Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Real And Practical Ways To Avoid The Snoops
12 July 2013, 20:24,
#1
Real And Practical Ways To Avoid The Snoops
Karl Denninger is primarily a financial expert, but he's also a computer whiz and posts some of the best rants on the internet. Here he gives practical (and esoteric) advice on how to avoid people targeting your internet and computer. Enjoy! JP

http://market-ticker.org/akcs-www?post=222659

Real And Practical Ways To Avoid The Snoops

The Market Ticker ® - Commentary on The Capital Markets
Posted 2013-07-11 16:42 by Karl Denninger


You may have read my previous post entitled "Tired of Snoopfest?" in which I outlined how to set up an extremely secure IPSEC/IKEv2 VPN that can encrypt data between device(s) of your choice and your home or office network.

What's shown up recently, however, are some really bad and maybe even dangerously bad pieces of advice on evading the snooping that goes on out there.

This article is intended to disabuse those notions. I'm going to use the following assumptions and note that I rely on them -- if they're wrong, then so are my conclusions!

Modern cryptographic algorithms themselves are extremely secure. It is very unlikely that the NSA, for example, can break AES-256 in any sort of reasonable amount of time. Remember that we're not the only nation with high-powered computers or mathematical geniuses -- so anything that can be broken with those, can be broken by other than the US. And our military and other government agencies do need and use encryption.

It is easier to attack your key, most of the time, than to attack your algorithm. That is, a crappy password is easily broken. A good password (1) does not contain dictionary words, (2) does contain upper and lower case letters, numbers and symbols, and (3) is used to seed a high-quality key generation algorithm. The last is hard to verify. The other two are under your control. Therefore, worry about #1 and #2.

Open-source software beats closed source in the general sense. The reason for this is that smart people can look at it and if someone tries to play games with it to insert a "back door" it can be detected. With closed-source or worse, closed-service you're trusting everyone involved to have not stabbed you in the back. As has been recently revealed this is a bad bet.

If I can't break your key generator or algorithm the easiest way to break your encryption is to coerce (bribe, blackmail, threaten to or actually pull off fingernails, etc) someone into giving me what I need to break it. This is usually overlooked but shouldn't be. Push comes to shove, if I want your password I will get out the vice-grips, drill or hammer. It's faster and cheaper than trying to break AES-256 by far. However, and this is critical, this is not only applied to you. More on that in a minute.

You cannot trust any commercial entity or indeed anyone other than yourself to protect your data. Period.

If you have to compromise absolute levels of trust then minimizing the number of such incursions grossly minimizes risk. In fact the odds of compromise go up exponentially with the number of points of exposure. Thus "one" is not half as bad as two, it's 1/4 as bad -- or less.

Ok, so let's start demolishing fools.

First, "SSL" certificates and everything based on them are only as secure as the certificate authorities. What this means is that all commercially-issued certificates cannot be trusted. You must assume that every public CA has given their private key to the NSA, either voluntarily or not-so-voluntarily.

This means that if you're going to be using public-key cryptography of any sort, whether to authenticate or encrypt VPN traffic, to secure email, or to secure access over the Internet you must either be the CA or the CA that signs your certificate must be some entity you trust entirely.

No, Verisign does not count. I have no knowledge that their keys have been compromised but I am forced to assume that all of them have been, no matter who the CA is!

So you must generate your own certificate authority, publish the public key and make damn sure the private key is secured and not compromised.

The reason for this is that if I can interject myself in the middle of the conversation (as the NSA has to be assumed to be able to do) and I have compromised the CA I can replace your key with another one that allows me to decrypt the transmission and your browser or other tool will not detect it. I can then use the original certificate to send on the communication undetected. Since a web server doesn't know who's talking to it and thus doesn't verify a machine certificate for the client and even if it did your key would probably be signed by a "public" CA there is no way for the server to detect the tampering.

Note that you can detect a server being attacked in this fashion if you connected to it before it was tampered with and if you saved its key fingerprint. That's a lot of "ifs", but if you did then you can detect that the fingerprint has changed. The problem is that there are perfectly-valid reasons for the fingerprint to change (the key expires and is replaced, the company changes its address, etc.) -- but it at least can raise an alarm. Unfortunately browsers in general don't flag this (nor should they) because the model presumes that CAs are trustworthy.

