Yes, You Are Being Manipulated by Your Government

governments manipulateThe truth that government agents are influencing people online has been visible for some time to those who were looking. For example, in 2011, we got proof that military contractors and the US Air Force were doing this. (See here and here.) There were other facts as well, including the publicly-stated wishes of Cass Sunstein.

Most people didn’t see those stories, of course, and those who mentioned them were thought to be crazy. “If it was true, we’d have heard about it!”

In early February, however, we got serious proof, courtesy of Edward Snowden and Glen Greenwald. Honestly, I expected this to be a big story, like many of the previous Snowden leaks. Instead, the story went almost nowhere. The “news” simply refused to cover it. And while the story did run on a few websites, I don’t know of it running in any major newspaper or on any TV news, except perhaps RT, the Russian 24/7 English-language news channel. (NBC did run a prior and less troubling story.)

But, we have the slides, and we now know what the NSA and its British partner, GCHQ, are doing to us.

The Manipulations You Pay For

Let’s start with this direct quote from the GCHQ on two tactics of their JTRIG (Joint Threat Research Intelligence Group) program:

(1)  to inject all sorts of false material onto the Internet in order to destroy the reputation of its targets; and

(2)  to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable.

Here’s their slide for training agents how to discredit people:

governments manipulate

These are their tactics for discrediting companies:

governments manipulate

Here’s just one more, listing the tricks they use to manipulate people:

governments manipulate

So…

So, this is where we are. All the Anglosphere governments are – RIGHT NOW – building systems to manipulate us 24/7.

Please understand that it is far, far easier and cheaper for computers to do this work than to have actual humans at keyboards. And thousands of amoral engineers and psychologists are currently selling us out for mere paychecks, by programming computers to do just that.

If there is one message that I’d like to get across on this subject, it is this:

Your rulers are immoral, rapacious, and unrestrained. They are building a hell for you and your children right now.

I’m sorry if that seems strong, but speaking the truth leaves me no option.

Big Brother did not come with elections and clear choices; it came riding on the usual human weaknesses: fear, greed, and servility.

Paul Rosenberg
FreemansPerspective.com

Free Services Are for Suckers

free services internetJust a few weeks ago, it was revealed that the FBI will be going through a huge stack of emails they stole from a free service, to find some peaceful people they can publicly prosecute. The service was called Tor Mail…and their advertising slogan was Free Anonymous Email.

Supposedly, this system was ironclad and immune from government attacks. And, presumably, the operators would do this very hard thing, forever, and for free. That’s just not rational, regardless of the operator’s intentions.

Nonetheless, a small army of people signed up and used the service. It was free, after all!

Now, they are being burned, and maybe badly. That sucks, and they almost certainly don’t deserve it, but it was also rather predictable.

Free is for suckers. Always has been, still is. Jump at “free,” and you volunteer to pay the piper eventually.

Free Contributions Versus Free Services

There is a fundamental difference between free contributions and free services. Free contributions can be honest, important, and noble.

Phil Zimmerman gave us PGP, Tim Berners-Lee gave us HTTP, and Satoshi Nakamoto gave us crypto-currency. All of these were gifts, for which we should be grateful.

Operating a service, however, is something different:

  • The contribution – the gift – requires a specific and limited expense of time and passion.
  • A service requires daily work, most of it less than exciting. And there is no end to it.

Gifting something to the world is wonderful and deserves our gratitude. There’s nothing wrong with it. Nor is there a real problem with the shareware model, or with a free trial before buying, or the donations model.

Doing the daily grind that is necessary to run a service, however, is something very different. These are not acts of passion; they are acts of determination and endurance. Sure, there can be moments of passion, but an ongoing service requires far more than that. And, any service provider that can’t deal with “grind it out” work doesn’t survive.

The Free Service Game

Right now, free services rule the Internet. Yahoo, Facebook, Google, Twitter, Instagram, and all the rest… their business model involves getting people to use their systems for free.

But if you use something for free, you are NOT the customer. These companies DO have customers who pay them money, but that’s not you… which means that you are the product!

Let’s not forget what Facebook’s Mark Zuckerberg famously texted his friend:

Zuck: Yeah so if you ever need info about anyone at Harvard, just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

Friend: What? How’d you manage that one?

