PRISM: Privacy for Dummies

Another 'Grandma Alert' from Radsoft.

Get It Try It

BBC News published a piece on 'PRISM and privacy' on 12 June 2013. Here's a summary of the points covered in that article that pertain to computer privacy.

1. 'When you visit a website, your IP address, type of machine and screen size can easily be ascertained.'
   Yes, that and more. Because your browser volunteers this information. Ain't that cosy? Websites have to have your IP address - how else are they going to get the web pages back to you? But browsers are overly generous in the amount of information they offer.

2. 'The website can also see how you got there - by what search term or the last website you were on.'
   Yes, this is through the 'referer' [sic] field. Another wonderful thing browsers offer up - the site you came from. A way around this might be to always use 'about:blank' before proceeding, and/or pick a fast-loading site to always use. Don't give them more than they've already usurped.

3. 'If you are using a work computer, it's easy to find out who your employer is.'
   Of course. The IP leads to either an IP range allocation or giveaway whois data.

4. 'But an IP address is actually not a foolproof way to follow individuals, he adds.'
   Yes, because good ISPs still use DHCP. If you have an ISP that can't option you out of a static IP, then change ISPs. By tonight. Make a habit of cold-booting your router to get a new IP. Run this command to see what your current IP is and keep track of your IPs over time:
   
   curl -s http://checkip.dyndns.org|awk '{print $6}'|awk 'BEGIN {FS="<"}{print $1}'

5. 'Many will know of the issue of using cookies for tracking.'
   Hopefully. Exit your browser regularly and destroy all cookies. If you think your online life is so complex (you might prefer to call it 'sophisticated') that you can't remove all your cookies, then get a new life or get a new brain.

6. 'Commercial transactions go back forever on a site like Amazon.'
   Yes but only if you're stupid and log in before you decide to buy. And you can be coy and use Tor as often as possible. And if they're recording IPs, that'll really screw them up.

7. 'Of course, clear your cookies at the end of every browsing session and part of the ability to follow you disappears.'
   Yes but make sure you get them all. Not all browsers really clear them. For example: it's necessary with Apple's Safari to:
   1. exit completely
   2. restart and now remove all cookies
   3. Preferably run a script to remove all cookies in all locations anyway.

   The number of locations Apple use for Safari cookies today is obscene.

8. 'Search engines like Google have the ability to remember your search terms.'
   Yes but only if they can identify you. How can they identify you? By a cookie - you could be logged in somewhere. (Sites don't need cookies to identify you and log you in but they use them anyway. Go figure.) Or by your IP.

9. 'But there is disagreement among the experts over the way search engines like Google remember. It is easy to clear your cache and cookies, Cheesewright says. Once you do that Google may remember your searches but can't connect them to you specifically.'
   Of course.

10. 'Gmail and Yahoo both scan users' emails.'
    Yes. Once you're logged in, you're screwed. Go offshore with your webmail provider. And take a look at how many sites teh Googels own. Watch out for YouTube. And stay away from Google+.

11. 'Defenders point out that 'they' are not people but machines.'
    Don't listen to idiots like that.

12. 'Others might say that whether a machine or a human is doing the work, the potential for a privacy breach is there.'
    Duh. Read your Snowden again. The primary crime is having the data out there.

13. 'PRISM whistleblower Edward Snowden claims the NSA built an infrastructure that can intercept almost everything.'
    Duh again. Take a look at their new centre in Utah.

14. 'With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards.'
    That's a Snowden quote. And of course he's right.

15. 'Some experts have theorised that US security agencies can use basic keyword searches backed by high-powered computing systems to sift through vast quantities of data.'
    That's not a theory. It's bleating obvious. They can also crack encryption a lot better than anyone realises. They can also recover data from damaged or deliberately destroyed computer equipment in ways you can't imagine.

16. 'ISPs have certain obligations set out in security legislation.'
    Yes, isn't it wonderful? But there are a few who still refuse. Use them if you can.

