 21:13, Rejo Zenger wrote: ++ 22/08/14 11:38 +0200 - Garreau, Alexandre: The difference in the relation we have with information is who does it concern: when it concerns everybody (like Science, information about politics, events, Philosophy, Art, etc. what generally is what Wikipedia contains, aka “encyclopedic informations”), it should be shared among everyone, and not doing so is taking part in some kind of oppression (like stopping people from sharing a software); when it concerns only […] That's an interesting point of view - or there is some misunderstanding on my end. Let's say the NSA does not only surveil all kinds of communications as it does right now, but it also publishes this information (open data in governmental speak), then there is no oppression according to you? I didn’t say it was related to what usage was made of information or to whom it was available but to *who it concerns*. Actually if you publish private information it changes nothing: it remains private information concerning only its initial possessor, and making other people acknowledge it is giving them power an harm to the freedom of one who has her privacy harmed. Open data and transparency should only be about what concerns everybody, like government actions, trains schedule, etc. not private information. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Original Message Subject:GNU hackers discover HACIENDA government surveillance and give us a way to fight back Date: Wed, 20 Aug 2014 18:02:21 -0400 From: Free Software Foundation i...@fsf.org Reply-To: Free Software Foundation i...@fsf.org To: david cooper da...@gbenet.com Dear david, GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program. According to Heise newspaper http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-Internet-Colonization-2292681.html, the intelligence agencies of the United States, Canada, United Kingdom, Australia, and New Zealand, have used HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. The agencies have shared this map and use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources and cover its tracks. But this was not enough to stop the team of GNU hackers and their collaborators. After making key discoveries about the details of HACIENDA, Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn designed the TCP Stealth https://gnunet.org/kirsch2014knock system to protect unadvertised servers from port scanning. They revealed their work at the recent annual GNU Hackers' Meeting https://www.gnu.org/ghm/ in Germany. You can view a video announcing the discovery on fsf.org. Please be sure to share this with everyone you know who cares about bulk surveillance. https://fsf.org/blogs/community/gnu-hackers-discover-hacienda-government-surveillance-and-give-us-a-way-to-fight-back?pk_campaign=haciendapk_kwd=email We must fight the political battle for an end to mass surveillance and reduce the amount of data collected about people in the first place https://www.gnu.org/philosophy/surveillance-vs-democracy. On an individual level we have to do everything we can to thwart the surveillance programs that are already in place. *No matter your skill level, you can get involved at the FSF's surveillance page https://www.fsf.org/campaigns/surveillance/?pk_campaign=haciendapk_kwd=email.* Ethical developers inside and outside GNU have been working for years on free software that does not keep secrets from users, and programs that anyone can review to remove potential vulnerabilities. These capabilities give free software users a fighting chance against surveillance. Now, our community is turning its attention to uncovering and undermining insidious programs like HACIENDA. Free software and its ideals are crucial to putting an end to government bulk surveillance. *Share this news with your friends, to help make people aware of the importance of free software in fighting bulk surveillance.* /Jacob Appelbaum of the TCP Stealth team gave a remote keynote address at the FSF's LibrePlanet conference this year. Watch the recording of Free Software for freedom: Surveillance and you. http://media.libreplanet.org/u/zakkai/m/free-software-for-freedom-surveillance-and-you// Libby Reinish and Zak Rogoff Campaigns Managers /You can view this post online https://fsf.org/blogs/community/gnu-hackers-discover-hacienda-government-surveillance-and-give-us-a-way-to-fight-back?pk_campaign=haciendapk_kwd=email./ Follow us on GNU social https://status.fsf.org/fsf | Subscribe to our blogs via RSS https://fsf.org/blogs/RSS | Join us as an associate member https://www.fsf.org/jf Sent from the Free Software Foundation, 51 Franklin Street Floor 5 Boston, Massachusetts 02110-1301 United States Unsubscribe https://crm.fsf.org/civicrm/mailing/unsubscribe?reset=1jid=130737qid=8855621h=99b000cc86f54969 from this mailing list. Stop all email https://crm.fsf.org/civicrm/mailing/optout?reset=1jid=130737qid=8855621h=99b000cc86f54969 from the Free Software Foundation, including Defective by Design, and the Free Software Supporter newsletter. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT9fHvAAoJENIbRAX92h7yw2gP/jKM6E+MJ/60m5Hh9Pd5Po/U 86429oQ6oxBhrPbYvGmvhBKEMpVy6ueoHE21cDrsD555JxLecLbwLk1izDLovgbX HLe5utkRsH+t7L5BcvBDMsKfgmmPMxxrG9PxIZHYE5R07taMvs0Wx3+MJytziNrG +UorpWHynOKT4LSbnFXxT0psq+sk6D2bZXXmEcbpr6Rv5+Uf1KF0EukxVi54qtsN 5R4HVZkCmr/fVUIxMEjQpdZTcuNXQHZni2b5LHXXLII72/Rw6bR9Frp1pU29bWl2 4zKeD2D7o7l1tsMiKuLrM0aWPzrdfXbqmZTrqxNew1DFNdr0CdTZhAz/eP76SVj8 4av9WxlN9EEdMQmN1yA6C96pKs6ZDOVfajRmx6O5/aFQjOA8PY8b4AcBtyfbKWK9 n6O3op2xvR6vfPJletqffFuCkCWCmkhU7155gBc3M6rLoxTj9jreCjB4duAnQi23 e6Wt3Kwvq+GH8jUJt30QpzCkeRcPz4wOrPaiO4dMdi1xV3G5/5BB2si+qmWHecuu
