PRISM BREAK PRISM BREAK A Post-PRISM Journey Outside the Big 12 by Will Rico, LibrePlanet Boston + BLU Software Freedom Day September 21, 2013 Cambridge, MA
A CITIZEN'S APPROACH A CITIZEN'S APPROACH image CC BY-NC-SA marsmettn tallahassee technical background but not a kernel hacker or even developer mostly approaching this as a regular user with perhaps above average technical ability, but nothing crazy...not an expert day job is marketing and in part dependent on some of the services that I find threatening, especially Google and Facebook by the way, how many people here heard about Software Freedom Day on Facebook? if less experience than me: * than follow along a path I've taken if more experience: * see how someone new sees this
WHAT IS PRISM? WHAT IS PRISM? Top secret program of the National Security Agency Gives the NSA direct access to the systems of Google, Facebook, Apple and other US Internet giants Google statement: "Google does not have a back door for the government to access private user data." Apple statement: "never heard" of PRISM FAA = 2008 amendment to FISA that allows bulk collection of data when at least one party in the communication is foreign FISA = Foreign Intelligence Surveillance Act
WHO PARTICIPATES? WHO PARTICIPATES? Microsoft was the first to participate. Yahoo next, followed by Google, Facebook and others. Plans to add Dropbox. These companies are indemnified by the government in exchange for participating.
WHAT IS COLLECTED? WHAT IS COLLECTED? Varies by provider NSA can retrieve the communications without court orders and in real time Only need to "reasonably believe" one party is outside the US. No outside checks on this.
XKEYSCORE XKEYSCORE ● Based on wiretapping fiber optic cables ● Wiretap anyone without prior authorization ● "Nearly everything a user does on the Internet" ● Allows searches of meta data and content of emails, browser history, more. ● Search by email address, name, telephone number, IP address, keywords. ● Every IP address of everyone who accesses any website. ● Content stored for 3 - 5 days, meta data for 30 days ● British intelligence service GCHQ has analogous program called Tempora
BULLRUN BULLRUN ● $250 million per year budget for 10 years $250 million per year budget for 10 years ● Tap fiber-optic cables and decrypt data Tap fiber-optic cables and decrypt data ● "Covertly influence" product designs "Covertly influence" product designs ● Obtain keys via "industry relationships" Obtain keys via "industry relationships" "Sigint" (Signals Intelligence) program 10 year, $250 million per year program to weaken and co-opt encryption Dependent upon collaborating with technology companies Can break SSL encryption Bullrun = decryption program Microsoft helped NSA break the new Outlook.com's encryption even before the website launched.
Lavabit Shuts Down Lavabit Shuts Down This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States. Sincerely, Ladar Levison Owner and Operator, Lavabit LLC
Groklaw Stops Publishing Groklaw Stops Publishing ● Final Post: Final Post: ● http://www.groklaw.net/article.php? http://www.groklaw.net/article.php? story=20130818120421175 story=20130818120421175 Pamela Jones covered patent and legal issues
Linus Nods "Yes" Linus Nods "Yes" This week - September 18 - at LinuxCon in New Orleans Asked if the US government approached him to add a backdoor Nods "yes" while saying "no"
Where does that leave us? Where does that leave us? ● Angry Angry ● Fearful Fearful ● Nothing to hide? Nothing to hide?
Journalists & Sources Journalists & Sources Journalists probably do have something to hide...their sources. We're less safe when they're less safe. Your congressperson or other elected official may have something he doesn't want public...info as a threat. Or perhaps a family member of the elected official? THEREFORE In addition to protecting ourselves individually, when we opt for free tools & services, we're also protecting the ecosystem of the Internet that makes journalism and democracy possible.