Zuck: People just submitted it. I don’t know why. They “trust me”

Zuck: Dumb f*cks

Anything you run through a free service goes beyond your control, immediately and permanently. These companies are monetizing your life, and the lives of your family and friends. Again, you are the product, and they’re selling you to anyone who will pay.

No one really runs a service for free.

The same thing goes for smartphone apps, by the way. They give them to you for free, or for almost free, and they also sell your life to anyone who will pay. The primary purpose of most apps is to spy on you. Read their privacy statements sometime.

“Nothing Bad Will Happen”

This is said every day, as it has been by more or less all the victims of history. I’m not for walking around in fear of course, but if you grab at “free” products, you are stepping into a trap.

If you don’t know the price in advance, you’ll be charged anyway (in this case, by having your life sold), and you’ll overpay.

And bad things do happen, as they did to Brandon Raub.

Is ‘saving’ a couple bucks really that big a deal?

Paul Rosenberg
FreemansPerspective.com

Cryptohippie Responds to the NSA’s Attack on Encryption

cryptohippieEditor’s Note: The founder of FreemansPerspective.com, Paul Rosenberg, has spent many years trying to protect Internet users from unjustified surveillance by groups like the NSA. He is part of the team at Cryptohippie, who offer something called a Virtual Private Network (VPN). It’s a service that helps its users avoid tracking by the snoops.

However, it’s just come to light that many such “protection” services have been compromised themselves. Lest people think Cryptohippie has suffered the same fate, he’s asked us to publish a clarification on just how Cryptohippie protects its users – and indeed, what you should look for before using such a service yourself.

– Thomas Anderson
Editor, FreemansPerspective.com

——————

On September 5th, Glenn Greenwald and others revealed that the NSA was able to break the vast majority of encryption used on the Internet. You can find the story here or here, and commentary by cryptographer Bruce Schneier here.

Below, we’ll explain why you need not worry about your Cryptohippie service, but first, here is a short list of what was revealed:

  • Tech companies and Internet providers are cooperating with the NSA to break encryption everywhere. They are installing “secret vulnerabilities” and “covertly influencing product designs.”
  • Encryption for Hotmail, Google, Yahoo and Facebook is already broken.
  • Your data streams are recorded and decrypted, since the NSA (and their British counterpart, GCHQ) already have access to your secret keys.
  • These attacks involve something called key exchanges (involved in all encryption) and the subversion of certificate authorities, such as Symantec, Comodo and GoDaddy.
  • They have already broken 30 VPNs (Virtual Private Networks) and are working toward 300.
  • The NSA has capabilities against HTTPS (used to protect online shopping and banking) and voice-over-IP.
  • Encryption is still effective, if used well. As Edward Snowden said, “Properly implemented strong crypto systems are one of the few things that you can rely on.”

It appears the NSA and GCHQ are specifically targeting “certificate authority” services. These are services that verify the authenticity of cryptographic keys.

In particular, it seems that the NSA is colluding with, intimidating or subverting these companies.

Why Cryptohippie Remains Safe

None of the leaks so far have changed anything in our threat assumptions. Almost all of this has been assumed among industry professionals, and we have done a few things from the beginning to keep such problems at bay. In specific:

  1. We run our own certificate authority (CA).
  2. We separate server keys from client keys.
  3. We force clients to verify that they are talking to a server-key and that it is signed exactly by our CA.
  4. We do not allow new keys to be generated.
  5. We generate all keys with a known good generator.
  6. We only rely on static asymmetric keys for authentication, not for negotiating the session keys for content encryption. For that we use DH to generate ephemeral session keys.
  7. We use good random source on the servers (combination of hardware and software source, with a FIPS check on randomness).
  8. Because we use DH and good random sources on the server, we can assure good session keys for each connection, even if the user’s computer cannot provide good quality randomness itself.

In other words, our network remains highly secure.

Our public facing website is less secure. We have to use official CA keys there. That, however, matters very little; we don’t have any non-public data attached to that site at all.