17. 'Many apps rely on following a person's exact location.'
    And you're a sucker so you go along with it.

18. 'Whenever you underline a favourite bit on a Kindle, that can be sent back to Amazon.'
    Don't you love Kindle even more now? So don't underline. Or disconnect when Kindling.

19. 'On Facebook, people willingly share information with a group of their friends and acquaintances.'
    People on Facebook get what they deserve. The cornerstone of Facebook operations is the assumption that you are stupid. Not just your ordinary stupid but way stupid. Get off Facebook now and don't whine your friends are there. Get the F off.

20. 'All the seemingly trivial details we reveal about ourselves online every day can be cross-referenced and correlated often to startling effect.'
    Yes and Zuckie has a former member of the CIA on his board of directors.

21. 'If you tweet and say you're popping out to a particular park for a coffee, someone is on the trail of finding your home address.'
    Yes. And if you do that, you are stupid. Try picking up that flick with Will Smith and Gene Hackman and taking it seriously. Then pop a year's supply of clue supplement pills.

22. 'Cross-refer the postcode of the park with the person's surname and you might get a person's website registration details listing home address, mobile and email address.'
    Of course. And stupid people like that are easy to hack and rob. Welcome to the feast.

23. 'Tweeting with your location is disabled by default for everyone. But people who enable this feature may later forget just what they are revealing.'
    People who enable this feature deserve to be buggered with a chainsaw. Twitter shouldn't even offer such a feature.

24. 'Every Facebook like is being logged.'
    Think about it, sheeple. Change your drool bib and think about it again.

25. 'Facebook likes were 88% accurate for determining male sexuality, 95% accurate distinguishing African-American from white American and 85% accurate in differentiating Republican from Democrat.'
    It should be obvious how stupid it's been for you to be on Facebook. Add to that the tacit encouragement to not use a nickname and to be as open as you can about your identity, and you begin to see what Zuckie really thinks of you. For he does.

26. 'Even when not in use for a call, a mobile phone that is switched on may be tracked to the nearest masts from which it is taking a signal. This is unlikely to give a very exact location, but it has been used in a number of murder cases.'
    Cells are the world's best spying device, said Rick Falkvinge. Now try convincing your granddaughter.

27. 'Obama insisted nobody's listening in on your phone calls.'
    And you believed him?
    
    He's lying again, but you're used to it by now. Julian Assange himself uncovered an NSA technology 17 years ago that was perfected to eavesdrop and analyse all phone calls everywhere. The metadata tells a lot too, but remember that the spooks are in fact listening in on all calls all the time.
    
    Your calls are recorded and categorised. On. The. Spot. Root forms of the words you use are extracted and evaluated thereafter. The NSA do much more than simply eavesdrop.

Steps You Should Take

• Browsing. Use cookies only when you need them. Clear them all no matter what after every browsing session. Exit your browser regularly and clear them out. Uninstall Java.

• Router. Opt out of a static IP, and opt away from your ISP if you can't. Reboot your router regularly if you're not automatically given a new IP from time to time. Remember that the two sure ways you can be tracked are through cookies and your IP.

• Facebook. Get off it. Today.

• Twitter. Never reveal personal info.

• Twitter DMs. They're never really deleted, so be careful what you post.

• File system. Delete files you don't need and get a good tool to shred disk free space.

• Browser remnants. Don't leave giveaways on your browser bookmark menu. Metadata is important to the wrong people and not good for you.

• Email. It's a postcard. Anyone can read it. Everyone already does. Use encryption (PGP, GPG).

• Webmail. Get offshore. Recommending providers here will only give the spooks an idea where they should apply pressure. Find the sites on your own. Use sites that don't require a data trail. Never give them correct information. Check your email headers for sender IPs. Always use Tor to connect.

See Also
BBC News: PRISM and privacy: What could they know about me?