Transcript extract , Olbermann interview, January 21st, 2009:

The National Security Agency had access to all Americans’ communications — faxes, phone calls, and their computer communications,” Tice claimed. “It didn’t matter whether you were in Kansas, in the middle of the country, and you never made foreign communications at all. They monitored all communications.

I know I am not paranoid.

He requests open government, transparency and a presumption in favor of disclosure – day 2

Now, when will he reverse his betrayal on FISA? On day 3? You can do it Obama!

As for our common defense, we reject as false the choice between our safety and our ideals.

This is something that has been discussed here before. Actually it was the subject of the very first post!

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

It uses a nifty process to create a tunnel that connects you anonymously to a series of proxy servers, at the end of which series of proxy servers, your request is passed on in the clear to the Net. This means: Tor is not an end-to-end protection, that is, from your computer to the requested server (website). The exit node (the server that passes on your request in the clear) can figure out who you are. More info here (University of Colorado, Boulder) and here (Dan Egerstad). I am ready to bet the NSA and several spy agencies operate Tor nodes for that very purpose…

But I would still use it for the following usage:

• Bypass censorship filters when used on a public computer or a public wireless network
• Check out a quick email when at a café that offers free wireless (Tor also prevents snoopers from sniffing your data between your laptop and the wireless router)
• Hide your tracks from your employer or your ISP

Tor can be a little bit intimidating to install by itself. So over the years a series of easy-to-use solutions have appeared.

Check out Torpark (free, no longer developed, became xB Browser – commercial but excellent – I trust the guys behind it), OperaTor and Portable Tor. They are free and portable (that means no install). You can copy them on your USB stick and fire them up on any computer! The only installation step if you want to call it like that: you have to make sure that your web browser is configured to use 127.0.0.1 as a proxy and all your traffic will be sent on the Tor network (read the specific documentation for each of these softwares to learn how to do this – it is REALLY EASY – it should not take you more than 30 seconds!)

Surf free, surf secure.

What is encryption, you will ask? Simply put, it’s converting data into code to protect it.

The generic process goes like this:
First, encryption:

1. Select data to be hidden
2. Assign password
3. Transform data with a cryptographic key

And decryption:

1. Select data to be revealed
2. Enter password
3. Transform data into usable text

There are three basic methods to encrypt data:

1. Encrypt on a file-by-file basis
2. Encrypt a container (defined portion of a drive)
3. Whole drive (Full disk) encryption

The first method is pretty straightforward. I don’t really like it because it is not automatic. You have to remember to encrypt the files as they are created on your drive. It usually can be automated with scripts (batch files) but it is a little more involved. If for whatever reason you prefer the file-by-file method (you only have a few sensitive files to protect), go with the encryption software called AxCrypt. Simple, free, open-source (no backdoor), THE reference in its field.

I like the second method more. What is a container, you will ask? A container is a large empty file that you create, with the encryption software, and inside of which you will add/save the files to be encrypted. And as you add (or save) the files inside the container, they are automatically encrypted. Think of it as a folder, but a folder that has a predefined size. Example: a 100 MB folder (container) inside of which you save five files weighting 25 MB total. Once the container is created, its size usually cannot be modified. So think ahead on the purpose of each container you create.

Once the container is created you select the container you want to mount (it will become a virtual drive), you enter the password, and the drive is mounted by the encryption software. What’s that mounting thing? I means the container will appear with its own drive letter in your file manager. From there you use it just as you would use any other drive (d: drive, f: drive, whatever: drive!). It is so like any other drive that it is even suggested that you defrag the drive (for Windows users) if you use it a lot.

The king software in the category is TrueCrypt. Again it’s simple, free, open-source (no backdoor), THE reference in its field.

The final method is whole drive encryption. Really, it’s like a container except the whole partition/disk is encrypted. Even the drive/partition on which the whole operating system resides can be encrypted. That’s useful if you really don’t want anyone looking at any part of your system. The only drawback: if something goes wrong, you not only lose the files you wanted to protect but the whole operating system. So far, I never had any incident in 4 years of daily usage.