Our mail servers have that same certificate issue, but only on the public facing side, not internally. This doesn’t affect our security either: Mails sent out of the Cryptohippie (CH) network have never been safe from the NSA, only mails that stay inside our network – to and from other Cryptohippie users.

Implications

The long-term implication of this for Cryptohippie is that we may face the day when they come knocking, or come hacking. So far, all goes well for us.

The bosses at NSA apparently see this as absolutely necessary for the survival of the United States. (The fact that it survived for 200 years prior is ignored.) One of their documents from 2007 said this:

In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs. It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.

In other words, they are obsessed with this, and see it in the starkest possible terms. We’re not sure whether this is just rah-rah talk for the techies who work for them, or whether they really believe it (which would border on mental illness), but it is very dangerous. There’s no worse tyrant than one who believes he’s righteous.

The implications for the Internet community in general are these:

  1. Do not use a VPN unless it has its own Private Key Infrastructure.
  2. Do not trust certificate authorities.

Specifics

This may be a little technical, but we want to be clear on so serious a matter. Here’s what we see at the moment:

  1. From the data we have both from Snowden and from other sources, plus our own experience, the base algorithms are secure.
  2. The NSA is doing exactly what has been asserted among professionals for some time: subverting certain software, systems and providers, then promoting them as the ones to use.
  3. Several of the protocols used – or at least certain of their implementations – are insecure, not just by accident, but also by design.
  4. The global public key infrastructure is broken.
  5. Some key generation implementations have been tweaked to give out keys that can be cracked more easily. That has happened accidentally in the past, but the NSA seems to have done it on purpose. There are good hints as to which implementations are subverted.
  6. The NSA’s plan is to: give up on controlling crypto itself (it’s unfeasible); don’t rely on breaking algos (too expensive or not possible); subvert stuff, then push the subverted stuff; and kill stuff that isn’t subverted.
  7. The NSA has active capabilities to intrude into many connections. This requires a lot of technology, which is in place all over the world.
  8. We can still protect intergroup communications.
  9. Public communication without secure key exchange and traveling over the clearnet is broken, likely beyond repair. It’s almost impossible to roll out an alternative to x509 on a global scale.
  10. This might lead to a push for a general overhaul of the security infrastructure on the internet.

Key Authentication

Here’s what key authentication means:

To connect the owner of a key to his/her key, most systems today use a trusted third party for verification. In order to trust the verifications of these parties, you must trust three particular things:

  1. That the trusted party is acting faithfully, not deceiving, and not deceived itself.
  2. That the signature system is unbroken; that is, both the signature algorithm and the hashing used in it are secure.
  3. That the signed key is secure, that it hasn’t been leaked, and that there has not been a private key generated from the public key that has been signed.

That leads you to questions (and answers) like the following. We have omitted the complicated discussion of hashing.

Is the trusted party trustworthy? (No. Most CAs are surely not trustworthy.)

Is the trusted party competent? (Some are; others are not.)

Is the signature algorithm secure? (Yes, the signature algos are secure.)

Is the public key algorithm irreversible? (That depends on random number source. We have seen many such attacks in the past few years.)

Is the private key secret? (Clearly many secret keys are being sold to the NSA, or stolen.)

Key exchange is only secure if you can answer “yes” to ALL of the above questions. Clearly, we can’t, in most cases today. The math is generally good, but the implementations and organizations are not.

Paul Rosenberg
FreemansPerspective.com

The NSA’s Secret War Against Online Privacy Seekers

nsa surveillance privacyIf you haven’t seen this yet, I’m sorry to drop it on you:

On September 5th, Glenn Greenwald and others revealed the extent of the NSA’s destruction of privacy – not just the privacy of people who are oblivious to the situation, but that of privacy seekers as well. You can find the story here or here, and commentary by a legitimate expert here.

