Encrypt all the things!

Bad news innoculation.

Thats what an old strategist colleague of mine used to call it.

They take 2 steps forward, we go mad, they concede 1 step back, we're happy.

Repeat enough times, and the destination is the same.

In the age of Facebook most people have already voluntarily given up privacy.

Or... encrypt everything.

Then, they take 2 steps forward, we go... meh.

Also,

It's always worth using the TOR network if you are searching for things that are not quite legit like
'How to kill your neighbours and get away with it'

I tend to use it now for most of my surfing, though you need to tolerate the slow speed and the connection dropping

How is your neighbour Mike?

And for a laugh. It's always worth chucking a few emails around mentioning explosives, rendezvous, Houses of Parliament, Buckingham Palace etc. Just to keep them on their toes like

How is your neighbour Mike?

Sound to be six feet under with any luck

How can you trust that the exit nodes are secure and not being DPId?

I believe the TOR network makes it seem like all packets originate from an exit node. So in theory you could be eavesdropped yes. But they would have no way of knowing where the packet originated.

If you combine that will https everywhere you should be relatively safe.

I'm not a network expert but I assume it serves my purposes :)

If I was an organisation such as GCHQ I'd be very pleased to have come up with the TOR network, and then attributed it to someone else.

You may as well stop the argument now and say that all the SSL cert authorities are really CIA/GCHQ/NSA agencies and all keys can be cracked at any time.

You have to start trusting something somewhere

I'm not using email any more.

I leave notes under a park bench in copy of metro if I want to know what the missus needs me to get from Sainsburys.

Setting up a TOR exit node is trivial though.

And if you set one up with massive bandwidth, you'll attract traffic away from the other nodes, and be able to read all the non-https packets.

Yes, but I expect the people who use TOR who the governments would really be interested in, Iranian dissidents, Chinese students, for example, would not be foolish enough not to use encryption for everything. Never mind the guy trying to hire a hitman or score some weed

The exit node thing is not really important anyway, as major traffic flows can be re-routed without your knowledge or permission anyway, by changing the information in the routing tables.

This is something that companies/organisation can elect to do (for example if suffering from a large DDOS attack, and wishing to pass all traffic through a sanitising service), but would also be just dandy for the purpose of scanning everything that people were doing.

Once recorded, traffic analysis will reveal which packets to brute force.

Oh, and there's a petition against the monitoring: http://epetitions.direct.gov.uk/petitions/32400

Sign it, but don't deceive yourself... some form of what they're saying will arrive. Continue to encrypt, that should be the default anyhow.

38 Degrees also weighing in with a petition.

https://secure.38degrees.org.uk/page/s/stop-government-snooping#petition

38 Degrees also weighing in with a petition.

https://secure.38degrees.org.uk/page/s/stop-government-snooping#petition

I do sign their petitions, but they really do pester you forever more when you do

^ yup. turned me off. haven't been on their site for a good while because of that

Sign then immediately unsubscribe?

http://www.guardian.co.uk/technology/2012/apr/02/how-to-hide-emails-government-snooping?newsfeed=true

However, it's worth trying proxy servers and services, if only to provide a nice illustration of the law of unintended consequences. In other words, government attempts to snoop can help to create an internet culture where snooping becomes impossible.

I encrypt all the shit I say to my girlfriend.

Ha!

I'm basically just having no luck with relakks.

ugh.

If you look outside there will be a battered white van within ~100 metres of your house.

Try HideMyAss.com if you're having no luck with Relakks.

They offer Windows and Mac clients, and better than Relakks you can reconfigure it to use different countries as you go along. So if you find yourself wanting to watch a US video stream, pick a US IP address, etc.

I encrypt all the shit I say to my girlfriend.

I encrypt all my girlfriends to the shit i say.

on a similar note?

http://www.appleinsider.com/articles/12/04/03/apple_retains_master_encryption_key_for_icloud.html

Yeah, I am NEVER going to use iCloud, Google Cloud, or any other remote storage in which the company can be compelled to decrypt, but yet I cannot encrypt data before sending it to them.

There are 3 parts to that:
1) Companies that are within US jurisdiction
2) Companies that retain the ability to decrypt via a master key
3) Companies that control the access to the storage such that you don't have the opportunity to encrypt at your end

Apple fall foul of all of that, Dropbox only the first two (you could create a Truecrypt volume and sync that via Dropbox).

Google we don't yet know about, probably the first two, not sure on the last.