I suggest you use the whole disk encryption method in conjunction with the container method described above. This gives you more flexibility to have access, or not, to the data you want to scramble. That way you can start the operating system but you can leave your data encrypted. As well, it gives you the option, for back-up purposes, to only backup the container (only one file to transfer).

Personally, for my backups, I mount my container on my primary drive, mount another container on the external drive and execute a standard backup with softwares like Cobian Backup, SyncBack Freeware, or Karen’s Replicator (my favorite!). Why do I do that? In general, it’s easier to transfer smaller, individual files than a large, multi gigabytes container. It allows for a faster backup as only your new/modified files are transferred. If you backup the whole container, you will have to transfer the whole container anytime the smallest change is made to any file in the container. Not so fast if you have a large multi gigabytes container.

Here again, the king software for full disk encryption is TrueCrypt.

Remember, when a container or a drive is mounted, its content is in the clear! If you leave your computer turned on, you have to unmount your volume to make sure nobody can read its contents, or simply shut down your computer (the container or drive automatically dismounts when the computer is off).

Final note: never, ever trust any closed source software. It means its code cannot be reviewed and analyzed to discover any potential backdoor. Stay especially far from Microsoft products, as the pigopolist works hand-in-hand with the NSA.

I tried all I could to bypass this “network management”. I tried to encrypt the session using the built-in encryption function in μTorrent. That did not help, as it’s a well known workaround and it’s easily defeated by the ISP. I used this technique from Per Vices Corporation. That seemed to help a bit, as the download speed went up (about doubled to 50-80 kB/s) – what I get from this is that the ISP is not only throttling p2p but they are also throttling VPN connections. By the way, I had previously noticed the 4 pm slowdown while connecting through VPN with my workplace… But that’s another debate… wait… it’s not even a debate when you read Tim Berners-Lee words of wisdom:

Freedom of connection, with any application, to any party, is the fundamental social basis of the internet.

and…

If I pay to connect to the net, with a given quality of service, and you pay to connect to the net with the same, or a higher, quality of service, then you and I, can communicate across the Net with that quality of service.

That’s all there is to know about Net Neutrality. Done with this parenthesis, back to the main topic…

So there are only a few other options left…

1. Do your thing between 2 am and 4 pm. I was at my computer at 2 am when the computer literally “clicked” its way to 500 kB/s. Wow. That’s what we pay for.
2. Tor (Vidalia) (to hide from the ISP which application you are using, thus defeating the throttling)… but the Tor network is slow, so that defeats the purpose.
3. Connecting to a non-throttled server through SSH tunnel. First, you have to find (and trust) that open server. Next, you have to set-up the connection yourself (install a VPN/SSH client on your computer and connect to the open server).
4. Subscribe to a specialized service that offers a non-throttled remote server connection and an easy to install VPN/SSHed client. I found: relakks.com (€5 per month, €50 per year, ran by Piratpartiet in Sweden – I trust them), btguard.com ($7 a month, Canadian company that’s been around for a little while, no complaints so far), and torrentprivacy.com ($3 a week, or $100 a year, ran by the torrentreactor.net team).

These solutions can of course be used for purposes other than p2p applications (straight desktop to destop exchanges, phone, IM).

But remember:
a. Your ISP won’t know what you are doing (encrypted session), so they can be subpoened all they want but won’t be able to reveal anything about the content of the file
b. To the sender of the file, your IP will be concealed (though luck if its a trap set-up by RIAA, MPAA or law enforcement)
c. The weak points: the server (whether set-up by yourself or paid service) knows your IP address (do you trust them?) and can see what file you are requesting/transferring (if it’s in the clear)
d. So, a good precaution, if you use those services for other purposes than p2p, is to only only transfer encrypted files. That way, nobody will know (well, except the person who encrypted the file) what the file is about. So if your server is subpoened, it does not matter, your IP address will be known but the content of the file stays private. Big deal!
e. And finally, the dreaded “Is the computer you are using compromised by an adversary? – ie packet sniffer, keylogger”. Law enforcement is getting good at this…

Whew, that was a long article!

