What You Need to Know About Microsoft’s Spying Ways

microsoftI had a conversation the other day with the best and most knowledgeable computer guy I know. After discussing privacy threats, he made this statement:

Everybody buying a Windows computer today is a traitor to humanity.

Now, this is a very technically oriented guy, and he quickly agreed with me that most people don’t have a clue about such things. Still, the primary point stands: Whenever any of us buys a Microsoft product, we are supporting the tools of our own slavery.

Here’s the problem:

Because people keep buying Windows, computer manufacturers are forced to buy and provide “Licensed for Windows” products. And those products include a lot of bad things. As I’ve pointed out before, Microsoft cooperates massively with the NSA to provide them with records of your thoughts and actions. But the problem my friend referred to was something else… something called TPM,

Trusted Platform Module.

It’s a little chip in your computer that is, in my friend’s words, “way evil.”

Microsoft’s goal (with Apple following in their footsteps, by the way) is to kill the general purpose computer. Combining this Trusted Platform Module with Windows provides something that Microsoft and their government pals have been after for a number of years: something called Digital Hygiene.

If that sounds slightly Nazi-ish to you, I’m glad, because it is.

Digital Hygiene means that unless Microsoft approves of all the software on your computer – or any number of other factors, to be determined in the future – your Internet access will be instantly cut-off.

Here’s what Microsoft’s Corporate Vice President of Trustworthy Computing was quoted as saying (by multiple sources, at a conference in Berlin) in 2010:

Infected computers should be quarantined from the Internet, and PCs should have to prove themselves clean with a digital health certificate in order to access the Internet.

Now they are doing it, and my friend is right to raise an alarm.

More and more computers cannot run anything except a “signed” operating system – signed by Microsoft or the hardware manufacturer. In other words, if they haven’t given the A-OK that what you’re using is as it should be, you get cut off. Moreover, the “we certify it or what you bought won’t work” extends to every program you run.

This is already inside any computer that is sold as “Ready for Windows 8.” When you install Windows 8, these capabilities are automatically activated.

Once that’s done, you will need major computer skills to wipe it off your machine and install something better.

What this all means is that, in the not too distant future – if you use a Windows machine – you might be limited to a small selection of pre-approved, pre-sanitized, privacy-questionable programs.

And I can almost guarantee all the tools we use now to protect ourselves from the reach of digital snoops will be blocked too, leaving us naked and vulnerable.

But there is a solution.

Buy a Linux machine. Not only will it protect you against the above, but it’ll be cheaper, and doesn’t have all the problems that Windows does (e.g., the blue screen of death).

Here’s how to get started:

  • Buy an older model computer with an AMD processor. They’re cheaper and still offer WAY more power than you’re likely to need. Just be sure to ask if the thing comes with “vPro,” “CompuTrace,” or a “TPM chip.” If it has any of these, don’t buy it!
  • Install Linux Mint on it; a user-friendly version of the program.

Most likely, unless you’re technically minded, you’ll need to enlist the help of your local independent computer retailer. Do so – they will be a great resource as you shift to a non-Microsoft world.

Remember, Microsoft is a traitor to their customers, relying upon their ignorance to keep the game going.

Don’t be their zombies!

microsoftSource: Edward Snowden

Paul Rosenberg
FreemansPerspective.com

Cryptohippie Responds to the NSA’s Attack on Encryption

cryptohippieEditor’s Note: The founder of FreemansPerspective.com, Paul Rosenberg, has spent many years trying to protect Internet users from unjustified surveillance by groups like the NSA. He is part of the team at Cryptohippie, who offer something called a Virtual Private Network (VPN). It’s a service that helps its users avoid tracking by the snoops.

However, it’s just come to light that many such “protection” services have been compromised themselves. Lest people think Cryptohippie has suffered the same fate, he’s asked us to publish a clarification on just how Cryptohippie protects its users – and indeed, what you should look for before using such a service yourself.

– Thomas Anderson
Editor, FreemansPerspective.com

——————

On September 5th, Glenn Greenwald and others revealed that the NSA was able to break the vast majority of encryption used on the Internet. You can find the story here or here, and commentary by cryptographer Bruce Schneier here.

