Tools which protect our privacy. Post your tools / ways you are using and opinions.

Discussion in 'Serious Discussion' started by Yen, Jul 23, 2013.

  1. nodnar

    nodnar MDL Expert

    Oct 15, 2011
    1,226
    955
    60
    psst, gorski; i got no dumbphone and no w10 either..;) not even using google or firefux..:p
    but i think private w 10 is a good start for all the lemmings using w10 anyway.:thumbsup:
    [it ought to be incorporated in most of the av software imo; all fail to detect all of the above.]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. ipx

    ipx MDL Addicted

    May 24, 2017
    647
    568
    30
    [​IMG]
     
  3. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    :p:D:p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. NST_Adventure

    NST_Adventure MDL Addicted

    Jun 1, 2019
    894
    194
    30
    DDG(Duck Duck Go)
    Searx.info
    Mojeek

    The Best Privacy Friendly Search Engine Yet :D

    Best Regards
    NST_Adventure
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. amanda

    amanda MDL Member

    Nov 5, 2010
    122
    6
    10
    What is the opinion of Express VPN? Or Nord VPN?
     
  6. nodnar

    nodnar MDL Expert

    Oct 15, 2011
    1,226
    955
    60
    never bothered with either. if you want internet, you get an ip..no need to pay through the nose for that, unless you happen to live in china, or iran, or in the u.s.a...:)
    [ you can try proton. at least they are still free, and they seem pretty safe too.]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    Oh, dear, yet another "world beating programme by the UK gov"...

    https://www.reddit.com/r/autotldr/comments/m2mv1h/the_uk_is_secretly_testing_a_controversial_web/

    The UK is secretly testing a controversial web snooping tool

    For the last two years police and internet companies across the UK have been quietly building and testing surveillance technology that could log and store the web browsing of every single person in the country.

    If successful, data collection systems could be rolled out nationally, creating one of the most powerful and controversial surveillance tools used by any democratic nation.

    The surveillance law can require web and phone companies to store browsing histories for 12 months - although for this to happen they must be served with an order, approved by a senior judge, telling them to keep the data.

    Of the UK's major internet providers only Vodafone confirmed that it has not been involved in any trials that involve storing people's internet data.

    The Investigatory Powers Act is a wide-ranging law that sets out how bodies in the UK can collect and handle data that may be linked to criminal activity.

    People's internet records can contain the apps they have used, the domains they have visited, IP addresses, when internet use starts and finishes, and the amount of data that is transferred to and from a device.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    HIDEAWAY SUPER FAST VPN

    Access your favorite websites and streaming video in different countries.
    You’re always connected, no need to connect or disconnect (like other VPNs)
    Be anonymous online and protect your privacy on unlimited devices.
    Encrypts your communications and website traffic for your security and privacy.
    2-7x faster than other VPNs, with international high speed servers & no data limits.
    Route websites and software to different locations – impossible with other VPNs

    Terms and Conditions
    This is a 1-computer 1-year license, for noncommercial use
    You get free updates for one year
    No free tech support
    You must redeem license key before this offer has ended
    May not be resold

    Technical Details
    Developed by Firetrust
    Version is v4.16.6
    Download size is 55 MB
    Supports Windows 7, 8/8.1, and 10 (32-bit and 64-bit)

    Available here for another 14 hours:
    https://sharewareonsale.com/s/free-hideaway-vpn-100-discount
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    https://www.businessinsider.com/sto...facebook-users-leaked-online-2021-4?r=DE&IR=T

    533 million Facebook users' phone numbers and personal data have been leaked online
    Aaron Holmes
    Apr 3, 2021, 3:41 PM

    [​IMG]
    AP Photo/Andrew Harnik
    • The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum.
    • The data includes phone numbers, full names, location, email address, and biographical information.
    • Security researchers warn that the data could be used by hackers to impersonate people and commit fraud.
    • See more stories on Insider's business page.

    A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online.

    The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

    Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users' phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook's password reset feature, which can be used to partially reveal a user's phone number.

    A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

    While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people's personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.

    "A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts," Gal told Insider.

    Gal first discovered the leaked data in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Motherboard reported on that bot's existence at the time and verified that the data was legitimate.

    Now, the entire dataset has been posted on the hacking forum for free, making it widely available to anyone with rudimentary data skills.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    The flip-side of the coin:https://euobserver.com/opinion/151817?utm_source=euobs&utm_medium=email

    Online privacy for adults means more internet child abuse
    • [​IMG]
      Online sexual abuse of minors has surged during Covid-19 (Photo: Tirza van Dijk)
    By Haley McNamara

    Cambridge, Today, 07:02
    Amid a peak crisis of surging online child sexual exploitation, the European Union has simply closed its eyes.