Here’s What Was Revealed

  • The biggest tech companies and Internet providers are cooperating with the NSA (which may be why they’re big) to break encryption everywhere. They are installing “secret vulnerabilities” and “covertly influencing product designs.”
  • Encryption for Hotmail, Google, Yahoo and Facebook is already broken. Others as well.
  • Your data streams are recorded and decrypted, since the NSA (and their British counterpart, GCHQ) already have access to your secret keys.
  • These attacks involve something called key exchanges (involved in all encryption) and the subversion of certificate authorities, such as Symantec, Comodo and GoDaddy.
  • They have already broken 30 Virtual Private Network systems and are working toward 300.*
  • Greenwald and others report that in the NSA documents, ordinary Internet customers are referred to as “adversaries.”
  • The NSA has capabilities against “HTTPS, voice-over-IP… [which are] used to protect online shopping and banking.”
  • However, it can be said that encryption is still effective, if used well. As Edward Snowden said, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

What This Means to You

If you hadn’t taken this seriously or were content to let others keep you safe, now’s the time to wake up and act. You have to protect yourself. No one is going to step in and do it for you. Magic hackers will NOT ride in to your rescue.

You must either learn to handle your own security, seriously, or pay for a top-notch service. If you go cut-rate, you’re just paying for the NSA to spy on you.

I may be preaching to the choir here, but don’t even try to pretend that the government will fix this – they are the people who are doing it – and they love the power. And don’t pretend that the military will step in either – the NSA is part of the military.

We’re all perps now. If all Internet users are “adversaries,” do you really think anyone is safe?

What This Means to Us All

Forget about the US Constitution; it’s a non-factor now. This is just the latest example of people who are drunk on power and don’t care about the principles on which this country was founded.

The NSA and the entire US/UK “security” apparatus is a gigantic drunken beast. The operators are arrogant and untouchable. Their bosses have openly lied to Congress, with no consequences. Do you really think they will remain angels? (Did you ever really think they were?)

The reality is, the system is beyond broken, no matter what kind of happy talk you hear on TV.

Make no mistake, this is the eye of Sauron. It is the empowerment of arrogance and power… and ultimately of death. You might think me dramatic but history doesn’t lie: Surveillance kills.

Once they have your communications, they have your thoughts. They are currently analyzing those thoughts and have already begun to quietly manipulate them. That is, if you choose to let them. Yes, it is your choice.

Be aware of the danger, take it seriously and become the kind of person you want to be… not the one they want to manipulate you into becoming.

[Ed. Note. An important paid report… yours today for free: How Surveillance Destroys Us (and what we can do to stop it).]

While the various program specifics of government surveillance have been well covered, Paul Rosenberg has come up with a brilliant perspective different from anything else we’ve seen.

In this important report, he talks about the (often subtle) psychological effects that non-stop surveillance has on us as living, breathing and thinking human beings.

Specifically, he sheds light on how governments routinely use surveillance to quietly manipulate us into doing what they want without question. That may sound crazy but the evidence doesn’t lie. And it’s all out there in plain sight for those who choose to see it.

This is traditionally a paid members-only benefit, but for a limited time, we’ll make it available to anyone who wants it. Click here to grab your copy.]

* The service I am associated with, Cryptohippie, is unaffected by this. Like other professional services, we operate our own public key infrastructure, without outsourcing trust and control to a third party, like an unaccountable Certificate Authority. We use Perfect Forward Security cipher suites, which prevent communication from being decrypted after the fact, or when keys are lost. We will be publishing a detailed explanation of why Cryptohippie remains safe for our customers, and we’ll ask FreemansPerspective.com to post it as well.

Paul Rosenberg
FreemansPerspective.com

Digital Diversification: How to Do It

digital diversificationThank God for Edward Snowden. I used to warn people about surveillance and the death of privacy, but most of them found it hard to believe me; it was just too far out of the mainstream. Not so anymore.

Just as the diversification of investments has become crucial, so has digital diversification. Not only are the Western nations (especially the US and UK) abusing every piece of data they can touch, but the Hollywood/DC complex has been throwing around their power thuggishly. It’s way beyond suing 12-year-old girls, by the way; if you haven’t seen the raid on Kim Dotcom’s house, you really should. And not only are they forcibly shutting down many web services, but they are pushing laws that allow the Hollywood studios to break into your computer – legally.

Since I have been involved with an international privacy company (Cryptohippie.com) for some time, let me report to you what we have found on the subject of digital diversification.

Privacy Laws

The first thing many people think about for digital diversification is privacy laws. I’m sorry to tell you, however, that they don’t matter very much. They can be important for networks and data centers, but not often for individual users.

