# Lifestyles & Discussion > Privacy & Data Security >  prism-break.org  Mega-source page of privacy tools

## tangent4ronpaul

https://prism-break.org/

Opt out of global data surveillance programs like PRISM and Tempora. Stop governments from spying on you by encrypting your communications and ending your reliance on proprietary services.

-t

----------


## green73

Thanks for posting. I've been meaning to check this site out, since hearing James Corbett talk about it a couple weeks ago. 

I've just added Https Everywhere and Noscript to firefox. Will keep the page up and add more stuff later.

----------


## BuddyRey

Cryptocat used to be on their list of good chat/IM platforms.  I wonder what prompted them to remove it?

----------


## tangent4ronpaul

> Cryptocat used to be on their list of good chat/IM platforms.  I wonder what prompted them to remove it?


Bad kitty! “Rookie mistake” in Cryptocat chat app makes cracking a snap
Programming flaw makes it trivial to bypass crypto used by activists and journalists.

http://arstechnica.com/security/2013...acking-a-snap/

-t

----------


## muh_roads

I take it Ubuntu isn't very safe?  That's a shame since it seems the most friendly for people to migrate away from Windows/Mac.

----------


## tangent4ronpaul

> I take it Ubuntu isn't very safe?  That's a shame since it seems the most friendly for people to migrate away from Windows/Mac.


The latest version of Ubuntu integrated tracking of search queries and something else by default.  It can be turned off, but right now they do keep records of what you search for and where you go.  As such, that info is within gvmt reach.

(OK, I got it slightly wrong.... see next post)

-t

----------


## tangent4ronpaul

Privacy in Ubuntu 12.10: Amazon Ads and Data Leaks
https://www.eff.org/deeplinks/2012/1...and-data-leaks

See part 2 of Privacy in Ubuntu 12.10: Full Disk Encryption.

Earlier this month the eagerly awaited free software operating system Ubuntu 12.10 was released, and it includes a slew of new features (YouTube link), some of which have infuriated users because of privacy concerns.

Over the last couple of years Canonical Ltd, the company that develops Ubuntu, has been pushing the Ubuntu desktop in new directions with the desktop environment called Unity. A key feature of Unity is Dash, a single place to search for apps, documents, music, and other data on your computer. Starting with the latest release of Ubuntu, Dash is also starting to search the Internet for you. While some people find this convenient, others find it a violation of their privacy. Luckily, Ubuntu makes it easy to turn this off. Scroll down to "How to Disable Amazon Ads and Data Leaks" to learn how.

The first thing you'll notice about the new Dash is that when you search for something, you not only see local files but also Amazon-affiliated advertisements for products. There has been a massive outcry of complaints from the Ubuntu community about this, as well as a bug reports, both serious ("Don't include remote searches in the home lens", "Direct data leaking to Amazon") and tongue in cheek ("grep -R doesn't automatically search amazon", "Spyware coverage incomplete - limited to Dash"). Mark Shuttleworth, the founder of Ubuntu, defended the decision to include Amazon ads in Dash:

    We are not telling Amazon what you are searching for. Your anonymity is preserved because we handle the query on your behalf. Don’t trust us? Erm, we have root. You do trust us with your data already. You trust us not to screw up on your machine with every update. You trust Debian, and you trust a large swathe of the open source community. And most importantly, you trust us to address it when, being human, we err.

Technically, when you search for something in Dash, your computer makes a secure HTTPS connection to productsearch.ubuntu.com, sending along your search query and your IP address. If it returns Amazon products to display, your computer then insecurely loads the product images from Amazon's server over HTTP. This means that a passive eavesdropper, such as someone sharing a wireless network with you, will be able to get a good idea of what you're searching for on your own computer based on Amazon product images.

It's a major privacy problem if you can't find things on your own computer without broadcasting what you're looking for to the world. You could be searching for the latest version of your résumé at work because you're considering leaving your job; you could be searching for a domestic abuse hotline PDF you downloaded, or legal documents about filing for divorce; maybe you're looking for documents with file names that will gave away trade secrets or activism plans; or you could be searching for a file in your own local porn collection. There are many reasons why you wouldn't want any of these search queries to leave your computer.
It's Not Just Amazon

The new version of Dash that comes with Ubuntu 12.10 introduces more than just Amazon ads. It includes a new legal notice that you can see by clicking the "i" in the corner of Dash that states that by using Dash, you automatically agree to send your search term and IP address to a number of third parties.

    Unless you have opted out, we will also send your keystrokes as a search term to productsearch.ubuntu.com and selected third parties so that we may complement your search results with online search results from such third parties including: Facebook, Twitter, BBC and Amazon. Canonical and these selected third parties will collect your search terms and use them to provide you with search results while using Ubuntu.

