Posted on 06/11/2013 11:48:04 AM PDT by Nachum
PC World - Thursday afternoon, a bombshell dropped: Two leading reports claimed that the U.S. government has been spying on emails, searches, Skype calls, and other electronic communications used by Americans for the last several years, via a program known as PRISM.
[ALSO: Prism leaker steps forward]
According to the reports, the Web's largest names--AOL, Apple, Facebook,A Google, Microsoft, Skype, PalTalk, Yahoo, and YouTube--participated, perhaps unwittingly. (Dropbox will reportedly be added as well.) The report claims that the National Security Agency had "direct access" to servers owned by those companies. Most, if not all, of those companies have denied participating in PRISM, although it's unclear whether they were unaware of the NSA's spying, or simply turned a blind eye.
According toA The Guardian andA The Washington Post, the data covered included: "email, video and voice chat, videos, photos, voice-over-IP chats, file transfers, social networking details, and more."
If nothing else, however, the PRISM disclosure is worrying and deeply shocking. If the report is accurate, the government may simply listen in on virtually any electronic communication you've made, in the interests of national security. Is this something that should be encouraged to fight domestic terrorism, or is this sort of government intrusion something that should be deeply distrusted? For the purposes of this story, we're going to err on the side of the latter; whether you take advantage of our advice is up to you.
Note that there is absolutely no guarantee that our tips will make your PC PRISM proof. One of the generally held beliefs in the security world is that, with enough resources on the part of the attacker, any secrets that are known about can eventually be unearthed. But let's say that you support an "Arab Spring" movement in a country whose interests parallel those
(Excerpt) Read more at pcworld.com ...
Also.. keep your messages short. Even the best cryptanalyst in the world can’t crack a cipher if it is too short to analyze for patterns.
You don't have to be 'in the room' near the device to remotely control your TV. It can 'see' through walls, which your last sentence indicated.
Furthermore, you can actually be 'seen' through walls. Even if you stand still. The equipment for this hasn't been reduced to a single chip... yet. But it is in use by our government.
I saw it either by Chinese or Japanese...I forget....sometimes they are ahead of our guys.
At any rate...if they want to know you, hear you, see you, they will...and basically always have to some extent.
Inventors: Reed; Michael G. (Bethesda, MD), Syverson; Paul F. (Silver Spring, MD), Goldschlag; David M. (Silver Spring, MD)
Assignee: The United States of America as represented by the Secretary of the Navy (Washington, DC)
See US Patent No. 6266704 (1998).
Yep
That’s right...I couldn’t remember how they do that...but I knew they could. Thanks.
> Who invented TOR?
DARPA
Use a one-time pad. That's the only method that absolutely, positively cannot be broken.
For the pad, you need a source of true random numbers, e.g., from thermal noise. For instance, if Paul and Alice need to communicate, they each generate a four-gigabyte pad. Then they put both pads on each of a pair of 8 gb USB sticks. If Paul needs to send Alice a 100K message, he XORs his message with the next unused 100K of his pad and sends it to Alice. She decrypts it by XORing it with the next 100K of her copy of Paul's pad. And vice-versa. This lasts until one of them has sent 4 gb. Then they have to meet again and generate more keys (and buy bigger sticks).
More practical methods replace the pads with pseudo-random numbers generated from long keys using algorithms such as RC4. That avoids the need to generate, store, and exchange lengthy pads. However, there is still the need to meet and exchange keys.
Modern methods use public-private key pairs to eliminate the need to meet and exchange keys. Instead, Paul sends his public key to Alice, she generates a long random number (called a session key) and sends it to Paul encrypted with his public key. He decrypts it with his private key (which only he has, unless the NSA has performed a bag job). Then the rest of the session is conducted under the session key. The session key is for performance: session key methods like RC4 are computationally cheap, whereas public-private is expensive.
The other cool thing about public key cryptography is key signing. That is, Paul's key can be digitally signed by a certificate authority (CA) whom Alice trusts. That allows her to verify that the key Paul is presenting is really Paul's and not the NSA's. Of course, that assumes the NSA hasn't compromised the certificate authority.
The above is called transport layer security (TLS). It's what's in effect whenever you use HTTPS in your browser. When you log into your bank, your browser verifies the bank's public key by requiring it to be properly signed by one of a list of trusted CAs pre-stored on your computer. If it doesn't match, you'll have to blow past a warning dialog in order to complete the connection. In that case, your connection will still be secure, but it might not be with your bank.
So, you're posting by snail mail, now?
a self-refuting post.
I’ve come to believe that we are taped everywhere we go. Just like PERSON OF INTEREST. Every cell phone has a camera. The computer monitor I’m looking at right now has a camera looking back at me. There is no privacy anywhere unless you live in a cave. And if you do that you’d better de-bug it.
So you post with 2 tin cans and some string ?
USNavy....
Um, how do you post comments on FR then?
True. Very good advice. I’ve also been told to skip using the word “the” in all encrypted communications in order to increase the complexity of potential decryption.
Another trick is to include intentional mispellings in the plaintext. The message will still be readable once decrypted, but it even just a few typos sprinkled in will make decryption a bit harder, especially if you do it on words that the decrypter might guess would be related to your subject matter.
He sits in a van outside your house and posts through your unsecured wi-fi network :)
If you use AES-128 and up and a long 14+ character random password they won’t crack it. If you use RSA or any other public key method for the password, make sure it’s at least 4096 bit if RSA or 521 bit for Elliptic curve. The 2nd method’s far better in that scenario.
Until quantum computers really get going, AES-128 should be ok. If you think they’ve got them, then go with AES-256 for sure.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.