Below, we’ll explain why you need not worry about your Cryptohippie service, but first, here is a short list of what was revealed:

  • Tech companies and Internet providers are cooperating with the NSA to break encryption everywhere. They are installing “secret vulnerabilities” and “covertly influencing product designs.”
  • Encryption for Hotmail, Google, Yahoo and Facebook is already broken.
  • Your data streams are recorded and decrypted, since the NSA (and their British counterpart, GCHQ) already have access to your secret keys.
  • These attacks involve something called key exchanges (involved in all encryption) and the subversion of certificate authorities, such as Symantec, Comodo and GoDaddy.
  • They have already broken 30 VPNs (Virtual Private Networks) and are working toward 300.
  • The NSA has capabilities against HTTPS (used to protect online shopping and banking) and voice-over-IP.
  • Encryption is still effective, if used well. As Edward Snowden said, “Properly implemented strong crypto systems are one of the few things that you can rely on.”

It appears the NSA and GCHQ are specifically targeting “certificate authority” services. These are services that verify the authenticity of cryptographic keys.

In particular, it seems that the NSA is colluding with, intimidating or subverting these companies.

Why Cryptohippie Remains Safe

None of the leaks so far have changed anything in our threat assumptions. Almost all of this has been assumed among industry professionals, and we have done a few things from the beginning to keep such problems at bay. In specific:

  1. We run our own certificate authority (CA).
  2. We separate server keys from client keys.
  3. We force clients to verify that they are talking to a server-key and that it is signed exactly by our CA.
  4. We do not allow new keys to be generated.
  5. We generate all keys with a known good generator.
  6. We only rely on static asymmetric keys for authentication, not for negotiating the session keys for content encryption. For that we use DH to generate ephemeral session keys.
  7. We use good random source on the servers (combination of hardware and software source, with a FIPS check on randomness).
  8. Because we use DH and good random sources on the server, we can assure good session keys for each connection, even if the user’s computer cannot provide good quality randomness itself.

In other words, our network remains highly secure.

Our public facing website is less secure. We have to use official CA keys there. That, however, matters very little; we don’t have any non-public data attached to that site at all.

Our mail servers have that same certificate issue, but only on the public facing side, not internally. This doesn’t affect our security either: Mails sent out of the Cryptohippie (CH) network have never been safe from the NSA, only mails that stay inside our network – to and from other Cryptohippie users.

Implications

The long-term implication of this for Cryptohippie is that we may face the day when they come knocking, or come hacking. So far, all goes well for us.

The bosses at NSA apparently see this as absolutely necessary for the survival of the United States. (The fact that it survived for 200 years prior is ignored.) One of their documents from 2007 said this:

In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs. It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.

In other words, they are obsessed with this, and see it in the starkest possible terms. We’re not sure whether this is just rah-rah talk for the techies who work for them, or whether they really believe it (which would border on mental illness), but it is very dangerous. There’s no worse tyrant than one who believes he’s righteous.

The implications for the Internet community in general are these:

  1. Do not use a VPN unless it has its own Private Key Infrastructure.
  2. Do not trust certificate authorities.

Specifics

This may be a little technical, but we want to be clear on so serious a matter. Here’s what we see at the moment:

  1. From the data we have both from Snowden and from other sources, plus our own experience, the base algorithms are secure.
  2. The NSA is doing exactly what has been asserted among professionals for some time: subverting certain software, systems and providers, then promoting them as the ones to use.
  3. Several of the protocols used – or at least certain of their implementations – are insecure, not just by accident, but also by design.
  4. The global public key infrastructure is broken.
  5. Some key generation implementations have been tweaked to give out keys that can be cracked more easily. That has happened accidentally in the past, but the NSA seems to have done it on purpose. There are good hints as to which implementations are subverted.
  6. The NSA’s plan is to: give up on controlling crypto itself (it’s unfeasible); don’t rely on breaking algos (too expensive or not possible); subvert stuff, then push the subverted stuff; and kill stuff that isn’t subverted.
  7. The NSA has active capabilities to intrude into many connections. This requires a lot of technology, which is in place all over the world.
  8. We can still protect intergroup communications.
  9. Public communication without secure key exchange and traveling over the clearnet is broken, likely beyond repair. It’s almost impossible to roll out an alternative to x509 on a global scale.
  10. This might lead to a push for a general overhaul of the security infrastructure on the internet.