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. The good news? Those same hackers have already worked out a free software countermeasure to thwart the program. A little late to the party. This sort of thing's gone on in the private sector for at least six years -- that's when I first encountered a business that continually portscanned the entire IPv4 address space, service identification, and identification of known vulnerabilities against those services. Last I checked there were at least four businesses doing this, and selling their results to anyone who could cough up $10K a year for a subscription. Also note that, contrary to the FSF's press release, this isn't government surveillance. It isn't even surveillance in the usual sense of the word. If you run a public service like HTTP, how is it surveillance for someone, anyone, to say the server sixdemonbag.org, located at IP address 111.222.333.444, is running FooHTTPD 3.17? That's like driving down the street and reporting on what colors people's houses are and whether they have their garage door open. Distasteful, sure. But surveillance seems to mean something more: someone listening in on things that you have good reason to believe are private. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Robert J. Hansen: [snip] Also note that, contrary to the FSF's press release, this isn't government surveillance. It isn't even surveillance in the usual sense of the word. If you run a public service like HTTP, how is it surveillance for someone, anyone, to say the server sixdemonbag.org, located at IP address 111.222.333.444, is running FooHTTPD 3.17? That's like driving down the street and reporting on what colors people's houses are and whether they have their garage door open. Distasteful, sure. But surveillance seems to mean something more: someone listening in on things that you have good reason to believe are private. I'm not happy with that definition/understanding of surveillance. It's not just about reporting on what colors people's houses are - it's more about someone going to every door, trying to open it, and noting what kind of door and lock there is. Then, comes back with a key, opens the door, installs cameras and other things. Next, he continues with the next house, but if someone finds him, he says he's you. And then walks to the next house. HACIENDA itself may not be surveillance, because it is an active attack/attempt to actively connect to a TCP socket and not just (passively) monitoring how other people connect to the server. However on a meta-level (=government), this is surveillace, because they look for things that you have good reason to believe are private (remember the slide that lists passwords as publicly available information...). ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
I'm not happy with that definition/understanding of surveillance. It's not just about reporting on what colors people's houses are - it's more about someone going to every door, trying to open it, and noting what kind of door and lock there is. Then, comes back with a key, opens the door, installs cameras and other things. Next, he continues with the next house, but if someone finds him, he says he's you. And then walks to the next house. If it escalates to an intrusion, then yes, that's definitely surveillance in my book. Compiling a collection of publicly available information is not. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On Thursday 21 August 2014 11:41:40 Robert J. Hansen wrote: If it escalates to an intrusion, then yes, that's definitely surveillance in my book. Compiling a collection of publicly available information is not. Compiling a collection of publicly available information is an almost perfect description of the term surveillance. E.g. a surveillance camera does exactly that: it collects publicly available information. Your initial example, That's like driving down the street and reporting on what colors people's houses are and whether they have their garage door open. , is also a nice example of surveillance. The information is not by definition harmful to anyone, yet has the potential to be used against someone. Mr. and Mrs. Smith always leave the garage door open in summer, except for one week a year, when they also close the bathroom window. is trivial, maybe even boring information to most people. To someone with bad intent this information might be a lot more interesting. Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On 8/21/2014 3:35 PM, Johannes Zarl wrote: Compiling a collection of publicly available information is an almost perfect description of the term surveillance. E.g. a surveillance camera does exactly that: it collects publicly available information. So does the phone book, Wikipedia, and IMDB. We don't call them surveillance. The information is not by definition harmful to anyone, yet has the potential to be used against someone. Name me any piece of non-trivial information which doesn't have the potential to be used against someone. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'm sorry, I know this is OT for the list, but... Am 21.08.2014 um 15:54 schrieb Robert J. Hansen: GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. (...) (...) Also note that, contrary to the FSF's press release, this isn't government surveillance. It isn't even surveillance in the usual sense of the word. (...) On the contrary, IMO this sort of thing is fully encompassed by the word surveillance, at least as far as I have always understood it. Otherwise any surveillance camera installed in a public or publicly accessible place would not be one, by definition, since it is only gathering publicly available information. After all, when I go out of the house I cannot reasonably expect to have all my actions and whereabouts remain private. I might meet someone I know who would then know where and when they saw me. And yet, if I was being either (a) systematically tracked through cameras and face recognition software, or (b) followed by people/drones (or (c), both) so my every step (in public, mind) would be recorded, then I would absolutely call that surveillance. What else could it possibly be? And if a system was put in place that would simply track everyone as in (a), then what else could we call it but mass surveillance? And yet, it's only gathering publicly available information. Of course, surveillance, _can_ mean a lot more than that: (...) But surveillance seems to mean something more: someone listening in on things that you have good reason to believe are private. I would call that espionage, snooping, spying etc., but yes, this also absolutely falls under the heading of surveillance. It's just one facet, though. Cheers gabe -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCgAGBQJT9nbHAAoJEO7XEikU4kSzPb0IALtekGE2FrH2p/J2mTcBq73o 5yIzc3g3pVzRUbFE01JXYluZGxVgSmJabF9dcnjhZyeGIlN5GxncLln9Bo0CdJKo rjMjpysWYQFiKFTrN4TVWkpfTDN/PhbnCrNYQiHjk07QbFCG8YOvO0p4bwDxAED7 8Wnmq5UyHqCRvv55UerXbvEuYky36EoF5JHtDidv/6ioO9l66+7a0jgoWuD1ovWq kGAPy53NheLlDqqx0MDdb4t70YTrImZma0/Cvd4ucD0L2oBygSmIFnFeYyl3lNaS 9cVd/91yRQ+QEuKwdSLbtgkcybpcY8t9G1uzKqF5Bv9PeDv3xjNCpnC/ZN2TsRs= =zyGr -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On Fri, Aug 22, 2014 at 12:46:38AM +0200, Gabriel Niebler wrote: On the contrary, IMO this sort of thing is fully encompassed by the word surveillance, at least as far as I have always understood it. Otherwise any surveillance camera installed in a public or publicly accessible place would not be one, by definition, since it is only gathering publicly available information. Just to get pedantic, according to Wikipedia [1]: Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people for the purpose of influencing, managing, directing or protecting them. This can include observation from a distance by means of electronic equipment (such as CCTV cameras), or interception of electronically transmitted information (such as Internet traffic or phone calls); and it can include simple, relatively no- or low-technology methods such as human intelligence agents and postal interception. The word surveillance comes from a French phrase for watching over (sur means from above and veiller means to watch), and is in contrast to more recent developments such as sousveillance. 1- https://en.wikipedia.org/wiki/Surveillance From that, I gather that surveillance is to gather information with the intent of influencing, managing, directing, or protecting [people]. HACIENDA is gathering public information, with the intent to plan intrusions into the servers. That seems pretty clear to me that HACIENDA is indeed a surveillance program. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgpJuz0Q2iFPh.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Hi, Name me any piece of non-trivial information which doesn't have the potential to be used against someone. What do you mean by non-trivial? Regards, Filip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
Just to get pedantic, according to Wikipedia [1]: First, thank you for citing a definition rather than using a loose handle on a notion. I genuinely appreciate it! That seems pretty clear to me that HACIENDA is indeed a surveillance program. It also means that a newspaper reporting on the outcome of a soccer match is a surveillance program, since it influences the outcome of gamblers who have twenty euros on the game. I respectfully submit that once the definition is broadened that far, the word ceases to have probative value. But if that's the definition people want to use, then I'll just shrug, register my objection, and move on. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users