Prism break: Minimize surveillance and protect your privacy
-
Upload
djtennant -
Category
Technology
-
view
881 -
download
0
description
Transcript of Prism break: Minimize surveillance and protect your privacy
PRISM BREAK
HOW TO MINIMIZE SURVEILLANCE IN TODAY’S ELECTRONIC WORLD
PRODUCED BY HEARTBEAT EARTH FOUNDATION
www.heartbeatearth.org
INTRODUCTION
● WHO WE ARE● WHO ARE YOU?● WHY WE ARE HERE: THE CHALLENGE OF
OUR TIME AND TECHNOLOGY● YOUR RESPONSIBILITIES
– EDUCATE YOURSELF– DUE DILIGENCE (DON'T EVEN TRUST ME!)
WHAT, ME WORRY?
● SURVEILLANCE LEADS TO REPRESSION● SURVEILLANCE SCARES ACTIVISTS FROM
PARTICIPATING IN MOVEMENTS● TODAY WE WORRY AS MUCH ABOUT
WHAT CORPORATIONS KNOW ABOUT US AS WHAT THE STATE KNOWS– EDWARD SNOWDEN WAS A CONTRACTOR,
NOT A GOVERNMENT EMPLOYEE– IMPACTS ON JOB SEEKERS?
FREE/LIBRE OPEN SOURCE SOFTWARE
(F/LOSS)• ALL F/LOSS LICENSES REQUIRE THAT THE SOFTWARE
REMAIN AVAILABLE TO USE, MODIFY, AND DISTRIBUTE AT NO COST.
• F/LOSS IS INCREASINGLY THE GO-TO STANDARD FOR OPERATING SYSTEMS, PROGRAMS, AND USER APPLICATIONS, FOR INDIVIDUALS TO LARGE ENTERPRISES. IT HELPS REDUCE COSTS, AVOIDS LOCK-IN, INCREASES PRODUCTIVITY, ENHANCES SECURITY, AND IMPROVES STANDARDS COMPLIANCE. WITH THE BEST LONG-TERM INVESTMENT PROTECTION, F/LOSS IS THE LOWEST RISK CHOICE FOR SOFTWARE SYSTEMS TODAY.
FREE/LIBRE OPEN SOURCE SOFTWARE
(F/LOSS)• CONTRAST F/LOSS WITH MICROSOFT (PROPRIETARY
SOFTWARE):
– PROPRIETARY SOFTWARE NOW SHOWN TO HAVE LINKS TO NSA THROUGH *BACK DOORS*
– REQUIRES PAID LICENSING AND RENEWALS
– NOT CUSTOMIZABLE BY USERS
– CAN INCLUDE CODE TO TAKEOVER CONTROL OF CAMERAS AND MICROPHONES EVEN WHEN DEVICE IS TURNED OFF
– WINDOWS PCs SUBJECT TO INTENSE VIRUS ATTACKS
LibreTek LICENSES
● REQUIRE THE TEK BE AVAILABLE FOR US, THE ACTUAL OWNERS/USERS OF THE PRODUCT :– FULL ACCESS TO THE SOURCE CODE
AND / OR DESIGN SCHEMATICS– USE AS WE WISH– MODIFY AS WE WISH– REDISTRIBUTE MODIFIED VERSIONS
UNDER SIMILAR TERMS
LibreTek LICENSES
● STARTING WITH SOFTWARE AND SPREADING INTO HARDWARE AND ALL FORMS OF CULTURE AND TECHNOLOGY: ALSO REFERRED TO AS “ACCESS 2 KNOWLEDGE”, OR A2K
● LibreTek IS THE BEST LONG-TERM INVESTMENT PROTECTION AND LOWEST RISK CHOICE FOR TEK TODAY.
