13 ways the NSA spies on us

[Also]

Over the last year, through the revelations of Ed Snowden and independent reporting by others, we've learned more and more about the National Security Agency's spying programs. Indeed, there have now been so many revelations that it can be hard to keep them straight. So here's a handy guide to the most significant ways the NSA spies on people in the United States and around the world.

1. The NSA collects every American's phone records


This was one of the first programs revealed by Snowden and it continues to be one of the most controversial. The Patriot Act allows the NSA to obtain business records that are relevant to terrorist investigations. The government claims that this gives it the power to obtain records — phone number dialed, time and duration of call — about every domestic phone call in the United States. In January the Obama administration proposed changes to require judicial oversight of access to the database.

2. The PRISM program lets the NSA access private user data on leading online services


A slide disclosed by Snowden lists 9 major internet companies — Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple — as participating in the PRISM program. The program allows the NSA to get private information such as emails, Facebook messages, and stored documents. It's not known how carefully these information requests are scrutinized.

3. The NSA engages in offensive hacking operations


Tailored Access Operations is the NSA's elite hacking unit. While some other NSA programs collect information in bulk, TAO engages in targeted attacks on high-value targets. It is believed that the NSA has a large library of exploits, allowing it to hack into a wide variety of consumer gadgets and business IT systems.

4. The NSA taps long-distance internet connections


The NSA works with countries around the world to tap into underseas fiber optic cables carrying vast quantities of fiber optic data. There's also evidence that the NSA has been tapping into fiber optic cables in the United States.

5. The NSA intercepted data flowing within Google and Yahoo data centers


When you log into GMail, you'll see a "lock" icon indicating that communications between your computer and Google's server is protected by encryption. But until recently, Google didn't employ encryption when it moved data between its own servers. The NSA tapped into these connections and harvested large quantities of user data. Yahoo was also targeted.

6. The NSA spies on foreign leaders


Recently there has been growing tension between the United States and Germany over charges that the NSA spied on the cell phone of German chancellor Angela Merkel. And she's not the only world leader who has allegedly been targeted by the US government. Brazilian president Dilma Rousseff and Mexican president Enrique Peña Nieto have also reportedly had their phone calls or emails intercepted. Documents released by Snowden suggest that at least 35 world leaders have been targeted by the NSA.

7. The NSA spies on millions of ordinary people overseas

The NSA has tapped into communications systems in Brazil and Germany — and likely other countries as well — to collect information about ordinary peoples' phone calls and emails.



8. The NSA tracks cell phone locations around the world



The NSA spies on cell phone networks around the world, collecting 5 billion records per day about the locations of users' cell phones. The agency isn't allowed to deliberately target cell phone users in the United States, but some American cell phone records are collected "incidentally."

9. From 2001 to 2011, the NSA collected vast amounts of information about Americans' internet usage



In 2001, the Bush administration began collecting data about Americans' internet usage. The data collected included the sender and recipients of emails, as well as information about which websites a user browsed. The program operated for two years under President Obama but was shut down in 2011.

10. The NSA has undermined the security of encryption products



Over the last decade, the NSA has persuaded technology companies to modify their products to make them "exploitable" — that is, vulnerable to targeted attacks by the NSA.

11. The NSA uses tracking cookies to choose hacking targets



Most commercial websites have "tracking cookies," small bits of data that are stored on a user's computer to help with ad targeting. Documents released by Snowden shows that the NSA uses these cookies to identify users as hacking targets.

12. The NSA has cracked a popular standard for encrypting cell phone communications



Most cell phone communications are encrypted to protect the privacy of users. But the NSA has cracked one of the most popular encryption standards, called A5, allowing them to intercept the contents of cell phone communications.

13. The NSA can record every phone call in a certain, unspecified, country and store it for 30 days



The Washington Post has reported that an NSA program allows the agency to record every phone call in an unspecified country, and store them for 30 days for later analysis. The Post didn't identify the country, but the Intercept has reported that the program is being used in the Bahamas.

http://www.vox.com/2014/7/9/5880403/...sa-spies-on-us

[Desaix DeBurgh]

http://www.vox.com/2014/7/9/5880403/...sa-spies-on-us

https://prism-break.org/en/ (this is a good start but using a VPN +TOR is the best option)

http://www.duckduckgo.com ( use instead of google and yahoo)

http://www.openbsd.org/

OpenBSD is the most secure operating system in the world the NSA cannot hack into it :

By default, this is the most secure general purpose operating system out there. The proof in the pudding? The fact that it suffered only two remote attack vulnerabilities in the last decade serves as solid evidence of its stringent security and strict auditing policy. Moreover, OpenBSD lacks a large enough attack surface (care of running numerous web applications) for hackers to exploit.