    In December 2020, the e-Privacy Directive was passed in the European Union.

    This moment was meant to be a glorious victory for privacy rights - the rule hampered technology corporations from monitoring email, messaging apps, and other online platforms in the EU.

    But the problem is, this rule was overly broad because it also inhibited technology companies from proactively identifying, reporting, and removing child sexual exploitation online - including child sexual abuse materials (CSAM, or child pornography) and grooming.

    The impact of this directive was not theoretical.

    Since the rule passed, there was a 58 percent decrease in EU-related reports of child sexual exploitation online.

    Let's pause and think about this number, because it represents real children whose chance of being identified or removed from an abusive situation was dramatically reduced.

    And the EU was not ignorant of the risks they took with children's lives.

    Advocates and experts around the world, including organisations that identify CSAM online like the National Center on Missing and Exploited Children and Thorn, called on the EU to create a carve out.

    A simple carve out could have protected the existing practices, and the development of even better tools, to detect both known and novel CSAM as well as patterns of online grooming.

    In fact, as reported by the New York Times, even Facebook's global head of safety bluntly shared the company was "concerned that the new [ePrivacy] rules as written today would limit our ability to prevent, detect and respond to harm."

    Privacy absolutism
    But the march for privacy absolutism was too strong.

    And while some small last-minute concessions were made in the ePrivacy language, it still resulted in a 58 percent decrease in reports of child sexual abuse online.

    All of this happened at a time when CSAM has surged over 106 percent during Covid-19.

    We know that online grooming of children for sexual abuse can take less than 20 minutes according to researchers.

    Small focus groups held by contacts of the National Center on Sexual Exploitation with youth aged 16-18 found that all report that they have been solicited for sex and sent nude images online by strangers.  

    Finally, last month, four months after the ePrivacy Directive was passed, EU legislators have reached a temporary agreement that would allow tech companies to continue scanning for, reporting, and removing online child sexual abuse.

    This is only a temporary fix, and it still requires oversight measures which may or may not hinder the protection of children online - it's still to be determined.

    This case has been a clear example of how the online privacy debate too often leaves child protection as an afterthought.

    Of course, online privacy is an incredibly important issue that deserves support.

    But child sexual abuse victims can't be sacrificed on the altar of absolute adult privacy. Yes, there are important and robust debates to be had about where the line should be drawn between privacy rights and enforcing the laws of the offline world in the online ecosystem. These debates are ever evolving and incredibly complex.

    But let me propose this: the line we draw should – at minimum – allow the removal of child sexual abuse materials, and the identification of those who groom or sexually exploit children.

    That isn't too much to ask. This basic idea should be assumed and accepted before we even begin the debate about online privacy - it should not be an afterthought that's only given a temporary fix just four months after seeing unprecedented drops in reports that could have saved children's lives.

    We can't close our eyes to online child sexual exploitation anymore.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    Oh, FFS!!!!!!!!!!!!!!!!!!!!! To be verified and triple-checked!!!!

    http://techrights.org/2021/03/15/duckduckgo-in-2021/

    http://techrights.org/2021/03/15/du...ctWTbvm-H30Q0ChI-eUX2T9INgkKeKWkVlzDtzOW5HSXU

    03.15.21
    Why You Should Avoid DuckDuckGo (DDG) 2021 Edition, Now Microsoft-Hosted and With Extra Privacy Risks
    Posted in Deception, Microsoft, Search at 9:21 pm by Dr. Roy Schestowitz

    Reddit seems to be censoring such revelations right now (even a year after publication), as if sponsors are more important than facts

    There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spotlighted:

    1. Nefarious History of DDG founder & CEO:
      1. DDG’s founder (Gabriel Weinberg) has a history of
        privacy abuse, starting with his founding of Names DB,
        a surveillance capitalist service designed to coerce naive users
        to submit sensitive information about their friends. (2006)

        (expand related trivia on Reddit censorship)
      2. Weinberg’s motivation for creating DDG was not
        actually to “spread privacy”; it was to create something big,
        something that would compete with big players, according to an
        interview between Weinberg and Susan Adams. As a privacy abuser
        during the conception of DDG (Names Database), Weinberg sought to
        become a big-name legacy. Privacy is Weinberg’s means (not ends)
        in that endeavor. Clearly he doesn’t value privacy — he values
        perception of privacy.
    2. Direct Privacy Abuse:
      1. DDG was caught violating its own privacy policy
        by issuing tracker cookies, according to Alexander Hanff
        (CEO of Think Privacy and a data security and
        ethics expert on staff at Singularity University).

