/tech/ - technology

Totally hijacking your thread, because I'm a fiend for soykaf like this. So, ITT: fucked up facts/links/news about government and corporate spying. Reference if possible. I'll start.

"CIA sneak undetectable ‘malicious’ implants onto Windows OS - WikiLeaks "
https://www.rt.com/news/401568-cia-hacks-angelfire-wikileaks/

>>1197
whilst I appreciate your sentiment alice, I fear that in this place you're probably preaching to the choir.

most people by the time they get to this sort of site probably are more than a little savvy on this topic, and simply having a post that says ''learn your stuff, matey-o'' is nice, its not terrifically helpful.

do you have some particular advice for how an interested computer user could make their system more secure ? do you have a system for reducing the degree to which privacy increases conspicuous-ish-ness?

these things I feel would be far more beneficial to our community, not because we disagree with you, but essentially, because most of us agree very strongly.

>>1200
He needs to reach more of the normal users.

>>1200

I think we could all benefit from simply partitioning our lives better.

For instance, I have a 'normal person' setup on a dedicated, soykafty laptop that is just vanilla Debian, using Firefox with a few common privacy add-ons. I use this for basic stuff that everyone else does, and for basic programming stuff.

Anything that I feel separates me from the mainstream is done on my locked down Qubes system. I daisy chain VPNs from multiple trusted providers using layered networking VMs for non-Tor traffic. I use a heavily customized version of Firefox with a carefully selected boat-load of add-ons. Often times, I'll use Burp Suite and monitor anything that has a possibility of being suspicious to me.

I don't use social media flippantly (I refuse to use them for serious communication). I have accounts that are updated carefully and purposefully. I take great care to prevent 'doxing'. Also, I don't shop online or visit social media/networks with the same browser/profile I use for other things.

None of this is meant to brag. It's not some talent or skill I have, it's just a ton of research that I hope has led me to a more secure existence online.

If anything, this has made it harder to collect metadata on me.

I'm very interested in this thread.
It would be a great thing if we manage to fullfill facebook or some other social media with posts saying soykafty things about them using a bot army or something similar.
Probably it is quite difficult to do, but if there is porn spam i suppose there can be """awarness spam""" too, and at least with the same diffusion. We can maybe gain the support of some tech, privacy-savvy pages?

Anyway the purpose of simply spamming stuff about google&co ITT it's not so pointless. Not all of lainchan userbase is made of techies, for instance i'm a filthy peasant who only uses startpage with mozilla/chromium instead of google stuff, and sometimes signal instead of whatsapp, as privacy measures.
Can you reccomend me some (possibly user friendly) tool to avoid the big brother's eye?

>>1208

>Can you reccomend me some (possibly user friendly) tool to avoid the big brother's eye?

It all boils down to determining what your personal threat model is. You need to decide:

1. What do I want to keep private?

2. Who do I want to keep it private from?

3. What tradeoffs am I willing to accept to enable this?

Everyone is going to have a different threat model. There's no magic one-size-fits-all solution.

In my case, I want to keep my personal info from falling into the hands of advertising companies, because I just plain hate advertising. This means using hardware, software, and online services that aren't connected to companies that profit from advertising. I'll use Linux on the desktop, LineageOS (a Google-free variant of Android) on my phone, and a paid email hosting service (Fastmail) that stays in business by subscription fees alone and doesn't have any connection to advertising companies. I am fully aware that none of these choices would defend my private data against truly determined targeted government snooping. For me, that's an acceptable trade-off to be able to own a modern laptop, a smartphone, and convenient email access from multiple devices.

For someone else, keeping data private from government snooping might be critical - think pro-democracy dissidents in countries like Saudi Arabia or China. For them, the same steps that I've taken would be totally inadequate. But it doesn't make either their choices or my choices objectively wrong. We just have different needs.

Don't worry about every theoretical privacy problem that could conceivably happen. That way lies tin-foil-hat log-cabin-hermit manifestos-on-typewriters madness. Just take some time to consider those three points above. After that, you'll be in a better position to ask techies about what can help you keep private what you want to keep private.

>Your iOS/Android/Windows phone is a bot. It's a device that is out of your control, in most cases you can't stop Facebook/Amazon/Google/etc.. from collecting video, voice, wifi, location, phone calls, sms, and other data. It's like an open tap spewing limitless data.
Using Facebook or Google services is clearly voluntary giving away ones data. It's their business model and explicitly stated in the ToS. But the problem I have with those claims in the specific case of desktop and mobile operating systems "ringing home" and collecting private data without the user consenting and acknowledging it is the lack of precision on how it operates, real life examples and factual data to back this up. I'm so used to read how those are botnets , yet beside the controversial set of news from around its launch about Windows 10 logging and sending everything to MS servers I barely saw any proofs about this. That's why I think I'll try to check this for myself with network monitoring tools on my work machine and android phone if I don't find anything convincing Online. Same thing for them or hardware being backdoored : Are there solid proofs behind this, or is just speculations?

If anyone have links to illustrate what kind of data are collected (and how) on proprietary OS, or even relevant key words for me to start searching them myself, I'll gladly look them up.

>>1380
Answering myself : For a starter, this guy basically did this but focused on apps downloaded from the Google store rather than Android itself. That's not exactly what I was looking for but that was very interesting nonetheless and gave me a
few pointers on what to investigate.


DEFCON 19: Cellular Privacy: A Forensic Analysis of Android Network Traffic (w speaker)
https://www.youtube.com/watch?v=McF50tjuFEs

>>1380
The botnet thing is not just an empty meme. Here are some examples.

Google Play on Android tracks location all the time.
https://www.theregister.co.uk/2016/09/12/turn_off_location_services_go_ahead_says_google_well_still_track_you/

Android monitors access points within range of your phone and sends details back to Google.
http://www.zdnet.com/article/how-google-and-everyone-else-gets-wi-fi-location-data/

Facebook app keeps microphone on at all times
https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html

>Same thing for them or hardware being backdoored : Are there solid proofs behind this, or is just speculations?
This is slightly different. Intel ME for example gives Intel the capability to hijack your machine at the lowest level but they obviously don't do that to everybody everyday.

>>1383
i had read about the existence of hardware backdoors, but still don't understand what exactly one is used for. whathappens to a machine ''hijacked at the lowest level''? does the backdoor grant external control or access to data? does most modern pc hardware contain backdoors? sorry if this sounds like i'm asking for spoonfeeding, but information on this topic that actually explains it rather than going straight into ethical discussion or conspiracy has been hard to find.

>>1383
Thanks for the links, that will be a good start as well to dig for further info. In the meantime I"m re-watching the last conference from Steve Rambam It gave at Hope XI to scrap from source relevant to this matter.