Re: [unhosted] state of privacy

[Jorin Vogel]

Thanks for all the feedback! That definitely helped me a lot.

@Sean McGregor: privly and tor look really interesting. 

@Michiel: thanks for pointing me to https://alternatives.tacticaltech.org/.

On July 10, 2013 at 3:36:40 PM, Bryce Lynch (virtua...@gmail.com) wrote:

On Tue, Jul 9, 2013 at 2:03 PM, Jorin Vogel <jorin...@gmail.com> wrote:

The primary thing I want to find out is, if it is possible to access the internet completely anonymous these days?

Probably not.

We know that an an unknown number (n >= 2) of IXPs in CONUS are backdoored.  We know that that a non-trivial non-zero percentage of network traffic is being recorded and analyzed.  The IP address that originated and received stream X is part of the packet headers.

For mobile users, the infrastructure is already in place to figure out what real-world identity maps to what IP address at roughly what location at what date and time.

The specific contents of that traffic don't have to be in the clear to draw useful conclusions about what's going on.  HTTP(S) traffic is pretty easy to characterize - little requests go out, lots of larger requests come back (peeking at source and destination ports aside).  Same with SMTP and FTP.  Assuming properly implemented crypto (okay, so I'm an unrealistic optimist - Peter Watts is one of my heroes, what can I say) it's unlikely that you can tell what the content of the traffic is, though.
 

But is it possible to stay anonymous when you have your own device, your own wifi access and maybe want to use a service provided by a company? 

If you use someone else's service, you're at their mercy.  Somebody with a lot more influence and ability to make life unpleasant than the sum total userbase of that service wins.
 

How should you know who accesses the data you give to a company, or the data laying o your private server?

There probably is no way to have your data completely secure anywhere in the web.

If there's an active network connection, the data's not safe.
 

And even phone calls aren't private anymore. Maybe it's more secure to use some peer-to-peer technology instead of your phone.

Arguably, they haven't since CALEA forced the backdooring of telecom equipment in the 1990's.  The first how-to text file for abusing CALEA functionality in telecom equipment hit the BBS scene in 1995, as I recall, though the first text file that described how to use three-wall calling to add yourself to an ongoing call was published a year or two before that (it was a favorite technique of the members of the MoD, in fact).  We also know that CALEA functionality has been used by the Egyptian and Syrian governments to monitor people for at least two years that I know of, probably much longer.

As for peer-to-peer technology, a few of us have been testing Retroshare for cryptographically protected (PGP) messaging and VoIP.  It's pretty slick, though it definitely needs the touch of someone who knows UI design.
 

Does anyone has an idea how to solve this or is the only thing we can do to hope that we will never be important enough that someone does something bad with our data?

That's what I'm doing.  The endgame was several years ago, and nothing anybody did halted this progression of events.  When the people running the show are completely unaccountable, and know that they don't have to care about what anybody else thinks, there really isn't anything anyone can do.
 

And ironically I am sending this to a @google.. address right now ;)

When you take into consideration how difficult it is to run your own mail server and not have it immediately wind up on half the antispam blacklists on the Net because it has an IP address from a netblock that somebody decided was only used by spammers, it's unsurprising.

--
The Doctor [412/724/301/703] [ZS]
https://drwho.virtadpt.net/
"I am everywhere."

--
 
---
You received this message because you are subscribed to the Google Groups "Unhosted Web Apps" group.
To unsubscribe from this group and stop receiving emails from it, send an email to unhosted+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Om G]

Let's not leave out unsene.com

;)

[Jan Wildeboer]

Am 2013-07-24 um 03:20 schrieb Om G <om....@gmail.com>:

> Let's not leave out unsene.com

I suggest we do leave out unsene.com. It is a US company (so falls under PATRIOT act), it makes dubious claims like:

"Do you keep log files of calls?

No. We don't keep log files on calls. The history is purged within 7 days."

So they do log for 7 days AFAICS.

It is not Open Source AFAICS, and it's FAQ is a bit vague, to put it mildly:

https://unsene.com/faq.html

"Upon receipt of a subpoena, Unsene will cooperate with U.S. government authorities to the best of our abilities. If a user has generated their own key, we can only provide whatever data we have for the user. If a user has used the web site, we can only provide groups of keys, since we don’t retain key information for individuals."

So despite the claims and impression they try to make it is NOT true end to end encryption and they DO have the keys and they WILL share everything with the NSA etc.

So nope, I will not trust them.

Jan

--
Jan Wildeboer - software freedom ninja, decentraliser, transnational citizen