SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #121  
Old 22 January 2015, 14:10
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
I still use it, and recommend it.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #122  
Old 27 January 2015, 16:09
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 13,139
Quote:
Originally Posted by EightyDeuce View Post
is mullvad still the VPN of choice in these parts?
Look at AirVPN too. Look at cost, servers, what you need, then decide. I've used both, so either one, unless you need a server in a specific country - Air has a crap ton.
Reply With Quote
  #123  
Old 22 March 2015, 17:18
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
Turn off your computer after every single use. I preach this anyways, but it's good to see another proof of concept on why you should.

https://hsmr.cc/palinopsia/

Note: as seen in the article, even TAILS is affected by this.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #124  
Old 22 March 2015, 19:51
rhea's Avatar
rhea rhea is offline
As Above So Below
 
Join Date: Oct 2003
Location: Texas
Posts: 787
Quote:
Originally Posted by CV View Post
Turn off your computer after every single use. I preach this anyways, but it's good to see another proof of concept on why you should.

https://hsmr.cc/palinopsia/

Note: as seen in the article, even TAILS is affected by this.
Yep. I'm learning not to stay logged into social media just *because*. I know I shouldn't use it at all, but I don't have that much need to protect data.
__________________
Built for comfort; not for speed
Knowledge is power
When you cannot see past your own anger and fear; you are nothing. "A Course In Miracles"
''Rise and rise again until lambs become lions'' from the movie Robinhood with Russell Crow
No good deed goes unpunished..look what they did to Robin Longstride
"I'm not afraid of terrorists, I am; however, afraid of the other employees" -me.
Reply With Quote
  #125  
Old 6 June 2015, 21:21
smp52 smp52 is offline
Confirmed User
 
Join Date: Feb 2004
Location: So. Cal
Posts: 1,552
Say an agency like the OPM has all your data and a breach occurs. Besides the absurd 18 month monitoring scheme offered, standard stuff posted on various websites, what are some *real* steps one can take to mitigate the risk?

Any data security know how on that end?
Reply With Quote
  #126  
Old 7 June 2015, 08:31
Chemical Cookie Chemical Cookie is offline
???
 
Join Date: Jan 2010
Location: Some where
Posts: 708
Quote:
Originally Posted by smp52 View Post
Say an agency like the OPM has all your data and a breach occurs. Besides the absurd 18 month monitoring scheme offered, standard stuff posted on various websites, what are some *real* steps one can take to mitigate the risk?

Any data security know how on that end?
SMP...have you heard whether the offer is available to contractors of government agencies? I haven't heard anything from official channels, but at times that is no surprise.
Reply With Quote
  #127  
Old 7 June 2015, 11:02
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
Quote:
Originally Posted by smp52 View Post
Say an agency like the OPM has all your data and a breach occurs. Besides the absurd 18 month monitoring scheme offered, standard stuff posted on various websites, what are some *real* steps one can take to mitigate the risk?

Any data security know how on that end?
Stop working for the government?

Jokes aside, there's really nothing you can do because it's the government. Had it been your doctor's office that was breached, you could sue due to HIPAA violations, et al.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #128  
Old 7 June 2015, 14:52
smp52 smp52 is offline
Confirmed User
 
Join Date: Feb 2004
Location: So. Cal
Posts: 1,552
Quote:
Originally Posted by Chemical Cookie View Post
SMP...have you heard whether the offer is available to contractors of government agencies? I haven't heard anything from official channels, but at times that is no surprise.
No information regarding contractors. I guess we'll know more as stuff is communicated; answer IMO is "it depends" on what was specifically breached. Contractors may be in a slightly better position as any negative impacts from the government on performance would have be addressed under the FAR.

Quote:
Originally Posted by CV View Post
Stop working for the government?

Jokes aside, there's really nothing you can do because it's the government. Had it been your doctor's office that was breached, you could sue due to HIPAA violations, et al.
LOL!

The above is what I was thinking, but figured I'd ask since I'm on the Holiday Inn circuit. Not sure there's anything I can do besides changing key data points on my end to help mitigate risk, need some kind of monitoring approach in perpetuity for me and my family, etc.

Last edited by smp52; 7 June 2015 at 14:55. Reason: Additional info
Reply With Quote
  #129  
Old 4 July 2015, 14:10
Macka's Avatar
Macka Macka is offline
Confirmed User
 
Join Date: Sep 2001
Location: SOCNET-Northeast
Posts: 2,367
I just signed up for AirVPN. Just a month to check it out. I think I am broadcasting from Ottawa right now on the MacBook. Sweden on my iPhone.
__________________
Freedom costs a Buck 0-5
Reply With Quote
  #130  
Old 3 October 2015, 13:28
Macka's Avatar
Macka Macka is offline
Confirmed User
 
Join Date: Sep 2001
Location: SOCNET-Northeast
Posts: 2,367
OK privacy guru's, my question is this: If you go to the interwebs through a VPN, and visit a web site, who's cookies do they use? Your machine, or the VPN (if that's even possible)?

We had this question at work the other day and no one knew the answer for sure.
__________________
Freedom costs a Buck 0-5
Reply With Quote
  #131  
Old 4 October 2015, 15:34
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
Cookies are local to your browser.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #132  
Old 4 October 2015, 15:48
MountainBum's Avatar
MountainBum MountainBum is offline
Vivat Fraternitatis
 
Join Date: Apr 2004
Location: OCONUS
Posts: 926
Quote:
Originally Posted by Macka View Post
OK privacy guru's, my question is this: If you go to the interwebs through a VPN, and visit a web site, who's cookies do they use? Your machine, or the VPN (if that's even possible)?