My Motivation My Motivation ● My own privacy My own privacy ● Helping restore a fair ecosystem to the Internet Helping restore a fair ecosystem to the Internet
WHAT "BEING FREE" MEANS? WHAT "BEING FREE" MEANS? ● Computers - OS, even hardware Computers - OS, even hardware ● Connecting to the Internet Connecting to the Internet ● Searching the Web Searching the Web ● Communicating - email, voice Communicating - email, voice ● Social & sharing Social & sharing ● Photos & media Photos & media ● Money - electronic payment Money - electronic payment
MY ORIGINAL SETUP MY ORIGINAL SETUP 10 - Linux Mint & Firefox = 8 + Apple Microsoft Yahoo LinkedIn
BREAKING FREE BREAKING FREE ● Operating System ● Live CD / VM Images ● Android ● iOS & WP (N/A) ● Web Browser ● Browser Add-ons ● Web Search ● Maps ● Email Service ● Email Client ● Email Encryption ● Instant Messaging ● Video Calls / VOIP ● Social Networking ● Could Storage http://prism-break.org I'm not affiliated with the prism-break.org website I don't consider myself free I consider myself on the road to freedom prism-break.org is the website that put me on that road and a tremendous resource
BREAKING FREE...MORE BREAKING FREE...MORE ● Document Collab ● Media Publishing ● Online Transactions ● Digital Distribution ● VPN ● Web Analytics ● DNS ● Anonymizing Net ● Meshnet ● Server O/S ● File Encryption ● Mail Server ● XMPP ● SIP Server ● Hardware & Software http://prism-break.org the problem is...it is overwhelming: covers 30 categories of software and services at first, I simply got stuck staring at the page
MY EXPERIENCE MY EXPERIENCE ● Debian 7.1 Wheezy (stable) ● Non-free firmware needed for my wireless adapter ● Followed instructions to add "backports" for newer software ● Bluetooth pairing worked ● Non-free repository in my sources list This step took a lot of time Was at the top of the list on prism-break so that's in part why I started here I'm happy I did it because I've wanted to try Debian for other reasons - I admire the Debian Social Contract But...in retrospect, should have been a lower priority item and wound up delaying other steps
VRMS VRMS My new Debian setup has 0.1% "non-free" packages (1 out of 1838) where as my original Linux Mint setup as 0.4% (9 out of 2351)
CONNECTING TO INTERNET CONNECTING TO INTERNET Download, untar, then simply run ./start-tor-browser Tor is very easy to install No package to install Just download binary I'm not ready to use TOR exclusively, but use it occasionally when paranoia sets in
TOR TOR Even safer: use Liberté Linux or Tails Best practice is to avoid using external programs to view browser media, e.g. Flash, VLC Download and then play in a virtual machine without Internet access Or use a Tors LiveCD such as Liberté Linux or TAILS I couldn't bypass this warning even when downloading rather than viewing (TOR detects filemanager as Internet-enabled program)
PROTECT DNS LOGGING PROTECT DNS LOGGING Your ISP can still track which sites you visit, unless you are using a proxy like TOR, but by using a more free DNS provider, you leave a trail in one less place I chose OpenNIC DNS servers Very easy to setup following the instructions. A few clicks to update the DNS servers in your network settings or if you have a firewall, you can change them there.
SEARCHING THE WEB SEARCHING THE WEB Corporations and the government can learn a lot about you based on what you search online This can be used for advertising purposes, which sometimes I'm OK with – if I'm in the market for a new car, perhaps I don't mind seeing ads for new cars Other times this can be intrusive, e.g. when third-party companies build profiles of you (sometimes inaccurate ones) and sell them to advertisers Duck Duck Go using the term "bubble" to mean Google, Bing, etc. put you into a bubble and only show you results they think you'll like, e.g. political messages...but sometimes you want to learn about all sides of an issue or simply not be profiled in this manner.
STARTPAGE STARTPAGE Proxies Google search results Respects your privacy by not tracking what you search Imagine if a company kept a database of all your searches forever And accidentally or purposefully released that database to the public or to the government DON'T LIKE ABOUT STARTPAGE: Ads blend in ← Don't like this LIKE ABOUT IT: Date range settings on left are convenient
DUCK DUCK GO DUCK DUCK GO http://ddg.gg Yahoo search results Highlights ads better No date filters, but sort by date option handy Image search takes you back to Google or Bing
BROWSING THE WEB BROWSING THE WEB Locking down your browser is probably the easiest thing you can do These plug-ins were very well together, in a cascading manner Meaning, what one doesn't catch, the next one does
Recommend
More recommend