lol, so much for VPN being "private"

[SunnyD]

Looks like the NSA has an app for that too.

 

[Kaido]

Next in the news: RIAA merges with NSA, entire college campuses arrested.

 

[Jeff7]

Another easy solution would be to directly approach someone in upper management at a VPN provider, and make some sort of friendly arrangement to get more direct access to their networks.


It's not surprising though.
NSA: "Oh golly gosh darn it! This person's pushing their data through a VPN connection. There's no way around that! I guess we should just go back to watching Google's search results."


Edit: Related article there.

Fun. So it's supposedly illegal for the NSA to spy directly on US citizens. How to get around that? Have some other country do the spying, and pay them for the data.
Sounds legit.

 

[_Rick_]

Well, all this thing offers is logging VPN sessions that pass through compromised routers. This is exactly the attacker model VPN was designed to circumvent, and where it sais "so I can decrypt", we're into wishful thinking, if they don't have compromised one of the two machines between which the connection is established. In which case the genie is out of the bottle anyway.

So nothing new here. Anonymity when using VPN can still only guaranteed by hiding behind seven proxies that can't be traced back to you. But the actual data is just as safe from the NSA as from any other attacker (if your VPN uses proper cryptography).

If you want to avoid detection, I suggest using steganographic protocols. Maybe by using something like bittorrent, that's already a very noisy way of sending data. Hide the data you want to transmit in a torrent, and make a few hundred machines from your botnet join in - understanding that the hidden data is present is very hard, if your primary data can not be compared to an original source. Good candidates are "personal videos".

But I don't see the danger in someone knowing that I use VPN.

 

[BladeVenom]

But I don't see the danger in someone knowing that I use VPN.

That gives them suspicion that you're hiding something. So then they tap your phone and access your email.

 

[Mark R]

So nothing new here. Anonymity when using VPN can still only guaranteed by hiding behind seven proxies that can't be traced back to you. But the actual data is just as safe from the NSA as from any other attacker (if your VPN uses proper cryptography).

True. However, it has also come out that NSA/Feds/etc. have asked and received copies of certificates, including private keys, from cert authorities and large customers.

If your VPN provider is using a commercial certificate to exchange session keys, then you should assume that the NSA has the matching private key, permitting them to extract your session key.

 

[Crono]

It's hard to trust that any internet traffic is private, unless you have your own backbone, ISP, and limit your traffic to your own closed-off network... in which case I guess you have your own intranet, not internet. 😀

Strongly encrypted files transferred through a VPN should still be safe, though.
But that makes you highly suspicious.

 

[lxskllr]

It's hard to trust that any internet traffic is private, unless you have your own backbone, ISP, and limit your traffic to your own closed-off network... in which case I guess you have your own intranet, not internet. 😀

Strongly encrypted files transferred through a VPN should still be safe, though.
But that makes you highly suspicious.

http://www.i2p2.de/

 

[Paratus]

Aagaa bhjjk mstra hdfds vpajl

 

[Red Squirrel]

Why even bother contacting the providers can't they just decrypt it anyway? I guess it's faster to just get them to hand it over.

If you want to use VPN for privacy you should not be going through a 3rd party anyway, best to lease/colo a server from a data center in a country that has enough military to say "no" to requests for info, and run your own.

I've been strongly considering i2p2, tor etc but I do wonder what happens if I decide to also be an exit node, am I responsible for everyone else's traffic? I'd hate to use one of those without also contributing to it. It's kinda like downloading torrents without seeding. If nobody seeds, then the network is useless.

 

[lxskllr]

I've been strongly considering i2p2, tor etc but I do wonder what happens if I decide to also be an exit node, am I responsible for everyone else's traffic? I'd hate to use one of those without also contributing to it. It's kinda like downloading torrents without seeding. If nobody seeds, then the network is useless.

i2p isn't for the clearnet. It's meant to be used as it's own network. It's fairly sparse, but it's a good opportunity to experiment with web page design. Things need to be kept simple due to bandwidth constraints. Code the pages as you would for dialup users.

An exit node on Tor will almost certainly get you negative attention. It could go as far as having equipment seized. You'd likely get it back, but that's little consolation when you don't have any computers. A relay node is in the Tor network, and won't cause problems. It'll also help obfuscate your own traffic, so there's less to look at from you specifically.

 

[Pocatello]

Back in the Cold War, we laughed at how the other side for how their government watched their own citizens, listened for every word they had to say.

 

[Crono]

Back in the Cold War, we laughed at how the other side for how their government watched their own citizens, listened for every word they had to say.

Anyone with any knowledge of history knows that a successful (as in not failing) government - given enough time - will become a totalitarian state. It's really, truly inevitable. What's amazing is that the United States has held out for so long, and I think part of that is because of all the checks and balances and limitations we put on our government through democratic means.