Key Authentication

Here’s what key authentication means:

To connect the owner of a key to his/her key, most systems today use a trusted third party for verification. In order to trust the verifications of these parties, you must trust three particular things:

  1. That the trusted party is acting faithfully, not deceiving, and not deceived itself.
  2. That the signature system is unbroken; that is, both the signature algorithm and the hashing used in it are secure.
  3. That the signed key is secure, that it hasn’t been leaked, and that there has not been a private key generated from the public key that has been signed.

That leads you to questions (and answers) like the following. We have omitted the complicated discussion of hashing.

Is the trusted party trustworthy? (No. Most CAs are surely not trustworthy.)

Is the trusted party competent? (Some are; others are not.)

Is the signature algorithm secure? (Yes, the signature algos are secure.)

Is the public key algorithm irreversible? (That depends on random number source. We have seen many such attacks in the past few years.)

Is the private key secret? (Clearly many secret keys are being sold to the NSA, or stolen.)

Key exchange is only secure if you can answer “yes” to ALL of the above questions. Clearly, we can’t, in most cases today. The math is generally good, but the implementations and organizations are not.

Paul Rosenberg
FreemansPerspective.com

The NSA’s Secret War Against Online Privacy Seekers

nsa surveillance privacyIf you haven’t seen this yet, I’m sorry to drop it on you:

On September 5th, Glenn Greenwald and others revealed the extent of the NSA’s destruction of privacy – not just the privacy of people who are oblivious to the situation, but that of privacy seekers as well. You can find the story here or here, and commentary by a legitimate expert here.

Here’s What Was Revealed

  • The biggest tech companies and Internet providers are cooperating with the NSA (which may be why they’re big) to break encryption everywhere. They are installing “secret vulnerabilities” and “covertly influencing product designs.”
  • Encryption for Hotmail, Google, Yahoo and Facebook is already broken. Others as well.
  • Your data streams are recorded and decrypted, since the NSA (and their British counterpart, GCHQ) already have access to your secret keys.
  • These attacks involve something called key exchanges (involved in all encryption) and the subversion of certificate authorities, such as Symantec, Comodo and GoDaddy.
  • They have already broken 30 Virtual Private Network systems and are working toward 300.*
  • Greenwald and others report that in the NSA documents, ordinary Internet customers are referred to as “adversaries.”
  • The NSA has capabilities against “HTTPS, voice-over-IP… [which are] used to protect online shopping and banking.”
  • However, it can be said that encryption is still effective, if used well. As Edward Snowden said, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

What This Means to You

If you hadn’t taken this seriously or were content to let others keep you safe, now’s the time to wake up and act. You have to protect yourself. No one is going to step in and do it for you. Magic hackers will NOT ride in to your rescue.

You must either learn to handle your own security, seriously, or pay for a top-notch service. If you go cut-rate, you’re just paying for the NSA to spy on you.

I may be preaching to the choir here, but don’t even try to pretend that the government will fix this – they are the people who are doing it – and they love the power. And don’t pretend that the military will step in either – the NSA is part of the military.

We’re all perps now. If all Internet users are “adversaries,” do you really think anyone is safe?

What This Means to Us All

Forget about the US Constitution; it’s a non-factor now. This is just the latest example of people who are drunk on power and don’t care about the principles on which this country was founded.

The NSA and the entire US/UK “security” apparatus is a gigantic drunken beast. The operators are arrogant and untouchable. Their bosses have openly lied to Congress, with no consequences. Do you really think they will remain angels? (Did you ever really think they were?)

The reality is, the system is beyond broken, no matter what kind of happy talk you hear on TV.

Make no mistake, this is the eye of Sauron. It is the empowerment of arrogance and power… and ultimately of death. You might think me dramatic but history doesn’t lie: Surveillance kills.

Once they have your communications, they have your thoughts. They are currently analyzing those thoughts and have already begun to quietly manipulate them. That is, if you choose to let them. Yes, it is your choice.

Be aware of the danger, take it seriously and become the kind of person you want to be… not the one they want to manipulate you into becoming.

[Ed. Note. An important paid report… yours today for free: How Surveillance Destroys Us (and what we can do to stop it).]

While the various program specifics of government surveillance have been well covered, Paul Rosenberg has come up with a brilliant perspective different from anything else we’ve seen.

In this important report, he talks about the (often subtle) psychological effects that non-stop surveillance has on us as living, breathing and thinking human beings.

Specifically, he sheds light on how governments routinely use surveillance to quietly manipulate us into doing what they want without question. That may sound crazy but the evidence doesn’t lie. And it’s all out there in plain sight for those who choose to see it.