LibreTek LICENSES
● LibreTek :– RESPECTS YOUR A2K HUMAN RIGHTS– REDUCES COSTS– AVOIDS VENDOR LOCK-IN / DEPENDENCY– INCREASES PRODUCTIVITY– ENHANCES SECURITY– IMPROVES STANDARDS COMPLIANCE– MAY EVEN RAISE QUALITY– HUGE PEACEFUL ECONOMIC BOOST
PASSWORDS
• THE FALLACY OF *SECURITY*
• 20% OF USERS HAVE “1111” AS THEIR PASSWORD
• USE SOMETHING MEMORABLE, WITHOUT USING ACTUAL WORDS
• ADD NUMBERS AND SYMBOLS
• DIFFERENT PASSWORDS FOR EACH USE
• CAN BE IN A *PASSWORD SAFE*
CELL AND SMART PHONES
● NSA DELIGHT!
– GPS
– TOWER PINGS
– REMOTE ACCESS TO MICROPHONE, CAMERA
• VIRUSES, KEYLOGGERS
• ALWAYS USE ANTIVIRUS, ANTI SPYWARE, AND ANTI MALWARE PROGRAMS ON ALL DEVICES
• *SNIFFING* WHILE ON WIFI
CELL AND SMART PHONES
● Renew, the London-based marketing firm behind the smart trash cans, bills the Wi-Fi tracking as being "like Internet cookies in the real world"
●
CELL AND SMART PHONES
CELL AND SMART PHONES
• STUFF HIDDEN FROM VIEW
– NEAR FIELD COMMUNICATION
– APPS ACCESSING AND TRANSMITTING CONTACT AND/OR LOCATION DATA
– DIGITAL LIVING NETWORK ALLIANCE (DLNA)
– AUTOMATIC BACKUPS, UPDATES
PHONE SOLUTIONS
• TURN OFF THE PHONE, TAKE OUT THE BATTERY
• LEAVE IT AT HOME
• BUY A PREPAID, THROWAWAY PHONE FOR EMERGENCY USE ONLY (UNLOCKED, FOREIGN)
• USE ENCRYPTION
– REDPHONE, CSipSimple
– TEXTSECURE
• USE AN *OLD* PHONE FOR PHOTOS ONLY
• PGP, OR GnuPG
– MOZILLA THUNDERBIRD FOR EMAIL, W/SECURITY ADD-ON ENIGMAIL (OpenPGP ENCRYPTION)
– HUSHMAIL; RISEUP, GUERILLAMAIL; REDIFF
– BITMESSAGE
• USE VPN TO DODGE MULTIPLE HOPS
● HYPERBORIA: PROGRAM THAT ENCRYPTS MESSAGES END-TO-END
• CRYPTOCAT (EXTENSION FOR CHROME, FIREFOX) FOR CHAT, SENDING ZIP OR IMAGE FILES
• CONSIDER AT LEAST THREE ACCOUNTS:
– PERSONAL: ONLY FAMILY AND CLOSE FRIENDS
– GENERAL: USE FOR NEWSLETTERS, SIGNING INTO WEBSITES AS A USER NAME, AS A CONTACT POINT WHEN PURCHASING ONLINE
– RESET: HAVE ONE EMAIL THAT YOU ONLY USE TO RECEIVE THE EMAIL WHEN YOU ARE MAKING CHANGES TO AN ACCOUNT; LETS YOU KNOW IF YOUR PASSWORD HAS BEEN COMPROMISED
VPN
● HERE IS SOME INFO AND POTENTIAL VPN FOR YOUR USE: https://help.riseup.net/en/riseup-vpn
– BYPASSES YOUR ISP; GOES STRAIGHT TO RISEUP, THEN OUT TO THE INTERNET
– OPERATES BEHIND THE RISEUP FIREWALL– CAN BYPASS CENSORSHIP OR ENABLE USE OF
PROGRAMS, LIKE SKYPE, THAT ARE BLOCKED BECAUSE OF YOUR LOCATION OR COUNTRY
– OF COURSE, ADDS COMPLEXITY, MAY BE SLOWER● OPTION: https://www.privateinternetaccess.com/
VPN
● YOU VPN INTERNETINTERNET
DOCUMENT PROTECTION
● PDFCreator: OPEN SOURCE PROGRAM– PASSWORD PROTECTION FOR DOCUMENTS– CONTROL PRINTING OR EDITING– ENCRYPT WITH AES AND UP TO 128 BIT– DIGITALLY SIGN THE DOCUMENT TO VERIFY
YOU ARE THE AUTHOR
SEARCH
SEARCH
POP YOUR FILTER BUBBLE!