In short you cannot use any key that requires verification against a public CA because it can be spoofed by someone interjecting themselves in the middle if the CA has been compromised. Since we now have bald assertions that companies that have claimed to be secure have in fact cooperated with warrantless interception you can't trust any of them.

This leaves you in a pretty rough spot. Specifically:

Any web or other online service that relies on SSL using a certificate "vouched for" by a public CA has to be considered suspect. It doesn't matter if the entity itself is trustworthy. This includes virtually all online services except for ones controlled by people you trust and who have given you their own CA key that validates their certificate. In practice this means that using "https" (the nice "lock" symbol) is probably safe to use for shopping if you're worried about a criminal stealing your credit card number. If your concern is that the government has a complete and true record of everything you did on the site you must assume the security value of https against a publicly-verified certificate is zero.

S/Mime email cannot be considered secure if you got your keys, directly or indirectly, from a public CA. If you run your own CA then it is as secure as is the CA (you.) But this makes interoperability somewhat of a pain as verifying certificates forces correspondents to install your CA public key.

PGP Email is probably secure. Because PGP does not rely on a key being vouched for by a central authority, there is nobody's arm to twist. PGP Email is thus probably more secure than S/Mime using a public CA, and likely about equally secure as S/Mime with a private and trusted CA. PGP has a reasonably-robust and solid infrastructure for distributing public keys, but you have to submit yours. For email use you thus probably want to strongly prefer PGP over S/Mime.

For files on your local PC, network or cellular device encryption of the device should be strongly encouraged. It can be a pain in the ass to use, however. I have no knowledge of the security afforded by things like Bitlocker, and given recent revelations I wouldn't trust it. Truecrypt, on the other hand, is open source and therefore probably secure. Other open source solutions (E.g. GELI on FreeBSD, etc) are probably secure provided your key is good. Note that if your machine is "seized" while "in use" and powered up there exists the potential to extract the key. It's not easy to do but if you're a high-enough value target they very well may come prepared to do exactly that. Just remember that if you're that high of a value target that the use of vice-grips and hammers is easier than cryogenics and other special equipment.

For remote access to files or resources only a strong VPN should ever be used. This means OpenVPN or IPSEC/IKEv2 with machine certificate verification for the server with the CA being private, yours, and you having hand-loaded the CA public key on the remote device. If you're using PPTP/LT2P or similar forget it. If you're not going to use a machine certificate verified against your own private CA then you're probably safer using a password with no machine verification at all!

Remember that the security only goes as far as the encryption does. If you're in a "free" Hotspot Internet cafe and have your phone out browsing, everything you do over the web is visible to anyone sitting in the same cafe (or within a few hundred feet of it.) If you VPN to your office network via IPSEC (secure) and then browse the Internet all you've done is force the bad guy to spy on your office connection instead of at the cafe.

If you have a wireless router in your home or office and are not using WPA2/AES with a strong password, you're screwed. WEP in particular is trivially breakable, usually within minutes. WPA2/AES is theoretically breakable but it requires a long time and a lot of connecting clients that are valid in order to glean enough pattern data to try to attack it, and even then it may fail. Machine certificates are even better but a serious pain in the ass to administer (since you have to load them on the client machines) but are something to consider.

You cannot trust so-called "anonymous" networks such as TOR. There is no way to know if a given node is "clean" or compromised. There are a fairly-small number of high-bandwidth nodes in the TOR network, which means that the task of actually intercepting your traffic in terms of statistical probability is not all that difficult. I have to assume that TOR is thus "secure" against a random website operator knowing I'm browsing their site but that if the government wants to track me using it, they not only can but probably already are.

There is no such thing as a "chat", "video chat" or "phone" (voice) network that can be considered secure except for true peer-to-peer where you know the certifying authority is secure. This, for all practical purposes, means that no online chat or "phone" application no matter which one it is, can be considered secure in today's world. Sorry.

All cloud services, no matter what they are and who runs them, other than your own personal cloud on your own hardware, must be considered compromised. There is no other reasonable posture to take at the present time. This means that nothing you care about ever goes on any cloud service from anyone unless the file is first encrypted with strong encryption. This explicitly includes all "cloud" storage services and all cloud computing resources. If you are a business using "cloud computing" for your operations given these revelations and facts you are a fool. Again, if you think the United States is the only nation doing what has been disclosed you're stupid beyond words and deserve to have the Chinese steal everything on your so-called "secure" cloud service and use it.