This does not render Internet café desktop worstation more secure, as there could be snooping apparatus in the desktop itself.

The best use of this solution (VPN) is with your own, uncompromise mobile device (berry, phone or laptop), as it will prevent snoops that are targeting specific weak open networks.

A suggestion, don’t let them know what they don’t have to know.

A few examples :
In the ’60 and ’70 it was perfectly acceptable to drive drunk, even without your seatbelt
In the ’80 it was OK to smoke with children in the car
In the ’90 it was perfectly normal to drive and chat on the cell phone

What if the governemnt knows about you doing this. Will they get back at you retroactively? Will they come back to check you out, just in case you kept doing it?

And now this, there is more and more Internet scrutiny and censorship. What is normal today that won’t be so much tomorrow? We don’t know. So, do you still say: I have nothing to hide?

From HomelandStupidity:
The truth is that the innocent actually do have something to fear from state intrusion into their private lives.

Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny. — Thomas Jefferson

The essence of Government is power; and power, lodged as it must be in human hands, will ever be liable to abuse. — James Madison

Abuse of power isn’t limited to bad guys in other nations. It happens in our own country if we’re not vigilant. — Thomas Edison

The argument is a particular species of false dichotomy. You are presented with a simple either/or choice. Either you’re guilty, and so should be exposed; or you are innocent, in which case nothing will be exposed, and so you have nothing to worry about. Either way, you have no legitimate reason to be concerned. Like all false dichotomies, the problem is that there is at least one more option than the two offered in the either/or choice. — Julian Baggini

What’s the answer to that?
There’s the very real possibility that you are innocent, and yet will be persecuted by the authorities anyway.

It is weakness rather than wickedness which renders men unfit to be trusted with unlimited power. — John Adams

The two enemies of the people are criminals and government, so let us tie the second down with the chains of the Constitution so the second will not become the legalized version of the first. — Thomas Jefferson

Our country was founded on a distrust of government. Our founding fathers gave power to the people to keep an eye on government. So when politicians say, “Trust me,” they’re actually being very un-American. — David Duchovny

You’re not supposed to be so blind with patriotism that you can’t face reality. Wrong is wrong no matter who does it or who says it. — Malcolm X

It is better to risk saving a guilty man than to condemn an innocent one. — Voltaire

The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive. — Thomas Jefferson

Nice conclusion by Mr. Hampton :

You think you’re so innocent, try proving it. That’s what “nothing to hide” is about: destroying the notion of innocent until proven guilty, meant to protect we the people from abuse of power, and instituting the barbaric notion of guilty until proven innocent, where anyone can be searched, anyone can be seized, and sometimes, even the trial can be dispensed with. It’s about getting Americans used to the idea of proving their innocence at every opportunity, putting them on trial at the airport or at the roadside. After all, anybody who doesn’t want to prove their innocence must be guilty of something.

From Wired (famous 2006 Schneier article):

Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.” My problem with quips like these — as right as they are — is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.

Two proverbs say it best: Quis custodiet custodes ipsos? (“Who watches the watchers?”) and “Absolute power corrupts absolutely.”

Cardinal Richelieu understood the value of surveillance when he famously said, “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” Watch someone long enough, and you’ll find something to arrest — or just blackmail — with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies — whoever they happen to be at the time.

Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.

We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

Nice conclusion:

Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide.

From Alternet, a quote that is close to the John Adams quote above:

In his 1928 dissent in Olmstead v. United States, Justice Louis Brandeis cautioned, “The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding.”

Famous Benjamin Franklin quote, from the same article:

“They who would give up an essential liberty for temporary security, deserve neither liberty or security.”

Nice argument from the Telegraph in an article about ID cards:

That is what they say, and it sounds perfectly practical. If you think about it for a minute, though, it begins to sound less than practical and more like an affront to the reasonable (and traditional) notion that the state should mind its own business.

In a just society, what you have to hide is your business, until such times as your actions make it the business of others. Infringing people’s rights is not an ethical form of defence against imaginary insult.

You shouldn’t have to tell the government your eye colour if you don’t want to, never mind your maiden name, your height, your personal persuasions in this or that direction, all to be printed up on a laminated card under some compulsory picture, to say you’re one of us.