● SEARCH THAT IDENTIFIES YOU, YOUR LOCATION, YOUR PRIOR SEARCH HISTORY, EVEN WHAT COMPUTER YOU ARE USING (APPLE VS ANDROID VS WINDOWS) AND WILL ADJUST YOUR RESULTS ACCORDINGLY
SEARCH
• ENGAGE *DO NOT TRACK* OPTIONS IN YOUR BROWSER
– IF YOUR BROWSER OFFERS ADD-ONS, CHECK FOR OTHER PRIVACY AND SECURITY APPS
• USE TAILS (F/LOSS OPERATING SYSTEM) OR UBUNTU 10.04 PRIVACY REMIX
• USE ONE COMPUTER ONLY FOR INTERNET USE, HAVE SENSITIVE DOCS ON A SEPARATE SYSTEM THAT IS NEVER ONLINE
SURF SAFELY
● BLOCK COOKIES
● BLOCK THIRD PARTY TRACKING: “DONOTTRACKME”
● BLOCK REPORTED ATTACK SITES
● BLOCK REPORTED WEB FORGERIES
● ON FACEBOOK OR GOOGLE: “PRIVACYFIX”
● ADBLOCK
● NOSCRIPT
● MALWARE AND VIRUS PROTECTION
● PORTABLE FIREFOX
SOCIAL MEDIA
● YOU CAN NOT REMOVE ANYTHING YOU POST OR SEND, EVER
– BE PREPARED TO CHANGE YOUR NAME● RETROSHARE, DIASPORA, AS OPEN-SOURCE
ALTERNATIVES TO FACEBOOK
● EVOLVESOCIETY: AD-FREE, DoNotTrack SOCIAL NETWORK
● OFF-THE-RECORD (OTR) OFFERS AUTHENTICATION, ENCRYPTION, DENIABILITY, NO FORWARDING OF CHAT MESSAGES
SOCIAL MEDIA
● LIMIT THE INFO YOU SHARE ABOUT YOUR LIKES AND LOCATION
● CONSIDER FAKE INFO● USE FACEBOOK DISCONNECT TO
PREVENT TRANSFER OF YOUR INFO TO THIRD PARTIES
● USE GHOSTERY TO LET YOU KNOW WHAT THIRD PARTIES ARE LOOKING OVER YOUR SHOULDER (ON ALL WEBSITES!)
WIFI NETWORKS
• AVOID COFFEESHOPS!
• ONLY USE ENCRYPTED NETS:
– WEP IS WEAK
– WPA IS STRONGER
• CONSIDER USING TOR
– NO PLUGINS
– NO OPENING ATTACHMENTS WHILE ONLINE
– USE HTTPS IF POSSIBLE
• PIRATE BOX, A LOCAL WIFI NET THAT YOU RUN, NOT PART OF THE INTERNET
WHEN DELETE IS NOT DELETE
• “USING A COMPUTER FORENSIC EXPERT, THE BUSINESS WAS ABLE TO RECOVER TEMPORARY FILES STORED ON THE HARD DRIVE OF THE COMPANY-ISSUED COMPUTER WHICH CONTAINED COPIES OF AN EMPLOYEE’S ATTORNEY-CLIENT COMMUNICATIONS. (WE SHOULD NOTE THAT MANY WEB-BASED E-MAIL APPLICATIONS LEAVE SUCH TEMPORARY FILES ON THE HARD DRIVE OF THE SENDER’S COMPUTER.)”