      2. DDG was again caught violating its own privacy policy by
        fingerprinting browsers. DDG responded not
        with counter evidence, but simply a plea to trust them.

      3. DDG’s third violation (2021): Microsoft hosts DDG’s service and
        also supplies Bing search results for the same
        transaction. This means Microsoft sees both sides of the
        transaction
        and can link your IP address (i.e. identity) to
        your search query that Bing processes. DDG makes this
        false statement: “we never share any personal information with
        any of our partners. The way it works is when we call a partner
        for information, it is proxied through our servers so it stays
        completely anonymous. That is, any call to a partner looks to
        the partner as it is from us and not the user itself, and no
        user personal information is passed in that process (e.g. their
        IP address). That way we can build our search result pages using
        these 100s of partner sources, while still keeping them
        completely anonymous to you
        (emphasis added). While it may
        be true that DDG doesn’t transmit users’ IP addresses to
        Microsoft, Microsoft has already seen users’ IP addresses via
        Azure. That combination of data given to Microsoft makes DDG’s
        statement a lie. The MS Azure privacy policy refers
        us to the general MS privacy policy, which confirms that
        Microsoft collects IP addresses.

        DDG can change their hosting provider at any time. And they
        have– they migrated from Amazon AWS to Microsoft. As of the
        drafting of the article herein, DDG is still MS-hosted. To
        verify for yourself that DDG is still MS-hosted as you read
        this, Linux Tor users can run: torsocks whois "$(torsocks dig +tcp +short +time=4 +tries=1 duckduckgo.com @resolver1.opendns.com)"; web users can verify by obtaining
        DDG’s IP address from digweb and then visit
        https://ipinfo.io/ <IP address from digweb>.

      4. DDG’s app sends every URL you visit to DDG
        servers. (discussion).

      5. DDG is currently collecting users’ operating systems and
        everything they highlight in the search results. (to verify
        this, simply hit F12 in your browser and select the “network”
        tab. Do a search with JavaScript enabled. Highlight some text on
        the screen. Mouseover the traffic rows and see that your
        highlighted text, operating system, and other details relating to
        geolocation are sent to DDG. Then change the query and submit.
        Notice that the previous query is being transmitted with the new
        query to link the queries together)

      6. When clicking an ad on the DDG results page, all data available
        in your session is sent to the advertiser, which is why the Epic
        browser project refuses to set DDG as the default
        search engine.

      7. DDG blacklisted Framabee, a search engine for the
        highly respected framasoft.org consortium.
    3. Censorship:
      Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
      1. DDG is complying with the “celebrity threesome
        injunction”.
    4. Harmful impact on net neutrality:
      1. DDG attempts to play both sides of the network neutrality fight.
        DDG donated $50k (as of 2020) to an
        opponent of net neutrality who ironically
        calls themselves “TechFreedom”. Then DDG also
        donated $50k to an opponent of TechFreedom, “Public
        Knowledge”, who actually calls for “NO rules
        preventing blocking of website”, yet Public Knowledge blocks Tor
        users from their own website by issuing a “403 forbidden” error.
        Public Knowledge intends to coach Congress
        on “How Interoperability Can Rein In Big Tech”, yet they
        themselves have broken interoperability with Tor as they make
        themselves electronically unreachable outside of Facebook,
        Twitter, Youtube, and Gmail.
    5. CloudFlare: DDG promotes one of the most pernicious
      privacy abusing tech giants and adversary to the Tor
      community: CloudFlare Inc. DDG results give high rankings to
      CloudFlare sites, thus leading users into the largest privacy
      abusing walled garden on the web.

