[clug] The biggest mass surveillance scheme in Australian history

Bryan Kilgallin bryan at netspeed.com.au
Sat Feb 28 00:36:39 MST 2015


Thanks for that chilling analysis!

> Personally I believe Tor is a trap - even if properly used (no email, no chat, no logins to your usual sites, etc) it's been compromised in the past - and wholesale compromise is certainly on the NSA to-do list.

We have examples of whistleblowers lulled into public benefit--at 
personal cost!

> Use a dedicated computer, broadband connection and modem, from a different location to your usual net usage, with a different browsing profile if you want any level of secrecy.

Unfortunately I am a creature of habit! For the latter, I would need to 
employ an assistant and ask them to go about business in their own manner.

> Each of those activities and hardware can be "fingerprinted" and *any* lapse compromises your secrecy. That includes your use of syntax, vocabulary, and, probably, your typing patterns (keystroke rates).


> And the further you, or your digital agents stray from your cave the less you can expect privacy.

We are induced to conduct conversations with strangers, via media we 
cannot trust!

> If you must use them - avoid pages with video elements (autoplay can be used to get a HTTP and DNS request outside of the Tor proxy (SOCKS).


> It works the same way as most browsers in incognito mode - in that it only provides privacy from other (non-savvy) users of the same device.

The public gets lulled!

> Personally I wouldn't trust the guy behind duck duck go unless he's undergone a major conversion of ethics since the venture he undertook prior to becoming a privacy advocate.

Can you suggest anything more comforting?

> Some of the most popular use broken encryption, almost all would be trivially compelled to de-anonymise users, and the Snowden[*1] leaks show many have been compromised by the NSA, and the compromise of all are on their wish list.

Is there an Amish community I can join?

> Again, consider my earlier point about retention of metadata and how it's very unlikely (despite not being "legal") that the bulk data is not already being captured somewhere - so future compromise of encryption(anonymity) will likely lead to decryption(deanonomisation) of past activities

I had wondered whether AI message-readers could be fooled.

> 2. Even ASIO is allowed to target non-players in the off-chance they may be a stepping stone to targets of interest.

I have been told that I had unusual/weird friends.

> My best advice is employ encryption on your hard-drive, deploy NoScript, FlashBlock (if you 'really' must use Fffflash), avoid Java like the plague and encrypt all your emails as *a matter of course*.

I would appreciate referral to readable resources (with a Linux flavour) 
on encryption.

> And most importantly - don't do anything likely to justify invasion of your secrecy unless you have very compelling reasons *and* are prepared to accept the worst case outcomes.

I am not interested in watching movies at home. But I have a political 


More information about the linux mailing list