Any compromise you make on the above is a bet not just on the government of today not wanting to do evil things to you but on all instances of the government from this day forward until you are dead.

Understand this well -- the government is building a data center right now capable of storing everything they can grab that you do or any data you allow to leak out of your hands forever and they both are now and intend on a forward basis to do exactly that.

That data, once collected, will never be deleted. Your only defense against this is to not allow them to acquire the data in the first place, and that means the data has to be encrypted to the best of your ability at all times.

This won't stop them from showing up with a warrant and seizing your computers. But it will stop them from taking and indefinitely storing your data without you knowing about it and without said warrant.

If you think this is nothing to worry about consider how many Jewish people had any clue that Hitler was going to come and start gassing them in the 1920s. That was less than 20 years before it happened!

Whatever you do today will be in that database 20 years from now.

Are you willing to count on the government not being evil from today until the day you die?

THAT is the bet you're making.
If at first you don't secede, try, try again!
Reply
14 July 2013, 19:48,
#2
RE: Real And Practical Ways To Avoid The Snoops
hi Jonas,
Good find, the eroding of our human rights have been crumbling for many years, we no longer have freedom of speech even. So
this comes as no big surprise,especially in our nanny state they call great britain.
I think that the largest threat we have is already underway and has been for many years, and will be a long lingering death for us all and not the see it coming then respond scenario that we primarily prep for.
Reply
15 July 2013, 13:42,
#3
RE: Real And Practical Ways To Avoid The Snoops
I see the Kremlin are investing in electric typewriters for preparation of some of their more sensitive reports.
Find a resilient place and way to live, then sit back and watch a momentous period in history unfold.
Reply
15 July 2013, 13:51, (This post was last modified: 15 July 2013, 13:54 by Arnie72.)
#4
RE: Real And Practical Ways To Avoid The Snoops
The highly classified stuff has always been on standalone systems in suitably secure rooms with no access to networks (incl internet) and encrypted and will probably never change (note the use of the probably there!).

All major countries do this (incl Russia, USA, UK etc)

The snooping is done more enmasse for us regular bods, just wonder what encryption the NHS, Police etc use as thy have some really sensitive data about people.....

Mind you they wont find a lot snooping on my computer linked to the internet - I don't store card or money details, prep details or suchlike on it - don't even have access to a cloud on it!
Reply
15 July 2013, 14:00,
#5
RE: Real And Practical Ways To Avoid The Snoops
the only real way to avoid the snoops is to go off grid completely, no internet, no phone, no bank cards, pay cash for everything.
Some people that prefer to be alone arent anti-social they just have no time for drama, stupidity and false people.
Reply
15 July 2013, 15:54,
#6
RE: Real And Practical Ways To Avoid The Snoops
The only caveat I would make to Jona's post of original article is that although all this MAY be true, (particularly for example the TOR comments which I would actually dispute) ..... even if all these were true, you need to be a pretty important fish for TPTB to target you.

Let me give you an example..

Lets assume you want to look at the website "TieMeUpAndTickleMe.com".
If TPTB want to raid their server, they can get a log of all IP's that have visited it and thereby know who.

If however, you were to use Tor Browser, all they would get, in your case would be a fake IP. Even if one of the TOR nodes were compromised, it only shortens the odds not remove all security. All data traffic passes through multiple nodes - they would all need compomising.

The Only way to get to me would be to sit on my local loop BEFORE I hitn the first node.

Having said all this, the less interaction the better as BP said.



That said the less interaction as BP said, the better.
Reply
16 July 2013, 09:40,
#7
RE: Real And Practical Ways To Avoid The Snoops
Plus with TOR you can hit the "new identity" button and change your address at will and as many times as you want.
Reply
18 July 2013, 18:06,
#8
RE: Real And Practical Ways To Avoid The Snoops
I have to disagree with some of the comments:
A good password for example. Good passwords are LONG not weird.
http://xkcd.com/936/

Tor is compromised because it's possible with just a few compromised nodes to associate the packets coming onto the network and going off the network even if they can't see into the packet.
The very fact that you're using Tor suggests (to the paranoid power that be) that you're "up to something you sholdn't be".
The concern is TBTB are recording all this info so, if at some point in the future they want to charge you with something, they can go dig something up. There are so many laws now that we are all guilty of something.
Doctor Prepper: What's the worst that could happen?
Reply
18 July 2013, 19:52,
#9
RE: Real And Practical Ways To Avoid The Snoops
Speaking of TPTB snooping, if you never read another snooping article again in your life, you MUST read these two from Cryptogon and then try to think of how "going grey" is not going to happen for anyone now. I know there's a fair bit to read here, but it shows the real backstory to the whole Snowden / snooping / privacy issue and should serve as a wake-up call to anyone remotely concerned about government.