Ubuntu's Third Party Privacy Policies page lists all of the third parties that they may send your search term and IP address to, and states: "For information on how our selected third parties may use your information, please see their privacy policies." In other words, once they give your data away, it's no longer their problem.

Canonical is not clear about which third parties it sends data to and when, but it appears that many of these third parties only get searched in certain circumstances. Ubuntu's new Online Accounts feature lets you authorize Ubuntu to use your accounts from Facebook, Twitter, Google, Flickr and other services for Ubuntu apps. Dash will likely search these services for photos, documents, and other content only after you've authorized Ubuntu to use them.

Canonical has been listening to feedback from Ubuntu users and they are working on improvements to Dash, such as loading Amazon images over HTTPS to prevent eavesdroppers from learning what users search for, and NSFW filters so that pornography doesn't appear in Dash. These changes are great, but it doesn't change the fact that users' search queries automatically get sent to third party companies without giving users a chance to opt-in.

Even loading Amazon product images over HTTPS instead of HTTP, the fact that they are loaded directly from Amazon's servers instead of from Canonical's means that Amazon has the ability to correlate search queries with IP addresses. One way to fix this would be if Canonical proxied all third party images and other content for Ubuntu users.
How to Disable Amazon Ads and Data Leaks

You can uninstall Dash's Amazon integration by removing the package called unity-lens-shopping from your computer. If you are currently using Ubuntu 12.10, you can click here to open unity-lens-shopping in Ubuntu Software Center, and then click the "Remove" button on the right. You can also uninstall it by opening the Terminal app and typing:

sudo apt-get remove unity-lens-shopping

If you want Dash to only search your local computer and not search the Internet at all, you can open the Privacy app and switch "Include online search results" from on to off, as pictured below.

Finally, if you don't like the direction that Unity is going but you still like the Ubuntu operating system, you can switch to a different desktop environment altogether such as GNOME 3, KDE, or Cinnamon.

You can get GNOME 3 by installing the package called gnome-shell. You can get KDE by installing the package called kde-full. And you can get Cinnamon by adding the Cinnamon PPA to your repositories and then installing the package called cinnamon. Once you have installed a new desktop environment, you can choose which one you want to use from your login screen. Click the Ubuntu logo next to your username to change your desktop environment.

What EFF Wants From Ubuntu

Ubuntu is the third most popular desktop operating system, and it's the most popular free software one. Many of EFF's employees run Ubuntu on their own computers. Here is what we would like to see from future versions of Ubuntu.

    Disable "Include online search results" by default. Users should be able to install Ubuntu and immediately start using it without having to worry about leaking search queries or sending potentially private information to third party companies. Since many users might find this feature useful, consider displaying a dialog the first time a user logs in that asks if they would like to opt-in.
    Explain in detail what you do with search queries and IP addresses, how long you store them, and in what circumstances you give them to third parties.
    Make the Search Results tab of the Privacy settings let users toggle on and off specific online search results. Some users might want Amazon products in their search results, but never anything from Facebook.
    We love that Ubuntu is bold enough to break new ground and compete directly with the large proprietary operating systems, but please make sure that you respect your users' privacy and security while you're doing it. Windows and Mac users are used to having their data sent to third parties without their express consent by software companies that are trying to maximize profits for their shareholders. Let's make sure Ubuntu, like the GNU/Linux operating system at its heart, remains an exception to this.

Stay tuned for part two of Privacy in Ubuntu 12.10, where we will talk about new Ubuntu privacy features that we really like.

-t

----------


## tangent4ronpaul

Bad News For Reader Privacy: Google News Doesn't Index HTTPS Sites
https://www.eff.org/deeplinks/2013/0...reader-privacy

In the ongoing effort to encrypt the entire web, news sites are an area of special importance. After all, the articles you choose to read can say a lot about you: how close you're following a political race, for example, can indicate where you stand on sensitive issues, or give clues about personal connections to the people or organizations being covered.

While a few news sites offer their content over secure HTTPS (e.g., partial support by the New York Times), far too many do not, much less by default. Our own Deeplinks blog is an exception. Readers can browse through our site without leaving a trail of which pages they viewed that can be easily picked up and stored by other people on the same wireless network or the reader's ISP—which could then be compelled to hand over that information to law enforcement or intelligence agencies like the NSA.