      Supporting CloudFlare compromises privacy, net neutrality,
      democracy, and anonymity:
      1. Anonymity: CloudFlare DoS attacks Tor users, causing substantial
        damage to the Tor network.
      2. Privacy: All CloudFlare sites are surreptitiously MitM’d by design.
      3. Net neutrality: CloudFlare’s attack on Tor users causes access
        inequality, the centerpiece to net neutrality.
      4. DDG T-shirts are sold using a CloudFlare site, thus
        surreptitiously sharing all order information (name, address,
        credit card, etc) with CloudFlare despite their statement at the
        bottom of the page saying “DuckDuckGo is an Internet privacy
        company that empowers you to seamlessly take control of your
        personal information online, without any tradeoffs.” (2019)
      5. DDG hired CloudFlare to host spreadprivacy.com (2019)
      DDG also donated over $186k to a series of
      privacy-abusing CloudFlare sites run by “Demand Progress”, “Fight
      for the Future”, and “Access Now”. Despite getting nearly $70k
      from DDG, FFTF continues to expose their own patrons to the very
      evil they claim to be fighting. Demand Progress, who received
      $100k from DDG, posts their claim to “contest concentrated
      corporate power”
      directly on their CloudFlare site,
      as well as the claim that they educate people on
      “the impacts of corporate power over our economy and democracy” as
      they “confront corporate bad actors”
      , all of which is bluntly
      unaligned with their CloudFlare patronage. Access Now, who
      received $16k from DDG, also used CloudFlare to block Tor users,
      hypocritically acting against their
      own mission to “fight for a free and open
      internet, advocating for the Net Neutrality principle that internet
      access should be offered to everyone on a nondiscriminatory basis,
      without favoring certain websites, applications, or services.”
      DDG
      apparently does little inspection on those they donate to, as if
      they’re merely selecting recipients with names that promote their
      privacy propaganda strategy to boost user loyalty.

    6. Harmful Partnerships with Adversaries of Privacy Seekers:
      1. DDG gets paid a commission when users visit eBay
        from DDG. Note that eBay has been caught
        sending JavaScript that snoops on their own customers by port
        scanning the LAN and reporting back to eBay. Moreover, eBay
        transactions are impossible without using PayPal, and
        PayPal abuses privacy in countless ways.

      2. DDG gets paid a commission when users visit
        privacy-abuser Amazon.

        DDG also uses AWS to crawl the web, which Amazon
        profits from. The Amazon partnership triggers substantial
        ethical issues:
        1. Amazon is making an astronomical investment in facial
          recognition which will destroy physical travel privacy
          worldwide.
        2. Amazon uses Ring and Alexa to surveil neighborhoods and the
          inside of homes.
        3. Amazon paid $195k to fight privacy in CA. (also
          see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
        4. Amazon runs sweat shops, invests in climate denial, etc. The
          list of non-privacy related harms is too long to
          list here.
      3. DDG feeds privacy-abuser Microsoft by patronizing the Bing
        API for search results,
        using Microsoft’s ad network, using Outlook email
        service, hiring Microsoft to host DDG’s search site and host
        DDG’s crawler.
        1. The Dutch government commissioned a study which
          found Microsoft Office products to have
          several GDPR violations.
        2. Microsoft finances AnyVision to equip the Israeli military
          with facial recognition to be used against the Palestinians
          who they oppress.
        3. Microsoft paid
          $195k to fight privacy in CA. (also see
          http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
        4. DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==>
          “…duckduckgo-com.mail.protection.outlook.com”
      4. (historic) DDG is was previously partnered
        with Yahoo (aka Oath; plus Verizon and AOL by
        extension).

        (click to expand details)
    7. Advertising Abuses & Corruption:
      1. DDG exploited a room at FOSDEM for commercial gain, to
        deliver a sales pitch despite its proprietary non-free server
        code, then dashed out without taking questions. Shame on FOSDEM
        organizers for allowing this corrupt corporate abuse of precious
        resources.
      2. Tor Project accepts an annual $25k “contribution
        (read: bribe) from DDG, so you’ll find that DDG problems are
        down-played by those close to the Tor Project (e.g. EFF). This
        is likely why Tor Browser always defaults to using DDG (which
        DDG conceals from their disclosure) and why Tor
        Project endorses DDG over Ss — ultimately against the
        interests of the privacy-seeking Tor community. This default
        search engine exploits
        The Tyranny of Convenience. The EFF also pimps
        DDG — a likely consequence of EFF’s close ties to Tor Project.