---ARTICLE 1---

Washington Post Brushes a Few More Prism Crumbs Onto the Floor
June 30th, 2013

Thank you, Master, thank you.

My now familiar and broken-record-response to this thing is to go back to Room 641A last decade if you want a real thrill.

They have beam splitters installed at the peering points. NSA is getting everything. The end.

The media’s repeated ramblings/mantras about the FISA court and protections for Americans are absurd.

For Prism to be a big deal, you’d have to have amnesia, or not understand the implications of those beam splitters. Querying structured data from the regime’s collaborators (Prism) is a tiny piece of what they’re doing.

Ok, so what are some other aspects of the wider surveillance story that I would like to know more about?

One of my long standing theories is that the NSA intercepts represent the front end of something like Synthetic Environments for Analysis and Simulation system. What are they doing with these simulations?

I would like to know more about MAIN CORE.

I’m pretty confident that realtime geolocation data from mobile phones/license plate readers/cameras/??? are being used as a sort of invisible tripwire. If people on the MAIN CORE list happen to stray too close to certain physical locations (critical infrastructure, corporate headquarters, government installations, etc.), that could trigger… shall we say, a variety of responses. This would be very, very trivial to implement.

Is there an automatic mechanism that adds individuals to MAIN CORE? Book purchases, Google searches, websites visited, movie or television watching habits, the number of firearms at a residence???

What is the nature of the quantum computing systems to which NSA has access? Are these one-trick-ponies, like the D-Wave system, or are they the real deal.

Anyway, back to our regularly scheduled programing…

---ARTICLE 2 (2007)---

Synthetic Environments for Analysis and Simulation
June 30th, 2007

Simulex Inc.’s Synthetic Environments for Analysis and Simulation system is almost certainly how the priests of the technocracy are now maintaining “normal” operations.

The system allows for terra scale datasets with granularity of results down to one node (individual). It has a physics engine for tracking any number of people (or other elements) in virtual cities or spaces. It can correlate any amount of social, economic, political, environmental or other data with the behavior of groups or individuals on the ground. The U.S. Government, and some of the most powerful corporations on the planet are using the SEAS system.

There’s really no way to know how many ways this system is already being used against us. I tried to think about it for a few minutes and it’s mind boggling. “How isn’t it being used?” is probably a more interesting question. If the Architect was interested in tools that could help him more effectively run the Matrix, he’d have Simulex reps on the phone ASAP.

I thought about some of the high level but simple studies They could run to, for example, evaluate the overall effectiveness of the various control mechanisms most people have to contend with on a daily basis.

A status quo indicator could be easily devised that would show how effectively “normal” operations were being maintained. All They would need to do is track the time most people spend commuting to and from work, the amount of time spent at work, some guestimate about the time spent in front of television and computer screens at home and a final guestimate about the time spent on recreational activities outside of the home (live sporting events, movies, etc.). Plot those components as a single moving average. That’s it. If the line is sloping up, Their power is increasing. If the line is sloping down, Their power is decreasing. If the line is going sideways, Their power is staying the same.

Think about how powerful of an indicator that would be.

And that would be a boneheaded child’s exercise for the SEAS system.

The really weird and disturbing aspect of this is the level of granularity that it provides to the system operators. They admit that the system is designed to run simulations on a 1 to 1 basis. That is, it can simulate activities not just with some aggregate model based on limited samples, but with ALL nodes simultaneously in a population with terra scale data sets. Meaning, the focus could be on tracking and simulating the activities of any individual in the system.

If you’re like me, this is the point at which you will start to experience a vague feeling of foreboding because all of this seems somehow familiar, somehow related to something I’ve written about on Cryptogon recently…

In NSA, AT&T and the NarusInsight Intercept Suite, I wrote:

Are They building electronic dossiers on as many of us as they can? I don’t know, but it sure looks that way.