– A COURT ACCEPTED THIS EVIDENCE
WHEN DELETE IS NOT DELETE
• YOU CAN’T *ERASE* DATA BY MOVING IT INTO THE RECYCLE BIN
• YOU NEVER KNOW HOW MANY PLACES THAT FILE LIVES ON YOUR HARD DRIVE
• SNOOPING DEVICES AND KEYLOGGERS MAY BE ON AN UNFAMILIAR SYSTEM (WORK, LIBRARY)
• DON’T COUNT ON OTHERS’ EQUIPMENT TO HIDE YOU
NOT SPYING, CENSORING!
• CIRCUMVENTOR
• USE A PROXY SERVER
– http://sesaweenglishforum.net IS ONE POSSIBILITY
• ULTRASURF
• AGAIN, TOR OR A VPN
MONEY
● DWOLLA AS PAYPAL SUBSTITUTE
● MANY ALTERNATE CURRENCIES
– BITCOIN, PERFECT MONEY, PAXUM, HOOPAY,C-GOLD, PECUNIX, GLOBAL DIGITAL PAY, AND MORE
● MANY TYPES OF EXCHANGES AND TRANSFERORS
– OKPAY.COM– THE-LIBERTYRESERVE.COM– CASHU.COM
● WANT ANONYMOUS? CASH!
NEW CONVERSATIONS
• METADATA
– GIVES UP INFO YOU DON’T KNOW ABOUT
– http://tiny.cc/lnyc1w FOR AN INTERESTING EXAMPLE
– THERE IS SOFTWARE THAT WILL STRIP THE META DATA FROM YOUR PHOTOS. ONE THAT YOU CAN USE IS METABILITY QUICK FIX, AVAILABLE AT http://tiny.cc/bsyc1w
• LIVE DROPS (SHARING “COPYRIGHTED” MATERIAL ANONYMOUSLY BY PASSING AROUND A FLASH DRIVE AT A PARTY OR MEETING; GIVE ONE FILE AND TAKE ONE FILE)
NEW CONVERSATIONS
• USE CASH!
• CLOUD COMPUTING, ARE YOU KIDDING ME?
• SURVEILLANCE CAMERAS
• LICENSE PLATE READERS
– BIKE!
• [FUTURE] UNSEEN MARKING POWDER DROPPED OVER A CROWD VIA DRONE
RESOURCES
• THIS LIST IS INCOMPLETE; IT IS MEANT TO GET YOU STARTED:
– SSD.EFF.ORG
– SECURITYINABOX.ORG
– WHISPERSYSTEMS.ORG
– BASICINTERNETSECURITY.ORG
– HELP.RISEUP.NET/EN/SECURITY
– FIXTRACKING.COM
SUMMARY
● IF WE END OUR ACTIVISM OR STOP SPEAKING OUT THEN THEY HAVE WON
● WE CAN NEVER BE 100% SAFE● THERE ARE PROGRAMS AND TECHNIQUES
THAT HELP KEEP US SAFE● LibreTek AND F/LOSS PUTS US ON A PATH
THAT LEADS AWAY FROM CORPORATE AND GOVERNMENT DOMINATION
WE GET TO CHOOSE OUR HEROES
THANK YOU!
IT TAKES WORK TO BE SAFE AND
ANONYMOUS ONLINE.
WE WANT TO MAXIMIZE THE ADVANTAGES OF OUR TECH-CONNECTED WORLD WHILE PREVENTING THE LOSS OF
OUR PRIVACY.
WE ARE CONSTRUCTING A NEW WORLDVIEW THAT VALUES A FREE EXCHANGE OF INFORMATION WITHOUT FEAR, WITHOUT COMPLYING WITH THE AGENDA OF ANY
POLICE STATE, AND WITHOUT THE NEED TO SELF-CENSOR.
COMMENTS: [email protected]