        (click to expand details on how Tor Project responds to criticism about their loyalty toward DuckDuckGo [their benefactor] in IRC)
    Editor’s note: We published a (now-outdated) version before. The author notes: “The significant changes are: DDG is now MS-hosted (2.3), DDG gets commission when Amazon or eBay links are followed, Verizon-Yahoo is no longer a partner, and there’s more dirt on DDG donees (TechFreedom, “Public Knowledge”, “Demand Progress”, “Fight for the Future”, and “Access Now”)”
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. -___-

    -___- MDL Junior Member

    Jul 7, 2021
    91
    273
    0
    #412 -___-, Jul 7, 2021
    Last edited: Jul 7, 2021
    I use FFX with this (imho) smart Option ... :boat:

    FIREFOX: Enable DNS over HTTPS
    _ttps://support.mozilla.org/en-US/kb/connection-settings-firefox
    _ttps://support.mozilla.org/en-US/kb/firefox-dns-over-https#w_manually-enabling-and-disabling-dns-over-https

    DNS over HTTPS
    _ttps://en.wikipedia.org/wiki/DNS_over_HTTPS
     
  13. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. -___-

    -___- MDL Junior Member

    Jul 7, 2021
    91
    273
    0
    #414 -___-, Jul 8, 2021
    Last edited: Jul 8, 2021
    simplewall (c) 2016-2021 Henry++
    HP: https://www.henrypp.org/product/simplewall
    PP: https://github.com/henrypp/simplewall
    DL: https://github.com/henrypp/simplewall/releases

    Portable minisize-maxieffect Port- & Netfilter Firewall ... :bb:
    [​IMG]
     
  15. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    Meet Executive Order 12333: The Reagan rule that lets the NSA spy on Americans

    Avaaz, a global advocacy organization.

    In March I received a call from the White House counsel’s office regarding a speech I had prepared for my boss at the State Department. The speech was about the impact that the disclosure of National Security Agency surveillance practices would have on U.S. Internet freedom policies. The draft stated that “if U.S. citizens disagree with congressional and executive branch determinations about the proper scope of signals intelligence activities, they have the opportunity to change the policy through our democratic process.”

    But the White House counsel’s office told me that no, that wasn’t true. I was instructed to amend the line, making a general reference to “our laws and policies,” rather than our intelligence practices. I did.

    Even after all the reforms President Obama has announced, some intelligence practices remain so secret, even from members of Congress, that there is no opportunity for our democracy to change them.

    Public debate about the bulk collection of U.S. citizens’ data by the NSA has focused largely on Section 215 of the Patriot Act, through which the government obtains court orders to compel American telecommunications companies to turn over phone data. But Section 215 is a small part of the picture and does not include the universe of collection and storage of communications by U.S. persons authorized under Executive Order 12333.

    From 2011 until April of this year, I worked on global Internet freedom policy as a civil servant at the State Department. In that capacity, I was cleared to receive top-secret and “sensitive compartmented” information. Based in part on classified facts that I am prohibited by law from publishing, I believe that Americans should be even more concerned about the collection and storage of their communications under Executive Order 12333 than under Section 215.

    Bulk data collection that occurs inside the United States contains built-in protections for U.S. persons, defined as U.S. citizens, permanent residents and companies. Such collection must be authorized by statute and is subject to oversight from Congress and the Foreign Intelligence Surveillance Court. The statutes set a high bar for collecting the content of communications by U.S. persons. For example, Section 215 permits the bulk collection only of U.S. telephone metadata — lists of incoming and outgoing phone numbers — but not audio of the calls.

    Executive Order 12333 contains no such protections for U.S. persons if the collection occurs outside U.S. borders. Issued by President Ronald Reagan in 1981 to authorize foreign intelligence investigations, 12333 is not a statute and has never been subject to meaningful oversight from Congress or any court. Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Select Committee on Intelligence, has said that the committee has not been able to “sufficiently” oversee activities conducted under 12333.

    Unlike Section 215, the executive order authorizes collection of the content of communications, not just metadata, even for U.S. persons. Such persons cannot be individually targeted under 12333 without a court order. However, if the contents of a U.S. person’s communications are “incidentally” collected (an NSA term of art) in the course of a lawful overseas foreign intelligence investigation, then Section 2.3(c) of the executive order explicitly authorizes their retention. It does not require that the affected U.S. persons be suspected of wrongdoing and places no limits on the volume of communications by U.S. persons that may be collected and retained.

    “Incidental” collection may sound insignificant, but it is a legal loophole that can be stretched very wide. Remember that the NSA is building a data center in Utah five times the size of the U.S. Capitol building, with its own power plant that will reportedly burn $40 million a year in electricity.

    “Incidental collection” might need its own power plant.

    A legal regime in which U.S. citizens’ data receives different levels of privacy and oversight, depending on whether it is collected inside or outside U.S. borders, may have made sense when most communications by U.S. persons stayed inside the United States. But today, U.S. communications increasingly travel across U.S. borders — or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.

    Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.