But all the technology at our disposal is a double-edged sword. It makes it easier for governments to quickly and efficiently monitor much of the population. A republic can become an empire almost overnight. Not literally, mind you, but practically on the scale of history.

I'm not trying to be a tinfoil hat commentator, or claim we are living in the world of 1984 quite yet, but it's clear from other countries that such a kind of surveillance state is already feasible. A totalitarian state isn't necessarily malicious, either, but the the potential is always there. There's nothing that makes the United States immune, especially if parts of the government can get away with lying or deceiving other parts of the government and/or the people.

 

[Kadarin]

I'm guessing all of the major US SSL certificate providers (Entrust, Verisign, etc.) give the government everyone's private keys. When you use SSL, you're trusting that the certificate signer is trustworthy, and they're probably not.

 

[sdifox]

What part of "Virtual" Private Network did you not understand?

 

[Red Squirrel]

I'm guessing all of the major US SSL certificate providers (Entrust, Verisign, etc.) give the government everyone's private keys. When you use SSL, you're trusting that the certificate signer is trustworthy, and they're probably not.

That's a very good point... never even thought of that. Self sign certs are probably actually more secure then. Considering lot of people do banking online imagine if the NSA decides to share your banking password with the IRS for example.

 

[Kaido]

Back in the Cold War, we laughed at how the other side for how their government watched their own citizens, listened for every word they had to say.

FBI can remotely activate Android and laptop microphones, reports WSJ

CIA Chief: We’ll Spy on You Through Your Dishwasher

😱

 

[mshan]

I remember reading article (I think article was on Zerohedge and it seemed like one of their more conspiracy theory type posts), that said some government agency can cause accident in car that uses fly by wire steering, because of suspicious death in car accident of some journalist who they were trying to muzzle from reaching out to WikiLeaks.

Google search brought this similar article up:

"But the most significant missing evidence was the absence of any skid marks—even though the car made a 60-degree turn into a palm tree.

Research of this topic reveals a new angle to this story, namely —Boston Brakes.


This theory was explained by a former Marine Gordon Duff who refers to the “Boston Brakes” technique, in which “drive by wire” cars, specifically a Mercedes Benz, can be manipulated remotely to simulate an out-of-control accident, according to his Veterans Today story (The 2010 story is a must read). The story details are eerily similar to Hastings fiery accident scene as there were no skid marks.

Adding credence to the possible car-hacking scenario is former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard Clarke. After news broke on the Hastings car accident, he confirmed the “drive by wire” concept.

Clarke told The Huffington Post that a single-vehicle crash is “consistent with a car cyber attack. There is reason to believe that intelligence agencies for major powers — including the United States — know how to remotely seize control of a car.”


http://libertyblitzkrieg.com/2013/0...kids-marks-a-flying-engine-and-boston-brakes/

http://www.sandiego6.com/story/details-of-reporter-hastings-death-remain-elusive-20130708

 

[lxskllr]

I think article was on Zerohedge and it seemed like one of their more conspiracy theory type posts, but article said some government agency can cause accident in car that uses fly by wire steering, because of suspicious death in car accident of some journalist who they were trying to muzzle.

Google search brought this similar article up:

Drones are too obvious over here, and can't be explained. They need to be more clever within the US borders.

 

[1sikbITCH]

That gives them suspicion that you're hiding something. So then they tap your phone and access your email.

They already tap your phone and access your email.

:ninja:

 

[alkemyst]

I posted recently about this. If it's on the internet our government has strong enough power to crack it (if interesting).

 

[SunnyD]

What part of "Virtual" Private Network did you not understand?

:biggrin:

 

[Crono]

It's a long story... and trust me, no, you really don't have time.

How did you know I was going to ask about your custom title? 😱

The man with the funny hat said no one would be able to read my thoughts...

 

[Jeff7]

http://www.i2p2.de/

Uh oh...a foreign website that deals with encryption.

The feds will be here any second now....:'(

 

[_Rick_]

True. However, it has also come out that NSA/Feds/etc. have asked and received copies of certificates, including private keys, from cert authorities and large customers.

If your VPN provider is using a commercial certificate to exchange session keys, then you should assume that the NSA has the matching private key, permitting them to extract your session key.

It's not a VPN, if you don't control both endpoints. If you have a VPN provider, it's private to that provider, and they can do whatever they want.

Of course, if someone is out to get you, you also need assure physical security of both boxes, or they'll just visit the data center where your machine is plugged into the net, and pull the keys from live memory.


And no, the certifiers merely sign public keys, they don't touch private keys. So they can't give your keys away, but may be complicit in impersonation attacks, which in a VPN-use case can be very ugly. So always trust the key, and not the signature of the key, especially in VPN, as that's a private thing anyway.