News sites should be given lots of encouragement to switch to HTTPS. But unfortunately, that category of sites faces a major incentive against doing so from Google. Google News, a section of the search engine that specifically searches through news sites, does not index articles available only over HTTPS. Google's decision undermines the privacy of readers who use the service.
(cont)

-t

----------


## tangent4ronpaul

//

----------


## presence

/subscribed

----------


## The Northbreather

thanks t +1

----------


## tangent4ronpaul

bump

----------


## Thor

So with Replicant or CyanogenMod, can you run it on your phone without a Google ID and Google tracking you?

----------


## tangent4ronpaul

Could a mod please move this thread to S&T?

ty!

-t

----------


## Thor

> So with Replicant or CyanogenMod, can you run it on your phone without a Google ID and Google tracking you?


Hello, anyone?  I want a smart phone where Google, Apple nor the NSA track me.  My choices are?

----------


## tangent4ronpaul

> Hello, anyone?  I want a smart phone where Google, Apple nor the NSA track me.  My choices are?


Went out looking and couldn't find a pic of a cheap kids calculator duct taped to a tin can.  Not even duct taped to a walki talkie!

Look up silent circle
There is also a company in Germany that sells very locked down ones, but they cost $3,500 each and you have to have one on each end.

There are some other solutions, some are mentioned in the "Keep you safe from the NSA" thread in S&T

-t

----------


## presence

> Hello, anyone?  I want a smart phone where Google, Apple nor the NSA track me.  My choices are?


GunnyFreedom

----------


## Thor

> Went out looking and couldn't find a pic of a cheap kids calculator duct taped to a tin can.  Not even duct taped to a walki talkie!
> 
> Look up silent circle
> There is also a company in Germany that sells very locked down ones, but they cost $3,500 each and you have to have one on each end.
> 
> There are some other solutions, some are mentioned in the "Keep you safe from the NSA" thread in S&T
> 
> -t


I am not looking to communicate with anyone that is on double secret probation.  I am just saying I want my privacy respected.  Google does not need to know what rest areas I crap in....

----------


## DGambler

> https://prism-break.org/
> 
> Opt out of global data surveillance programs like PRISM and Tempora. Stop governments from spying on you by encrypting your communications and ending your reliance on proprietary services.
> 
> -t


Can someone +rep him, I can't do it again.

----------


## tangent4ronpaul

> I am not looking to communicate with anyone that is on double secret probation.  I am just saying I want my privacy respected.  Google does not need to know what rest areas I crap in....


There are cheap phones nd cards available at convenience stores that are NOT smartphones.  If you get a smart phone you get GPS tracking.  With the dumber phone, you get triangulation tracking, which is not as accurate.  Still, pretty close.  Remove the battery if not in use and ideally stick in one of those Faraday cage bags.  Or toss it in the fridge or wrap it in several layers of heavy duty AL foil.  

Or buy a $3,500 dollar phone for everyone you want to talk to.  That's before the monthly service charge, btw...

You could also improvise a goat and tap into a closed businesses line if you needed to make a call...

-t

----------


## Thor

> There are cheap phones nd cards available at convenience stores that are NOT smartphones.  If you get a smart phone you get GPS tracking.  With the dumber phone, you get triangulation tracking, which is not as accurate.  Still, pretty close.  Remove the battery if not in use and ideally stick in one of those Faraday cage bags.  Or toss it in the fridge or wrap it in several layers of heavy duty AL foil.  
> 
> Or buy a $3,500 dollar phone for everyone you want to talk to.  That's before the monthly service charge, btw...
> 
> You could also improvise a goat and tap into a closed businesses line if you needed to make a call...
> 
> -t


So, I give up my life to Apple or Google, or go goat $#@!ing?

----------


## tangent4ronpaul

> So, I give up my life to Apple or Google, or go goat $#@!ing?


There are other options, some are technical.

Look, it's gotten to the script kiddy stage, so you may have a 13yo 4 doors down hacking your phone for the Lulz.

Smart phones, in general, are not safe right now.  Deal with it!

-t

----------


## Thor

> There are other options, some are technical.
> 
> Look, it's gotten to the script kiddy stage, so you may have a 13yo 4 doors down hacking your phone for the Lulz.
> 
> Smart phones, in general, are not safe right now.  Deal with it!
> 
> -t


I thought this was a semi technical discussion..  what are the technical options?  silent circle still requires a google id on the phone itself, yes?  so what "smart phone" does not have a user id?  Or bottom line, none...  And if not, why not?

----------


## tangent4ronpaul

Go here, read, follow links.

http://www.ronpaulforums.com/showthr...Bruce-Schneier

Technical? LOL! - not that much...

-t

----------


## tangent4ronpaul

Secure Cellphone Maker GSMK Talks Cryptography In A Post-Snowden World

http://techcrunch.com/2013/09/16/sec...snowden-world/

-t

----------