We must assume that they are using the full spectrum of surveillance information to try to PREDICT HOW EACH OF US IS LIKELY TO BEHAVE ON A DAY TO DAY BASIS. Where we go. Which routes we take. What we buy. Etc. All of these things can be broken down into a kind of moving average that wiggles around between an upper band and a lower band, kind of like a standard deviation from a mean. Stay within the bands, and the Magic 8 Ball probably won’t bother to flag your profile for closer analysis by some genius at the Terrorist Screening Center.

Obviously, most of us aren’t worth the attention of a human analyst, and they know it. Most of the sheep just go with the flock. They do what they’re told, shop at WalMart, pay their taxes, go to church, the end. More educated sheep read Business Week or the New York Times, etc. Within a fairly wide range of activities, it’s no more complicated, for the vast majority of the people out there, than the way pool balls behave as they bounce around the table and each other.

This is a key point, so I’m going to emphasize it:

These systems would excel at finding the artifacts, the outliers, the people who haven’t internalized the programming, but continue to act “normal.”

It would identify the thought criminals.

Recently, Michael Chertoff, the head of the U.S. Department of Homeland Security, mentioned “clean skin” terrorists. These are people who appear “normal” in society, but are secretly plotting the next big terrorist event. How do you find the “clean skin” terrorists? Well, according to Chertoff, the U.S. Department of Magic-8 Ball Theories, Studies and Predictions requires every foreign traveler’s email address and credit card information. It didn’t occur to me before, but They already have this information—and much more—for Americans.

I’ve wondered why my site and thousands of sites like it are allowed to continue to operate…

Simple: More and better targeting data.

They don’t care about me, or what I’m saying.

They’re more interested in who’s paying attention to me, and people like me. Are those numbers increasing, or decreasing? What types of jobs do readers of these sites have? What is their income? What other sites do readers of these sites read? Do the people who read these sites continue to show up to work? (You haven’t been paying attention if you think that They don’t have this information.)

Whether or not you have anything to do with sleeper cells, “clean skin” terrorists, leaderless resistance movements, our outright “let’s shoot the bastards” insurgency movements, the list of usual suspects, I would almost bet my life, is being drawn up through the use of the NarusIntercept Suite systems for collection and the SEAS systems for analysis.

Who gets pulled for what probably depends on how seriously They feel threatened. The point is, these systems can model and assist with the visualization of any imaginable set of circumstances. We don’t know what criteria They’re using, but it is admitted that the terrorist watch list has ballooned to include over half a million individuals.

Do you think these systems have anything to do with the “out of control” expansion of that list?

I do.

This isn’t tinfoil. All I’ve done is make logical connections between two publicly admitted technologies that we know the U.S. Government uses. Look at how hungry that SEAS thing is for data.

Remember Russell Tice, the NSA SIGINT officer who had knowledge of a special access NSA operation that was so disturbing that he tried to tell the U.S. Congress about it?

What was Tice talking about here:

Tice said his information is different from the Terrorist Surveillance Program that Bush acknowledged in December and from news accounts this week that the NSA has been secretly collecting phone call records of millions of Americans. “It’s an angle that you haven’t heard about yet,” he said.

An angle that we haven’t heard about. Since everyone and his dog knows about the mass surveillance, what could that angle be?

More recently, Tice said that the NSA intercepts of civilian traffic is “the tip of the iceberg” and says, again, that there is something else, something we still don’t know about. Here’s part of the interview between Tice and Reason:

REASON: What prompted you to step forward now?

Tice: Well, I’ve known this for a long time and I’ve kept my mouth shut…

REASON: You’re referring to what James Risen calls “The Program,” the NSA wiretaps that have been reported on?

Tice: No, I’m referring to what I need to tell Congress that no one knows yet, which is only tertiarily connected to what you know about now.

Ok, so the outrage that Tice was willing to ruin his life over is only “tertiarily connected” to the operation we already new about.

Tice continues:

In my case, there’s no way the programs I want to talk to Congress about should be public ever, unless maybe in 200 years they want to declassify them. You should never learn about it; no one at the Times should ever learn about these things.

The surveillance side of this is the chickenfeed. There’s something far more sinister than the simple surveillance… an angle we haven’t heard about yet.

Tice never did tell his story to Congress about this different aspect of the program.

Well, my guess is that it has something to do with providing surveillance data for this SEAS World Sim thing, and that individual Americans are being watched and potentially targeted with it. Tice’s background seems to involve a lot of traditional electronic warfare, radar and ELINT stuff. Maybe Tice’s deal involved the collection of the mobile phone GPS and/or triangulation data which would provide realtime spacial/geographic data to the SEAS system. In other words, SEAS sees you. They could bring up a map of a city and plot your path based on the information that your phone is exchanging with the mobile network.