We had this question at work the other day and no one knew the answer for sure.
What CV said. What that means is tracking across sites is still a concern, which can be mitigated by using Firefox along with the "Ghostery" plugin and turning off trackers as you visit new sites.
Reply With Quote
  #133  
Old 31 October 2015, 08:09
Macka's Avatar
Macka Macka is offline
Confirmed User
 
Join Date: Sep 2001
Location: SOCNET-Northeast
Posts: 2,367
Kind of cool....

http://www.wired.com/2015/10/tor-jus...mbid=social_fb
__________________
Freedom costs a Buck 0-5
Reply With Quote
  #134  
Old 14 November 2015, 11:44
Armitage12 Armitage12 is offline
Confronting the Reckoning
 
Join Date: Jan 2013
Location: Old North West
Posts: 1,366
A question for the experts in here:

I recently read a profile of the programmer behind Virtru (former NSA, concerned about security and civil rights, but unwilling to go full Snowden). I find it initially appealing because of the ability to use a plug-in on top of my existing mail program, and (if I understand correctly) the lack of a need to have my correspondents also use the program (like PGP/GPG).

Any experience with Virtru or opinions about it?
Reply With Quote
  #135  
Old 14 November 2015, 12:05
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
First, being a former NSA employee means shit. I know plenty of folks that did nothing of importance, but will use their employment at NSA as some kind of merit badge.

With that said, it looks like Virtu is based on Trusted Data Format (TDF) for encryption--which coincidentally is made-up/created by the owner of this company. That could mean anything, including not having anything to do with TDF. Or it could mean it uses TDF, which means?? I've never heard of it.

I have a lot of questions about this. It's not a vetted protocol, and I always scrutinize anything that is marketed as easier to use.

By the way, there are PGP encryption plug-in options for your existing mail programs, too.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #136  
Old 14 November 2015, 12:29
Armitage12 Armitage12 is offline
Confronting the Reckoning
 
Join Date: Jan 2013
Location: Old North West
Posts: 1,366
CV--thanks for that. I run OpenGPG as an extension on my email program, but suffer from my correspondents not using PGP themselves, which means I fail to practice using the extension enough. Something that does the encryption without requiring my correspondent on the other end to be using the same program is appealing. But appearances can be deceiving...
Reply With Quote
  #137  
Old 14 November 2015, 12:36
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
Quote:
Originally Posted by Armitage12 View Post
CV--thanks for that. I run OpenGPG as an extension on my email program, but suffer from my correspondents not using PGP themselves, which means I fail to practice using the extension enough. Something that does the encryption without requiring my correspondent on the other end to be using the same program is appealing. But appearances can be deceiving...
I'm not sure how it remains protected on their end. How are they decrypting the email?
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #138  
Old 14 November 2015, 13:29
Armitage12 Armitage12 is offline
Confronting the Reckoning
 
Join Date: Jan 2013
Location: Old North West
Posts: 1,366
The FAQ is here:
https://www.virtru.com/faq/how-do-i-...tru-installed/

It seems that the recipient is prompted to confirm his or her identity, and then a secure browser page opens up to display the encrypted email. I don't know exactly how spoofing is prevented. I'm still reading through it. There's an instructional video as well.
Reply With Quote
  #139  
Old 14 November 2015, 14:05
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,752
I don't like it.
* Unproven/Unknown protocol
* Unvalidated 3PP application to decrypt and read
* They collect your encryption keys.
* They will share your information with the government
* They collect and track your information via cookies for ad revenue, to include geolocation tracking

Anyways, that's my opinion of it.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #140  
Old 22 November 2015, 08:02
Tracker's Avatar
Tracker Tracker is offline
MSMD
 
Join Date: Jan 2015
Location: Midwest
Posts: 149
An interesting new type of add-on for your browsers. Obfuscation and chaffe rather than concealment.

Quote:
TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with Firefox and Chrome browsers and popular search engines (AOL, Yahoo!, Google, and Bing) and requires no 3rd-party servers or services.

How It Works

TrackMeNot runs in Firefox and Chrome as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. TMN serves as a means of amplifying users' discontent with advertising networks that not only disregard privacy, but also facilitate the bulk surveillance agendas of corporate and government agencies, as documented recently in disclosures by Edward Snowden and others. To better simulate user behavior TrackMeNot uses a dynamic query mechanism to 'evolve' each client (uniquely) over time, parsing the results of its searches for 'logical' future query terms with which to replace those already used.
Quote:
As online advertising is becoming more automatic, universal and unsanctioned, AdNauseam works to complete the cycle by automating all ad-clicks universally and blindly on behalf of the target audience. Working in coordination with your ad blocker, AdNauseam quietly clicks every blocked ad, registering a visit on the ad networks databases. As the data gathered shows an omnivorous click-stream, user profiling, targeting and surveillance becomes futile.

AdNauseam is a browser extension designed to obfuscate browsing data and protect users from surveillance and tracking by advertising networks. Simultaneously, AdNauseam serves as a means of amplifying users' discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 07:55.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
SOCNET 1996-2018