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. As an example of the effect OpenBSD has, the popular OpenSSH software comes from OpenBSD.

Also, OpenBSD's encryption is not compromised by the NSA. It is not userfriendly and you have to know UNIX well in order to run it. It is made by hackers for hackers and for security professionals. I have no problem running it though but I have over a decade experience with UNIX.



Use programs like redphone and silent circle

RedPhone

RedPhone is an application that provides encrypted voice calls for users of the Android operating system and its derivatives. The application enables encrypted voice communication between its users. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to set up an encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and uses push notifications to preserve the user's device's battery life while still remaining responsive.

Silent circle is something similar

Some more tips :

According to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google [I would include yahoo , too --kevin.]

Snowden conducted a remote interview today as part of the New Yorker Festival, where he was asked a couple of variants on the question of what we can do to protect our privacy.

His first answer called for a reform of government policies. Some people take the position that they “don’t have anything to hide,” but he argued that when you say that, “You’re inverting the model of responsibility for how rights work”:

When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights.

He added that on an individual level, people should seek out encrypted tools and stop using services that are “hostile to privacy.” For one thing, he said you should “get rid of Dropbox,” because it doesn’t support encryption, and you should consider alternatives like SpiderOak. (Snowden made similar comments over the summer, with Dropbox responding that protecting users’ information is “a top priority.”)

[Update: In a June blog post related to Snowden, Dropbox actually says, "All files sent and retrieved from Dropbox are encrypted while traveling between you and our servers," as well as when they're "at rest on our servers," and it points to other security measures that the company is taking. The difference between Dropbox and SpiderOak, as explained elsewhere, is that SpiderOak encrypts the data while it's on your computer, as opposed to only encrypting it "in transit" and on the company's servers.]

[And here's a more complete Snowden quote, from around 1:04:55 in the video: "We're talking about encryption. We're talking about dropping programs that are hostile to privacy. For example, Dropbox? Get rid of Dropbox, it doesn't support encryption, it doesn't protect your private files. And use competitors like SpiderOak, that do the same exact service but they protect the content of what you're sharing."]

He also suggested that while Facebook and Google have improved their security, they remain “dangerous services” that people should avoid. (Somewhat amusingly, anyone watching the interview via Google Hangout or YouTube saw a Google logo above Snowden’s face as he said this.) His final piece of advice on this front: Don’t send unencrypted text messages, but instead use services like RedPhone and Silent Circle.

Earlier in the interview, Snowden dismissed claims that increased encryption on iOS will hurt crime-fighting efforts. Even with that encryption, he said law enforcement officials can still ask for warrants that will give them complete access to a suspect’s phone, which will include the key to the encrypted data. Plus, companies like Apple, AT&T, and Verizon can be subpoenaed for their data.

Beyond the privacy discussion, Snowden talked about how and why he decided to leak documents bringing the government’s electronic surveillance programs to light. He repeatedly claimed that he wasn’t pursuing a specific policy outcome, but just trying to have an open conversation about these issues:

We can have secret programs. You know, the American people don’t have to know the name of every individual that’s under investigation. We don’t need to know the technical details of absolutely every program in the intelligence community. But we do have to know the bare and broad outlines of the powers our government is claiming … and how they affect us and how they affect our relationships overseas. Because if we don’t, we are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers.

As for why Snowden hasn’t come back to the United States to stand trial, he said that when he looked at how the U.S. government treated whistleblowers like Thomas Drake and Chelsea Manning, he became convinced that he wouldn’t be able to present his case to a jury in an open trial.

“I’ve told the government again and again in negotiations, you know, that if they’re prepared to offer an open trial, a fair trial in the same way that Dan Ellsberg got, and I’m allowed to make my case to the jury, I would love to do so,” he said. “But to this point they’ve declined.”

Snowden acknowledged that there’s some irony in his taking shelter in China and Russia, countries that don’t exactly have spotless human rights or privacy records themselves. He said Russia was supposed to be a transit point on his way to Latin America — but his passport was canceled while he was at the Moscow airport.

The New Yorker’s Jane Mayer ended the interview on a light note, suggesting that Snowden was now free to enjoy some vodka. He replied, “I actually don’t drink alcohol. Little-known fact: I’ve never been drunk.”

Here’s a full video of the interview. The discussion of privacy and consumer Internet services (which, again, consisted of two questions in a row) begins at around 58:30.

http://techcrunch.com/2014/10/11/edw...rker-festival/