This is traditionally a paid members-only benefit, but for a limited time, we’ll make it available to anyone who wants it. Click here to grab your copy.]

* The service I am associated with, Cryptohippie, is unaffected by this. Like other professional services, we operate our own public key infrastructure, without outsourcing trust and control to a third party, like an unaccountable Certificate Authority. We use Perfect Forward Security cipher suites, which prevent communication from being decrypted after the fact, or when keys are lost. We will be publishing a detailed explanation of why Cryptohippie remains safe for our customers, and we’ll ask FreemansPerspective.com to post it as well.

Paul Rosenberg
FreemansPerspective.com

The Other (Worse) Side of the PRISM Scandal

prism online surveillanceThe fallout from the PRISM scandal has reached Stage Two, where faces in front of television cameras promote memorable slogans to give people reasons to accept their abuse and to pretend that everything is okay. And, overall, these slogans and their promoters break down into to two primary models –  predators and battered women.

Let’s start with the predators.

These abusers –  who are building the largest blackmail archive in all of human history – keep coming back with the same old hateful slogan:

If you don’t do anything wrong, you have nothing to fear.

Understand this clearly: these are the words of a predator speaking to his hostages.

As you sit, his gun pointed at your chest, he says, “As long as you keep the rules, I won’t shoot.” This phrase is intended to hold you in that position, under the complete control of the gunman.

The trick of this evil phrase is that it takes the first position – with you as a hostage – as a given; as an assumed starting point. The phrase allows no possibility of you existing without a gun pointed at you.

Your captor says, “Don’t transgress me and I won’t kill you.” But all the while he maintains that it is righteous for him to keep you in permanent fear of the SWAT team breaking down your door at 3 am and sticking their automatic weapons in your face.

But, of course, it’s never “terror” when they do it, and you can be sure that, after you’re taken in, their friends at the TV stations will call you “suspected terrorists.”

Never accept a predator’s right to say this to you. Don’t accept his right to hold such a position over you. Instead, say something like:

I don’t grant you that position.

You’re not my master.

Why would I want you (or your bosses) to hold such a position over me?

Whoever throws this phrase at you is justifying your position as a hostage and is locking you into it.

Now, let’s move on to the equally disturbing issue of battered women.

The sad truth is that quite a few women have been beaten by their boyfriends or husbands, and they stay, rather than leave. Instead, they find ways of justifying their abusers, saying things like:

We’re working it out.

It wasn’t like it seems.

If I just ease up a little on him, it’ll be alright.

It’s not that bad. At least he doesn’t…

He said he’s sorry.

I can’t manage without him.

This is ugly stuff, but spousal abuse is, sadly, not uncommon.

But notice that people routinely use variations of the same “it’s not so bad” slogans to justify government abuse:

Mass surveillance is good because it also collects the data to prove people to be innocent!

I’d rather trust a computer and algorithm to spy on me than a human.

The primary job of the state is providing security for its citizens.

Surveillance on financial data is a whole different subject. That is about taxes, not free communication.

And there are many other variations.

So, we have hit the season of a two-fold attack on reason:

  • First, we have the predators trying to lock everyone into place in front of their guns.
  • Second, we have the sycophants trying to convince us that it’s okay – that we really do need our abusers.

This is the other side of the PRISM scandal, the one that most people don’t (or don’t want to) see: the subtle manipulation of our minds to ultimately turn us into sheep… those that will accept the role of the abused without question or complaint.

And to me, that’s the most disturbing side of all.

Paul Rosenberg
FreemansPerspective.com

Paul Rosenberg on RT: Online Surveillance in the US

online surveillance in the usYou will probably be quite familiar with the idea that the government has a nasty habit of spying on Americans who haven’t done anything wrong.

Until recently, most of us have been called kooks, conspiracy nuts and worse… But, as the scandals keep coming, the general public is starting to wake up to the abuses.

One leading voice in the effort to help people recognize and make sense of what’s going on is outside the Matrix author Paul Rosenberg. A few days ago, media network RT invited him into the studio to talk about these things.

Paul Rosenberg on RT: Online Surveillance in the US

Click here to watch the video on youtube.com: Paul Rosenberg on RT: Online Surveillance in the US

Personal and Online Privacy: If you have nothing to hide, why do you care?

Personal and Online Privacy: If you have nothing to hide, why do you care?We’ve all heard the insulting, tyrannical cliché about privacy: If you have nothing to hide, why do you care?