    Without any legal barriers to such collection, U.S. persons must increasingly rely on the affected companies to implement security measures to keep their communications private. The executive order does not require the NSA to notify or obtain consent of a company before collecting its users’ data.

    The attorney general, rather than a court, must approve “minimization procedures” for handling the data of U.S. persons that is collected under 12333, to protect their rights. I do not know the details of those procedures. But the director of national intelligence recently declassified a document (United States Signals Intelligence Directive 18) showing that U.S. agencies may retain such data for five years.

    Before I left the State Department, I filed a complaint with the department’s inspector general, arguing that the current system of collection and storage of communications by U.S. persons under Executive Order 12333 violates the Fourth Amendment, which prohibits unreasonable searches and seizures. I have also brought my complaint to the House and Senate intelligence committees and to the inspector general of the NSA.

    I am not the first person with knowledge of classified activities to publicly voice concerns about the collection and retention of communications by U.S. persons under 12333. The president’s own Review Group on Intelligence and Communication Technologies, in Recommendation 12 of its public report, addressed the matter. But the review group coded its references in a way that masked the true nature of the problem.

    At first glance, Recommendation 12 appears to concern Section 702 of the FISA Amendments Act, which authorizes collection inside the United States against foreign targets outside the United States. Although the recommendation does not explicitly mention Executive Order 12333, it does refer to “any other authority.” A member of the review group confirmed to me that this reference was written deliberately to include Executive Order 12333.

    Recommendation 12 urges that all data of U.S. persons incidentally collected under such authorities be immediately purged unless it has foreign intelligence value or is necessary to prevent serious harm. The review group further recommended that a U.S. person’s incidentally collected data never be used in criminal proceedings against that person, and that the government refrain from searching communications by U.S. persons unless it obtains a warrant or unless such searching is necessary to prevent serious harm.

    The White House understood that Recommendation 12 was intended to apply to 12333. That understanding was conveyed to me verbally by several White House staffers, and was confirmed in an unclassified White House document that I saw during my federal employment and that is now in the possession of several congressional committees.

    In that document, the White House stated that adoption of Recommendation 12 would require “significant changes” to current practice under Executive Order 12333 and indicated that it had no plans to make such changes.

    All of this calls into question some recent administration statements. Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because “we thought we could better protect civil liberties and privacy by doing away with it.” Note, however, that Alexander never said that the NSA stopped collecting such data — merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans dig deeper.

    Consider the possibility that Section 215 collection does not represent the outer limits of collection on U.S. persons but rather is a mechanism to backfill that portion of U.S. person data that cannot be collected overseas under 12333.

    Proposals for replacing Section 215 collection are currently being debated in Congress. We need a similar debate about Executive Order 12333. The order as used today threatens our democracy. There is no good reason that U.S. citizens should receive weaker privacy and oversight protections simply because their communications are collected outside, not inside, our borders.

    I have never made any unauthorized disclosures of classified information, nor would I ever do so. I fully support keeping secret the targets, sources and methods of U.S. intelligence as crucial elements of national security. I was never a disgruntled federal employee; I loved my job at the State Department. I left voluntarily and on good terms to take a job outside of government. A draft of this article was reviewed and cleared by the State Department and the NSA to ensure that it contained no classified material.

    When I started at the State Department, I took an oath to protect the Constitution of the United States. I don’t believe that there is any valid interpretation of the Fourth Amendment that could permit the government to collect and store a large portion of U.S. citizens’ online communications, without any court or congressional oversight, and without any suspicion of wrongdoing. Such a legal regime risks abuse in the long run, regardless of whether one trusts the individuals in office at a particular moment.

    I am coming forward because I think Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. gorski

    gorski MDL Guru

    Oct 21, 2009
    4,722
    1,259
    150
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. maverick_GE

    maverick_GE MDL Member

    Apr 13, 2013
    219
    14
    10
    thanks for information. so time for DDG go out from my devices right?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Shortyportuguese

    Shortyportuguese MDL Member

    Apr 3, 2019
    241
    69
    10
     
  19. case-sensitive

    case-sensitive MDL Expert

    Nov 7, 2013
    1,060
    422
    60
    @ Safe / uncrackable telephones

    Recently the police in europe have raided and closed several firms that offer uncrack / hackable telephones ........... In germany there have been 900 court cases against users of safe telephones ........... because they werent safe :)
     
  20. maverick_GE

    maverick_GE MDL Member

    Apr 13, 2013
    219
    14
    10
    Very weird :)

    i bought phone and what i will do for it its my right. its my own and for safety buyers will care themself
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...