The reason for this is the international construction of the Internet. Your Internet traffic (surfing, email, Skype, whatever) is not contained within any single country – it flies right past national borders without the slightest delay.

Making things worse, it probably passes through the United States, whose NSA grabs it all and shares or sells it to god knows who. (Again, I refer you to Mr. Snowden, as well as to William Binney, Russell Tice, and Mark Klein, previous whistle-blowers.)

Take a look at this representation of world Internet traffic, and notice that nearly all of it passes through the US.

digital diversification

So, regardless of local privacy laws, your Internet traffic will more than likely be grabbed by the US and UK. (Not to mention non-government data thieves.)

The Copyright Thugs

As noted above, the Intellectual Property (IP) thugs have been unleashed, and they have often ruined businesses for the ‘crime’ of merely linking to a site where some kind of pirated music, video, or software may have been found. To avoid these excesses of law, you definitely do not want your server to be located inside the US, or in any country that cooperates too closely with the US government.

Which locations to choose depends on what you want to do with your server. Here are some examples:

  1. If you run a very simple, static site, just for fun and with no controversial content, you can pick anywhere that gives you a good price and fast access (even the US). But don’t allow links to be posted by users. If they link to a copy of Braveheart, you could have a problem on your hands.
  2. If you want a server (or a virtual server, which is smaller and cheaper) and you want to allow people to post comments, go offshore. If your site is very simple, will see little traffic, and requires very little in the way of resources, you can go with anything you find. But if you choose a server in the Caribbean, for example, be aware that your server may fall offline from time to time. (I know from personal experience as well as reports from others.)
  3. If you will see more traffic, make sure to check on the connection your data center (where your server is located) has to the Internet. The larger the connection and the larger the number of connections to international fibers, the better. You will, of course, pay more for these servers.
  4. If you run a professional service, look for data centers that will give you real customer service. You cannot allow your professional service to just vanish for a few days, while you track down a technician who likely doesn’t speak your language. In our experience, servers in central and northern Europe are the best choice: Switzerland, Holland, Germany, Austria, and so on. The laws there are fairly good for networks, and the data centers employ professional technicians. You’ll have to pay more, of course, but if you’re running a serious service, it is well worth it.

Political Persecution

If you’re running a Free Tibet web site, or anything like it, consider first who your enemies are likely to be, then avoid them and their allies – rent your servers somewhere that they and their friends are not.

The Dutch have long prided themselves in shielding such groups, so the Netherlands may be a good choice. (Some of the Scandinavians have taken that position as well.) But take a look at other politically persecuted web sites and see where they keep their servers.

And DO tell the data center what you are doing. If they know, they may very well protect you as best they can; but if not, your site will come down, probably at the first attack.

Surveillance

There is nowhere on the planet that is free from surveillance now – it’s simply too cheap, too easy, and too profitable.

The BRIC nations (Brazil, Russia, India, and China) are planning fiber optic cables that they do not share with the US or UK, so data centers on that line may be a better choice at some point. Rest assured, however, that Russia, China, et al, will be running their own surveillance. It will merely be a question of who is reading all your traffic.

Protection from surveillance requires encryption and an anonymity network. We covered that in a previous article, here.

Last Thoughts

It doesn’t take a lot of time or a lot of effort to secure your digital world, but you have to DO IT. Most people don’t want to be bothered and just go with whatever someone else is willing to set up for them.

But you wouldn’t diversify your finances based on the word of a friend’s brother-in-law, would you?

Likewise, don’t build your digital world blindly, taking the first and easiest option you can find. This doesn’t require weeks of work, but it does require some thought and some effort. It will be a good investment of your time.

Paul Rosenberg
FreemansPerspective.com

“Digital Diversification: How to Do It”  was originally published at InternationalMan.com

Personal and Online Privacy: If you have nothing to hide, why do you care?

Personal and Online Privacy: If you have nothing to hide, why do you care?We’ve all heard the insulting, tyrannical cliché about privacy: If you have nothing to hide, why do you care?

The comeback, if not that it would fall on deaf ears, should be this: Because I value myself.

The real value of privacy is not because it allows us to hide things, it’s that privacy allows us to develop independently – according to our own natures.