The comeback, if not that it would fall on deaf ears, should be this: Because I value myself.

The real value of privacy is not because it allows us to hide things, it’s that privacy allows us to develop independently – according to our own natures.

In other words, privacy is an essential tool for personal development.

Privacy is a positive good, not merely a tool for hiding things.

Deconstructing the Cliché

Before we get to the core of this issue, we really should deconstruct this dirty slogan we opened with. Consider the implications of the words if you have nothing to hide:

  • First of all, it is an accusation and an insult, implying that you are engaging in evil.
  • Secondly, it is a threat to turn you in to the authorities.
  • Thirdly, it implies that the entity you are hiding from is supremely righteous and morally superior.

Fundamentally, this slogan is a weapon. It is used to intimidate and confuse you; to force you to bow down to authority; to be as cowardly and compliant as the person using it.

The users of such slogans are angry that you are showing them up in courage. They want you to be in the center of the enforcer’s gun-sites, just like they are.

Now, as to the party that these people think we shouldn’t be hiding from… do they mean governments? If so, they are slandering themselves, since they almost certainly complain about governments endlessly.

The idea that a government is somehow morally superior to us is ridiculous. By any objective standard they are far worse than an average working guy. Pretending that our overlords are righteous is a superstition of the basest kind.

Privacy and Self-Development

Let me start with a quote from a French author whose name escapes me at the moment:

Everything from without informs man that he is nothing. All within tells him that he is everything.

It so happens that one of the better psychologists of our time is a friend of mine. He says that up to half of what we are, we owe to the previous choices we’ve made. (The other factors being heredity and environment.) But, whatever the numbers, choice is the only factor we can do anything about

The truth is that our choices form us. They make us what we are.

What we are next year will be a reflection of the choices we make today. But, choices that are imposed on us from outside – edicts, intimidations, fears, manipulations – work against our healthy development.

People wouldn’t go through the work of imposing choices if those people would make the same choices naturally. Only if you want people to choose against nature do you try to push them in a particular direction.

So, the pre-packaged choices that are thrust upon us daily are not working in our interests, they are working in someone else’s interests. Are we really to think that such choices are best for us?

To develop ourselves healthfully, we must develop ourselves by ourselves, without outside pressures.

The less we are able to choose freely, the less we are really ourselves, and the more we become what other people want us to be.

The positive value of privacy is that it stands between us and manipulative outside forces.

Privacy allows us to grow according to our own natures, not according to the demands of a collective.

Privacy is a tool for becoming what we authentically are.

The Hedge of Anonymity

Anonymity allows us to develop our interactions with the outside world in healthy ways, rather than in manipulated ways.

We have all been intimidated by fear of what others might say. This has stopped us from doing and saying many things, and that wasn’t good for us. Intimidation is clearly an enemy. Anonymity protects us from this enemy by removing any way for consequences to come back to us.

Anonymity allows people to put their ideas into a public square while insulated from shame. So what if some of those thoughts are not good? Once spoken in the public square, they can be tried, analyzed and improved. It is profitable for us that this should occur more, rather than less.

Forget the stories of anonymous people being nasty – those comprise a tiny fraction of the whole and are used for the sake of fear and manipulation. (Humans massively over-respond to fear.)

If You Have Nothing To Hide…

I hide things because I wish to develop in my own way, not in the ways that manipulators wish me to develop. Anyone who says that this is wrong is also telling me that I was born to be a slave.

Only those things that are reliably private are protected from the modern world’s ambient environment of intimidation. It is in those environments that we can develop in our own ways, without obstruction and opposition.

Conditions of privacy or anonymity are almost the only conditions that allow for healthy development.

I think we can all agree that prayer has long been used in personal development. So perhaps Jesus had some of this in mind when he said:

When you pray, go into your room and shut the door and pray to your Father who is in secret.

But if the sloganeers are right, Jesus was a bad man, hiding his evil deeds from morally superior overlords. They would have slapped him with their nasty little slogan, just like they do us:

So, Jesus, why do you need to pray in secret, if you have nothing to hide?

Paul Rosenberg
FreemansPerspective.com

Credit: This article was inspired by a paper circulating in the darknet called The Treasure of Privacy.

[“Personal and Online Privacy: If you have nothing to hide, why do you care?” was originally published on LewRockwell.com]