Via: The Register:

Perhaps your real life is so rich you don’t have time for another.

Even so, the US Department of Defense (DOD) may already be creating a copy of you in an alternate reality to see how long you can go without food or water, or how you will respond to televised propaganda.

The DOD is developing a parallel to Planet Earth, with billions of individual “nodes” to reflect every man, woman, and child this side of the dividing line between reality and AR.

Called the Sentient World Simulation (SWS), it will be a “synthetic mirror of the real world with automated continuous calibration with respect to current real-world information”, according to a concept paper for the project.

“SWS provides an environment for testing Psychological Operations (PSYOP),” the paper reads, so that military leaders can “develop and test multiple courses of action to anticipate and shape behaviors of adversaries, neutrals, and partners”.

SWS also replicates financial institutions, utilities, media outlets, and street corner shops. By applying theories of economics and human psychology, its developers believe they can predict how individuals and mobs will respond to various stressors.

SEAS can display regional results for public opinion polls, distribution of retail outlets in urban areas, and the level of unorganization of local economies, which may point to potential areas of civil unrest

Yank a country’s water supply. Stage a military coup. SWS will tell you what happens next.

“The idea is to generate alternative futures with outcomes based on interactions between multiple sides,” said Purdue University professor Alok Chaturvedi, co-author of the SWS concept paper.

Chaturvedi directs Purdue’s laboratories for Synthetic Environment for Analysis and Simulations, or SEAS – the platform underlying SWS. Chaturvedi also makes a commercial version of SEAS available through his company, Simulex, Inc (http://www.simulexinc.com).

SEAS users can visualise the nodes and scenarios in text boxes and graphs, or as icons set against geographical maps.

Corporations can use SEAS to test the market for new products, said Chaturvedi. Simulex lists the pharmaceutical giant Eli Lilly and defense contractor Lockheed Martin among its private sector clients.

The US government appears to be Simulex’s number one customer, however. And Chaturvedi has received millions of dollars in grants from the military and the National Science Foundation to develop SEAS.

Chaturvedi is now pitching SWS to DARPA (http://www.darpa.mil) and discussing it with officials at the US Department of Homeland Security (http://www.dhs.gov), where he said the idea has been well received, despite the thorny privacy issues for US citizens.

…

Alok Chaturvedi wants SWS to match every person on the planet, one-to-one.

Right now, the 62 simulated nations in SEAS depict humans as composites, at a 100-to-1 ratio.

One organisation has achieved a one-to-one level of granularity for its simulations, according to Chaturvedi: the US Army, which is using SEAS to identify potential recruits.

Chaturvedi insists his goal for SWS is to have a depersonalised likeness for each individual, rather than an immediately identifiable duplicate. If your town census records your birthdate, job title, and whether you own a dog, SWS will generate what Chaturvedi calls a “like someone” with the same stats, but not the same name.

Of course, government agencies and corporations can add to SWS whatever personally-identifiable information they choose from their own databases, and for their own purposes.

And with consumers already giving up their personal information regularly to websites such as MySpace and Twitter, it is not a stretch to imagine SWS doing the same thing.

“There may be hooks through which individuals may voluntarily contribute information to SWS,” Chaturvedi said.

[ORIGINAL LINKS: http://www.cryptogon.com/?p=35884 AND http://www.cryptogon.com/?p=956]
Reply
19 July 2013, 07:55,
#10
RE: Real And Practical Ways To Avoid The Snoops
(18 July 2013, 18:06)Skvez Wrote: I have to disagree with some of the comments:
A good password for example. Good passwords are LONG not weird.
http://xkcd.com/936/

Tor is compromised because it's possible with just a few compromised nodes to associate the packets coming onto the network and going off the network even if they can't see into the packet.
The very fact that you're using Tor suggests (to the paranoid power that be) that you're "up to something you sholdn't be".
The concern is TBTB are recording all this info so, if at some point in the future they want to charge you with something, they can go dig something up. There are so many laws now that we are all guilty of something.
You're damn right I'm up to something I shouldn't be, it's called freedom, and i refuse to be like a deer in the headlights frightened of everything I say and do to a government that sees me as nothing more than units of tax, to rob and steal my money for their pathetic little wars.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)