You weren’t born to be one of us, that is something you choose, and to take the choice out of it is wrong. It marks the end of privacy, the end of civic volition, the end of true citizenship.

Dichotomy problem well summarized on UKLiberty:

As I’ve argued, “nothing to hide nothing to fear” assumes there will be no wrongdoing and no incompetence.

(…) Do you use some sort of cover for your windows – curtains, or blinds?

(…) For example, I can’t explain exactly why I close my curtains at night. I’m not particularly concerned about being spied upon by CCTV operators – I just feel uncomfortable with people in general looking in. But I don’t commit crimes, so what do I have to hide?

What expectations of privacy do you have? What are you prepared to make known to others – what are you prepared to ‘trade-off’ – in order to gain a particular benefit?

Suppose it was proposed that crime could be almost completely eradicated if there was a CCTV camera and microphone and loudspeaker in every room of every home.

Would you support such a proposal?

If it saves the life of just one child it will be worth it, won’t it?

(…) This issue is about where we as individuals draw the line: we each have different expectations of privacy; different concerns about what we prefer to keep to ourselves, what we are willing to trade, and what we don’t particularly mind people knowing.

And it’s about the use and misuse of the data that is associated with you. Unfortunately we don’t live in a utopia: sometimes people make mistakes; sometimes people are dishonest, others are evil. There is certainly a case for rational distrust.

We therefore need to consider the risks involved with entrusting our private information to others – weighing up the pros and cons as best we can. How can mistakes and abuses be prevented? What are the likelihoods of mistakes and abuses? How can the effects of mistakes and abuses be mitigated? What legal remedies will be available to us?

But some people want to deny us those choices.

I don’t believe they have malign intentions.

They believe they know best: they claim it is in your best interests, and/or the best interests of society as a whole.

But they hinder us from gathering as much information we can about their proposals. After all, how can we come to an informed decision if we are unaware of the facts?

And the rules are such that it is difficult if not impossible to make our choices ourselves.

Sometimes they are even dishonest about their plans.

In conclusion, the claim that “if you have nothing to hide you have nothing to fear” is, at best, ignorant, and at worst, dishonest.

It is a much more complicated issue than can be summed up in those eleven words, or even an article of this length.

We need to improve education on the pros and cons of surveillance, the database state, individual proposals, and other issues relating to privacy.

When a privacy infringing measure is proposed, we each need to consider what we are willing to trade away in order to save money, prevent crime, prevent terrorism, reduce illegal immigration and working – or whatever is among the benefits of the proposal.

And we need to consider removing from power those people who seek to deny us choice about what we want to keep private and how private we want to keep it.

Very nice as well from the Australian Privacy.org:
- Everybody has something to hide (not necessarily criminal)
- They describe the need for physical safety, the need for private space, the need for freedom to behave or associate with others, the need to innovate, the need to express political thoughts.

About trusting the government:

If you’re confident that this Government would never do such things, then consider that you’re not just trusting this Government – you’re trusting every Government that will ever exist in this country.

Well said. Hitler was the head of a government. Pol Pot was the head of a governement. What if invaders or hackers get their hands on the government data?

Will not happen here? Really? From Huffington:

We are living in a time when the right of habeas corpus — which simply put is your right to be brought before a proper court of law where the government is made to prove that there is good and legal reason to detain you — recently survived by a margin of only one vote at the U.S. Supreme Court.

This rounds it up pretty much, ain’t it?

So, what do you say next time you are asked to “bare it all”?

• Public networks (Ants, Mute, Freenet, etc)
• Private networks (LogmeinHamachi, etc)
• Friend-to-Friend networks
• Anonymizing network layer (Tor, Web proxies, etc)

Until music labels die (ref1, ref2), there will still be a chance to be unfairly prosecuted. This is substantiated by the many dropped lawsuits for lack of material evidence.

In addition to the above solutions, quite a few articles have recently been published about an easy way to greatly reduce any hassle: use PeerGuardian

If you get nailed by the DRM freaks, check out EFF website for advices…