In other words, privacy is an essential tool for personal development.

Privacy is a positive good, not merely a tool for hiding things.

Deconstructing the Cliché

Before we get to the core of this issue, we really should deconstruct this dirty slogan we opened with. Consider the implications of the words if you have nothing to hide:

  • First of all, it is an accusation and an insult, implying that you are engaging in evil.
  • Secondly, it is a threat to turn you in to the authorities.
  • Thirdly, it implies that the entity you are hiding from is supremely righteous and morally superior.

Fundamentally, this slogan is a weapon. It is used to intimidate and confuse you; to force you to bow down to authority; to be as cowardly and compliant as the person using it.

The users of such slogans are angry that you are showing them up in courage. They want you to be in the center of the enforcer’s gun-sites, just like they are.

Now, as to the party that these people think we shouldn’t be hiding from… do they mean governments? If so, they are slandering themselves, since they almost certainly complain about governments endlessly.

The idea that a government is somehow morally superior to us is ridiculous. By any objective standard they are far worse than an average working guy. Pretending that our overlords are righteous is a superstition of the basest kind.

Privacy and Self-Development

Let me start with a quote from a French author whose name escapes me at the moment:

Everything from without informs man that he is nothing. All within tells him that he is everything.

It so happens that one of the better psychologists of our time is a friend of mine. He says that up to half of what we are, we owe to the previous choices we’ve made. (The other factors being heredity and environment.) But, whatever the numbers, choice is the only factor we can do anything about

The truth is that our choices form us. They make us what we are.

What we are next year will be a reflection of the choices we make today. But, choices that are imposed on us from outside – edicts, intimidations, fears, manipulations – work against our healthy development.

People wouldn’t go through the work of imposing choices if those people would make the same choices naturally. Only if you want people to choose against nature do you try to push them in a particular direction.

So, the pre-packaged choices that are thrust upon us daily are not working in our interests, they are working in someone else’s interests. Are we really to think that such choices are best for us?

To develop ourselves healthfully, we must develop ourselves by ourselves, without outside pressures.

The less we are able to choose freely, the less we are really ourselves, and the more we become what other people want us to be.

The positive value of privacy is that it stands between us and manipulative outside forces.

Privacy allows us to grow according to our own natures, not according to the demands of a collective.

Privacy is a tool for becoming what we authentically are.

The Hedge of Anonymity

Anonymity allows us to develop our interactions with the outside world in healthy ways, rather than in manipulated ways.

We have all been intimidated by fear of what others might say. This has stopped us from doing and saying many things, and that wasn’t good for us. Intimidation is clearly an enemy. Anonymity protects us from this enemy by removing any way for consequences to come back to us.

Anonymity allows people to put their ideas into a public square while insulated from shame. So what if some of those thoughts are not good? Once spoken in the public square, they can be tried, analyzed and improved. It is profitable for us that this should occur more, rather than less.

Forget the stories of anonymous people being nasty – those comprise a tiny fraction of the whole and are used for the sake of fear and manipulation. (Humans massively over-respond to fear.)

If You Have Nothing To Hide…

I hide things because I wish to develop in my own way, not in the ways that manipulators wish me to develop. Anyone who says that this is wrong is also telling me that I was born to be a slave.

Only those things that are reliably private are protected from the modern world’s ambient environment of intimidation. It is in those environments that we can develop in our own ways, without obstruction and opposition.

Conditions of privacy or anonymity are almost the only conditions that allow for healthy development.

I think we can all agree that prayer has long been used in personal development. So perhaps Jesus had some of this in mind when he said:

When you pray, go into your room and shut the door and pray to your Father who is in secret.

But if the sloganeers are right, Jesus was a bad man, hiding his evil deeds from morally superior overlords. They would have slapped him with their nasty little slogan, just like they do us:

So, Jesus, why do you need to pray in secret, if you have nothing to hide?

Paul Rosenberg
FreemansPerspective.com

Credit: This article was inspired by a paper circulating in the darknet called The Treasure of Privacy.

[“Personal and Online Privacy: If you have nothing to hide, why do you care?” was originally published on LewRockwell.com]